Commit Graph

115 Commits

Author SHA1 Message Date
rwatson
4af919b491 Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
ed
4ef034d1ea Fix whitespace inconsistencies in the TTY layer and its drivers owned by me. 2011-06-26 18:26:20 +00:00
ed
503bd5d6c5 Add ttydisc_rint_simple().
I noticed several drivers in our tree don't actually care about parity
and framing, such as pts(4), snp(4) (and my partially finished console
driver). Instead of duplicating a lot of code, I think we'd better add a
utility function for those drivers to quickly process a buffer of input.

Also change pts(4) and snp(4) to use this function.
2009-08-23 08:04:40 +00:00
ed
8991674782 Keep this line shorter than 80 columns. 2009-05-13 19:29:50 +00:00
ed
a5fc8eddaa Add macros around the sx operations in snp(4).
As an experiment, I changed snp(4) to use a mutex instead of an sx lock.
We can't enable this right now, because Syscons still picks up Giant.
It's nice to already have the framework there.
2009-05-11 18:52:46 +00:00
ed
85ebf97341 Slightly improve the design of the TTY buffer.
The TTY buffers used the standard <sys/queue.h> lists. Unfortunately
they have a big shortcoming. If you want to have a double linked list,
but no tail pointer, it's still not possible to obtain the previous
element in the list. Inside the buffers we don't need them. This is why
I switched to custom linked list macros. The macros will also keep track
of the amount of items in the list. Because it doesn't use a sentinel,
we can just initialize the queues with zero.

In its simplest form (the output queue), we will only keep two
references to blocks in the queue, namely the head of the list and the
last block in use. All free blocks are stored behind the last block in
use.

I noticed there was a very subtle bug in the previous code: in a very
uncommon corner case, it would uma_zfree() a block in the queue before
calling memcpy() to extract the data from the block.
2009-02-03 19:58:28 +00:00
mav
37aff7daa7 Change ttyhook_register() second argument from thread to process pointer.
Thread was not really needed there, while previous ng_tty implementation
that used thread pointer had locking issues (using sx while holding mutex).
2008-12-13 21:17:46 +00:00
ed
77fbb9695c Reintroduce the snp(4) driver.
Because the TTY hooks interface was not finished when I imported the
MPSAFE TTY layer, I had to disconnect the snp(4) driver. This snp(4)
implementation has been sitting in my P4 branch for some time now.
Unfortunately it still doesn't use the same error handling as snp(4)
(returning codes through FIONREAD), but it should already be usable.

I'm committing this to SVN, hoping someone else could polish off its
rough edges. It's always better than having a broken driver sitting in
the tree.
2008-11-05 15:04:03 +00:00
ed
b15971d062 Even though snp(4) in SVN is still broken, remove the unneeded D_NEEDMINOR.
kib@ and I have decided we will MFC the bpf(4)/snp(4) fixes after we've
released 7.1. Make sure the code in HEAD doesn't refer to a flag we
don't need anyway.

snp(4) in the MPSAFE TTY P4 branch already works, but still needs some
polishing before it can be integrated to SVN.
2008-09-19 10:21:30 +00:00
ed
bd507c7cef Convert the snp(4) driver to use cdevpriv.
Now we have a single /dev/snp device node, which can be opened by
watch(8) multiple times. Even though snp(4) will be dead as of next
week, it's nice having this in SVN, because:

- We may want to MFC it to RELENG_7.
- By the time we fix snp(4) again, it's already there, existing watch(8)
  binaries should already work.

Just like bpf(4), I'm adding a symlink from snp0 to snp to remain binary
compatible.
2008-08-15 13:07:07 +00:00
ed
1bfc292986 Don't enforce unique device minor number policy anymore.
Except for the case where we use the cloner library (clone_create() and
friends), there is no reason to enforce a unique device minor number
policy. There are various drivers in the source tree that allocate unr
pools and such to provide minor numbers, without using them themselves.

