Commit Graph

439 Commits

Author SHA1 Message Date
ed
2521297ed1 Remove unneeded call to revoke() inside openpty().
As discussed on the commits list, there is no need to call revoke()
inside openpty(). On RELENG_6 and RELENG_7 unlockpt() will call
revoke(). On HEAD we create pseudo-terminals on demand, so there is no
need to revoke the slave device node.

This change should never be MFC'd, because the implementation we have in
RELENG_6 and RELENG_7 should work flawlessly with older versions of
libc.

Discussed with:	jhb
MFC after:	never
2008-10-28 06:00:13 +00:00
des
526ffc2acc Diff reduction against Varnish, including one important fix: use a shared
lock if the file is opened with O_RDONLY.
2008-10-20 18:11:30 +00:00
des
fd059e9b04 Reimplement flopen(3) using fcntl(2) locks instead of flock(2) locks. 2008-10-20 18:02:16 +00:00
des
9a22db9431 pidfile(3) uses flopen(3) - don't make any assumptions about how the
latter is implemented.
2008-10-20 18:00:11 +00:00
des
fef0e9dfaf There is no point in releasing a lock on a file which we've unlinked and
are about to close, so don't.  As a bonus, pidfile_remove(3) will now
work with an fcntl(2)-based flopen(3).
2008-10-20 17:41:08 +00:00
des
a7d94abf21 Since in_lt() and in_lts() are not static, assume that they are intended to
be part of the public API.  Accordingly, add prototypes and document them.
2008-10-20 17:17:58 +00:00
des
afd6f1dcd0 Additional style and whitespace fixes. 2008-10-20 17:09:50 +00:00
des
9dcafcf0a3 Style and whitespace 2008-10-20 17:07:50 +00:00
des
214f29e32b Unbreak 2008-10-20 17:04:57 +00:00
des
767e2b5352 Since setclasscpumask() is not static, assume that it is intended to be
part of the public API.  Accordingly, add a prototype and document it.
2008-10-20 17:03:05 +00:00
des
70afe705b8 Style and whitespace. 2008-10-20 16:54:53 +00:00
des
ab560b6812 Parenthesize return values. 2008-10-20 16:51:43 +00:00
des
acbcfa5fb2 include and whitespace cleanup. 2008-10-20 16:48:18 +00:00
delphij
767e2acdc7 Use strlcpy() when we mean it. 2008-10-17 21:21:14 +00:00
ed
7ccb72cce6 Small cleanups to openpty().
- Pass O_NOCTTY to posix_openpt(2). This makes the implementation work
  consistently on implementations that make the PTY the controlling TTY
  by default.

- Call unlockpt() before opening the slave device. POSIX mentions that
  de slave device should only be opened after grantpt() and unlockpt()
  have been called.

- Replace some redundant code by a label.

In theory we could remove a lot of code from openpty() on FreeBSD
-CURRENT, because grantpt(), unlockpt() and revoke() are not needed in
our implementation. We'd better keep them there. This makes the code
still work with older FreeBSD releases and even makes it work on other
non-BSD operating systems.

I've compiled openpty() on Linux. You only need to remove the revoke()
call, because revoke() on Linux always returns -1. Apart from that, it
seems to work like it should.

Reviewed by:	jhb
2008-10-03 09:42:50 +00:00
ed
cc3116a938 Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
brooks
8330af909c Add support for a new login capability, cpumask which allows login
sessions to be pinned to cpus by login class.
2008-07-25 19:58:14 +00:00
kib
daac7ea939 Add #include <inttypes.h> for the strtoimax().
Submitted by:	Jilles Tjoelker <jilles stack nl>
MFC after:	3 days
2008-07-07 12:20:34 +00:00
jhb
b3f9efd84f Merge hexdump(9) to userland as hexdump(3) in libutil. I'm tired of doing
this by hand in userland utilities.

MFC after:	1 month
2008-07-01 22:30:57 +00:00
scf
cab3742f10 Add four utility functions related to struct grp processing modeled in-part
after similar calls related to struct pwd in libutil/pw_util.c:
  - gr_equal()
    Perform a deep comparison of two struct grp's.  It does a thorough, yet
    unoptimized comparison of all the members regardless of order.

  - gr_make()
    Create a string (see group(5)) from a struct grp.

  - gr_dup()
    Duplicate a struct grp.  Returns a value that is a single contiguous
    block of memory.

  - gr_scan()
    Create a struct grp from a string (as produced by gr_make()).

MFC after:	3 weeks
2008-04-23 00:49:13 +00:00
antoine
ea3f3b4bc0 Merge changes from NetBSD on humanize_number.c, 1.8 -> 1.13
Significant changes:
- rev. 1.11: Use PRId64 instead of a cast to long long and %lld to print
an int64_t.
- rev. 1.12: Fix a bug that humanize_number() produces "1000" where it
should be "1.0G" or "1.0M".  The bug reported by Greg Troxel.

PR:		118461
PR:		102694
Approved by:	rwatson (mentor)
Obtained from:	NetBSD
MFC after:	1 month
2008-03-08 21:55:59 +00:00
jhb
c02890da0b Put back the openpty(3) and ptsname(3) fixes but don't disable ptsname(3)
on pts(4) devices this time.  This fixes the issues while leaving pts(4)
enabled on HEAD.
2008-01-15 15:36:23 +00:00
cperciva
2f49f42d98 Back out last commit, since it accidentally broke pts.
The security fix will be re-committed soon, hopefully without breaking
anything.
2008-01-15 13:59:13 +00:00
jhb
db1781cf23 Update the manpage for openpty(3) to account for the recent fixes.
Specifically, remove the BUGS section and note that openpty(3) now always
does the various security-related steps.  Also, update the error return
value section.  The PR below is for the original bug rather than the doc
updates.

