Commit Graph

197 Commits

Author SHA1 Message Date
Robert Watson
a3df768b04 Merge kld access control checks from the MAC tree: these access control
checks permit policy modules to augment the system policy for permitting
kld operations.  This permits policies to limit access to kld operations
based on credential (and other) properties, as well as to perform checks
on the kld being loaded (integrity, etc).

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-11-19 22:12:42 +00:00
Sam Leffler
3b132a615f fix kldload error return when a module is rejected because it's statically
linked in the kernel.  When this condition is detected deep in the linker
internals the EEXIST error code that's returned is stomped on and instead
an ENOEXEC code is returned.  This makes apps like sysinstall bitch.
2002-10-17 17:28:57 +00:00
Poul-Henning Kamp
7c61d7858c Plug a memory-leak.
"I think you're right" by:	jake
2002-10-15 18:58:38 +00:00
Robert Watson
9ca435893b In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
Maxime Henrion
f2b17113cf Make the consumers of the linker_load_file() function use
linker_load_module() instead.

This fixes a bug where the kernel was unable to properly locate and
load a kernel module in vfs_mount() (and probably in the netgraph
code as well since it was using the same function).  This is because
the linker_load_file() does not properly search the module path.

Problem found by:	peter
Reviewed by:		peter
Thanks to:		peter
2002-08-02 20:56:07 +00:00
Don Lewis
dcbe050b29 Pre-wire the output buffer so that sysctl_kern_function_list() doesn't
block in SYSCTL_OUT() while holding a lock.
2002-07-22 08:28:09 +00:00
Jeff Roberson
31965a72c9 - Delay unlocking a vnode in linker_hints_lookup until we're actually done
with it.
 - Remove a now stale comment about improper vnode locking.
2002-07-07 22:35:47 +00:00
Andrew R. Reiter
2eb7b21b00 - Remove the lock(9) protecting the kernel linker system.
- Added a mutex, kld_mtx, to protect the kernel_linker system.  Note that
  while ``classes'' is global (to that file), it is only read only after
  SI_SUB_KLD, SI_ORDER_ANY.
- Add a SYSINIT to flip a flag that disallows class registration after
  SI_SUB_KLD, SI_ORDER_ANY.

Idea for ``classes'' read only by:	jake
Reviewed by:	jake
2002-06-19 21:25:59 +00:00
Brian Somers
b94c4e9a93 Test if rootvnode is NULL rather than if rootdev is NODEV when determining
if there's a filesystem present.

rootdev can be NODEV in the NFS-mounted root scenario.

Discussed with: Harti Brandt <brandt@fokus.gmd.de>, iedowse
2002-04-26 09:52:54 +00:00
Brian Somers
f1e4a6e941 In linker_load_module(), check that rootdev != NODEV before calling
linker_search_module().

Without this, modules loaded from loader.conf that then try to load
in additional modules (such as digi.ko loading a card's BIOS) die
badly in the vn_open() called from linker_search_module().

It may be worth checking (KASSERTing?) that rootdev != NODEV in
vn_open() too.
2002-04-10 01:14:45 +00:00
Brian Somers
96987c74d6 Change linker_reference_module() so that it's passed a struct
mod_depend * (which may be NULL).  The only consumer of this
function at the moment is digi_loadmoduledata(), and that passes
a NULL mod_depend *.

In linker_reference_module(), check to see if we've already got
the required module loaded.  If we have, bump the reference count
and return that, otherwise continue the module search as normal.
2002-04-10 01:13:57 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Andrew R. Reiter
517f30c2c1 - Recommit the securelevel_gt() calls removed by commits rev. 1.84 of
kern_linker.c and rev. 1.237 of vfs_syscalls.c since these are not the
  source of the recent panics occuring around kldloading file system
  support modules.

Requested by: rwatson
2002-03-25 18:26:34 +00:00
Andrew R. Reiter
fe3240e9aa - Back out the commit to make the linker_load_file() securelevel check
made aware in jail environments.  Supposedly something is broken, so
  this should be backed out until further investigation proves otherwise,
  or a proper fix can be provided.
2002-03-22 04:56:09 +00:00
Andrew R. Reiter
e85b9ae9ac - Fix a logic error in checking the securelevel that was introduced in the
previous commit.