Because we still need to support unique device minor numbers for the
cloner library, introduce a new flag called D_NEEDMINOR. All cdevsw's
that are used in combination with the cloner library should be marked
with this flag to make the cloning work.

This means drivers can now freely use si_drv0 to store their own flags
and state, making it effectively the same as si_drv1 and si_drv2. We
still keep the minor() and dev2unit() routines around to make drivers
happy.

The NTFS code also used the minor number in its hash table. We should
not do this anymore. If the si_drv0 field would be changed, it would no
longer end up in the same list.

Approved by:	philip (mentor)
2008-06-11 18:55:19 +00:00
kib
6d2bfd1ec9 Move the check for the snp device being already attached after the
fget() call, that is sleeping point, and possibly dropping Giant.

The snp_target == NULL implies the snp_tty == NULL. Remove the code
that is put under snp_target == NULL and snp_tty != NULL clause.

In snpclose(), do the snp_detach() before scheduling the snp device
destruction. Otherwise, after the return from snpclose(), the snp
device is already removed from the snp_list, but tty is still in
snooped state. Any attempt to do i/o on such tty cause panic because
ttytosnp() returns NULL.

Tested by:	Peter Holm
MFC after:	1 week
2007-12-24 13:47:16 +00:00
kib
4be0c75a36 Do not allow the SNPSTTY ioctl for the snoop device that has a tty
attached. Otherwise, the snp->snp_tty would be overwritten, while the
tty line discipline still set to the snpdisc. Then snplwrite() causes
panic because ttytosnp() cannot find the snp.

MFC after:	1 week
2007-12-03 14:02:27 +00:00
kib
e851fb4014 Adopt snp to the destroy_dev_sched() KPI after reverting of destroy_dev()
to not call destroy_dev_sched().

Tested by:	Peter Holm
Approved by:	re (kensmith)
2007-07-05 13:07:12 +00:00
kib
b6f22ce385 Use make_dev_credf(MAKEDEV_REF) instead of make_dev() from snp clone handler.
Drain clone events and cdev destruction from the module unload handler.

Debugging help and testing by:	Peter Holm
Approved by:	re (kensmith)
2007-07-03 17:43:56 +00:00
rodrigc
12863b36f7 Switch to ANSI function declarations. 2007-03-23 22:48:44 +00:00
ru
db795b2c76 Restore the ability to detach from a tty via SIOCSTTY and document
recent changes in a manpage.

Reviewed by:	cognet
2005-09-19 13:48:45 +00:00
cognet
007ea26251 Slightly change the API for the SNPSTTY ioctl so that the userland now
provides a file descriptor instead of a dev_t.

Discussed with:	phk
MFC after: 3 days
2005-09-18 19:23:35 +00:00
rwatson
daa1c89f45 Merge the dev_clone and dev_clone_cred event handlers into a single
event handler, dev_clone, which accepts a credential argument.
Implementors of the event can ignore it if they're not interested,
and most do.  This avoids having multiple event handler types and
fall-back/precedence logic in devfs.

This changes the kernel API for /dev cloning, and may affect third
party packages containg cloning kernel modules.

Requested by:	phk
MFC after:	3 days
2005-08-08 19:55:32 +00:00
phk
7af1e31761 Explicitly hold a reference to the cdev we have just cloned. This
closes the race where the cdev was reclaimed before it ever made it
back to devfs lookup.
2005-03-31 12:19:44 +00:00
phk
651dd9f4d4 Disable two users of findcdev. They do the wrong thing now and will
need to be fixed.  In both cases the API should be reengineered to do
something (more) sensible.
2005-03-15 12:39:30 +00:00
imp
4b319958e7 Start each of the license/copyright comments with /*-, minor shuffle of lines 2005-01-06 01:43:34 +00:00
phk
56253832a8 Include fcntl.h not vnode.h.
Include uio.h instead of relying on vnode.h to do so.
Check O_NONBLOCK not IO_NDELAY.
2004-12-22 17:30:38 +00:00
cognet
bbbedd2543 Walk through the snp softc list instead of abusing tp->ts_c to find the
snp attached to a tty.
This fixes the panic that happens when using snp.
2004-11-05 18:32:14 +00:00
phk
5dd2cd84fe Hold thread reference while we frob cdevsw. 2004-09-24 08:12:41 +00:00
phk
f00200d8a4 Preparation commit for the tty cleanups that will follow in the near
future:

rename ttyopen() -> tty_open() and ttyclose() -> tty_close().

