Commit Graph

25277 Commits

Author SHA1 Message Date
KATO Takenori
1a476993b0 Merged from sys/i386/isa/npx.c revision 1.95. 2001-04-16 09:15:40 +00:00
KATO Takenori
0af2322303 Merged from sys/conf/options.i386 revision 1.148. 2001-04-16 09:13:51 +00:00
David E. O'Brien
c5e70d92ce Turn on kernel debugging support (DDB, INVARIANTS, INVARIANT_SUPPORT, WITNESS)
by default while SMPng is still being developed.

Submitted by:	jhb
2001-04-15 19:37:28 +00:00
Alfred Perlstein
cc64b484dd use TAILQ_FOREACH, fix a comment's location 2001-04-15 10:22:04 +00:00
Brian Somers
56700d4634 Call strlen() once instead of twice. 2001-04-14 21:33:58 +00:00
Mark Murray
b4edbce08c Back out wrapping the asm ... ; bits in #ifndef lint macros. There
are some good reasons for not doing this, even if the linting of
the code breaks.

1) If lint were ever to understand the stuff inside the macros,
   that would break the checks.

2) There are ways to use __GNUC__ to exclude overly specific
   code.

3) (Not yet practical) Lint(1) needs to properlyu understand
   all of te code we actually run.

Complained about by:	bde
Education by:		jake, jhb, eivind
2001-04-14 20:42:04 +00:00
Søren Schmidt
cffeef75e7 The VIA 586 chip does UDMA from rev 0x3 onwards.
MFC candidate!
2001-04-14 18:33:08 +00:00
Kirk McKusick
74046077a7 Update to describe use of mdconfig instead of deprecated vnconfig.
Submitted by:	Steve Ames <steve@virtual-voodoo.com>
2001-04-14 18:32:09 +00:00
Brian Somers
fa9a4c8a8d dgm now builds as a module 2001-04-14 15:36:45 +00:00
Brian Somers
b432115ffd New-busify and ansify.
I've cleaned up a bit of the formatting here, but it's still a long way
from style(9).
2001-04-14 15:32:16 +00:00
Kirk McKusick
1a6a661032 This checkin adds support in ufs/ffs for the FS_NEEDSFSCK flag.
It is described in ufs/ffs/fs.h as follows:

/*
 * Filesystem flags.
 *
 * Note that the FS_NEEDSFSCK flag is set and cleared only by the
 * fsck utility. It is set when background fsck finds an unexpected
 * inconsistency which requires a traditional foreground fsck to be
 * run. Such inconsistencies should only be found after an uncorrectable
 * disk error. A foreground fsck will clear the FS_NEEDSFSCK flag when
 * it has successfully cleaned up the filesystem. The kernel uses this
 * flag to enforce that inconsistent filesystems be mounted read-only.
 */
#define FS_UNCLEAN    0x01	/* filesystem not clean at mount */
#define FS_DOSOFTDEP  0x02	/* filesystem using soft dependencies */
#define FS_NEEDSFSCK  0x04	/* filesystem needs sync fsck before mount */
2001-04-14 05:26:28 +00:00
Chris D. Faulhaber
9a227c5754 Add acl_get_perm_np(3), a non-portable function to check if a
permission is in a permission set, required for third-party
applications such as Samba.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2001-04-13 19:37:04 +00:00
Chris D. Faulhaber
94ef417e4b Add the remaining POSIX.1e ACL definitions:
ACL_UNDEFINED_TAG, ACL_UNDEFINED_ID, ACL_FIRST_ENTRY, ACL_NEXT_ENTRY

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2001-04-13 19:14:38 +00:00
John Baldwin
adccbaa77d People are still having problems with i586_* on UP machines and SMP
machines, so just hack it to disable them for now until it can be fixed.

Inspired by hair pulling of:	asmodai
2001-04-13 17:14:53 +00:00
Robert Watson
e9e7ff5b22 o Since uid checks in p_cansignal() are now identical between P_SUGID
and non-P_SUGID cases, simplify p_cansignal() logic so that the
  P_SUGID masking of possible signals is independent from uid checks,
  removing redundant code and generally improving readability.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-04-13 14:33:45 +00:00
Boris Popov
e59572b595 Add smbfs module. Currently it includes smbfs, netsmb and DES parts.
Kernel should be compiled with options LIBMCHAIN and LIBICONV.
2001-04-13 12:11:19 +00:00
Boris Popov
0fdabd3a45 Move VT_SMBFS definition to the proper place. Undefine VI_LOCK/VI_UNLOCK. 2001-04-13 11:26:54 +00:00
Alfred Perlstein
971dd34298 if/panic -> KASSERT 2001-04-13 11:15:40 +00:00
Boris Popov
de847dd07c All NETSMB* options should use opt_netsmb.h file (the joy of multiple repos). 2001-04-13 10:53:56 +00:00
Boris Popov
34ae6c7541 This file also depends on sys/types.h and sys/ioccom.h.
Remove some old junk.

