Commit Graph

8919 Commits

Author SHA1 Message Date
jhb
411d068395 Rework the lifetime management of the kernel implementation of POSIX
semaphores.  Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec.  This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely.  It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.

Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
  the sem_unlink() operation.  Prior to this patch, if a semaphore's name
  was removed, valid handles from sem_open() would get EINVAL errors from
  sem_getvalue(), sem_post(), etc.  This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
  process exited or exec'd.  They were only cleaned up if the process
  did an explicit sem_destroy().  This could result in a leak of semaphore
  objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
  'struct ksem' of an unnamed semaphore (created via sem_init)) and had
  write access to the semaphore based on UID/GID checks, then that other
  process could manipulate the semaphore via sem_destroy(), sem_post(),
  sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
  creating the semaphore was not honored.  Thus if your umask denied group
  read/write access but the explicit mode in the sem_init() call allowed
  it, the semaphore would be readable/writable by other users in the
  same group, for example.  This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
  then it might have deregistered one or more of the semaphore system
  calls before it noticed that there was a problem.  I'm not sure if
  this actually happened as the order that modules are discovered by the
  kernel linker depends on how the actual .ko file is linked.  One can
  make the order deterministic by using a single module with a mod_event
  handler that explicitly registers syscalls (and deregisters during
  unload after any checks).  This also fixes a race where even if the
  sem_module unloaded first it would have destroyed locks that the
  syscalls might be trying to access if they are still executing when
  they are unloaded.

  XXX: By the way, deregistering system calls doesn't do any blocking
  to drain any threads from the calls.
- Some minor fixes to errno values on error.  For example, sem_init()
  isn't documented to return ENFILE or EMFILE if we run out of semaphores
  the way that sem_open() can.  Instead, it should return ENOSPC in that
  case.

Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
  named semaphores nearly in a similar fashion to the POSIX shared memory
  object file descriptors.  Kernel semaphores can now also have names
  longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
  in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
  done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
  MAC checks for POSIX semaphores accept both a file credential and an
  active credential.  There is also a new posixsem_check_stat() since it
  is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
  in src/tools/regression/posixsem.

Reported by:	kris (1)
Tested by:	kris
Reviewed by:	rwatson (lightly)
MFC after:	1 month
2008-06-27 05:39:04 +00:00
kientzle
fce7b49c08 As reported by Alexey Shuvaev, -dumpl overwrote files after
linking them, with predictably bad results.
2008-06-26 15:46:01 +00:00
kientzle
97d3a2b6f0 Pass the entry down into the core write loop, so we
can include the filename when reporting errors.

Thanks to: Dan Nelson
2008-06-25 05:01:02 +00:00
kientzle
fae39e8542 In -p mode, don't gaurd against '..' in paths. We continue to
check in -i mode unless --insecure is specified.

PR: bin/124924
2008-06-24 15:18:40 +00:00
kientzle
c0709d3e41 If we're using -l and can't hardlink the file because of a cross-device
link, just ignore the -l option and copy the file instead.
In particular, this should fix the COPYTREE_* macros used in the
ports infrastructure which use -l to preserve space but often get
used for cross-device copies.
2008-06-21 17:47:56 +00:00
kientzle
9254f3ae51 Rework line-processing framework to add support for --null and
to eliminate a callback.
2008-06-21 02:20:20 +00:00
kientzle
93b5d5e1a9 Various long options for GNU cpio compat. 2008-06-21 02:18:52 +00:00
kientzle
76e2d7055f MfP4: test improvements, mostly for portability. 2008-06-21 02:17:18 +00:00
joerg
d5a0f1178f Make the search for sources in PATH_PORTS more accurate. I only
noticed that a "whereis -qs qemu" matched the distfiles subdir of qemu
rather than /usr/ports/emulators/qemu.

It now ignores all dot entries in /usr/ports, plus all entries
starting with a capital letter (maintenance stuff like Templates, but
also includes subdir CVS), plus /usr/ports/distfiles which is simply a
magic name in that respect.
2008-06-20 08:39:42 +00:00
mav
6f4770a5ef Add myself. Better late then never. 2008-06-19 17:10:05 +00:00
amdmi3
6e3a72289a Add myself.
Approved by:	miwi (mentor)
2008-06-19 16:29:37 +00:00
remko
079461efe6 Remove superfluous eofmarker.
Requested by:	Jaakko Heinonen
Discussed with:	Jaakko, edwin

Approved by:	imp (mentor, implicit)
2008-06-17 18:56:04 +00:00
eri
8690aed8ef Add my birthday to the calendar.
Approved by:	mlaier (mentor)
2008-06-16 17:35:34 +00:00
kib
eecc60305f Struct cdev is always the member of the struct cdev_priv. When devfs
needed to promote cdev to cdev_priv, the si_priv pointer was followed.

Use member2struct() to calculate address of the wrapping cdev_priv.
Rename si_priv to __si_reserved.

