Commit Graph

33811 Commits

Author SHA1 Message Date
Robert Watson
e32a5b94d8 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke additional MAC entry points when an mbuf packet header is
copied to another mbuf: release the old label if any, reinitialize
the new header, and ask the MAC framework to copy the header label
data.  Note that this requires a potential allocation operation,
but m_copy_pkthdr() is not permitted to fail, so we must block.
Since we now use interrupt threads, this is possible, but not
desirable.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:51:34 +00:00
Robert Watson
a3abeda755 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on header
mbufs.  In particular, invoke entry points during the two mbuf
header allocation cases, and the mbuf freeing case.  Pass the "how"
argument at allocation time to the MAC framework so that it can
determine if it is permitted to block (as with policy modules),
and permit the initialization entry point to fail if it needs to
allocate memory but is not permitted to, failing the mbuf
allocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:42:19 +00:00
Robert Watson
2712d0ee89 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement MAC framework access control entry points relating to
operations on mountpoints.  Currently, this consists only of
access control on mountpoint listing using the various statfs()
variations.  In the future, it might also be desirable to
implement checks on mount() and unmount().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:27:33 +00:00
Robert Watson
a87cdf8335 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
mount structures.  In particular, invoke entry points for
intialization and destruction in various scenarios (root,
non-root).  Also introduce an entry point in the boot procedure
following the mount of the root file system, but prior to the
start of the userland init process to permit policies to
perform further initialization.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:11:29 +00:00
Robert Watson
8a1d977d66 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement inter-process access control entry points for the MAC
framework.  This permits policy modules to augment the decision
making process for process and socket visibility, process debugging,
re-scheduling, and signaling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:48:24 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
4024496496 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
process credentials.  In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:39:19 +00:00
Robert Watson
47ac133d33 Regen. 2002-07-31 00:16:58 +00:00
Robert Watson
9453a033ff Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:03:26 +00:00
Josef Karthauser
7ebe6f9e2f Regen 2002-07-30 23:30:56 +00:00
Josef Karthauser
3fc6710b56 Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD
2002-07-30 23:30:15 +00:00
Ian Dowse
b4dc6ff9bc Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.
2002-07-30 23:26:22 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Robert Watson
549e4c9e4e Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:09:20 +00:00
Robert Watson
19930ae546 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:06:07 +00:00
Robert Watson
39bd868cc3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
Robert Watson
55fb783052 Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
Robert Watson
781caa8157 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
Robert Watson
87acada933 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
Warner Losh
abf24f80a6 Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
Robert Watson
fae89e29b1 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
Robert Watson
3b2e600940 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
Robert Watson
f8ef020e2e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
Robert Watson
f3cfa6072e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00
Robert Watson
f33168f292 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:03:57 +00:00
Bill Fenner
e34c1b84b7 Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump . 2002-07-30 21:47:14 +00:00
Robert Watson
95fab37ea8 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:36:05 +00:00
Robert Watson
ddcdf2650b Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:32:34 +00:00
Julian Elischer
4d492b4369 Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org
2002-07-30 21:13:48 +00:00
Bosko Milekic
c89137ff90 Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.
2002-07-30 21:06:27 +00:00
Alan Cox
1812190d09 o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
in vfs_busy_pages().
2002-07-30 20:41:10 +00:00
Julian Elischer
b8e45df779 Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.
2002-07-30 20:34:30 +00:00
Mitsuru IWASAKI
b69ed3f4c6 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
Mitsuru IWASAKI
432a633569 This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.
2002-07-30 19:33:39 +00:00
Mitsuru IWASAKI
da9df8d45e Vendor import of the Intel ACPI CA 20020725 drop. 2002-07-30 19:33:39 +00:00
Alan Cox
1161b86a15 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.
2002-07-30 18:51:07 +00:00
Robert Watson
e66c87b70e When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:48:25 +00:00
Robert Watson
e37b1fcdee Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:28:58 +00:00
Josef Karthauser
ca095220db Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>
2002-07-30 17:44:28 +00:00
John Baldwin
c038666eae If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp
2002-07-30 17:31:42 +00:00
Robert Watson
4266d0d0ce Regen. 2002-07-30 16:52:22 +00:00
Robert Watson
aedbd622fe Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 16:50:25 +00:00
Maxim Sobolev
47c7de587b Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks
2002-07-30 16:24:00 +00:00
Jacques Vidrine
89ab930718 For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>
2002-07-30 15:38:29 +00:00
Poul-Henning Kamp
9fbc6a330d Fix braino in last commit. 2002-07-30 12:02:41 +00:00
Poul-Henning Kamp
17b1994bbe Move ffs_isfreeblock() to ffs_alloc.c and make it static.
Sponsored by: DARPA & NAI Labs.
2002-07-30 11:54:48 +00:00
Maxim Sobolev
3c7d68acc8 Regen after usbdevs rev.1.95. 2002-07-30 11:03:50 +00:00
Maxim Sobolev
b8d95a688e Add ID for Luwen EasyDisk USB flash memory drive.
PR:		41081
Submitted by:	demon
MFC after:	5 days
2002-07-30 11:02:35 +00:00
Maxim Sobolev
b047aa218b Add a quick check that device actually has sound capabilities. The problem
is that some cards built around fm801 chip have the same device ID, only
have radio tuner onboard, but no sound capabilities. Therefore, with such
card inserted and `device pcm' in kernel the user has a big problem, as
the fm801 driver effectively hangs the machine when trying to initialise
nonexistent ac97 codecs (it does 500 retries with 1 second interval!).
It would be better if MediaForte's engeneers were smart enough to put
different device ID into such cards, but it isn't an option.

MFC after:	2 weeks
2002-07-30 10:54:19 +00:00
Seigo Tanimura
133267776c In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may
be swapped out.  Do not put such the thread directly back to the run
queue.

Spotted by:	David Xu <davidx@viasoft.com.cn>

While I am here, s/PS_TIMEOUT/TDF_TIMEOUT/.
2002-07-30 10:12:11 +00:00