Commit Graph

5296 Commits

Author SHA1 Message Date
Peter Wemm
ee92a1ab51 Actually remove the a.out kld loader. While I am not 100% sure, I believe
it is broken.  It certainly has been suffering neglect.  It is not needed
because we never shipped a.out kld's and they never really worked right.
2002-08-29 23:04:05 +00:00
Julian Elischer
88151aa3f5 Fix crack-smoking code that was panicing on the quad xeon:
- If either of proc or kse are NULL during thread_exit(), then
          the kernel is going to fault because parts of the function
          assume they aren't NULL.  Instead, just assert they aren't NULL
          (as well as the kse group) and assume they are in all of the
          code.  It doesn't make sense for them to be NULL here anyways.
        - Move the PROC_UNLOCK(p) up above clearing td_proc, etc. since
          otherwise we will panic if the proc's lock is contested.

Submitted by:	jhb@freebsd.org
2002-08-29 19:49:53 +00:00
Mitsuru IWASAKI
3aea1e1405 Add sanity check seeing if adjusted start address exceeds end address
after boundary and alignment adjustment.
2002-08-29 12:39:21 +00:00
Jake Burkholder
bafbd49201 Renamed poorly named setregs to exec_setregs. Moved its prototype to
imgact.h with the other exec support functions.
2002-08-29 06:17:48 +00:00
Jake Burkholder
f3bec5d746 Don't require that sysentvec.sv_szsigcode be non-NULL. 2002-08-29 01:28:27 +00:00
Jake Burkholder
b17c50db93 Unrot SPARSE_MAPPING code (vm_map_pageable -> vm_map_wire). 2002-08-29 01:16:14 +00:00
Peter Wemm
d13947c3b0 updatepri() works on a ksegrp (where the scheduling parameters are), so
directly give it the ksegrp instead of the thread.  The only thing it used
to use in the thread was the ksegrp.

Reviewed by:	julian
2002-08-28 23:45:15 +00:00
Archie Cobbs
f2f03122c3 accept(2) on a socket that has been shutdown(2) normally returns
ECONNABORTED. Make this happen in the non-blocking case as well.
The previous behavior was to return EAGAIN, which (a) is not
consistent with the blocking case and (b) causes the application
to think the socket is still valid.

PR:		bin/42100
Reviewed by:	freebsd-net
MFC after:	3 days
2002-08-28 20:56:01 +00:00
Bruce Evans
8302d183f3 Include <sys/lockmgr.h> for the definitions of the locking interfaces that
are implemented here instead of depending on namespace pollution in
<sys/lock.h>.  Fixed nearby include messes (1 disordered include and 1
unused include).
2002-08-27 09:59:47 +00:00
Ian Dowse
02bd1bcd2a Add a new KTR type KTR_CONTENTION, and use it in the mutex code to
log the start and end of periods during which mtx_lock() is waiting
to acquire a sleep mutex. The log message includes the file and
line of both the waiter and the holder.

Reviewed by:	jhb, jake
2002-08-26 18:39:38 +00:00
Ian Dowse
9261400aa2 Add WITNESS_FILE() and WITNESS_LINE(), which allow users of witness
to print out the file and line from the lock object. These will be
used shortly by CTR() calls in the mutex code.

Reviewed by:	jhb, jake
2002-08-26 18:31:26 +00:00
Julian Elischer
b39f32841b move the assert to cover more cases 2002-08-26 05:02:56 +00:00
Jake Burkholder
81f223ca02 Fixed most indentation bugs. 2002-08-25 22:36:52 +00:00
Jake Burkholder
ca0387ef9f Fixed placement of operators. Wrapped long lines. 2002-08-25 20:48:45 +00:00
Philippe Charnier
93b0017f88 Replace various spelling with FALLTHROUGH which is lint()able 2002-08-25 13:23:09 +00:00
Jake Burkholder
fd559a8a39 Fixed white space around operators, casts and reserved words.
Reviewed by:	md5
2002-08-24 22:55:16 +00:00
Jake Burkholder
a7cddfed7f return x; -> return (x);
return(x); -> return (x);

Reviewed by:	md5
2002-08-24 22:01:40 +00:00
Marcel Moolenaar
5cf8741861 Work around a GCC optimization bug on ia64: In link_elf_symbol_values(),
a pointer to a symbol is given and we have to find the containing symbol
table. We do this by bounds checking. For some strange reason (ie I
haven't found the root cause) the first test succeeded for said symbol,
implying that the symbol came from the .dynsym table. In reality however
the symbol actually resided in the .symtab table. Needless to say that
all that was returned was junk.

