Commit Graph

124 Commits

Author SHA1 Message Date
rwatson
6a5eb15d6e o Make kqueue's filt_procattach() function use the error value returned
by p_can(...P_CAN_SEE), rather than returning EACCES directly.  This
  brings the error code used here into line with similar arrangements
  elsewhere, and prevents the leakage of pid usage information.

Reviewed by:	jlemon
Obtained from:	TrustedBSD Project
2001-04-12 21:32:02 +00:00
jlemon
6636914a20 Add an EV_SET() convenience macro for initializing struct kevent prior
to the call to kevent().

Update the copyright notices as well.
2001-02-24 01:44:03 +00:00
jlemon
c8eae3449f Fix typo in comment (knode -> knote). 2001-02-23 20:32:42 +00:00
jlemon
11781a7431 Extend kqueue down to the device layer.
Backwards compatible approach suggested by: peter
2001-02-15 16:34:11 +00:00
jhb
7c01c0a2c2 Proc locking. 2001-01-24 00:35:12 +00:00
wollman
70c88bb8da select() DKI is now in <sys/selinfo.h>. 2001-01-09 04:33:49 +00:00
dwmalone
dd75d1d73b Convert more malloc+bzero to malloc+M_ZERO.
Submitted by:	josh@zipperup.org
Submitted by:	Robert Drehmel <robd@gmx.net>
2000-12-08 21:51:06 +00:00
dillon
15a44d16ca This patchset fixes a large number of file descriptor race conditions.
Pre-rfork code assumed inherent locking of a process's file descriptor
    array.  However, with the advent of rfork() the file descriptor table
    could be shared between processes.  This patch closes over a dozen
    serious race conditions related to one thread manipulating the table
    (e.g. closing or dup()ing a descriptor) while another is blocked in
    an open(), close(), fcntl(), read(), write(), etc...

PR: kern/11629
Discussed with: Alexander Viro <viro@math.psu.edu>
2000-11-18 21:01:04 +00:00
rwatson
3dc6d2b9ea o Centralize inter-process access control, introducing:
int p_can(p1, p2, operation, privused)

  which allows specification of subject process, object process,
  inter-process operation, and an optional call-by-reference privused
  flag, allowing the caller to determine if privilege was required
  for the call to succeed.  This allows jail, kern.ps_showallprocs and
  regular credential-based interaction checks to occur in one block of
  code.  Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL,
  and P_CAN_DEBUG.  p_can currently breaks out as a wrapper to a
  series of static function checks in kern_prot, which should not
  be invoked directly.

o Commented out capabilities entries are included for some checks.

o Update most inter-process authorization to make use of p_can() instead
  of manual checks, PRISON_CHECK(), P_TRESPASS(), and
  kern.ps_showallprocs.

o Modify suser{,_xxx} to use const arguments, as it no longer modifies
  process flags due to the disabling of ASU.

o Modify some checks/errors in procfs so that ENOENT is returned instead
  of ESRCH, further improving concealment of processes that should not
  be visible to other processes.  Also introduce new access checks to
  improve hiding of processes for procfs_lookup(), procfs_getattr(),
  procfs_readdir().  Correct a bug reported by bp concerning not
  handling the CREATE case in procfs_lookup().  Remove volatile flag in
  procfs that caused apparently spurious qualifier warnigns (approved by
  bde).

o Add comment noting that ktrace() has not been updated, as its access
  control checks are different from ptrace(), whereas they should
  probably be the same.  Further discussion should happen on this topic.

Reviewed by:	bde, green, phk, freebsd-security, others
Approved by:	bde
Obtained from:	TrustedBSD Project
2000-08-30 04:49:09 +00:00
jlemon
8713fbd9e3 Fix bug with timeout; previously, when attempting to poll the kqueue by
passing a zero-valued timeout, the code would always sleep for one tick.
Change code to avoid calling tsleep if we have no intention of sleeping.

Bring in bugfix from sys_select.c, r1.60 which also applies here.

Modify error handling slightly; passing in an invalid fd will now result
in EBADF returned in the eventlist, while an attempt to change a knote
which does not exist will result in ENOENT being returned.  Previously
such attempts would fail silently without notification.

Pointed out by: nicolas.leonard@animaths.com
	        Rick Reed (rr@yahoo-inc.com)
2000-08-07 16:45:42 +00:00
jlemon
08a68c236b Back out rev 1.12; its not clear that this is the right thing to do,
and in any event, it wasn't done correctly in the first place.
2000-08-01 04:27:50 +00:00
peter
203d398e48 Fix warnings - make kevent args in comment match those in syscalls.master.
Deal with consts.
2000-07-28 22:32:25 +00:00
jlemon
a794883a96 Have kevent() automatically restart if interrupted by a signal. If this
is not desired, then the user can register an EV_SIGNAL filter to
explicitly catch a signal event.

Change requested by: jayanth, ps, peter
		     "Why is kevent non-restartable after a signal?"
2000-07-27 23:06:14 +00:00
jlemon
f793ebc479 Fix a bug which would cause some knotes to get lost when two kqueues
were being used in a process at the same time.

Test case provided by:  Chris Peiffer <peifferc@CS.Stanford.EDU>
2000-07-18 21:41:47 +00:00
jlemon
7171047204 Simplify kqueue API slightly.
Discussed on:	-arch
2000-07-18 19:31:52 +00:00
chris
ea6c5e61ca Report a file type (S_IFIFO) in kqueue_stat(). 2000-06-28 19:16:27 +00:00
jlemon
e9628093bd Add code so that the udata field is preserved across a TRACK event.
When re-adding an event, do not reset the event state.  If the event was
pending, it will remain pending.  This allows the user to change the udata
field after the event was registered, while not losing any events which
have already occurred.

Reported by:   jmg
2000-06-22 18:39:31 +00:00
jlemon
a1f73470ca malloc(..., M_WAITOK) will not return NULL, so remove the error
handling for this case (which was slightly broken anyway)

Fix up some whitespace problems while I'm here too.

Submitted by:  alfred   (in a slightly different form)
2000-06-10 01:51:18 +00:00
jake
961b97d434 Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
jake
d93fbc9916 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
green
5c6432f1d5 Back out NOTE_EXIT status reporting pending discussion. 2000-05-21 16:27:41 +00:00
green
b987a44176 Put the wait(2) exit status in "data" for NOTE_EXIT kevents. 2000-05-17 01:16:11 +00:00
jlemon
4dae89bb37 Fix one bug where the kn_head list could be manipulated without
spl() protection in the case of a copyout error.

Add missing spl calls around the intial activation call that is
done when when the kevent is added.

Add two KASSERT macros to help catch errors in the future.
2000-05-04 20:19:17 +00:00
jlemon
d85bc582cf Add files that I forgot to `cvs add' on last commit. 2000-04-16 19:02:08 +00:00