freebsd-nq/sys/kern
Christian S.J. Peron 68ff2a4397 Improve the MP safeness associated with the creation of symbolic
links and the execution of ELF binaries. Two problems were found:

1) The link path wasn't tagged as being MP safe and thus was not properly
   protected.
2) The ELF interpreter vnode wasnt being locked in namei(9) and thus was
   insufficiently protected.

This commit makes the following changes:

-Sets the MPSAFE flag in NDINIT for symbolic link paths
-Sets the MPSAFE flag in NDINIT and introduce a vfslocked variable which
 will be used to instruct VFS_UNLOCK_GIANT to unlock Giant if it has been
 picked up.
-Drop in an assertion into vfs_lookup which ensures that if the MPSAFE
 flag is NOT set, that we have picked up giant. If not panic (if WITNESS
 compiled into the kernel). This should help us find conditions where vnode
 operations are in-sufficiently protected.

This is a RELENG_6 candidate.

Discussed with:	jeff
MFC after:	4 days
2005-09-15 15:03:48 +00:00
..
bus_if.m /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
clock_if.m /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
cpufreq_if.m Introduce a new method, cpufreq_drv_type(), that returns the type of the 2005-02-18 00:23:36 +00:00
device_if.m /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
genassym.sh
imgact_aout.c - Neither of our image formats require Giant now that the vm and vfs have 2005-05-03 10:51:38 +00:00
imgact_elf32.c
imgact_elf64.c
imgact_elf.c Improve the MP safeness associated with the creation of symbolic 2005-09-15 15:03:48 +00:00
imgact_gzip.c - Change the vm_mmap() function to accept an objtype_t parameter specifying 2005-04-01 20:00:11 +00:00
imgact_shell.c Fix a panic which could occur parsing #!-lines in a shell-script. If the 2005-06-19 02:21:03 +00:00
inflate.c
init_main.c Fix system shutdown timeout handling by again supporting longer running 2005-09-15 13:16:07 +00:00
init_sysent.c Regen. 2005-07-08 15:06:58 +00:00
kern_acct.c When mac_check_system_acct() fails, make sure to unlock as well as close 2005-03-01 08:56:13 +00:00
kern_acl.c Convert the primary ACL allocator from malloc(9) to using a UMA zone instead. 2005-09-06 00:06:30 +00:00
kern_alq.c Modify the alq(9) alq_open() API to accept a file creation mode, rather 2005-04-16 12:12:27 +00:00
kern_clock.c Use SCTL_MASK32 to determine that the sysctl call is from a 32bit 2005-06-30 17:17:29 +00:00
kern_condvar.c Refine the turnstile and sleep queue interfaces just a bit: 2004-10-12 18:36:20 +00:00
kern_conf.c Retire unused dev_named() function. 2005-09-15 08:01:57 +00:00
kern_context.c
kern_cpu.c Break out the checks for duplicates and absolute settings being too high 2005-09-02 16:32:43 +00:00
kern_descrip.c Two minor optimizations of fdalloc(): 2005-08-26 11:16:39 +00:00
kern_environment.c Add bounds checking to the setenv part of the kernel environment. 2005-07-31 10:28:35 +00:00
kern_event.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
kern_exec.c MFP4: 2005-06-30 19:01:26 +00:00
kern_exit.c Add witness warnings to panic if a thread tries to exit while holding any 2005-09-02 20:20:01 +00:00
kern_fork.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
kern_idle.c Divorce critical sections from spinlocks. Critical sections as denoted by 2005-04-04 21:53:56 +00:00
kern_intr.c Simplify the storming logic and remove a variable as a result. 2005-06-20 19:32:23 +00:00
kern_jail.c Actually only protect mount-point if security.jail.enforce_statfs is set to 2. 2005-06-23 22:13:29 +00:00
kern_kse.c Add witness warnings to panic if a thread tries to exit while holding any 2005-09-02 20:20:01 +00:00
kern_kthread.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_ktr.c - Add curthread to the state that ktr is saving. The extra information is 2005-06-10 23:21:29 +00:00
kern_ktrace.c Close another information leak in ktrace(2): one was able to find active 2005-06-24 12:05:24 +00:00
