Commit Graph

917 Commits

Author SHA1 Message Date
bde
bbb90841ee Fixed bitrot in a banal comment by removing the comment. 2001-10-13 06:57:59 +00:00
bde
235dffbc18 Backed out vestiges of the quick fixes for the transient breakage of
<sys/mount.h> in rev.1.106 of the latter (don't include <sys/socket.h>
just to work around bugs in <sys/mount.h>).
2001-10-13 06:41:41 +00:00
jhb
4806d88677 Change the kernel's ucred API as follows:
- crhold() returns a reference to the ucred whose refcount it bumps.
- crcopy() now simply copies the credentials from one credential to
  another and has no return value.
- a new crshared() primitive is added which returns true if a ucred's
  refcount is > 1 and false (0) otherwise.
2001-10-11 23:38:17 +00:00
jhb
4c62ba7c58 Add missing includes of sys/lock.h. 2001-10-11 17:52:20 +00:00
des
29c5c858fc Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested.  Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.

This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().

It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
des
0291513a41 Remove some useless preprocesor paranoia. 2001-10-07 19:41:19 +00:00
des
532068abe2 In procfs_readdir(), when the directory being read was a process directory,
the target process was being held locked during the uiomove() call.  If the
process calling readdir() was the same as the target process (for instance
'ls /proc/curproc/'), and uiomove() caused a page fault, the result would
be a proc lock recursion.  I have no idea how long this has been broken -
possibly ever since pfind() was changed to lock the process it returns.

Also replace the one and only call to procfs_findtextvp() with a direct
test of td->td_proc->p_textvp.
2001-10-07 19:37:13 +00:00
des
e96a60dd27 Add a PFS_DISABLED flag; pfs_visible() automatically returns 0 if it is set
on the node in question.  Also add two API functions for setting and clearing
this flag; setting it also reclaims all vnodes associated with the node.
2001-10-02 22:22:42 +00:00
des
6ac4dc906e Only print "XXX (un)registered" message if bootverbose. 2001-10-02 22:21:07 +00:00
des
cb0f9ed022 [the previous commit to pseudofs_vncache.c got the wrong log message]
YA pseudofs megacommit, part 2:

 - Merge the pfs_vnode and pfs_vdata structures, and make the vnode cache
   a doubly-linked list.  This eliminates the need to walk the list in
   pfs_vncache_free().

 - Add an exit callout which revokes vnodes associated with the process
   that just exited.  Since it needs to lock the cache when it does this,
   pfs_vncache_mutex needs MTX_RECURSE.
2001-10-01 04:26:33 +00:00
des
e1b05f5687 YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure.  This one simply returns
   non-zero if the specified requesting process is allowed to access the
   specified node for the specified target process.  This is used in
   addition to the usual permission checks, e.g. when certain files don't
   make sense for certain (system) processes.

 - Make sure that pfs_lookup() and pfs_readdir() don't yap about files
   which aren't pfs_visible().  Also check pfs_visible() before performing
   reads and writes, to prevent the kind of races reported in SA-00:77 and
   SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
   setuid binary, and assume control of it).

 - Add some more trace points.
2001-10-01 04:22:20 +00:00
des
27969af894 pseudofs.h:
- Rearrange the flag constants a little to simplify specifying and testing
    for readability and writeability.

pseudofs_vnops.c:

  - Track the aforementioned change.

  - Add checks to pfs_open() to prevent opening read-only files for writing
    or vice versa (pfs_{read,write} would block the actual reads and writes,
    but it's still a bug to allow the open() to succeed).  Also, return
    EOPNOTSUPP if the caller attempts to lock the file.

  - Add more trace points.
2001-09-30 19:41:29 +00:00
phk
4d3230f1e7 The behaviour of whiteout'ing symlinks were too confusing, instead
remove them when asked to.
2001-09-30 08:43:33 +00:00
des
cdfeaad3b9 Pseudofs take 2:
- Remove hardcoded uid, gid, mode from struct pfs_node; make pfs_getattr()
   smart enough to get it right most of the time, and allow for callbacks
   to handle the remaining cases.  Rework the definition macros to match.