Pointy hats to: arr, rwatson
2002-03-21 15:27:39 +00:00
Andrew R. Reiter
c457a4403a - Change a check of securelevel to securelevel_gt() call in order to help
against users within a jail attempting to load kernel modules.
- Add a check of securelevel_gt() to vfs_mount() in order to chop some
  low hanging fruit for the repair of securelevel checking of linking and
  unlinking files from within jails.  There is more to be done here.

Reviewed by: rwatson
2002-03-20 16:03:42 +00:00
Andrew R. Reiter
08a54da785 - Change a malloc / bzero pair to make use of the M_ZERO malloc(9) flag. 2002-03-19 15:41:21 +00:00
Andrew R. Reiter
9b3851e9e3 - Lock down the ``module'' structure by adding an SX lock that is used by
all the global bits of ``module'' data.  This commit adds a few generic
  macros, MOD_SLOCK, MOD_XLOCK, etc., that are meant to be used as ways
  of accessing the SX lock.  It is also the first step in helping to lock
  down the kernel linker and module systems.

Reviewed by: jhb, jake, smp@
2002-03-18 07:45:30 +00:00
David Malone
6c75a65a00 Don't assign strcmp to a variable called err and then compare it
with zero, just compare strcmp with zero. This fixes the same bug
which Maxim just fixed and fixes some odd style too.

PR:		35712
Reviewed by:	arr
2002-03-10 23:12:43 +00:00
Maxim Sobolev
832af2d5ed Fix a breakage introduced in rev.1.75 (supposedly style cleanup), which results
in "missing dependencies" error when loading some kld modules. It is sad to
see how often these days style cleanus break doesn't broken things. Perhaps
people should recall good old principle: "don't fix it if it isn't broken".
2002-03-10 19:20:01 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
Andrew R. Reiter
e68baa7073 - Whitespace fixes leftover from previous commit.
Submitted by:	bde
2002-02-22 13:43:56 +00:00
Andrew R. Reiter
8e92b63c6f - Massive style fixup.
Reviewed by: mike
Approved by: dfr
2002-02-22 04:14:49 +00:00
Robert Watson
894c9fe04e Add a comment indicating that the vnode locking in this section of the
kernel linker code may be wrong: it fails to hold a lock across the
call to VOP_GETATTR(), and vn_rdwr() with IO_NODELOCKED.
2002-02-10 21:29:02 +00:00
Andrew R. Reiter
b489b4075c - Ensure that linker file id's are unique, rather than blindly
incrementing the value.

Reviewed by: dfr, peter
2001-11-18 18:19:35 +00:00
Ian Dowse
7b9716bad2 Fix a number of misspellings of "dependency" and "dependencies" in
comments and function names.

PR:		kern/8589
Submitted by:	Rajesh Vaidheeswarran <rv@fore.com>
2001-11-16 21:08:40 +00:00
Robert Watson
fc5d29ef7d o Move suser() calls in kern/ to using suser_xxx() with an explicit
credential selection, rather than reference via a thread or process
  pointer.  This is part of a gradual migration to suser() accepting
  a struct ucred instead of a struct proc, simplifying the reference
  and locking semantics of suser().

Obtained from:	TrustedBSD Project
2001-11-01 20:56:57 +00:00
Brian Feldman
bb9fe9dd9e Add the sysctl "kern.function_list", which currently exports all
function symbols in the kernel in a list of C strings, with an extra
nul-termination at the end.

This sysctl requires addition of a new linker operation.  Now,
linker_file_t's need to respond to "each_function_name" to export
their function symbols.

Note that the sysctl doesn't currently allow distinguishing multiple
symbols with the same name from different modules, but could quite
easily without a change to the linker operation.  This will be a nicety
to have when it can be used.

Obtained from:	NAI Labs CBOSS project
Funded by:	DARPA
2001-10-30 15:21:45 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Peter Wemm
8ee6d9e90f Fix the kern.module_path issue that required the trailing '/' character
on each module path component.  Fix a one-byte buffer overflow at the
same time that got highlighted in the process.
2001-09-12 00:50:23 +00:00
Peter Wemm
505222d35f Implement the long-awaited module->file cache database. A userland
tool (kldxref(8)) keeps a cache of what modules and versions are inside
what .ko files.  I have tested this on both Alpha and i386.

