545 Commits

Author SHA1 Message Date
Garrett Wollman
57bf258e3d Fix all areas of the system (or at least all those in LINT) to avoid storing
socket addresses in mbufs.  (Socket buffers are the one exception.)  A number
of kernel APIs needed to get fixed in order to make this happen.  Also,
fix three protocol families which kept PCBs in mbufs to not malloc them
instead.  Delete some old compatibility cruft while we're at it, and add
some new routines in the in_cksum family.
1997-08-16 19:16:27 +00:00
KATO Takenori
f5a5311ee8 Added DIAGNOSTIC routine to test inconsistency of vnode when cnp
points `.'.

Obtained from:	NetBSD
1997-08-15 02:36:28 +00:00
KATO Takenori
a03a24c901 Deleted unused code which adjust UN_UNLOCK flag. 1997-08-15 02:35:00 +00:00
KATO Takenori
5842d4e5b2 If the user doesn't have read permission, union_copyup should not copy
a file to upper layer.

Reviewed by:	Naofumi Honda <honda@Kururu.math.sci.hokudai.ac.jp>
1997-08-14 03:57:46 +00:00
KATO Takenori
3dc942bbe9 Backed out part of previous change. The example of -b mount in
manpage works again.
1997-08-14 03:52:27 +00:00
KATO Takenori
f8fc96b551 Fixed vnode corruption by undefined case in union_lookup(). When
uerror == 0 && lerror == EACCES, lowervp == NULLVP and union_allocvp
doesn't find existing union node and new union node is created.

Sicne it is dificult to cover all the case, union_lookup always
returns when union_lookup1() returns EACCES.

Submitted by:	Naofumi Honda <honda@Kururu.math.sci.hokudai.ac.jp>
Obtained from:	NetBSD/pc98
1997-08-12 07:18:59 +00:00
Sean Eric Fagan
66ad7973ce Check permissions for fp regs as well as normal regs. 1997-08-12 05:23:51 +00:00
Sean Eric Fagan
49356a1f4a Fix procfs security hole -- check permissions on meaningful I/Os (namely,
reading/writing of mem and regs).  Also have to check for the requesting
process being group KMEM -- this is a bit of a hack, but ps et al need it.

Reviewed by:	davidg
1997-08-12 04:34:30 +00:00
Bruce Evans
1fd0b0588f Removed unused #includes. 1997-08-02 14:33:27 +00:00
Julian Elischer
0ec278018b two tiny typo's 1997-07-14 04:53:52 +00:00
Julian Elischer
5897e2693a remove annoying debug message 1997-07-14 04:30:22 +00:00
Alexander Langer
ee97e537f7 More comment cleanup. 1997-06-26 17:12:59 +00:00
Alexander Langer
09c8ff4a78 Typo police. 1997-06-26 16:13:56 +00:00
Alexander Langer
2c39c8177b Style fix my previous commit. 1997-06-26 16:12:53 +00:00
Alexander Langer
8a77722ad7 Block all write operations to /proc/1/* when securelevel > 0.
The additional check in procfs_ctl.c could be backed out, but
I'm leaving it in for good measure.

Reviewed by:	Theo de Raadt <deraadt@OpenBSD.org>
1997-06-21 16:09:49 +00:00
Tor Egge
14a4b83067 Don't remove the controlling tty from the session if the vnode is being
cleaned. This should help for PR kern/3581.
1997-05-29 13:29:13 +00:00
Peter Wemm
e9f7506f89 Fix some warnings (missing prototypes, wrong "generic" args etc)
umapfs uses one of nullfs's functions...
1997-05-25 04:50:02 +00:00
KATO Takenori
c9bf011176 1. Added cast and parenthesis in block size calculaion in
union_statfs().
2. staticized union vops.

Submitted by:	Doug Rabson <dfr@nlsystems.com>
1997-05-07 14:37:32 +00:00
Joerg Wunsch
ce34628b4b Fix the umount problems for DEVFS.
PR:		3276 & 3469 (the fixes), 2738, 2033 (reports)
Submitted by:	Dmitrij Tejblum <dima@tejblum.dnttm.rssi.ru>
1997-05-03 21:19:54 +00:00
KATO Takenori
32cfb899a6 Fixed panic message in union_lock(): union_link --> union_lock. 1997-05-03 01:55:19 +00:00
KATO Takenori
5f3f68a8ba Access correct union mount point in union_access. Old vnode is saved
in savedvp variable and it is used for the argument of
MOUNTTOUNIONMOUNT().  I didn't realize ap->a_vp is modified before
MOUNTTOUNIONMOUNT(), so the change by revision 1.22 is incorrect.
1997-05-02 03:21:54 +00:00
Søren Schmidt
e34cbf1f59 Remove the dependancy on DEV_BSIZE, now specfs works on != 512byte
sector devices given that the fs uses a blocksize of at least a physical
sector size.
1997-05-01 19:12:22 +00:00
KATO Takenori
a9320ff3bd Revised fix for locking violation when unionfs calls vput with
UN_KLOCK flag.