Submitted by:	bde
2001-04-13 10:50:48 +00:00
Alfred Perlstein
2a758ebe58 protect pbufs and associated counts with a mutex 2001-04-13 10:23:32 +00:00
Alfred Perlstein
493607117e use %p for pointer printf, include sys/systm.h for printf proto 2001-04-13 10:22:14 +00:00
Alfred Perlstein
1375ed7eb7 convert if/panic -> KASSERT, explain what triggered the assertion 2001-04-13 10:15:53 +00:00
Mark Murray
c13d191de3 Make this more lint-friendly. This file seems to be invoked in just
about any .c file that includes a .h, and lint produces copious
whining because of the asm ...; stuff.
2001-04-13 09:46:54 +00:00
Murray Stokely
a4e6da691f Generate useful error messages. 2001-04-13 09:37:25 +00:00
Mark Murray
f0b60d7560 Handle a rare but fatal race invoked sometimes when SIGSTOP is
invoked.
2001-04-13 09:29:34 +00:00
John Baldwin
7a9aa5d372 - Add a comment at the start of the spin locks list.
- The alpha SMP code uses an "ap boot" spinlock as well.
2001-04-13 08:31:38 +00:00
Alfred Perlstein
7d26b6a450 Use a macro wrapper over printf along with KASSERT to reduce the amount
of code here.
2001-04-13 08:07:37 +00:00
Alfred Perlstein
7bbd138e2f Make SOMAXCONN a kernel option.
Submitted by: Terry Lambert <terry@lambert.org>
2001-04-13 03:50:37 +00:00
Robert Watson
44c3e09cdc o Disallow two "allow this" exceptions in p_cansignal() restricting
the ability of unprivileged processes to deliver arbitrary signals
  to daemons temporarily taking on unprivileged effective credentials
  when P_SUGID is not set on the target process:
  Removed:
     (p1->p_cred->cr_ruid != ps->p_cred->cr_uid)
     (p1->p_ucred->cr_uid != ps->p_cred->cr_uid)
o Replace two "allow this" exceptions in p_cansignal() restricting
  the ability of unprivileged processes to deliver arbitrary signals
  to daemons temporarily taking on unprivileged effective credentials
  when P_SUGID is set on the target process:
  Replaced:
     (p1->p_cred->p_ruid != p2->p_ucred->cr_uid)
     (p1->p_cred->cr_uid != p2->p_ucred->cr_uid)
  With:
     (p1->p_cred->p_ruid != p2->p_ucred->p_svuid)
     (p1->p_ucred->cr_uid != p2->p_ucred->p_svuid)
o These changes have the effect of making the uid-based handling of
  both P_SUGID and non-P_SUGID signal delivery consistent, following
  these four general cases:
     p1's ruid equals p2's ruid
     p1's euid equals p2's ruid
     p1's ruid equals p2's svuid
     p1's euid equals p2's svuid
  The P_SUGID and non-P_SUGID cases can now be largely collapsed,
  and I'll commit this in a few days if no immediate problems are
  encountered with this set of changes.
o These changes remove a number of warning cases identified by the
  proc_to_proc inter-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Submitted by:		src/tools/regression/security/proc_to_proc/testuid
Reviewed by:		tmm
Obtained from:	TrustedBSD Project
2001-04-13 03:06:22 +00:00
Robert Watson
0489082737 o Disable two "allow this" exceptions in p_cansched()m retricting the
ability of unprivileged processes to modify the scheduling properties
  of daemons temporarily taking on unprivileged effective credentials.
  These cases (p1->p_cred->p_ruid == p2->p_ucred->cr_uid) and
  (p1->p_ucred->cr_uid == p2->p_ucred->cr_uid), respectively permitting
  a subject process to influence the scheduling of a daemon if the subject
  process has the same real uid or effective uid as the daemon's effective
  uid.  This removes a number of the warning cases identified by the
  proc_to_proc iner-process authorization regression test.
o As these are new restrictions, we'll have to watch out carefully for
  possible side effects on running code: they seem reasonable to me,
  but it's possible this change might have to be backed out if problems
  are experienced.

Reported by:	src/tools/regression/security/proc_to_proc/testuid
Obtained from:	TrustedBSD Project
2001-04-12 22:46:07 +00:00
Alfred Perlstein
b28cb1ca07 remove truncated part from commment 2001-04-12 21:50:03 +00:00
Robert Watson
e386f9bda3 o Make kqueue's filt_procattach() function use the error value returned
by p_can(...P_CAN_SEE), rather than returning EACCES directly.  This
  brings the error code used here into line with similar arrangements
  elsewhere, and prevents the leakage of pid usage information.