Submitted by:	bp
2001-09-11 01:09:24 +00:00
Matthew Dillon
835a82ee2d Giant Pushdown. Saved the worst P4 tree breakage for last.
reboot() getpriority() setpriority() rtprio() osetrlimit() ogetrlimit()
    setrlimit() getrlimit() getrusage() getpid() getppid() getpgrp()
    getpgid() getsid() getgid() getegid() getgroups() setsid() setpgid()
    setuid() seteuid() setgid() setegid() setgroups() setreuid() setregid()
    setresuid() setresgid() getresuid() getresgid () __setugid() getlogin()
    setlogin() modnext() modfnext() modstat() modfind() kldload() kldunload()
    kldfind() kldnext() kldstat() kldfirstmod() kldsym() getdtablesize()
    dup2() dup() fcntl() close() ofstat() fstat() nfsstat() fpathconf()
    flock()
2001-09-01 19:04:37 +00:00
Dima Dorfman
fcd7e67061 Sync the default module search path with the one in
sys/boot/common/module.c.

PR:		21405
Submitted by:	Makoto MATSUSHITA <matusita@jp.FreeBSD.org>
2001-08-20 01:12:28 +00:00
Jake Burkholder
98b0e9d587 Don't try to print a field that doesn't exist; in usually commented
out debugging code.
2001-07-31 03:51:07 +00:00
Dag-Erling Smørgrav
0e79fe6f0e Constify (silence warnings introduced by last commit to sys/module.h) 2001-06-20 16:08:45 +00:00
Brian Somers
09dbb40410 Add linker_reference_module().
This function loads a module if required, otherwise bumps the reference
count -- the opposite of linker_file_unload().
2001-06-18 15:09:33 +00:00
Peter Wemm
f41325db5f With this commit, I hereby pronounce gensetdefs past its use-by date.
Replace the a.out emulation of 'struct linker_set' with something
a little more flexible.  <sys/linker_set.h> now provides macros for
accessing elements and completely hides the implementation.

The linker_set.h macros have been on the back burner in various
forms since 1998 and has ideas and code from Mike Smith (SET_FOREACH()),
John Polstra (ELF clue) and myself (cleaned up API and the conversion
of the rest of the kernel to use it).

The macros declare a strongly typed set.  They return elements with the
type that you declare the set with, rather than a generic void *.

For ELF, we use the magic ld symbols (__start_<setname> and
__stop_<setname>).  Thanks to Richard Henderson <rth@redhat.com> for the
trick about how to force ld to provide them for kld's.

For a.out, we use the old linker_set struct.

NOTE: the item lists are no longer null terminated.  This is why
the code impact is high in certain areas.

The runtime linker has a new method to find the linker set
boundaries depending on which backend format is in use.

linker sets are still module/kld unfriendly and should never be used
for anything that may be modular one day.

Reviewed by:	eivind
2001-06-13 10:58:39 +00:00
Peter Wemm
81930014ef Make the TUNABLE_*() macros look and behave more consistantly like the
SYSCTL_*() macros.  TUNABLE_INT_DECL() was an odd name because it didn't
actually declare the int, which is what the name suggests it would do.
2001-06-06 22:17:08 +00:00
Boris Popov
a91f68bca6 o Actually extract version of interface and store it along with the name.
o Add new parameter to the modlist_lookup() function to perform lookups
  with strict version matching.

o Collapse duplicate code to function(s).
2001-03-22 08:58:45 +00:00
Boris Popov
303b15f193 Slightly reorganize code in the linker_load_dependancies() function to make
codepath more straightforward.
2001-03-22 07:55:33 +00:00
Boris Popov
804f27299d Remove support for old way of handling module dependencies.
Approved by:	peter
2001-03-22 07:14:42 +00:00
Poul-Henning Kamp
37d4006626 Another round of the <sys/queue.h> FOREACH transmogriffer.
Created with:   sed(1)
Reviewed by:    md5(1)
2001-02-04 16:08:18 +00:00
Poul-Henning Kamp
fc2ffbe604 Mechanical change to use <sys/queue.h> macro API instead of
fondling implementation details.