When UN_KLOCK is set, VOP_UNLOCK should keep uppervp locked and clear
UN_ULOCK flag.  To do this, when UN_KLOCK is set, (1) union_unlock
clears UN_ULOCK and does not clear UN_KLOCK, (2) union_lock() does not
access uppervp and does not clear UN_KLOCK, and (3) callers of
vput/VOP_UNLOCK should clear UN_KLOCK.  For example, vput becomes:

	SETKLOCK(union_node);
	vput(vnode);
	CLEARKLOCK(union_node);

where SETKLOCK macro sets UN_KLOCK and CLEARKLOCK macro clears
UN_KLOCK.
1997-04-29 02:06:07 +00:00
Alexander Langer
898fcb3b84 Removed bogon from previous commit: doubly included sys/systm.h. 1997-04-27 21:32:21 +00:00
Alexander Langer
ee7877dfec Prevent debugger attachment to init when securelevel > 0.
Noticed by:	Brian Buchanan <brian@wasteland.calbbs.com>
1997-04-27 19:02:37 +00:00
KATO Takenori
c4ace78562 Undo 1.29. 1997-04-27 10:49:37 +00:00
KATO Takenori
a18ac0ffaf Do nothing instead of adjusting un_flags when (uppervp is locked) &&
(UN_ULOCK is not set) in union_lock.  This condition may indicate
race.  DIAGNOSTIC kernel still panic here.
1997-04-26 13:43:25 +00:00
KATO Takenori
928e13b6a1 Do not clear UN_ULOCK in certain case.
Our vput calls vm_object_deallocate() --> vm_object_terminate().  The
vm_object_terminate() calls vn_lock(), since UN_LOCKED has been
already cleared in union_unlock().  Then, union_lock locks upper vnode
when UN_ULOCK is not set.  The upper vnode is not unlocked when
UN_KLOCK is set in union_unlock(), thus, union_lock tries to lock
locked vnode and we get panic.
1997-04-26 04:09:40 +00:00
KATO Takenori
18b4c8e206 Dirty change in union_lock(). Sometimes upper vnode is locked without
UN_ULOCK flag.  This shows a locking violation but I couldn't find the
reason UN_ULOCK is not set or upper vnode is not unlocked.  I added
the code that detect this case and adjust un_flags.  DIAGNOSTIC kernel
doesn't adjust un_flags, but just panic here to help debug by kernel
hackers.
1997-04-21 15:32:24 +00:00
KATO Takenori
077f31be53 Replace VOP_LOCK with vn_lock. 1997-04-21 12:40:42 +00:00
John Dyson
7cac787bee Fix both a problem with accessing backing objects, and also release
the process map on nonexistant pages.
PR:		kern/3327
Submitted by:	Tor Egge <Tor.Egge@idi.ntnu.no>
1997-04-20 17:12:11 +00:00
KATO Takenori
747e915757 Avoid `lock against myself' panic by following operation:
# mount -t union (or null) dir1 dir2
	# mount -t union (or null) dir2 dir1

The function namei in union_mount calls union_root.  The upper vnode
has been already locked and vn_lock in union_root causes above panic.

Add printf's included in `#ifdef DIAGNOSTIC' for EDEADLK cases.
1997-04-19 06:04:13 +00:00
KATO Takenori
f85e8fc5ca Fix `locking against myself' panic by multi nullfs mount of same
directory pair.
1997-04-17 11:24:57 +00:00
KATO Takenori
c5e17d9e2b Use NULLVP instead of NULL. 1997-04-17 11:17:30 +00:00
KATO Takenori
b69aa7f11a Do not set the uppervp to NULLVP in union_removed_upper. If lowervp
is NULLVP, union node will have neither uppervp nor lowervp.  This
causes page fault trap.

The union_removed_upper just remove union node from cache and it
doesn't set uppervp to NULLVP.  Since union node is removed from
cache, it will not be referenced.

The code that remove union node from cache was copied from
union_inactive.
1997-04-16 16:24:24 +00:00
KATO Takenori
93d71a483c Undo previous commit to avoid panic, and fix order of argument of
VOP_LINK().  The reason of strange behavior was wrong order of the
argument, that is, the operation

	# ln foo bar

in a union fs tried to do

	# ln bar foo

in ufs layer.

