freebsd-nq/sys/kern
Robert Watson 1aa37f5392 Improve locking of pipe mutexes in the context of MAC:
(1) Where previously the pipe mutex was selectively grabbed during
    pipe_ioctl(), now always grab it and then release if if not
    needed.  This protects the call to mac_check_pipe_ioctl() to
    make sure the label remains consistent.  (Note: it looks
    like sigio locking may be incorrect for fgetown() since we
    call it not-by-reference and sigio locking assumes call by
    reference).

(2) In pipe_stat(), lock the pipe if MAC is compiled in so that
    the call to mac_check_pipe_stat() gets a locked pipe to
    protect label consistency.  We still release the lock before
    returning actual stat() data, risking inconsistency, but
    apparently our pipe locking model accepts that risk.

(3) In various pipe MAC authorization checks, assert that the pipe
    lock is held.

(4) Grab the lock when performing a pipe relabel operation, and
    assert it a little deeper in the stack.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-01 04:30:19 +00:00
..
bus_if.m Clarify the return value from child_present. 2002-09-11 04:22:10 +00:00
clock_if.m Add a generic implementation of inittodr() and resettodr(), as well as 2002-04-04 23:39:10 +00:00
device_if.m
genassym.sh Allow one to specify the AWK used in the environment(commandline). 2002-02-11 03:54:30 +00:00
imgact_aout.c Use the fields in the sysentvec and in the vm map header in place of the 2002-09-21 22:07:17 +00:00
imgact_elf32.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf64.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_elf.c Use the fields in the sysentvec and in the vm map header in place of the 2002-09-21 22:07:17 +00:00
imgact_elfN.c Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable 2002-07-20 02:56:12 +00:00
imgact_gzip.c Use the fields in the sysentvec and in the vm map header in place of the 2002-09-21 22:07:17 +00:00
imgact_shell.c Return a more meaningful errno when the length of the interpreter 2001-11-28 03:26:58 +00:00
inflate.c Modernize my email address. 2002-03-25 13:52:45 +00:00
init_main.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
init_sysent.c Regen. 2002-10-01 02:37:35 +00:00
kern_acct.c Don't call VOP_LEASE() while holding the accounting mutex. 2002-09-18 01:56:13 +00:00
kern_acl.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
kern_alq.c - Export the alq daemon thread pointer. 2002-09-26 07:38:56 +00:00
kern_clock.c Give up on calling tc_ticktock() from a timeout, we have timeout 2002-09-04 10:15:19 +00:00
kern_condvar.c Completely redo thread states. 2002-09-11 08:13:56 +00:00
kern_conf.c Rename struct specinfo to the more appropriate struct cdev. 2002-09-27 18:27:10 +00:00
kern_descrip.c fcntl(..., F_SETLKW, ...) takes a pointer to a struct flock just like 2002-09-16 01:05:15 +00:00
kern_environment.c Cosmetic tweaks. Try and keep the style more consistent, catch some stray 2002-05-01 02:51:50 +00:00
kern_event.c In continuation of early fileop credential changes, modify fo_ioctl() to 2002-08-17 02:36:16 +00:00
kern_exec.c Use the fields in the sysentvec and in the vm map header in place of the 2002-09-21 22:07:17 +00:00
kern_exit.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
kern_fork.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
kern_idle.c Completely redo thread states. 2002-09-11 08:13:56 +00:00
kern_intr.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
kern_jail.c The jail syscall calls chroot, which is not mpsafe, so put back a 2002-07-01 20:46:01 +00:00
kern_kse.c Implement basic KSE loaning. This stops a hread that is blocked in BOUND mode 2002-09-29 23:04:34 +00:00