Created with: sed(1)
Reviewed by: md5(1)
2001-02-04 13:13:25 +00:00
Peter Wemm
4058c0f013 Pull out the module path from the loader. ie: if you boot from
/boot/kernel.foobar/* then that had better be in the path ahead of the
others.

Submitted by:  Daniel J. O'Connor <darius@dons.net.au>
PR: 23662
2000-12-28 08:14:58 +00:00
David Malone
7cc0979fd6 Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
Doug Rabson
c9b004775d Add a workaround for statically linked kernels. 2000-10-04 17:40:24 +00:00
David E. O'Brien
6b6821c771 The kernel is now known as `kernel.ko' and it and its matching modules
live in ``/boot/kernel/''.

Submitted by:	Hisashi Hiramoto <hiramoto@phys.chs.nihon-u.ac.jp>
2000-09-06 06:22:20 +00:00
Peter Wemm
2c7f8b4ebd Fix self referential dependencies. eg: uhub was packaged along with
usb, all in usb.ko.  uhub depends on usb.  The bug was that the preload
processing only adds a module to the list once it's internal dependencies
are resolved... Since it was not "seeing" the internal usb module it
believed that uhub had a missing dependency.
2000-08-02 21:08:53 +00:00
Boris Popov
2ff087318a Correct SYSINIT execution order in the case when KLD contains more
than one SYSINIT with the same 'subsystem' id and different 'order' id.

Reviewed by:	peter
2000-07-09 23:58:56 +00:00
Kirk McKusick
e6796b67d9 Move the truncation code out of vn_open and into the open system call
after the acquisition of any advisory locks. This fix corrects a case
in which a process tries to open a file with a non-blocking exclusive
lock. Even if it fails to get the lock it would still truncate the
file even though its open failed. With this change, the truncation
is done only after the lock is successfully acquired.

Obtained from:	 BSD/OS
2000-07-04 03:34:11 +00:00
Archie Cobbs
6c66bbed1a Move the securelevel check before loading KLD's into linker_load_file(),
instead of requiring every caller of linker_load_file() to perform the
check itself. This avoids netgraph loading KLD's when securelevel > 0,
not to mention any future code that may call linker_load_file().

Reviewed by:	dfr
2000-06-29 17:57:04 +00:00
Jake Burkholder
e39756439c Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
Jake Burkholder
740a1973a6 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
Poul-Henning Kamp
2c9b67a8df Remove unneeded #include <vm/vm_zone.h>
Generated by:	src/tools/tools/kerninclude
2000-04-30 18:52:11 +00:00
Peter Wemm
54823af256 First round implementation of a fine grain enhanced module to module
version dependency system.  This isn't quite finished, but it is at a
useful stage to do a functional checkpoint.

Highlights:
- version and dependency metadata is gathered via linker sets, so things
are handled the same for static kernels and code built to live in a kld.
- The dependencies are at module level (versus at file level).
- Dependencies determine kld symbol search order - this means that you
cannot link against symbols in another file unless you depend on it. This
is so that you cannot accidently unload the target out from underneath
the ones referencing it.
- It is flexible enough that we can put tags in #include files and macros
so that we can get decent hooks for enforcing recompiles on incompatable
ABI changes.  eg: if we change struct proc, we could force a recompile
for all kld's that reference the proc struct.
- Tangled dependency references at boot time are sorted.  Files are
relocated once all their dependencies are already relocated.

Caveats:
- Loader support is incomplete, but has been worked on seperately.
- Actual enforcement of the version number tags is not active yet - just
the module dependencies are live.  The actual structure of versioning
hasn't been agreed on yet. (eg: major.minor, or whatever)
- There is some backwards compatability for old modules without metadata
but I'm not sure how good it is.