Tested by:	pho
Reviewed by:	ed
MFC after:	2 weeks
2008-06-16 17:34:59 +00:00
dougb
cd6153995a Include bsd.own.mk to pick up the definition of MK_GNU_CPIO 2008-06-16 07:24:05 +00:00
dougb
aab693d38c 1. Make the BSD version of cpio the default [1]
a. The BSD version will be built and installed unless
WITHOUT_BSD_CPIO is defined.
b. The GNU version will not be built or installed unless
WITH_GNU_CPIO is defined. If this is defined, the symlink
in /usr/bin will be to the GNU version whether the BSD
version is present or not.

When these changes are MFCed the defaults should be flipped.

2. Add a knob to disable the building of GNU grep. This will
make it easier for those that want to test the BSD version in
the ports.

Approved by:	kientzle [1]
2008-06-16 05:48:15 +00:00
kientzle
5e6dd4bfce MfP4: Minor portability fix. 2008-06-15 10:08:16 +00:00
kientzle
a042595dbe MfP4: test harness cleanup. 2008-06-15 10:07:54 +00:00
ivoras
9ba43e89a0 Add myself to the calendar.
Approved by:	gnn (mentor)
2008-06-12 22:52:11 +00:00
ed
b12c26cea1 Fix build of fstat after minor() changes.
Even though I ran a `make universe' to see whether the changes to the
device minor number macro's broke the build, I was not expecting `make
universe' to silently continue if build errors occured, thus causing me
to overlook the build error.

Approved by:	philip (mentor)
Pointyhat to:	me
2008-06-12 10:15:14 +00:00
cperciva
95bad3329f Make one-bit fields unsigned instead of signed. This has no effect,
since they are only tested for zero/nonzero; but it's arguably a bad
idea to set a {-1, 0} variable to 1 (as happens in this code).

Found by:	Coverity Prevent
2008-06-09 14:41:28 +00:00
cperciva
02aa7dcfd9 Rework code to avoid using a pointer after freeing it. Aside from the
possibility of memory becoming undereferenceable when it is freed, this
change should have no effect on bsdtar behaviour.

Found by:	Coverity Prevent
2008-06-09 14:03:55 +00:00
dwmalone
d1804c46b1 I missed some "register"s in non-dot-C files. 2008-06-08 19:59:15 +00:00
wkoszek
8e3c1825e1 Make usage() 'static'. 2008-06-08 12:43:02 +00:00
dwmalone
800a8a992c De-register declarations. 2008-06-04 19:50:34 +00:00
dwmalone
b04619598b Fix a strict aliasing warning - I think it is really telling us
that the way char * and void * pointers may not be stored in the
same way.
2008-06-04 19:16:54 +00:00
ghelmer
1f11917771 Similar to changes previously made to src/usr.bin/uniq/uniq.c,
fix truncation of lines at LINE_MAX characters by dynamically
extending line buffers.
2008-05-28 14:13:35 +00:00
remko
87fbf5762c Limit the EOF marker length to a maximum of 79
characters. [1]

Add $FreeBSD$ tag so that I can actually commit this.

PR:		bin/118782
Reported by:	Bjoern Koenig
Patch by:	edwin, Jaakko Heinonen (not used patch)
MFC after:	1 week
Approved by:	imp (mentor, implicit)
2008-05-27 09:45:18 +00:00
kientzle
e2011087ec Compatibility fix: define REG_BASIC if it isn't already. In particular,
glibc has a suitable regex implementation, but doesn't define this
constant.

Thanks to: Diego "Flameeyes" Pettenò
2008-05-27 04:44:07 +00:00
kientzle
1501f1e5dd Connect bsdcpio up to the build.
Starting now, there are two cpio programs in the base system:
  /usr/bin/gcpio  - GNU cpio
  /usr/bin/bsdcpio - bsdcpio

In addition, there is a symlink:
  /usr/bin/cpio -> /usr/bin/gcpio (default)
  /usr/bin/cpio -> /usr/bin/bsdcpio (WITH_BSDCPIO)

In particular, WITH_BSDCPIO only controls the
symlink; bsdcpio is always built regardless.

Unless there are objections or problems, I intend:
  * to make /usr/bin/bsdcpio available in 7.1
  * to have /usr/bin/cpio default to bsdcpio in 8.0
    (WITH_GCPIO will be an option instead of WITH_BSDCPIO)
  * to leave /usr/bin/gcpio in the tree until 9.0
2008-05-26 19:19:58 +00:00
kientzle
16030399a3 bsdcpio is always installed as 'bsdcpio', symlink it to 'cpio'
only if WITH_BSDCPIO is defined.
2008-05-26 17:17:43 +00:00
kientzle
30d8209b8c Initial commit of bsdcpio 0.9.11b.
A new implementation of cpio that uses libarchive as it's back-end
archiving/dearchiving infrastructure.  Includes test harness;
"make check" in the bsdcpio directory to build and run the test
harness.
2008-05-26 17:15:35 +00:00
kientzle
0280e5aa49 MFp4: bsdtar 2.5.4b
In addition to a number of bug fixes and minor changes:
 * --numeric-owner (ignore user/group names on create and extract)
 * -S (sparsify files on extraction)
 * -s (regex filename substitutions)
 * Use new libarchive 'linkify' to get correct hardlink handling for
   both old and new cpio formats
 * Rework 'copy' test to be insensitive to readdir() filename ordering