kern_linker.c Fix panic when module is compiled in and it is loaded from loader.conf. 2005-05-28 23:20:05 +00:00
kern_lock.c Print out a warning and a backtrace if we try to unlock a lockmgr that 2005-09-02 15:56:01 +00:00
kern_lockf.c Print name of device instead of useless major/minor numbers. 2005-03-29 08:13:01 +00:00
kern_mac.c Bump the module versions of the MAC Framework and MAC policy modules 2005-07-14 10:46:03 +00:00
kern_malloc.c Long overdue, keep up with mbuf.h,v 1.148. 2005-08-02 20:03:23 +00:00
kern_mbuf.c Define four constants, MBUF_{,MEM,CLUSTER,PACKET,TAG}_MEM_NAME, which 2005-07-17 14:04:03 +00:00
kern_mib.c mp_ncpus is always (properly) initialized, even on UP kernels, so just use it. 2005-08-21 18:03:31 +00:00
kern_module.c Swap the arguments for CP so we copy the correct source and 2005-02-18 22:14:40 +00:00
kern_mtxpool.c Make a bunch of malloc types static. 2005-02-10 12:02:37 +00:00
kern_mutex.c - Add an assertion to panic if one tries to call mtx_trylock() on a spin 2005-09-02 20:21:49 +00:00
kern_ntptime.c Explicitly acquire Giant around the ntp_gettime() and assert it in the 2005-05-28 14:34:41 +00:00
kern_physio.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_pmc.c Fail the module loading process if the currently executing kernel 2005-07-30 09:02:42 +00:00
kern_poll.c Document flags of a pollrec. 2005-09-06 11:09:18 +00:00
kern_proc.c Add a sysctl that returns the full path of a process' text file. 2005-04-18 02:10:37 +00:00
kern_prot.c Introduce p_canwait() and MAC Framework and MAC Policy entry points 2005-04-18 13:36:57 +00:00
kern_resource.c Giant is no longer required in kern_setrlimit(); remove its acquisition and 2005-06-01 17:52:51 +00:00
kern_sema.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_shutdown.c Add a new struct buf flag bit, B_PERSISTENT, and use it to tag 2005-09-08 06:30:05 +00:00
kern_sig.c Fix a bug relavant to debugging, a masked signal unexpectedly interrupts 2005-06-06 05:13:10 +00:00
kern_subr.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_switch.c In adjustrunqueue(), add code to handle thread migrating case for 2005-08-03 01:23:45 +00:00
kern_sx.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_synch.c Use low level constructs borrowed from interrupt threads to wait for 2005-05-23 23:01:53 +00:00
kern_syscalls.c Do a pass over all modules in the kernel and make them return EOPNOTSUPP 2004-07-15 08:26:07 +00:00
kern_sysctl.c Drop in a WITNESS_WARN into SYSCTL_IN to make sure that we are 2005-08-08 21:06:42 +00:00
kern_tc.c Forward declaring static variables as extern is invalid ISO-C. Now that 2005-09-07 10:06:14 +00:00
kern_thr.c Validate if the value written into {FS,GS}.base is a canonical 2005-07-10 23:31:11 +00:00
kern_thread.c Remove sleep queue hack, it is no longer needed with current sleep queue. 2005-05-27 04:27:22 +00:00
kern_time.c Implement kern_adjtime(), kern_readv(), kern_sched_rr_get_interval(), 2005-03-31 22:51:18 +00:00
kern_timeout.c Make callout_reset() return a non-zero value if a pending callout 2005-09-08 14:20:39 +00:00
kern_umtx.c Allocate umtx_q from heap instead of stack, this avoids 2005-03-05 09:15:03 +00:00
kern_uuid.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
kern_xxx.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
ksched.c /* -> /*- for license, minor formatting changes 2005-01-07 02:29:27 +00:00
link_elf_obj.c Handle vm_map_wire()'s failure. 2005-08-28 05:38:40 +00:00
link_elf.c Correctly handle vm_map_wire()'s failure. (See also revisions 1.81 and 2005-08-28 04:50:11 +00:00
linker_if.m /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
Make.tags.inc
Makefile Add a 'sysent' target that depends on the various files built from 2005-07-13 20:50:17 +00:00
makesyscalls.sh Introduce a new field in the syscalls.master file format to hold the 2005-05-30 15:09:18 +00:00
md4c.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
md5c.c MD5Pad() should never have been exposed. 2005-02-10 12:20:42 +00:00