The upper bounds check was: (symptr - baseptr) < symtab_size
This has been rewritten to: symptr < (baseptr + symtab_size)

As a side-effect, slightly more optimal (and still correct :-) code can
be generated on ia64.
2002-08-24 05:01:33 +00:00
Peter Wemm
2149c527f5 Move the TAILQ_INIT(&td->td_selq) before the retry: label. Otherwise in
some circumstances when we get a select collision, we can end up with
cases where we do not clear some sip->si_thread on the way out, leading to
page faults in selwakeup().  This should solve the problem where postfix
can crash the kernel during select collisions.

Reviewed by: alfred
2002-08-23 22:43:28 +00:00
Julian Elischer
d9d6e34fd0 Don't re-lock the sched lock if we didn't unlock it.
Original error by: David Xu <bsddiy@yahoo.com>
Fix by:	David Xu <bsddiy@yahoo.com>
Completely failed to spot it: Julian Elischer <julian@freebsd.org>
2002-08-23 07:23:44 +00:00
Jeff Roberson
ad32f726db - Fix a mistake in my last few commits. The PDROP flag stops msleep from
re-acquiring the mutex.

Pointy hat to:	me
Noticed by:	tegge
2002-08-23 00:32:03 +00:00
Peter Wemm
c6d6cf1772 s/sus/sys/ in the a.out kernel case.
Submitted by:	julian
2002-08-22 22:01:53 +00:00
Julian Elischer
49539972e9 slight cleanup of single-threading code for KSE processes 2002-08-22 21:45:58 +00:00
Archie Cobbs
4a6a94d8d8 Replace (ab)uses of "NULL" where "0" is really meant. 2002-08-22 21:24:01 +00:00
Peter Wemm
3e4517beb6 Instead of grabbing the userland a.out.h/link.h (or worse, from
/usr/include!), use sys/nlist_aout.h, machine/reloc.h, sys/imgact_aout.h
and sys/link_aout.h.
2002-08-22 20:43:07 +00:00
Peter Wemm
f99803876e Instead of nlist.h and link.h, use sys/nlist_aout.h and sys/link_elf.h
This avoids reaching out into userland sources (or worse: /usr/include!)
for building the kernel.
2002-08-22 20:39:30 +00:00
Robert Watson
1c39a77468 Spell proprly properly:
failed to set signal flags proprly for ast()
  failed to set signal flags proprly for ast()
  failed to set signal flags proprly for ast()
  failed to set signal flags proprly for ast()
2002-08-22 14:36:03 +00:00
Bruce Evans
5fd65482e0 Include <sys/systm.h> for the declarations of many things instead of
depending on namespace pollution in <sys/mumble.h>.
2002-08-22 12:47:22 +00:00
Alan Cox
0a179f8025 o Remove the AIOCBLIST_ASYNCFREE flag and related code. It's never set.
Submitted by:	Romer Gil <rgil@cs.rice.edu>
2002-08-22 08:50:15 +00:00
Jeff Roberson
4b6049cafa - Closer inspection revealed a possible deadlock situation in vn_lock() that
was introduced by my last commit but not caught by stress testing.  Fix
   that and slightly restructure the code so that it is more readable.
2002-08-22 07:57:43 +00:00
Jeff Roberson
9abf54f032 - Make vn_lock() vget() and VOP_LOCK() all behave the same way WRT
LK_INTERLOCK.  The interlock will never be held on return from these
   functions even when there is an error.  Errors typically only occur when
   the XLOCK is held which means this isn't the vnode we want anyway.  Almost
   all users of these interfaces expected this behavior even though it was
   not provided before.
2002-08-22 07:44:45 +00:00
Jeff Roberson
510939d089 - Return two shared locks to exclusive locks. This was premature.
- Document the problems that prevent us from using shared locks.
2002-08-22 07:26:18 +00:00
Jeff Roberson
6c54a1f5f0 - Fix interlock handling in vn_lock(). Previously, vn_lock() could return
with interlock held in error conditions when the caller did not specify
   LK_INTERLOCK.
 - Add several comments to vn_lock() describing the rational behind the code
   flow since it was not immediately obvious.
2002-08-22 06:58:11 +00:00
Jeff Roberson
183158485a - Fix interlock handling in vn_lock(). Previously, vn_lock() could return
with interlock held in error conditions when the caller did not specify
   LK_INTERLOCK.
 - Add several comments to vn_lock() describing the rational behind the code
   flow since it was not immediately obvious.
2002-08-22 06:51:06 +00:00
Archie Cobbs
55f7c614fd Don't use "NULL" when "0" is really meant. 2002-08-21 23:39:52 +00:00
Julian Elischer
721e591067 Revert some suspension/sleep/signal code from KSE-III
We need to rethink a bit of this and it doesn't matter if
we break the KSE test program for now as long
as non-KSE programs act as expected.