We need the ttyopen() and ttyclose() for the new generic cdevsw
functions for tty devices in order to have consistent naming.
2004-07-15 20:47:41 +00:00
phk
5c95d686a1 Do a pass over all modules in the kernel and make them return EOPNOTSUPP
for unknown events.

A number of modules return EINVAL in this instance, and I have left
those alone for now and instead taught MOD_QUIESCE to accept this
as "didn't do anything".
2004-07-15 08:26:07 +00:00
rwatson
28c5014568 Switch snoop device to using C99 initialization for struct linesw. 2004-07-14 05:32:55 +00:00
phk
40dd98a3bd Second half of the dev_t cleanup.
The big lines are:
	NODEV -> NULL
	NOUDEV -> NODEV
	udev_t -> dev_t
	udev2dev() -> findcdev()

Various minor adjustments including handling of userland access to kernel
space struct cdev etc.
2004-06-17 17:16:53 +00:00
phk
dfd1f7fd50 Do the dreaded s/dev_t/struct cdev */
Bump __FreeBSD_version accordingly.
2004-06-16 09:47:26 +00:00
phk
9d102d7d5a Add missing <sys/module.h> includes 2004-05-30 20:08:47 +00:00
phk
fdd216910f Add clone_setup() function rather than rely on lazy initialization.
Requested by:	rwatson
2004-03-11 12:58:55 +00:00
bde
244945ffaa Don't set d_flags twice. The second setting clobbered D_NOGIANT. 2004-02-24 04:35:44 +00:00
phk
39fb4aef3d Device megapatch 5/6:
Remove the unused second argument from udev2dev().

Convert all remaining users of makedev() to use udev2dev().  The
semantic difference is that udev2dev() will only locate a pre-existing
dev_t, it will not line makedev() create a new one.

Apart from the tiny well controlled windown in D_PSEUDO drivers,
there should no longer be any "anonymous" dev_t's in the system
now, only dev_t's created with make_dev() and make_dev_alias()
2004-02-21 21:32:15 +00:00
phk
ad925439e0 Device megapatch 4/6:
Introduce d_version field in struct cdevsw, this must always be
initialized to D_VERSION.

Flip sense of D_NOGIANT flag to D_NEEDGIANT, this involves removing
four D_NOGIANT flags and adding 145 D_NEEDGIANT flags.
2004-02-21 21:10:55 +00:00
phk
32b7c9a433 Device megapatch 2/6:
This commit adds a couple of functions for pseudodrivers to use for
implementing cloning in a manner we will be able to lock down (shortly).

Basically what happens is that pseudo drivers get a way to ask for
"give me the dev_t with this unit number" or alternatively "give
me a dev_t with the lowest guaranteed free unit number" (there is
unfortunately a lot of non-POLA in the exact numeric value of this
number, just live with it for now)

Managing the unit number space this way removes the need to use
rman(9) to do so in the drivers this greatly simplifies the code in
the drivers because even using rman(9) they still needed to manage
their dev_t's anyway.

I have taken the if_tun, if_tap, snp and nmdm drivers through the
mill, partly because they (ab)used makedev(), but mostly because
together they represent three different problems for device-cloning:

if_tun and snp is the plain case: just give me a device.

if_tap has two kinds of devices, with a flag for device type.

nmdm has paired devices (ala pty) can you can clone either of them.
2004-02-21 20:29:52 +00:00
tanimura
7eade05dfa - Implement selwakeuppri() which allows raising the priority of a
thread being waken up.  The thread waken up can run at a priority as
  high as after tsleep().