kern_kthread.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
kern_ktr.c - Export the alq daemon thread pointer. 2002-09-26 07:38:56 +00:00
kern_ktrace.c Plug memory leaks. 2002-09-30 19:19:47 +00:00
kern_linker.c In order to better support flexible and extensible access control, 2002-08-15 20:55:08 +00:00
kern_lock.c Include <sys/lockmgr.h> for the definitions of the locking interfaces that 2002-08-27 09:59:47 +00:00
kern_lockf.c Remove a conditional #include <sys/kernel.h>, it is already 2002-09-14 14:44:41 +00:00
kern_mac.c Improve locking of pipe mutexes in the context of MAC: 2002-10-01 04:30:19 +00:00
kern_malloc.c - Split UMA_ZFLAG_OFFPAGE into UMA_ZFLAG_OFFPAGE and UMA_ZFLAG_HASH. 2002-09-18 08:26:30 +00:00
kern_mib.c Rename struct specinfo to the more appropriate struct cdev. 2002-09-27 18:27:10 +00:00
kern_module.c - Remove Giant acquisition from modevent(), modfnext(), modstat() and 2002-06-26 00:31:44 +00:00
kern_mtxpool.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
kern_mutex.c uh, commit all of the patch 2002-09-29 23:28:58 +00:00
kern_ntptime.c Hide the private parts of timecounter from a couple of places that don't 2002-04-26 21:31:44 +00:00
kern_physio.c More caddr_t removal, make fo_ioctl take a void * instead of a caddr_t. 2002-06-29 01:50:25 +00:00
kern_poll.c Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid 2002-08-18 07:05:00 +00:00
kern_proc.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
kern_prot.c Include file cleanup; mac.h and malloc.h at one point had ordering 2002-08-01 17:47:56 +00:00
kern_resource.c Change p_cpulimit to be in seconds instead of microseconds. Since 2002-09-30 21:08:38 +00:00
kern_sema.c Change callers of mtx_init() to pass in an appropriate lock type name. In 2002-04-04 21:03:38 +00:00
kern_shutdown.c Add ability to dump stacktraces on kernel panics when DDB is compiled into 2002-09-19 18:49:46 +00:00
kern_sig.c Back out code changes that snuck into the previous forced commit. 2002-10-01 00:16:17 +00:00
kern_subr.c o Convert a vm_page_sleep_busy() into a vm_page_sleep_if_busy() 2002-08-04 06:27:37 +00:00
kern_switch.c Implement basic KSE loaning. This stops a hread that is blocked in BOUND mode 2002-09-29 23:04:34 +00:00
kern_sx.c Set the lock type equal to the lock name for now as all of the current 2002-04-04 20:49:35 +00:00
kern_synch.c - Add a new per-process flag PS_XCPU to indicate that at least one thread 2002-09-30 21:13:54 +00:00
kern_syscalls.c - Lock down the ``module'' structure by adding an SX lock that is used by 2002-03-18 07:45:30 +00:00
kern_sysctl.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
kern_tc.c Do not employ timecounter hardware if our hz does not support their 2002-09-04 19:32:18 +00:00
kern_thread.c Implement basic KSE loaning. This stops a hread that is blocked in BOUND mode 2002-09-29 23:04:34 +00:00
kern_time.c Round up instead of towards 0 in clock_getres() so that a resolution of 2002-09-25 12:00:38 +00:00
kern_timeout.c Fix a format buglet. 2002-09-05 11:42:03 +00:00
kern_uuid.c Include <sys/systm.h> for the declarations of many things instead of 2002-08-22 12:47:22 +00:00
kern_xxx.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
ksched.c Completely redo thread states. 2002-09-11 08:13:56 +00:00
link_elf_obj.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
link_elf.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
linker_if.m Add the sysctl "kern.function_list", which currently exports all 2001-10-30 15:21:45 +00:00
Make.tags.inc Don't hardcode /sys when making tags, instead use ${.CURDIR}/.. this 2002-02-27 10:07:15 +00:00
Makefile Don't generate <sys/syscalls-hide.h> it has never had any users anywhere in 2001-10-13 09:17:49 +00:00