Submitted by:	David Xu <bsddiy@yahoo.com>
	(this guy's just asking to get hit with a commit bit..)
2002-08-21 20:03:55 +00:00
Jeff Roberson
0b600db425 - Document two cases, one in vget and the other in vn_lock, where the state
of interlock on exit is not consistent.  There are probably several bugs
   relating to this.
2002-08-21 08:34:48 +00:00
Jeff Roberson
88cf6b94bd - If vn_lock fails with the LK_INTERLOCK flag set, interlock will not be
released.  vcanrecycle() failed to unlock interlock under this condition.
 - Remove an extra VOP_UNLOCK from a failure case in vcanrecycle().

Pointed out by:	rwatson
2002-08-21 06:40:34 +00:00
Jeff Roberson
71ea4ba57c - Add two new debugging macros: ASSERT_VI_LOCKED and ASSERT_VI_UNLOCKED
- Use the new VI asserts in place of the old mtx_assert checks.
 - Add the VI asserts to the automated lock checking in the VOP calls.  The
   interlock should not be held across vops with a few exceptions.
 - Add the vop_(un)lock_{pre,post} functions to assert that interlock is held
   when LK_INTERLOCK is set.
2002-08-21 06:19:29 +00:00
Jeff Roberson
856d3a056f - Hold the vnode lock across unlink() so that the v_vflag check is safe.
- Fix the long broken error handling for VV_ROOT and VDIR.
2002-08-21 03:55:35 +00:00
Robert Watson
e5cb5e37d4 Close a race in process label changing opened due to dropping the
proc locking when revoking access to mmaps.  Instead, perform this
later once we've changed the process label (hold onto a reference
to the new cred so that we don't lose it when we release the
process lock if another thread changes the credential).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:26:32 +00:00
Robert Watson
8815d2e899 Regen. 2002-08-19 20:02:29 +00:00
Robert Watson
f61b85492c mac_syscall is now implemented, switch to MSTD.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 20:01:31 +00:00
Robert Watson
177142e458 Pass active_cred and file_cred into the MAC framework explicitly
for mac_check_vnode_{poll,read,stat,write}().  Pass in fp->f_cred
when calling these checks with a struct file available.  Otherwise,
pass NOCRED.  All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 19:04:53 +00:00
Robert Watson
27f2eac7f3 Provide an implementation of mac_syscall() so that security modules
can offer new services without reserving system call numbers, or
augmented versions of existing services.  User code requests a
target policy by name, and specifies the policy-specific API plus
target.  This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 17:59:48 +00:00
Robert Watson
c024c3eeb1 Break out mac_check_pipe_op() into component check entry points:
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write().  This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:59:37 +00:00
Robert Watson
7f724f8b51 Break out mac_check_vnode_op() into three seperate checks:
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 16:43:25 +00:00
Robert Watson
b12baf55a4 Assert process locks in proces-related access control checks.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:30:30 +00:00
Robert Watson
851704bbd0 Add a missing vnode assertion for the exec() check.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-19 15:28:39 +00:00
Poul-Henning Kamp
fee7d450d8 Keep a copy of the credential used to mount filesystems around so
we can check and use it later on.

Change the pieces of code which relied on mount->mnt_stat.f_owner
to check which user mounted the filesystem.

This became needed as the EA code needs to be able to allocate
blocks for "system" EA users like ACLs.

There seems to be some half-baked (probably only quarter- actually)
notion that the superuser for a given filesystem is the user who
mounted it, but this has far from been carried through.  It is
unclear if it should be.

Sponsored by: DARPA & NAI Labs.
2002-08-19 06:52:21 +00:00