This is based on work originally done by Boris Popov (bp@freebsd.org),
but I'm not sure he'd recognize much of it now. Don't blame him. :-)
Also, ideas have been borrowed from Mike Smith.
2000-04-29 13:19:31 +00:00
Doug Rabson
326e27d81f * Rewrite to use kobj(9) instead of hard-coded function tables.
* Report link errors to stdout with uprintf() so that the user can see
  what went wrong (PR kern/9214).
* Add support code to allow module symbols to be loaded into GDB using
  the debugger's "sharedlibrary" command.
2000-04-24 17:08:04 +00:00
Eivind Eklund
762e6b856c Introduce NDFREE (and remove VOP_ABORTOP) 1999-12-15 23:02:35 +00:00
Peter Wemm
4537138981 Zap c_index() and c_rindex(). Bruce prefers these to implicitly convert
a const into a non-const as they do in libc.  I feel that defeating the
type checking like that quite evil, but that's the way it is.
1999-12-10 17:38:41 +00:00
Peter Wemm
95dc37f68d Tempt fate and stop index from converting a const char * into a char *.
I've made a seperate version (c_index() etc) that use const/const, but
I'm not sure it's worth it considering there is one file in the tree
that uses index on const strings (kern_linker.c) and it's easily adjusted
to scan the strings directly (and is perhaps more efficient that way).
1999-11-21 04:26:48 +00:00
Peter Wemm
d1f088dab5 Trim unused options (or #ifdef for undoc options).
Submitted by:	phk
1999-10-11 15:19:12 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Bruce Evans
0921e4886f Cast pointers to uintptr_t instead of casting them to u_long. They
are still converted to u_long by assignment of the uintptr_t, and
address calculations are still done using u_long.  This is OK for
currently supported machines, but addresses should be represented
by vm_offset_t or uintptr_t in case pointers are longer than longs.

"Fixed" size of linker_path[].  MAXPATHLEN + 1 was 1 too large for
search paths with only one file path in them, but much too small
for search paths with several long file paths in them.
1999-08-24 00:38:52 +00:00
Greg Lehey
4033a962bf Change the name of the static variable 'files' to 'linker_files' in
order to be able to refer to it uniquely from the kernel debugger.

Approved-by:	 peter
1999-08-20 00:18:07 +00:00
Peter Wemm
9c8b8baa38 Slight reorganization of kernel thread/process creation. Instead of using
SYSINIT_KT() etc (which is a static, compile-time procedure), use a
NetBSD-style kthread_create() interface.  kproc_start is still available
as a SYSINIT() hook.  This allowed simplification of chunks of the
sysinit code in the process.  This kthread_create() is our old kproc_start
internals, with the SYSINIT_KT fork hooks grafted in and tweaked to work
the same as the NetBSD one.

One thing I'd like to do shortly is get rid of nfsiod as a user initiated
process.  It makes sense for the nfs client code to create them on the
fly as needed up to a user settable limit.  This means that nfsiod
doesn't need to be in /sbin and is always "available".  This is a fair bit
easier to do outside of the SYSINIT_KT() framework.
1999-07-01 13:21:46 +00:00
Peter Wemm
df8abd0bb9 Slight tweak to fork1() calling conventions. Add a third argument so
the caller can easily find the child proc struct.  fork(), rfork() etc
syscalls set p->p_retval[] themselves.  Simplify the SYSINIT_KT() code
and other kernel thread creators to not need to use pfind() to find the
child based on the pid.  While here, partly tidy up some of the fork1()
code for RF_SIGSHARE etc.
1999-06-30 15:33:41 +00:00
Peter Wemm
b5b15c3ff0 First stages of a module dependency cleanup. This part fixes a
particularly annoying hack, namely having the linker bash the moduledata
to set the container pointer, preventing it being const.  In the process,
a stack of warnings were fixed and will probably allow a revisit of the
const C_SYSINIT() changes.  This explicitly registers modules in files or
preload areas with the module system first, and let them initialize via
SYSINIT/DECLARE_MODULE later in their SI_ORDER_xxx order.  The kludge of
finding the containing file is no longer needed since the registration
of modules onto the modules list is done in the context of initializing
the linker file.
1999-05-08 13:01:59 +00:00
Luoqi Chen
5206bca10a Enable vmspace sharing on SMP. Major changes are,
- %fs register is added to trapframe and saved/restored upon kernel entry/exit.
- Per-cpu pages are no longer mapped at the same virtual address.
- Each cpu now has a separate gdt selector table. A new segment selector
  is added to point to per-cpu pages, per-cpu global variables are now
  accessed through this new selector (%fs). The selectors in gdt table are
  rearranged for cache line optimization.
- fask_vfork is now on as default for both UP and SMP.
- Some aio code cleanup.