Most of the credit for this work goes to Joerg Sonnenberger, who
has been duplicating features from NetBSD's 'pax' program.
2008-05-26 17:10:10 +00:00
pjd
268a4c430f Use _WANT_FILE to make struct file visible from userland. This is
similar to _WANT_UCRED and _WANT_PRISON and seems to be much nicer than
defining _KERNEL.
It is also needed for my sys/refcount.h change going in soon.
2008-05-26 15:12:47 +00:00
rwatson
a3623cb733 Remove netatm from HEAD as it is not MPSAFE and relies on the now removed
NET_NEEDS_GIANT.  netatm has been disconnected from the build for ten
months in HEAD/RELENG_7.  Specifics:

- netatm include files
- netatm command line management tools
- libatm
- ATM parts in rescue and sysinstall
- sample configuration files and documents
- kernel support as a module or in NOTES
- netgraph wrapper nodes for netatm
- ctags data for netatm.
- netatm-specific device drivers.

MFC after:	3 weeks
Reviewed by:	bz
Discussed with:	bms, bz, harti
2008-05-25 22:11:40 +00:00
gonzo
197cf7b9ba Add myself to the calendar
Approved by:	cognet (mentor)
2008-05-24 11:10:46 +00:00
manolis
792d40b14c Add myself to calendar.freebsd
This will also help me not forget my own birthday :)

Approved by: gabor (mentor)
2008-05-24 08:54:00 +00:00
cperciva
d6da92763e The value le->name cannot be NULL when we're freeing an entry in the
hardlink table for two reasons: 1. If le->name is set to NULL, the
structure le won't be inserted into the table; 2. Even if le somehow
did manage to get into the table with le->name equal to NULL, we would
die when we dereferenced le->null before we could get to the point of
freeing the entry.

Remove the unnecessary "if (le->name != NULL)" test and just free the
pointer.

Found by:	Coverity Prevent
2008-05-23 05:07:22 +00:00
cperciva
59f7395e1e Improve portability via s/struct siginfo/struct siginfo_data/. This was
running into a namespace collision on an avian operating system.
2008-05-22 21:08:36 +00:00
ed
8f3ba2f95c Last but not least, add myself to the list of birthdays as well.
Approved by:	philip (mentor)
2008-05-22 13:21:05 +00:00
cperciva
a806c30ec3 Detect if argv[1] is "" and avoid calling malloc(0). Prior to this commit,
running 'tar ""' would print 'No memory' instead of the correct error
message, 'Must specify one of -c, -r, -t, -u, -x' if malloc is set to
System V mode (malloc(0) == NULL).
2008-05-19 18:38:01 +00:00
cperciva
ee71b68b4b There's no way for entry to possibly be NULL at the end of write_entry
(in fact, there has never been any way for it to be NULL, going all the
way back to revision 1.1 of this file), so remove the check and
unconditionally free entry.

Found by:	Coverity Prevent
2008-05-19 18:09:26 +00:00
bms
17e674bd6f Add -L to usage(). 2008-05-19 11:35:11 +00:00
bms
1d1522666e Add an -L option to ignore loopback Internet sockets.
MFC after:	2 weeks
2008-05-19 11:32:44 +00:00
rpaulo
9154ee1f9b Add myself. 2008-05-18 11:05:41 +00:00
cperciva
62fbb83958 Add SIGINFO (and for portability to SIGINFO-lacking systems, SIGUSR1)
handling to bsdtar.  When writing archives (including copying via the
@archive directive) a line is output to stderr indicating what is being
done (adding or copying), the path, and how far through the file we are;
extracting currently does not report progress within each file, but
this is likely to happen eventually.

Discussed with:	kientzle
Obtained from:	tarsnap
2008-05-18 06:24:47 +00:00
cperciva
c890e8f252 Add --keep-newer-files option (as in GNU tar: When in -x mode, ignore
files if the existing file is newer than the archive entry).

Currently if any files are ignored, bsdtar will exit with a non-zero
exit status; this is likely to change in the future, but requires some
API changes in libarchive.

Discussed with:	kientzle
Obtained from:	tarsnap
2008-05-17 15:55:29 +00:00
jhb
7617274408 Retire some stale alpha references. 2008-05-16 20:09:29 +00:00
jhb
697ba009c1 Teach truss about 32-bit FreeBSD and Linux binaries on amd64. Some
additional work is needed to handle ABI-specific syscall argument parsing,
but this gets the basic tracing working.

MFC after:	1 week
2008-05-16 15:34:06 +00:00
gnn
368bdf05e9 Update the kernel to count the number of mbufs and clusters
(all types) used per socket buffer.

Add support to netstat to print out all of the socket buffer
statistics.

Update the netstat manual page to describe the new -x flag
which gives the extended output.

Reviewed by:	rwatson, julian
2008-05-15 20:18:44 +00:00