Commit Graph

4275 Commits

Author SHA1 Message Date
Matthew Dillon
f286003909 Create a mutex pool API for short term leaf mutexes.
Replace the manual mutex pool in kern_lock.c (lockmgr locks) with the new API.
Replace the mutexes embedded in sxlocks with the new API.
2001-11-13 21:55:13 +00:00
John Baldwin
00f13cb353 As a followup to the previous fixes to inferior, revert some of the
changes in 1.80 that were needed for locking that are no longer needed now
that a lock is simply asserted.

Submitted by:	bde
2001-11-13 16:55:54 +00:00
Paul Saab
817805d9c9 Fix a signed bug in the crashdump code for systems with > 2GB of ram.
Reviewed by:	peter
2001-11-13 01:08:54 +00:00
Giorgos Keramidas
7377f0d190 Remove EOL whitespace.
Reviewed by:	alfred
2001-11-12 20:51:40 +00:00
Giorgos Keramidas
074df01866 Make KASSERT's print the values that triggered a panic.
Reviewed by:	alfred
2001-11-12 20:50:06 +00:00
John Baldwin
5b29d6e906 Clean up breakage in inferior() I introduced in 1.92 of kern_proc.c:
- Restore inferior() to being iterative rather than recursive.
- Assert that the proctree_lock is held in inferior() and change the one
  caller to get a shared lock of it.  This also ensures that we hold the
  lock after performing the check so the check can't be made invalid out
  from under us after the check but before we act on it.

Requested by:	bde
2001-11-12 18:56:49 +00:00
Peter Wemm
658c434d90 Commit the better version that I had a while ago. This has only one
reference to curthread.  (#define curproc (curthread->td_proc)).
2001-11-12 08:53:34 +00:00
Matthew Dillon
5b1927bc01 When curproc is used repeatedly store curproc into a local
variable to reduce generated code.  This is a test case.
2001-11-12 08:42:20 +00:00
Alfred Perlstein
f03e89de68 turn vn_open() into a wrapper around vn_open_cred() which allows
one to perform a vn_open using temporary/other/fake credentials.

Modify the nfs client side locking code to use vn_open_cred() passing
proc0's ucred instead of the old way which was to temporary raise
privs while running vn_open().  This should close the race hopefully.
2001-11-11 22:39:07 +00:00
Andrew R. Reiter
b49c67f03f - No need for resetting values to 0 when M_ZERO flag is used.
Approved: jhb
2001-11-10 21:36:56 +00:00
Ian Dowse
cca8f9808b Properly sanity-check the old msgbuf structure before we accept it
as being valid. Previously only the magic number and the virtual
address were checked, but it makes little sense to require that
the virtual address is the same (the message buffer is located at
the end of physical memory), and checks on the msg_bufx and msg_bufr
indices were missing.

Submitted by:	Bodo Rueskamp <br@clabsms.de>
Tripped over during a kernel debugging tutorial given by: grog
Reviewed by:	grog, dwmalone
MFC after:	1 week
2001-11-09 23:58:07 +00:00
Matthew Dillon
8ba1f55b49 Placemark an interrupt race in -current which is currently protected by
Giant.  -stable will get spl*() fixes for the race.

Reported by: Rob Anderson <rob@isilon.com>
MFC after:	0 days
2001-11-08 18:09:18 +00:00
Robert Watson
eacb362f8a o General style improvemnts.
Submitted by:	bde
2001-11-08 15:31:19 +00:00
Robert Watson
44a280a67e o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good
grief.
2001-11-08 15:20:00 +00:00
Robert Watson
ce17880650 o Replace reference to 'struct proc' with 'struct thread' in 'struct
sysctl_req', which describes in-progress sysctl requests.  This permits
  sysctl handlers to have access to the current thread, permitting work
  on implementing td->td_ucred, migration of suser() to using struct
  thread to derive the appropriate ucred, and allowing struct thread to be
  passed down to other code, such as network code where td is not currently
  available (and curproc is used).

o Note: netncp and netsmb are not updated to reflect this change, as they
  are not currently KSE-adapted.

Reviewed by:		julian
Obtained from:	TrustedBSD Project
2001-11-08 02:13:18 +00:00
Peter Wemm
c3699b5f63 For what its worth, sync up the type of ps_arg_cache_max (unsigned long)
with the sysctl type (signed long).
2001-11-08 00:24:48 +00:00
Robert Watson
d3c9fa0463 o Cache the process's struct prison so as to create a more visually
appealing code structure.  In particular, s/req->p->p_ucred->cr_prison/pr/

Requested by:	imp, jhb, jake, other hangers on
2001-11-06 20:09:33 +00:00
Robert Watson
5c0c46c684 o Remove a tab missed in the previous whitespace commit. 2001-11-06 19:58:43 +00:00
Robert Watson
9afc1eee4f o Remove double-indentation of sysctl_kern_securelvl. This change is
consistent with the one other function in the file, and prevents long
  lines in up-coming changes.  This nominally pulls kern_mib.c a little
  further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
Andrew R. Reiter
22524ad0e2 o No need to set values to 0 when we utilize M_ZERO
Approved by: peter
2001-11-05 22:27:46 +00:00
Matthew Dillon
7e76bb562e Implement IO_NOWDRAIN and B_NOWDRAIN - prevents the buffer cache from blocking
in wdrain during a write.  This flag needs to be used in devices whos
strategy routines turn-around and issue another high level I/O, such as
when MD turns around and issues a VOP_WRITE to vnode backing store, in order
to avoid deadlocking the dirty buffer draining code.