p1003_1b.c Actually commit the code for kern_sched_get_rr_interval(). 2005-03-31 22:54:48 +00:00
posix4_mib.c Back when VOP_* was introduced, we did not have new-style struct 2004-12-01 23:16:38 +00:00
sched_4bsd.c Move HWPMC_HOOKS into its own opt_hwpmc_hooks.h file. It doesn't merit 2005-06-24 00:16:57 +00:00
sched_ule.c Move up code for testing KEF_HOLD to avoid ke_cpu being changed unexpectly 2005-08-19 11:51:41 +00:00
subr_acl_posix1e.c Convert the primary ACL allocator from malloc(9) to using a UMA zone instead. 2005-09-06 00:06:30 +00:00
subr_autoconf.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_blist.c Move the definitions of SWAPBLK_NONE and SWAPBLK_MASK from vm_page.h to 2004-06-04 04:03:26 +00:00
subr_bus.c Simplify the code a bit after the bzero(). 2005-06-09 05:50:01 +00:00
subr_clist.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_clock.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_devstat.c - Remove two mtx_asserts that can incorrectly trigger if 2005-05-03 10:58:05 +00:00
subr_disk.c - Fix insertions of bios which represent data earlier than anything else 2005-06-15 23:32:07 +00:00
subr_eventhandler.c eliminate potential null deref 2005-02-23 19:32:29 +00:00
subr_hints.c The resource_xxx routines in subr_hints.c are called before and after the 2005-07-31 10:46:55 +00:00
subr_kdb.c Move the KDB_STOP_NMI option from opt_global.h to opt_kdb.h 2005-06-29 23:23:16 +00:00
subr_kobj.c Export a routine, kobj_machdep_init(), that allows platforms 2005-08-07 02:20:35 +00:00
subr_log.c Use dynamic major number allocation. 2005-02-27 22:02:03 +00:00
subr_mbpool.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_mchain.c Change API of mb_copy_t in libmchain so that netsmb can handle 2005-07-29 13:22:37 +00:00
subr_module.c
subr_msgbuf.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_param.c Increase default HZ for sparc64 to 1000. 2005-04-16 15:07:41 +00:00
subr_pcpu.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_power.c
subr_prf.c When padding with zero, do pad after prefixes rather than padding 2005-09-04 18:03:45 +00:00
subr_prof.c netchild's mega-patch to isolate compiler dependencies into a central 2005-03-02 21:33:29 +00:00
subr_rman.c If we are going to 2005-05-06 02:50:00 +00:00
subr_rtc.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
subr_sbuf.c Make a bunch of malloc types static. 2005-02-10 12:02:37 +00:00
subr_scanf.c Remove advertising clause from University of California Regent's license, 2004-04-05 21:03:37 +00:00
subr_sleepqueue.c Remove thread_upcall_check, it was used to avoid race bug in earlier 2005-05-27 15:57:27 +00:00
subr_smp.c Second part of commit for moving KDB_STOP_NMI from opt_global.h to 2005-06-30 03:38:10 +00:00
subr_stack.c Add 'depth' argument to CTRSTACK() macro, which allows to reduce number 2005-08-29 11:34:08 +00:00
subr_taskqueue.c o enable shutdown of taskqueue threads; the thread servicing the queue checks 2005-05-01 00:38:11 +00:00
subr_trap.c - Rev 1.83 of kern_lock.c fixes the td_locks assert, reenable it here. 2005-03-28 12:52:46 +00:00
subr_turnstile.c Make a bunch of malloc types static. 2005-02-10 12:02:37 +00:00
subr_unit.c Remove debugging printfs. 2005-03-14 06:51:29 +00:00
subr_witness.c Relocate witness_levelall(), witness_leveldescendents(), and 2005-09-11 07:57:06 +00:00
sys_generic.c - Add two new system calls: preadv() and pwritev() which are like readv() 2005-07-07 18:17:55 +00:00
sys_pipe.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
sys_process.c Fix a LOR between sched_lock and sleep queue lock. 2005-08-19 13:35:34 +00:00
sys_socket.c Introduce three additional MAC Framework and MAC Policy entry points to 2005-04-16 18:46:29 +00:00
syscalls.c Regen. 2005-07-08 15:06:58 +00:00
syscalls.master Mark second instance of lchown() MP safe just like the first. 2005-07-08 15:01:13 +00:00
sysv_ipc.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