MFC after:	1 week
PR:		bin/9770
2008-01-14 23:49:56 +00:00
cperciva
533f13b8b2 Fix issues which allow snooping on ptys. [08:01]
Fix an off-by-one error in inet_network(3). [08:02]

Security: FreeBSD-SA-08:01.pty
Security: FreeBSD-SA-08:02.libc
2008-01-14 22:56:05 +00:00
jhb
03594bb79f Invoke revoke(2) on the slave pty in the pts(4) case (new_openpty()) to
kick off any other users on the device line before using it since
openpty(3) is documented to do this.  Note that grantpt(3) does not
call revoke(2), it only adjusts permissions and ownership.

MFC after:	3 days
2007-12-20 21:10:06 +00:00
jhb
3c82b6a5c7 Bump up the number of ttys supported by pty(4) to 512 by making use of
[pt]ty[lmnoLMNO][0-9a-v].

MFC after:	3 days
Reviewed by:	rwatson
2007-11-19 20:49:42 +00:00
jb
1897d44373 Constify the first argument to expand_number() so that it can
be called with a const without the compiler grisling.
2007-11-18 02:20:02 +00:00
simon
15a00681b7 Minor mdoc cleanup: Every sentence should start on its own line. 2007-10-13 11:09:45 +00:00
kib
6a0967dff6 When pidfile is already locked and has zero length, do not return
success and zero pid from pidfile_read(). Return EAGAIN instead. Sleep
up to three times for 5 ms while waiting for pidfile to be written.

mount(8) does the kill(mountpid, SIGHUP). If mountd pidfile is truncated,
that would result in the SIGHUP delivered to the mount' process group
instead of the mountd.

Found and analyzed by:	Peter Holm
Tested by:	Peter Holm, kris
Reviewed by:	pjd
MFC after:	1 week
2007-10-12 10:38:05 +00:00
obrien
4657f1f225 Adjust history.
Approved by:	re(ken)
2007-09-28 15:31:44 +00:00
pjd
cdecabb273 - Fix strange for loop.
Reported by:	phk

- While here, check the unit before calculating the actually number.
  This way we can return EINVAL for invalid unit instead of ERANGE.

Approved by:	re (kensmith)
2007-09-05 14:27:13 +00:00
pjd
7002fe2c1f Point expand_number(3) at humanize_number(3) and nive versa.
Suggested by:	trhodes
Approved by:	re (kensmith)
2007-09-05 14:25:16 +00:00
pjd
cc12b6df61 Implement expand_number(3), which is the opposite of humanize_number(3), ie.
a number in human-readable form is converted to int64_t, for example:
123b -> 123
10k -> 10240
16G -> 17179869184

First version submitted by:	Eric Anderson <anderson@freebsd.org>
Approved by:	re (bmah)
2007-09-01 06:19:11 +00:00
des
28682dd29a Back out previous commit until I figure out why my regression test fails.
Approved by:	re (kensmith)
2007-08-03 09:20:28 +00:00
des
3cfbe77a3e Use fcntl(2)-style locks instead of less-portable flock(2)-style locks.
Approved by:	re (kensmith)
2007-08-03 06:32:45 +00:00
yar
31192e1f32 Document the quirks of ~/.login_conf and LOGIN_MECLASS. 2007-06-14 09:33:37 +00:00
yar
aece401e56 Improve mdoc(7) markup. 2007-06-14 07:31:59 +00:00
yar
9790f8d691 Update some comments, mostly regarding LOGIN_MECLASS and ~/.login_conf. 2007-06-14 06:42:49 +00:00
des
7e2e8064f7 Nit: avoid shadowing truncate(2) with a local variable. 2007-05-23 12:09:33 +00:00
des
aac7a2ca82 Fix stupid braino in previous commit. 2007-05-23 10:06:03 +00:00
des
253a9fb8b6 If (flags & O_TRUNC), don't truncate the file until we've successfully
locked it.

MFC after:	3 weeks
2007-05-23 08:12:34 +00:00
deischen
ff36458e08 Bump library versions in preparation for 7.0.
Ok'd by:	kan
2007-05-21 02:49:08 +00:00
des
719c87d1ee strlcpy() may be faster than snprintf(), but it is less portable, and this
is not performance critical code anyway.  Also, avoid using strlen() to
obtain information which we already have.

MFC after:	3 weeks
2007-05-11 11:10:05 +00:00
des
4503779c68 Fix typo.
Submitted by:	Bård Skaflestad <bardsk@math.ntnu.no>
2007-05-10 18:15:30 +00:00
des
ced6c23397 Well gag me with a spoon... I'm so used to working at high WARNS levels
that I make stupid fundamental mistakes like this when I don't.
2007-05-10 15:01:42 +00:00
des
2c5ccfbba9 Remove superfluous unexpanded RCS tag. 2007-05-10 14:56:07 +00:00
des
82f6d6455d Use flopen(3).
MFC after:	3 weeks
2007-05-10 14:54:53 +00:00
des
50d71f5464 DTRT when O_NONBLOCK is specified.
MFC after:	3 weeks
2007-05-10 14:52:57 +00:00
des
5d25ea6b62 I'm tired of seeing this done incorrectly and non-portably, so add a
flopen(3) function which reliably opens and locks a file.

MFC after:	3 weeks
2007-05-10 14:43:31 +00:00