Reviewed by:	jlemon
Obtained from:	TrustedBSD Project
2001-04-12 21:32:02 +00:00
Robert Watson
d34f8d3030 o Limit process information leakage by introducing a p_can(...P_CAN_SEE...)
in rtprio()'s RTP_LOOKIP implementation.

Obtained from:	TrustedBSD Project
2001-04-12 20:46:26 +00:00
Robert Watson
eb9e5c1d72 o Reduce information leakage into jails by adding invocations of
p_can(...P_CAN_SEE...) to getpgid(), getsid(), and setpgid(),
  blocking these operations on processes that should not be visible
  by the requesting process.  Required to reduce information leakage
  in MAC environments.

Obtained from:	TrustedBSD Project
2001-04-12 19:39:00 +00:00
KATO Takenori
4dfe1d3b64 Merged from options.i386 revision 1.147. 2001-04-12 12:28:42 +00:00
KATO Takenori
a3758914a0 Merged from files.i386 revisions 1.359 and 1.360. 2001-04-12 12:26:40 +00:00
Nick Hibma
1470e6aaeb Regen. 2001-04-12 11:08:59 +00:00
Nick Hibma
47a9ad6b89 TDK ids
Submitted by:	Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
2001-04-12 11:04:08 +00:00
Nick Hibma
426128e90b From NetBSD 2001-04-12 10:59:30 +00:00
Robert Watson
4c5eb9c397 o Replace p_cankill() with p_cansignal(), remove wrappage of p_can()
from signal authorization checking.
o p_cansignal() takes three arguments: subject process, object process,
  and signal number, unlike p_cankill(), which only took into account
  the processes and not the signal number, improving the abstraction
  such that CANSIGNAL() from kern_sig.c can now also be eliminated;
  previously CANSIGNAL() special-cased the handling of SIGCONT based
  on process session.  privused is now deprecated.
o The new p_cansignal() further limits the set of signals that may
  be delivered to processes with P_SUGID set, and restructures the
  access control check to allow it to be extended more easily.
o These changes take into account work done by the OpenBSD Project,
  as well as by Robert Watson and Thomas Moestl on the TrustedBSD
  Project.

Obtained from:  TrustedBSD Project
2001-04-12 02:38:08 +00:00
Warner Losh
a9304a4eb5 Fix minor typo in comment. 112x -> 12xx 2001-04-11 22:49:00 +00:00
Archie Cobbs
422c727634 Don't reference a node after we dropped a reference to it
(same as in previous checkin, but in a different function).
2001-04-11 22:04:47 +00:00
Boris Popov
cdcb16abd2 Pull constants from netsmb/smb.h. 2001-04-11 21:35:51 +00:00
Warner Losh
a17e1baffd Add IBM3765 to newcard's pcic pnp device list 2001-04-11 20:22:16 +00:00
Robert Watson
40829dd2dc o Regenerated following introduction of __setugid() system call for
"options REGRESSION".

Obtained from:	TrustedBSD Project
2001-04-11 20:21:37 +00:00
Robert Watson
130d0157d1 o Introduce a new system call, __setsugid(), which allows a process to
toggle the P_SUGID bit explicitly, rather than relying on it being
  set implicitly by other protection and credential logic.  This feature
  is introduced to support inter-process authorization regression testing
  by simplifying userland credential management allowing the easy
  isolation and reproduction of authorization events with specific
  security contexts.  This feature is enabled only by "options REGRESSION"
  and is not intended to be used by applications.  While the feature is
  not known to introduce security vulnerabilities, it does allow
  processes to enter previously inaccessible parts of the credential
  state machine, and is therefore disabled by default.  It may not
  constitute a risk, and therefore in the future pending further analysis
  (and appropriate need) may become a published interface.

Obtained from:	TrustedBSD Project
2001-04-11 20:20:40 +00:00
Warner Losh
e5eac10b13 Add #define for IBM3765.
Fix SWAMPBOX.  It had actiontec's ID.
Reorder pnpids so they are in alphabetical order.
2001-04-11 20:18:29 +00:00
Robert Watson
0b5438c6d1 o Introduce "options REGRESSION", a kernel option which enables
interfaces and functionality intended for use during correctness and
  regression testing.  Features enabled by "options REGRESSION" may
  in and of themselves introduce security or correctness problems if
  used improperly, and so are not intended for use in production
  systems, only in testing environments.

Obtained from:	TrustedBSD Project
2001-04-11 19:29:24 +00:00
John Baldwin
7b531e6037 Stick proc0 in the PID hash table. 2001-04-11 18:50:50 +00:00