Reviewed by:	Alan Cox	<alc@cs.rice.edu>
		John Dyson	<dyson@iquest.net>
		Julian Elischer	<julian@whistel.com>
		Bruce Evans	<bde@zeta.org.au>
		David Greenman	<dg@root.com>
1999-04-28 01:04:33 +00:00
Poul-Henning Kamp
f711d546d2 Suser() simplification:
1:
  s/suser/suser_xxx/

2:
  Add new function: suser(struct proc *), prototyped in <sys/proc.h>.

3:
  s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/

The remaining suser_xxx() calls will be scrutinized and dealt with
later.

There may be some unneeded #include <sys/cred.h>, but they are left
as an exercise for Bruce.

More changes to the suser() API will come along with the "jail" code.
1999-04-27 11:18:52 +00:00
Peter Wemm
88b4f4ee55 LK_RETRY is a vn_lock() flag, not one for lockmgr(). 1999-04-06 03:02:11 +00:00
Doug Rabson
a199ed3cc3 * Register sysctl nodes before running sysinits when loading files and
unregister them after sysuninits when unloading.
* Add code to vfs_register() to set the oid number of vfs sysctls to
  the type number of the filesystem.

Reviewed by: bde
1999-03-07 16:06:41 +00:00
Doug Rabson
75e08a5e7e A correction to the code which attempts to prevent the same module
being loaded twice.  It used rindex() to strip the pathname but failed
to account for the fact that rindex() will return a pointer to the '/',
not the first character of the filename.

Submitted by: Nick Hibma <hibma@skylink.it>
1999-02-20 21:22:00 +00:00
Doug Rabson
ce02431ffa * Change sysctl from using linker_set to construct its tree using SLISTs.
This makes it possible to change the sysctl tree at runtime.

* Change KLD to find and register any sysctl nodes contained in the loaded
  file and to unregister them when the file is unloaded.

Reviewed by: Archie Cobbs <archie@whistle.com>,
	Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
1999-02-16 10:49:55 +00:00
Matthew Dillon
fe08c21a53 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile.

    This commit includes significant work to proper handle const arguments
    for the DDB symbol routines.
1999-01-27 23:45:44 +00:00
Matthew Dillon
d254af07a1 Fix warnings in preparation for adding -Wall -Wcast-qual to the
kernel compile
1999-01-27 21:50:00 +00:00
Doug Rabson
149a155c3b Don't try to call SYSUNINIT functions if there was a link error.
Reviewed by: Peter Wemm <peter@netplex.com.au>
1999-01-25 08:42:24 +00:00
Peter Wemm
461b36ab54 Update userref handling after discussion with submitter of previous
patch.  lf can't be dereferenced after the unload attempt, in case it
was freed.  Instead, decrement first and back it out if the unload failed.
This should be relatively immune to races caused by the user since the
userref count will be zero for the duration of the actual unloading and
will stop further kldunload attempts.

Submitted by:   Ustimenko Semen <semen@iclub.nsu.ru>
1999-01-23 03:45:22 +00:00
Peter Wemm
d7dfdda203 Relax linkage symbol scope restrictions to be more compatable with that
of shared libraries.
1999-01-19 22:26:46 +00:00
Peter Wemm
e75a9dc0b6 Don't decrement userrefs unless the file was actually was unloaded.
Submitted by:	Ustimenko Semen <semen@iclub.nsu.ru>
1999-01-19 16:26:32 +00:00
Peter Wemm
e99f57c354 Try and clean up the multiple formal loading support a bit, based on
suggestions from Greg Lehey some time ago.  In the face of multiple
potential file formats, try and give a more sensible error than just
ENOEXEC.