 - Add lots of (conditional) debugging output.

 - Fix a long-standing bug inherited from procfs: don't pretend to be a
   read-only file system.  Instead, return EOPNOTSUPP for operations we
   truly can't support and allow others to fail silently.  In particular,
   pfs_lookup() now treats CREATE as LOOKUP.  This may need more work.

 - In pfs_lookup(), if the parent node is process-dependent, check that
   the process in question still exists.

 - Implement pfs_open() - its only current function is to check that the
   process opening the file can see the process it belongs to.

 - Finish adding support for writeable nodes.

 - Bump module version number.

 - Introduce lots of new bugs.
2001-09-29 00:49:29 +00:00
des
f33f7995f6 The previous commit introduced some references to "curproc" which should have
been references to "curthread".  Correct this.
2001-09-28 12:36:54 +00:00
rwatson
c9c82b43c3 o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
fenner
cd2a2dcb23 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
des
2462e13fc4 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  This goes some way towards adding support for
writeable files (needed by procfs).
2001-09-25 13:25:30 +00:00
mike
5db0075c36 A process name may contain whitespace and unprintable characters,
so convert those characters to octal notation.  Also convert
backslashes to octal notation to avoid confusion.

Reviewed by:	des
MFC after:	1 week
2001-09-25 04:42:40 +00:00
jhb
5954be75ca Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:26:51 +00:00
rwatson
892ce726ef o Remove redundant securelevel/pid1 check in procfs_rw() -- this
protection is enforced at the invidual method layer using
  p_candebug().

Obtained from:	TrustedBSD Project
2001-09-18 19:53:10 +00:00
julian
cea3874b3b fix typo
pointed out by: jhb
2001-09-13 21:59:40 +00:00
jhb
b6c24ae1e6 Restore these files to being portable:
- Use some simple #define's at the top of the files for proc -> thread
  changes instead of having lots of needless #ifdef's in the code.
- Don't try to use struct thread in !FreeBSD code.
- Don't use a few struct lwp's in some of the NetBSD code since it isn't
  in their HEAD.
The new diff relative to before KSE is now signficantly smaller and easier
to maintain.
2001-09-12 23:39:36 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
kris
bd6f9cb9b6 Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.

Obtained from:	NetBSD
Reviewed by:	peter
MFC after:	2 weeks
2001-09-10 11:28:07 +00:00
semenu
8c98d68610 Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
semenu
4c1e708040 Fix opening particular file's attributes (as described in man page).
This is useful for debug purposes.

MFC after:	2 weeks
2001-09-08 22:59:12 +00:00
semenu
4d49e9cd2b Reference devvp on ntnode creation and dereference on removal. Previous
code  lead to page faults becouse i_devvp went zero after VOP_RECLAIM, but
ntnode was reused (not reclaimed).