makesyscalls.sh Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
md4c.c
md5c.c Bring sys/kern/md5c.c in sync with the userland version. 2002-06-24 14:15:25 +00:00
p1003_1b.c Change p_can{debug,see,sched,signal}()'s first argument to be a thread 2002-05-19 00:14:50 +00:00
posix4_mib.c Add the rest of the kernel support for the sem_ API in kern/uipc_sem.c. 2002-09-19 00:43:32 +00:00
subr_acl_posix1e.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
subr_autoconf.c Remove __P. 2002-03-19 21:25:46 +00:00
subr_blist.c Now that daddr_t has grown up, use %lld to printf it and cast it to long 2002-05-18 23:46:04 +00:00
subr_bus.c Move includ of <sys/bus_priate.h> later to get semantic identity of 2002-09-28 21:38:35 +00:00
subr_clist.c Remove __P. 2002-03-19 21:25:46 +00:00
subr_clock.c Use the CPU_* OID constants instead of OID_AUTO for the clock-related 2002-08-07 19:43:54 +00:00
subr_devstat.c GC: BIO_ORDERED, various infrastructure dealing with BIO_ORDERED. 2002-02-22 09:26:35 +00:00
subr_disk.c (This commit touches about 15 disk device drivers in a very consistent 2002-09-20 19:36:05 +00:00
subr_disklabel.c (This commit touches about 15 disk device drivers in a very consistent 2002-09-20 19:36:05 +00:00
subr_diskmbr.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
subr_diskslice.c Remove unused variable. 2002-09-20 09:33:30 +00:00
subr_eventhandler.c Wrap a line longer than 80 characters. 2002-07-19 17:44:44 +00:00
subr_hints.c Cosmetic tweaks. Try and keep the style more consistent, catch some stray 2002-05-01 02:51:50 +00:00
subr_kobj.c Convert hit and miss counters to unsigned values. Surely negative values 2002-06-10 22:40:26 +00:00
subr_log.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_mbuf.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
subr_mchain.c Move m_fixhdr() from "mbchain" to "mbuf" where it belongs. 2002-09-18 13:41:37 +00:00
subr_module.c
subr_param.c Change hw.physmem and hw.usermem to unsigned long like they used to be 2002-08-30 04:04:37 +00:00
subr_pcpu.c Add a per-cpu variable, cpumask, the preshifted equivalent of 1 << cpuid. 2002-01-05 09:35:50 +00:00
subr_power.c Use ISO 9X variadic macro format; arguments are not optional, just 2002-07-15 17:17:56 +00:00
subr_prf.c Change a return to a break so the local buffers get properly freeed. 2002-09-28 21:34:31 +00:00
subr_prof.c more caddr_t removal. 2002-06-29 02:00:02 +00:00
subr_rman.c Add debug.rman_debug sysctl MIB and loader tunable instead of broken 2002-09-05 11:45:02 +00:00
subr_rtc.c Use the CPU_* OID constants instead of OID_AUTO for the clock-related 2002-08-07 19:43:54 +00:00
subr_sbuf.c Add a cast to make this file compile in userland on sparc64 without 2002-09-16 18:45:18 +00:00
subr_scanf.c
subr_sigq.c Until I find a way to release arbitrary locks held when sending signals (there 2002-10-01 03:19:49 +00:00
subr_smp.c Completely redo thread states. 2002-09-11 08:13:56 +00:00
subr_taskqueue.c If we fail to write to a vnode during a ktrace write, then we drop all 2002-08-01 13:35:38 +00:00
subr_trap.c - Add a new per-process flag PS_XCPU to indicate that at least one thread 2002-09-30 21:13:54 +00:00
subr_turnstile.c uh, commit all of the patch 2002-09-29 23:28:58 +00:00
subr_witness.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
subr_xxx.c Here follows the new kernel dumping infrastructure. 2002-03-31 22:37:00 +00:00
sys_generic.c Be consistent about "static" functions: if the function is marked 2002-09-28 17:15:38 +00:00
sys_pipe.c Improve locking of pipe mutexes in the context of MAC: 2002-10-01 04:30:19 +00:00
sys_process.c Completely redo thread states. 2002-09-11 08:13:56 +00:00
sys_socket.c In continuation of early fileop credential changes, modify fo_ioctl() to 2002-08-17 02:36:16 +00:00