XXX a good case can be made that the loading process is wrong - the linker
should locate the file first (using the search paths etc), then run the
loaders to see if they recognize it.  While the present system allows for
the possibility of different search paths for different formats, we do not
use it and it just makes things more complicated than they need to be.
1999-01-17 17:58:52 +00:00
Mike Smith
f1b265228c Don't allow more than one module with the same name to be loaded.
Make kldfind ignore the path when searching for a loaded module.

Submitted by:	John Birrell (jb@freebsd.org)
1999-01-05 20:24:28 +00:00
Peter Wemm
ba031106b1 kldsym(2) prototype implementation 1998-11-11 13:04:40 +00:00
Peter Wemm
edfbe15080 Arrange for unload-time linker set hooks to be called. While cut/pasting
some code, I changed the original to be consistant with the rest of the
file rather than duplicating the problems.
1998-11-10 08:49:28 +00:00
Peter Wemm
21ce23eb91 Define the kld_debug variable if KLD_DEBUG is enabled 1998-11-06 15:10:17 +00:00
Peter Wemm
84e40f5627 The handle for the kernel is common. With this fix, ELF kernels can load
a.out kld modules, and a.out kernels can load ELF kld modules.
1998-11-04 15:20:58 +00:00
Peter Wemm
7837745438 Have the in-kernel linker try a default extension of .ko. This means that
"kldload nfs" works.  We use the same default extension in the /boot/loader
system.
1998-11-03 14:27:05 +00:00
Peter Wemm
b913711e0c Use the kvm space pathname that we copied in, not the one in user space. 1998-11-03 13:09:31 +00:00
Mike Smith
6fe8861e01 Don't put 0x in front of %p, it does it already.
Submitted by:	 Brian Feldman <green@janus.syracuse.net>
1998-10-24 18:35:09 +00:00
Peter Wemm
bd4e381b03 - bzero() after malloc(). This is especially obvious when kern_malloc is
compiled with DIAGNOSTIC.
- Don't break from the preload module processing loop prematurely.
1998-10-15 17:12:12 +00:00
Peter Wemm
26deceba9c Display module type as well as module name when we find one preloaded. 1998-10-10 02:29:07 +00:00
Peter Wemm
51f3fe7ab2 Use Mike Smith's linker module search path code.
Implement preloading in a fairly MI way, assuming the information is
prepared.
DDB interface helpers..  Provide some support for db_kld.c so that we
don't have to export too much detail.
Debugging and cosmetic nits left in from development..
The other half of the containing file hack so modules can associate
themselves with their "file".
1998-10-10 00:07:53 +00:00
Doug Rabson
a2c99e3e72 Modify the internal interfaces to the kernel linker to make it possible
for DDB to use its symbol tables.
1998-08-12 08:44:21 +00:00
Bruce Evans
b1679c0f7e Use a real malloc type for M_LINKER instead of #defining it as M_TEMP.
Fixed a comment.
1998-01-01 08:56:24 +00:00
John Dyson
74b2192ae6 We have had support for running the kernel daemons as threads for
quite a while, but forgot to do so.  For now, this code supports
most daemons  running as kernel threads in UP kernels, and as
full processes in SMP.  We will soon be able to run them as
threads in SMP, but not yet.
1997-12-12 04:00:59 +00:00
Bruce Evans
d73424aa6b Fixed a sloppy common-style definitions. 1997-11-20 20:07:59 +00:00
Poul-Henning Kamp
cb226aaa62 Move the "retval" (3rd) parameter from all syscall functions and put
it in struct proc instead.

This fixes a boatload of compiler warning, and removes a lot of cruft
from the sources.

I have not removed the /*ARGSUSED*/, they will require some looking at.

libkvm, ps and other userland struct proc frobbing programs will need
recompiled.
1997-11-06 19:29:57 +00:00
Bruce Evans
1fd0b0588f Removed unused #includes. 1997-08-02 14:33:27 +00:00
Doug Rabson
cea6c86c11 This is the kernel linker. To use it, you will first need to apply
the patches in freefall:/home/dfr/ld.diffs to your ld sources and set
BINFORMAT to aoutkld when linking the kernel.

Library changes and userland utilities will appear in a later commit.
1997-05-07 16:05:47 +00:00