MFC after:	2 weeks
2001-09-08 22:57:03 +00:00
semenu
72ce608646 Fix errors and warnings when compiling with NTFS_DEBUG > 1
MFC after:	2 weeks
2001-09-08 22:53:27 +00:00
ache
adf3e081dc smbfs_advlock: simplify overflow checks (copy from kern_lockf.c)
minor formatting issues to minimize differences
2001-08-29 18:59:04 +00:00
ache
eb7b8850bf Cosmetique & style fixes from bde 2001-08-26 10:28:58 +00:00
ache
ee0b05dda7 Copy from kern_lockf.c: remove extra check 2001-08-24 10:22:16 +00:00
ache
640689c04d Copy yet one check for SEEK_END overflow 2001-08-23 17:12:42 +00:00
ache
f8ef40b0cb Copy my newly introduced l_len<0 'oops' fix from kern_lockf.c 2001-08-23 16:06:14 +00:00
ache
e932bf8680 Copy POSIX l_len<0 handling from kern_lockf.c 2001-08-23 15:44:24 +00:00
ache
f79f77e5f9 Cosmetique: correct English in comments
non-cosmetique: add missing break; - original code was broken here
2001-08-23 14:45:31 +00:00
ache
2879f02ee4 Move <machine/*> after <sys/*>
Pointed by:	bde
2001-08-23 13:27:58 +00:00
ache
9b50a3bc04 adv. lock:
copy EOVERFLOW handling code from main variant
fix type of 'size' arg
2001-08-23 08:54:22 +00:00
bp
555767b49c Use proper endian conversion.
Obtained from:	Mac OS X
MFC after:		1 week
2001-08-21 08:27:47 +00:00
bp
078a22aae0 Return proper length of _PC_NAME_MAX value if long names support is enabled.
Obtained from:	Mac OS X
MFC after:	1 week
2001-08-21 08:25:09 +00:00
phk
14112e9d98 linux ls fails on DEVFS /dev because linux_getdents fails because
linux_getdents uses VOP_READDIR( ..., &ncookies, &cookies ) instead of
     VOP_READDIR( ..., NULL, NULL ) because it seems to need the offsets for
     linux_dirent and sizeof(dirent) != sizeof(linux_dirent)...

PR:	29467
Submitted by:	Michael Reifenberger <root@nihil.plaut.de>
Reviewed by:	phk
2001-08-14 06:42:32 +00:00
rwatson
18a29c5f33 Remove dangling prototype for the now defunct procfs_kmemaccess()
call.

Obtained from:	TrustedBSD Project
2001-08-03 17:51:05 +00:00
rwatson
90376d10b0 Collapse a Pmem case in with the other debugging files case for procfs,
as there are now "unusual" protection properties to Pmem that differ
from the other files.  While I'm at it, introduce proc locking for
the other files, which was previously present only in the Pmem case.

Obtained from:	TrustedBSD Project
2001-08-03 17:20:34 +00:00
rwatson
9b545cd960 Remove read permission for group on the /proc/*/mem file, since kmem
no longer requires access.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:15:40 +00:00
rwatson
306deb3ae6 Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group.  With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.

This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:13:23 +00:00
assar
34e9a6f370 remove support for creating files and directories from msdosfs_mknod 2001-07-19 19:15:42 +00:00
jhb
99b71dfa30 Grab the process lock around psignal().
Noticed by:	tanimura
2001-07-18 19:17:36 +00:00
rwatson
da1a848c61 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx().
The p_can(...) construct was a premature (and, it turns out,
  awkward) abstraction.  The individual calls to p_canxxx() better
  reflect differences between the inter-process authorization checks,
  such as differing checks based on the type of signal.  This has
  a side effect of improving code readability.
o Replace direct credential authorization checks in ktrace() with
  invocation of p_candebug(), while maintaining the special case
  check of KTR_ROOT.  This allows ktrace() to "play more nicely"
  with new mandatory access control schemes, as well as making its
  authorization checks consistent with other "debugging class"
  checks.
o Eliminate "privused" construct for p_can*() calls which allowed the
  caller to determine if privilege was required for successful
  evaluation of the access control check.  This primitive is currently
  unused, and as such, serves only to complicate the API.

Approved by:	({procfs,linprocfs} changes) des
Obtained from:	TrustedBSD Project
2001-07-05 17:10:46 +00:00
jhb
ff7f1b3c5b - Update the vmmeter statistics for vnode pageins and pageouts in
getpages/putpages.
- Use vm_page_undirty() instead of messing with pages' dirty fields
  directly.
2001-07-04 19:55:01 +00:00
dillon
e028603b7e With Alfred's permission, remove vm_mtx in favor of a fine-grained approach
(this commit is just the first stage).  Also add various GIANT_ macros to
formalize the removal of Giant, making it easy to test in a more piecemeal
fashion. These macros will allow us to test fine-grained locks to a degree
before removing Giant, and also after, and to remove Giant in a piecemeal
fashion via sysctl's on those subsystems which the authors believe can
operate without Giant.
2001-07-04 16:20:28 +00:00