- Replace selwakeup()s with selwakeuppri()s and pass appropriate
  priorities.

- Add cv_broadcastpri() which raises the priority of the broadcast
  threads.  Used by selwakeuppri() if collision occurs.

Not objected in:	-arch, -current
2003-11-09 09:17:26 +00:00
obrien
5efef14f5f Use __FBSDID().
Also some minor style cleanups.
2003-08-24 18:03:45 +00:00
phk
0ae911eb0e Gigacommit to improve device-driver source compatibility between
branches:

Initialize struct cdevsw using C99 sparse initializtion and remove
all initializations to default values.

This patch is automatically generated and has been tested by compiling
LINT with all the fields in struct cdevsw in reverse order on alpha,
sparc64 and i386.

Approved by:    re(scottl)
2003-03-03 12:15:54 +00:00
des
2756b6c964 More low-hanging fruit: kill caddr_t in calls to wakeup(9) / [mt]sleep(9). 2003-03-02 16:54:40 +00:00
phk
30dc6d2ae9 msg 2003-02-26 20:53:28 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
tmm
1d05c95940 Declare the snp ioctl()s to work on udev_t, since that is what they
really do and dev_t is defined differently in kernel and userland.
Return a correctly formed udev from SNPGTTY.

Reviewed by:	dd
2002-11-11 10:45:31 +00:00
dd
b489d476e4 Treat input on the snp device as an `unsigned char'. According to the
submitter, this permits Russian (and probably other locales') characters
to be entered via watch(8).

PR:		35636
Submitted by:	Gleb Smirnoff <glebius@rinet.ru>
2002-04-10 03:51:49 +00:00
alfred
3264aec746 Remove __P. 2002-03-20 02:08:01 +00:00
alfred
2c16fbdd2a Fixes to make select/poll mpsafe.
Problem:
  selwakeup required calling pfind which would cause lock order
  reversals with the allproc_lock and the per-process filedesc lock.
Solution:
  Instead of recording the pid of the select()'ing process into the
  selinfo structure, actually record a pointer to the thread.  To
  avoid dereferencing a bad address all the selinfo structures that
  are in use by a thread are kept in a list hung off the thread
  (protected by sellock).  When a selwakeup occurs the selinfo is
  removed from that threads list, it is also removed on the way out
  of select or poll where the thread will traverse its list removing
  all the selinfos from its own list.

Problem:
  Previously the PROC_LOCK was used to provide the mutual exclusion
  needed to ensure proper locking, this couldn't work because there
  was a single condvar used for select and poll and condvars can
  only be used with a single mutex.
Solution:
  Introduce a global mutex 'sellock' which is used to provide mutual
  exclusion when recording events to wait on as well as performing
  notification when an event occurs.

Interesting note:
  schedlock is required to manipulate the per-thread TDF_SELECT
  flag, however if given its own field it would not need schedlock,
  also because TDF_SELECT is only manipulated under sellock one
  doesn't actually use schedlock for syncronization, only to protect
  against corruption.

Proc locks are no longer used in select/poll.

Portions contributed by: davidc
2002-03-14 01:32:30 +00:00
dd
3a71779f4d Make the diagnostics printfs less ugly. 2002-03-11 03:48:32 +00:00
dd
419c6f0b7b Check the return value of tsleep() in snpread(). This may be
important, since our sleep is interruptable (PCATCH flag).

PR:		30985
Discovered by:	Vladimir Jakovenko <vovik@lucky.net>
Submitted by:	Valentin Nechayev <netch@segfault.kiev.ua>
2001-11-24 15:59:46 +00:00
dd
ee8055d603 Return EBUSY if we try to attach to a tty that is already being
snooped on.  This causes all kinds of Bad Things(tm) to happen since
closing one session will clobber state that's needed for the other
one.  This could theoretically be supported if the code was careful,
but until somebody implements that, preventing this will stop people
from unknowingly shooting themselves in the foot.
2001-11-24 15:34:18 +00:00