Now we can make a link in a union fs.
1997-04-16 03:08:34 +00:00
KATO Takenori
9095719e2b Quick-hack to avoid `lock against myself' panic. It is not the real
fix!

The ufs_link() assumes that vnode is not unlocked and tries to lock it
in certain case.  Because union_link calls VOP_LINK after locking vnode,
vn_lock in ufs_link causes above panic.

Currently, I don't know the real fix for a locking violation in
union_link, but I think it is important to avoid panic.

A vnode is unlocked before calling VOP_LINK and is locked after it if
the vnode is not union fs.  Even though panic went away, the process
that access the union fs in which link was made will hang-up.

Hang-up can be easily reproduced by following operation:

	mount -t union a b
	cd b
	ln foo bar
	ls
1997-04-15 12:56:57 +00:00
KATO Takenori
6db918e371 Fix `lockmgr: locking against myself' panic by multi union mount of
same directory pair.

If we do:
    mount -t union a b
    mount -t union a b
then, (1) namei tries to lock fs which has been already locked by
first union mount and (2) union_root() tries to lock locked fs.  To
avoid first deadlock condition, unlock vnode if lowerrootvp is union
node, and to avoid second case, union_mount returns EDEADLK when multi
union mount is detected.
1997-04-14 10:52:25 +00:00
KATO Takenori
ee582cdff0 Fix locking violation when accessing `..'.
Obtained from:	NetBSD
1997-04-14 05:13:55 +00:00
KATO Takenori
3a946335ae Access correct union mount point in union_access. 1997-04-13 13:12:12 +00:00
Poul-Henning Kamp
363ad70091 The function union_fsync tries to lock overlaying vnode object when
dolock is not set (that is, targetvp == overlaying vnode object).
Current code use FIXUP macro to do this, and never unlocks overlaying
vnode object in union_fsync.  So, the vnode object will be locked
twice and never unlocked.

PR:		3271
Submitted by:	kato
1997-04-13 06:29:13 +00:00
Poul-Henning Kamp
b422956c56 The path name buffer, cn->cn_pnbuf, is FREEed by VOP_MKDIR when
relookup() in union_relookup() is succeeded.  However, if relookup()
returns non-zero value, that is relookup fails, VOP_MKDIR is never
called (c.f. union_mkshadow).  Thus, pathname buffer is never FREEed.

Reviewed by:	phk
Submitted by:	kato
PR:		3262
1997-04-13 06:27:09 +00:00
Poul-Henning Kamp
9fa6ee7671 Though malloc allocates only cn.cn_namelen bytes for cn.cn_pnbuf in
union_vn_create(), following bcopy copies cn.cn_namlen + 1 bytes to
cn.cn_pnbuf

PR:		3255
Reviewed by:	phk
Submitted by:	kato
1997-04-13 06:25:03 +00:00
KATO Takenori
ae9d2b47e0 Removed libc stuffs. Lite/2 merged libc contains unionfs support, and
we don't have to use the libc related files in sys/misc/unionfs
directory.
1997-04-13 06:12:13 +00:00
Bruce Evans
c90607ba7f Get the declaration of `struct dirent' from <sys/dirent.h>, not from
<sys/dir.h>, and use the new macro GENERIC_DIRSIZ() instead of DIRSIZ().

Removed unused #includes.
1997-04-10 15:05:38 +00:00
Bruce Evans
1a2efb7550 Removed unused or apparently-unused #includes, especially of the
deprecated header <sys/dir.h>.
1997-04-10 14:35:32 +00:00
John Dyson
a04c970a7a Fix the gdb executable modify problem. Thanks to the detective work
by Alan Cox <alc@cs.rice.edu>, and his description of the problem.

The bug was primarily in procfs_mem, but the mistake likely happened
due to the lack of vm system support for the operation.  I added
better support for selective marking of page dirty flags so that
vm_map_pageable(wiring) will not cause this problem again.

The code in procfs_mem is now less bogus (but maybe still a little
so.)
1997-04-06 02:29:45 +00:00
Bruce Evans
71455815cc Don't include <sys/ioctl.h> in the kernel. Stage 3: include
<sys/filio.h> instead of <sys/ioctl.h> in non-network non-tty files.
1997-03-24 11:37:53 +00:00
Bruce Evans
fce002fdef Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include
it when it is not used.  In most cases, the reasons for including it
went away when the special ioctl headers became self-sufficient.
1997-03-24 11:25:10 +00:00
Bruce Evans
3ac4d1ef0c Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined.
Fixed everything that depended on getting fcntl.h stuff from the wrong
place.  Most things don't depend on file.h stuff at all.
1997-03-23 03:37:54 +00:00