syscalls.c Regen. 2002-10-01 02:37:35 +00:00
syscalls.master Reserve system call numbers for the following system calls: 2002-10-01 02:35:59 +00:00
sysv_ipc.c Change the suser() API to take advantage of td_ucred as well as do a 2002-04-01 21:31:13 +00:00
sysv_msg.c Make SYSVMSG mpsafe. Right now there is a global lock over the 2002-08-13 08:00:36 +00:00
sysv_sem.c Make SYSVSEM mpsafe. Each semaphore set gets its own lock, however 2002-08-13 08:47:17 +00:00
sysv_shm.c return foo -> return (foo) 2002-08-15 02:10:12 +00:00
tty_compat.c Fixed some style bugs in the removal of __P(()). The main ones were 2002-03-24 05:09:11 +00:00
tty_conf.c KSE Milestone 2 2001-09-12 08:38:13 +00:00
tty_cons.c Remove new console devices with cnremove before initializing them in 2002-08-06 18:56:41 +00:00
tty_pty.c - Lock proctree_lock instead of pgrpsess_lock. 2002-04-16 17:09:22 +00:00
tty_subr.c Remove __P. 2002-03-19 21:25:46 +00:00
tty_tty.c Pass active_cred and file_cred into the MAC framework explicitly 2002-08-19 19:04:53 +00:00
tty.c First half of implementation of ksiginfo, signal queues, and such. This 2002-09-30 20:20:22 +00:00
uipc_accf.c
uipc_cow.c o Synchronize updates to struct vm_page::cow with the page queues lock. 2002-09-02 04:04:12 +00:00
uipc_domain.c Back out my lats commit of locking down a socket, it conflicts with hsu's work. 2002-05-31 11:52:35 +00:00
uipc_jumbo.c o Lock page queue accesses by vm_page_free(). 2002-07-21 19:06:46 +00:00
uipc_mbuf2.c In m_aux_delete, no need to chase beyond victim. 2002-05-23 15:59:48 +00:00
uipc_mbuf.c While well intentionned the check to see it there is a packet 2002-09-19 08:28:41 +00:00
uipc_proto.c
uipc_sem.c Bring in my implementation of kernel support for posix realtime semaphores 2002-09-18 22:47:42 +00:00
uipc_sockbuf.c Use m_length() instead of home-rolled versions. 2002-09-18 19:44:14 +00:00
uipc_socket2.c Use m_length() instead of home-rolled versions. 2002-09-18 19:44:14 +00:00
uipc_socket.c Make similar changes to fo_stat() and fo_poll() as made earlier to 2002-08-16 12:52:03 +00:00
uipc_syscalls.c accept(2) on a socket that has been shutdown(2) normally returns 2002-08-28 20:56:01 +00:00
uipc_usrreq.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:18:42 +00:00
vfs_acl.c Introduce support for Mandatory Access Control and extensible 2002-08-01 01:04:16 +00:00
vfs_aio.c Replace (ab)uses of "NULL" where "0" is really meant. 2002-08-22 21:24:01 +00:00
vfs_bio.c Remove unused includes. 2002-09-28 17:46:30 +00:00
vfs_cache.c Split up __getcwd so that kernel callers of the internal version 2002-09-02 22:40:30 +00:00
vfs_cluster.c - Use incore() where no other interlock locking is necessary. 2002-09-25 02:12:32 +00:00
vfs_default.c - Use the standard vp interlock macros. 2002-09-25 01:42:24 +00:00
vfs_export.c Partial backout of 1.318, remove error handling added because it may be 2002-06-30 05:23:58 +00:00
vfs_extattr.c - Properly lock v_vflags in getdirents(). 2002-09-25 02:13:38 +00:00
vfs_init.c We don't need to check the return value of malloc() against 2002-06-22 21:44:11 +00:00
vfs_lookup.c - Replace v_flag with v_iflag and v_vflag 2002-08-04 10:29:36 +00:00
vfs_mount.c - Don't protect mountedhere with the vn interlock. 2002-09-25 01:44:21 +00:00
vfs_subr.c Move vnode MAC label initialization to after the release of the vnode 2002-09-30 20:51:48 +00:00
vfs_syscalls.c - Properly lock v_vflags in getdirents(). 2002-09-25 02:13:38 +00:00
vfs_vnops.c Under DIAGNOSTIC, complain if ENOIOCTL leaks out through VOP_IOCTL(). 2002-09-26 21:21:13 +00:00
vnode_if.src - We don't need any automated lock checking for vop_islocked. 2002-09-26 00:31:16 +00:00