Remove a vprintf() warning from MD when the backing vnode is found to be
in-use.  The syncer of buf_daemon could be flushing the backing vnode at
the time of an MD operation so the warning is not correct.

MFC after:	1 week
2001-11-05 18:48:54 +00:00
Robert Watson
149e39ea9e Update copyrights to include Thomas Moestl.
Submitted by:	"Ilmar S. Habibulin" <ilmar@watson.org>
Obtained from:	TrustedBSD Project
2001-11-05 15:36:24 +00:00
Poul-Henning Kamp
751a2cd05b Define a new mount flag "MNT_JAILDEVFS"
Collect the magic combination of flags which can be updated into
a macro in sys/mount.h rather than inlining them (twice!) in
vfs_syscalls.c
2001-11-05 10:33:45 +00:00
Matthew Dillon
6b8bd2efc1 Add mnt_reservedvnlist so we can MFC to 4.x, in order to make all mount
structure changes now rather then piecemeal later on.  mnt_nvnodelist
currently holds all the vnodes under the mount point.  This will eventually
be split into a 'dirty' and 'clean' list.  This way we only break kld's once
rather then twice.  nvnodelist will eventually turn into the dirty list
and should remain compatible with the klds.
2001-11-04 18:55:42 +00:00
Peter Wemm
9aefe36fa6 *** empty log message *** 2001-11-04 18:22:48 +00:00
Poul-Henning Kamp
3165f068f3 Don't call cdevsw_add(). 2001-11-04 11:56:22 +00:00
Poul-Henning Kamp
20a3b67cb2 Rename the top 7 bits if disk minors to spare bits, rather than type bits. 2001-11-04 09:01:07 +00:00
Poul-Henning Kamp
b456f7e6b3 Don't choke on old sd%d.ctl devices.
Tripped over by:	Jos Backus <josb@cncdsl.com>
2001-11-03 23:21:00 +00:00
Peter Wemm
6c1534a73e _SIG_MAXSIG (128) is the highest legal signal. The arrays are offset
by one - see _SIG_IDX().  Revert part of my mis-correction in kern_sig.c
(but signal 0 still has to be allowed) and fix _SIG_VALID() (it was
rejecting ignal 128).
2001-11-03 13:26:15 +00:00
Peter Wemm
049954de94 Partial reversion of rev 1.138. kill and killpg allow a signal
argument of 0.  You cannot return EINVAL for signal 0.  This broke
(in 5 minutes of testing) at least ssh-agent and screen.

However, there was a bug in the original code.  Signal 128 is not
valid.

Pointy-hat to: des, jhb
2001-11-03 12:36:16 +00:00
Peter Wemm
e0234e53c6 FreeBSD/tahoe is not likely for a while. 2001-11-03 08:19:21 +00:00
Dag-Erling Smørgrav
2899d60638 We have a _SIG_VALID() macro, so use it instead of duplicating the test all
over the place.  Also replace a printf() + panic() with a KASSERT().

Reviewed by:	jhb
2001-11-02 23:50:00 +00:00
Robert Watson
fad8096565 o Remove (struct proc *p = td->td_proc) indirection in ipcperm(),
as suser_td(td) works as well as suser_xxx(NULL, p->p_ucred, 0);
  This simplifies upcoming changes to suser(), and causes this code
  to use the right credential (well, largely) once the td->td_ucred
  changes are complete.  There remains some redundancy and oddness
  in this code, which should be rethought after the next batch of
  suser and credential changes.
2001-11-02 21:20:05 +00:00
Warner Losh
bc5fc9140e Back out the -w, option strict and our($...). They don't work for me and
have broken the kernel build.
2001-11-02 21:14:17 +00:00
Robert Watson
cd778f0244 o Remove the local temporary variable "struct proc *p" from vfs_mount()
in vfs_syscalls.c.  Although it did save some indirection, many of
  those savings will be obscured with the impending commit of suser()
  changes, and the result is increased code complexity.  Also, once
  p->p_ucred and td->td_ucred are distinguished, this will make
  vfs_mount() use the correct thread credential, rather than the
  process credential.
2001-11-02 21:11:41 +00:00
Poul-Henning Kamp
0bd1a2d087 Argh!
patch added the nmount at the bottom first time around.