sysv_msg.c Add much needed descriptions for a number of the IPC related sysctl OIDs. 2005-02-12 01:22:39 +00:00
sysv_sem.c Gratuitous renaming of four System V Semaphore MAC Framework entry 2005-06-07 05:03:28 +00:00
sysv_shm.c Change the data type of the upper shared memory limits from a signed 2005-08-06 07:20:18 +00:00
tty_compat.c Put the pre FreeBSD-2.x tty compat code under BURN_BRIDGES. 2004-06-21 22:57:16 +00:00
tty_conf.c Preparation commit for the tty cleanups that will follow in the near 2004-07-15 20:47:41 +00:00
tty_cons.c Use dynamic major number allocation for /dev/console, there is no 2005-02-27 21:52:42 +00:00
tty_pty.c Merge the dev_clone and dev_clone_cred event handlers into a single 2005-08-08 19:55:32 +00:00
tty_subr.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
tty_tty.c Merge the dev_clone and dev_clone_cred event handlers into a single 2005-08-08 19:55:32 +00:00
tty.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
uipc_accf.c o setsockopt(2) cannot remove accept filter. [1] 2005-06-11 11:59:48 +00:00
uipc_cow.c Allow sends sent from non page-aligned userspace addresses to be 2005-06-05 17:13:23 +00:00
uipc_domain.c /* -> /*- for copyright notices, minor format tweaks as necessary 2005-01-06 23:35:40 +00:00
uipc_mbuf2.c Define four constants, MBUF_{,MEM,CLUSTER,PACKET,TAG}_MEM_NAME, which 2005-07-17 14:04:03 +00:00
uipc_mbuf.c Changes and cleanups to m_sanity(): 2005-08-30 21:31:42 +00:00
uipc_proto.c Remove advertising clause from University of California Regent's license, 2004-04-05 21:03:37 +00:00
uipc_sem.c In sem_forkhook(), don't attempt to generate a copy of the process semaphore 2005-06-08 07:29:22 +00:00
uipc_sockbuf.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
uipc_socket2.c Fix the recent panics/LORs/hangs created by my kqueue commit by: 2005-07-01 16:28:32 +00:00
uipc_socket.c Backout rev. 1.246, it breaks code uses shutdown(2) on non-connected 2005-09-15 13:18:05 +00:00
uipc_syscalls.c Add MAC Framework and MAC policy entry point mac_check_socket_create(), 2005-07-05 22:49:10 +00:00
uipc_usrreq.c Fix two issues which were missed in FreeBSD-SA-05:08.kmem. 2005-05-07 00:41:36 +00:00
vfs_acl.c Convert the primary ACL allocator from malloc(9) to using a UMA zone instead. 2005-09-06 00:06:30 +00:00
vfs_aio.c Eliminate inconsistency in the setting of the B_DONE flag. Specifically, 2005-07-20 19:06:06 +00:00
vfs_bio.c - Use lockmgr_printinfo rather than rolling our own. This introduces a 2005-08-03 05:02:08 +00:00
vfs_cache.c - Fix a leaked reference to a vnode via v_dd. We rely on cache_purge() and 2005-06-17 01:05:13 +00:00
vfs_cluster.c Do not use vm_pager_init() to initialize vnode_pbuf_freecnt variable. 2005-08-13 20:21:33 +00:00
vfs_default.c In vop_stdpathconf(ap) also default for _PC_NAME_MAX and _PC_PATH_MAX. 2005-08-17 06:59:23 +00:00
vfs_export.c Handle theoretical case of vfs_export being called with both MNT_DELEXPORT and 2005-05-11 18:25:42 +00:00
vfs_extattr.c Improve the MP safeness associated with the creation of symbolic 2005-09-15 15:03:48 +00:00
vfs_hash.c Don't retry when vget() returns ENOENT in the nonblocking case due to the 2005-09-12 01:48:57 +00:00
vfs_init.c Remove VFS_START(). Its original purpose involved the mfs filesystem, 2005-02-20 23:02:20 +00:00
vfs_lookup.c Improve the MP safeness associated with the creation of symbolic 2005-09-15 15:03:48 +00:00
vfs_mount.c Don't unbusy the devfs mount in vfs_mountroot_try() as it gets accessed 2005-09-02 13:37:54 +00:00
vfs_subr.c In vfs_kqfilter(), return EINVAL instead of 1 (EPERM) when an unsupported 2005-09-12 19:22:37 +00:00
vfs_syscalls.c Improve the MP safeness associated with the creation of symbolic 2005-09-15 15:03:48 +00:00
vfs_vnops.c - Replace the series of DEBUG_LOCKS hacks which tried to save the vn_lock 2005-08-03 04:48:22 +00:00
vnode_if.src Allow EVFILT_VNODE events to work on every filesystem type, not just 2005-06-09 20:20:31 +00:00