Take 3!
2001-11-02 19:12:06 +00:00
Robert Watson
db42a33d81 o Introduce group subset test, which limits the ability of a process to
debug another process based on their respective {effective,additional,
  saved,real} gid's.  p1 is only permitted to debug p2 if its effective
  gids (egid + additional groups) are a strict superset of the gids of
  p2.  This implements properly the security test previously incorrectly
  implemented in kern_ktrace.c, and is consistent with the kernel
  security policy (although might be slightly confusing for those more
  familiar with the userland policy).
o Restructure p_candebug() logic so that various results are generated
  comparing uids, gids, credential changes, and then composed in a
  single check before testing for privilege.  These tests encapsulate
  the "BSD" inter-process debugging policy.  Other non-BSD checks remain
  seperate.  Additional comments are added.

Submitted by:   tmm, rwatson
Obtained from:  TrustedBSD Project
Reviewed by:    petef, tmm, rwatson
2001-11-02 18:44:50 +00:00
Poul-Henning Kamp
bad699770a Add empty shell for nmount syscall (take 2!) 2001-11-02 18:35:54 +00:00
Poul-Henning Kamp
06d133c475 Add nmount() stub function and regenerate the syscall-glue which should
not need to check in generated files.
2001-11-02 17:59:23 +00:00
Poul-Henning Kamp
c60693dbd3 Reserve 378 for the new mount syscall Maxime Henrion <mux@qualys.com>
is working on.  (This is to get us more than 32 mountoptions).
2001-11-02 17:58:26 +00:00
Warner Losh
89bbe0cd1e Don't hide the failure to allocate device behind boot verbose. It is
still telling us of real problems so should remain until it stops
doing that.

Submitted by: OGAWA Takaya <t-ogawa@triaez.kaisei.org>
2001-11-02 17:33:06 +00:00
Jonathan Lemon
198475ebeb + Fix another possible vn_close race, in the same fashion as r1.95.
+ Check that the cached vnode type != VBAD before calling devsw(),
   this can happen if the vnode has been revoked.
2001-11-02 17:04:32 +00:00
Robert Watson
5fab7614f4 o Add a comment to p_candebug() noting that the P_INEXEC check should
really be moved elsewhere: p_candebug() encapsulates the security
  policy decision, whereas the P_INEXEC check has to do with "correctness"
  regarding race conditions, rather than security policy.

  Example: even if no security protections were enforced (the "uids are
  advisory" model), removing P_INEXEC could result in incorrect operation
  due to races on credential evaluation and modification during execve().

Obtained from:	TrustedBSD Project
2001-11-02 16:41:06 +00:00
Robert Watson
bb51af2816 Merge from POSIX.1e Capabilities development tree:
o Reorder and synchronize #include's, including moving "opt_cap.h" to
  above system includes.
o Introduce #ifdef'd kern.security.capabilities sysctl tree, including
  kern.security.capabilities.enabled, which defaults to 0.

The rest of the file remains stubs for the time being.

Obtained from:	TrustedBSD Project
2001-11-02 15:22:32 +00:00
Robert Watson
bcc0dc3dc7 Merge from POSIX.1e Capabilities development tree:
o POSIX.1e capabilities authorize overriding of VEXEC for VDIR based
  on CAP_DAC_READ_SEARCH, but of !VDIR based on CAP_DAC_EXECUTE.  Add
  appropriate conditionals to vaccess() to take that into account.
o Synchronization cap_check_xxx() -> cap_check() change.

Obtained from:	TrustedBSD Project
2001-11-02 15:16:59 +00:00
Robert Watson
4df571b101 o Capabilities cap_check() interface revised to remove _xxx, so rename
in p_cansched().  Also, replace '0' with 'NULL' for the ucred * pointer.

Obtained from:	TrustedBSD Project
2001-11-02 15:08:08 +00:00
Robert Watson
a76789e7df o Since kern_acl.c uses #ifdef CAPABILITIES to control
capability-specific semantics, #include "opt_cap.h".

Obtained from:	TrustedBSD Project
2001-11-02 14:53:04 +00:00
Poul-Henning Kamp
8dd72bc887 #ifdef KTRACE a variable to silence a warning.
Submitted by:	Maxime "mux" Henrion <mux@qualys.com>
2001-11-02 09:55:01 +00:00
Poul-Henning Kamp
a2d7281c5a Turn the symlinks around, instead of ad0s1 -> ad0s1c, make it ad0s1c -> ad0s1.
Requested by:	peter
2001-11-02 09:16:25 +00:00
Robert Watson
6d8785434f o Update copyright dates.
o Add reference to TrustedBSD Project in license header.
o Update dated comments, including comment in extattr.h claiming that
  no file systems support extended attributes.
o Improve comment consistency.
2001-11-01 21:37:07 +00:00