Commit Graph

109 Commits

Author SHA1 Message Date
rwatson
b5de442911 o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb
2001-12-03 16:12:27 +00:00
dillon
c7f4e76847 promote tv_sec in printf to make it type agnostic 2001-10-29 02:17:41 +00:00
phk
7d2f748d77 Reporting device drivers by traversing cdevsw[] is at best a hack
which may or may not return something which is partially right.

Disable the "devices" file until we find out what this is needed for,
and what exactly those apps need.

This will allow cdevsw to become static again.

Approved by:	DES
2001-10-26 15:30:44 +00:00
des
18c0fc80c5 Add proc/mtab which simulates a Linux system's /etc/mtab. 2001-10-21 15:56:46 +00:00
des
caa2f7090a #if 0 out some code that depends on other uncommitted patches. 2001-10-19 01:52:13 +00:00
des
cfd5c0eab6 Adapt to pseudofs changes (dynamic initialization, not static).
Use the new linux_ifname() function from the linuxulator rather than roll
our own interface name translation.
2001-10-19 01:45:03 +00:00
des
86409d0972 Catch up with the visibility callback stuff, and give up trying to keep the
file definitions on single lines.
2001-10-01 04:31:05 +00:00
des
8f0a1f0a27 Specify readability and / or writeability for all nodes that need it. 2001-09-30 19:42:41 +00:00
des
280e03a29b Adapt to pseudofs version 2. Sorry about the breakage - I had this ready
to commit along with the pseudofs patches, but just plain forgot.
2001-09-29 22:07:13 +00:00
des
38da189563 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  No real functional changes, just some experiments /
work in progress.
2001-09-25 13:24:24 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
rwatson
da1a848c61 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx().
The p_can(...) construct was a premature (and, it turns out,
  awkward) abstraction.  The individual calls to p_canxxx() better
  reflect differences between the inter-process authorization checks,
  such as differing checks based on the type of signal.  This has
  a side effect of improving code readability.
o Replace direct credential authorization checks in ktrace() with
  invocation of p_candebug(), while maintaining the special case
  check of KTR_ROOT.  This allows ktrace() to "play more nicely"
  with new mandatory access control schemes, as well as making its
  authorization checks consistent with other "debugging class"
  checks.
o Eliminate "privused" construct for p_can*() calls which allowed the
  caller to determine if privilege was required for successful
  evaluation of the access control check.  This primitive is currently
  unused, and as such, serves only to complicate the API.

Approved by:	({procfs,linprocfs} changes) des
Obtained from:	TrustedBSD Project
2001-07-05 17:10:46 +00:00
des
eb8c70e07b Say one thing, do the other... nextpid -> lastpid 2001-06-11 23:00:35 +00:00
des
45a75d4587 Implement proc/cpuinfo for the Alpha (thanks to gallatin).
Implement proc/pid/cmdline.
2001-06-11 21:55:40 +00:00
des
b1d6b7887d Minor whitespace changes. 2001-06-11 00:17:59 +00:00
des
7183d49acf These aren't needed any more. 2001-06-10 23:24:14 +00:00
des
2a797ca9f1 New pseudofs-based linprocfs (repo-copied from linprocfs_misc.c). 2001-06-10 23:23:59 +00:00
rwatson
f504530d9f o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
  pcred->pc_uidinfo, which was associated with the real uid, only rename
  it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
  corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
  original macro that pointed.
  p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
  p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
  cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
  cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
  we figure out locking and optimizations; generally speaking, this
  means moving to a structure like this:
        newcred = crdup(oldcred);
        ...
        p->p_ucred = newcred;
        crfree(oldcred);
  It's not race-free, but better than nothing.  There are also races
  in sys_process.c, all inter-process authorization, fork, exec, and
  exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
  remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
  use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
  pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
  allocation.
o Clean up ktrcanset() to take into account changes, and move to using
  suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
  calls to better document current behavior.  In a couple of places,
  current behavior is a little questionable and we need to check
  POSIX.1 to make sure it's "right".  More commenting work still
  remains to be done.
o Update credential management calls, such as crfree(), to take into
  account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
      change_euid()
      change_egid()
      change_ruid()
      change_rgid()
      change_svuid()
      change_svgid()
  In each case, the call now acts on a credential not a process, and as
  such no longer requires more complicated process locking/etc.  They
  now assume the caller will do any necessary allocation of an
  exclusive credential reference.  Each is commented to document its
  reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
  and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
  questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
  processes and pcreds.  Note that this authorization, as well as
  CANSIGIO(), needs to be updated to use the p_cansignal() and
  p_cansched() centralized authorization routines, as they currently
  do not take into account some desirable restrictions that are handled
  by the centralized routines, as well as being inconsistent with other
  similar authorization instances.
o Update libkvm to take these changes into account.

Obtained from:	TrustedBSD Project
Reviewed by:	green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
jlemon
45bfbf2bf8 Add new 'loadavg' entry, fix overflow with meminfo.
PR: 27253, 27350
Submitted by: Jim Pirzyk
2001-05-19 05:54:26 +00:00
alfred
a3f0842419 Introduce a global lock for the vm subsystem (vm_mtx).
vm_mtx does not recurse and is required for most low level
vm operations.

faults can not be taken without holding Giant.

Memory subsystems can now call the base page allocators safely.

Almost all atomic ops were removed as they are covered under the
vm mutex.

Alpha and ia64 now need to catch up to i386's trap handlers.

FFS and NFS have been tested, other filesystems will need minor
changes (grabbing the vm lock when twiddling page properties).

Reviewed (partially) by: jake, jhb
2001-05-19 01:28:09 +00:00
des
a7cc1aa05f Avoid overflow when converting ticks to jiffies.
PR:		27215
Submitted by:	Jim Pirzyk <Jim.Pirzyk@disney.com>
2001-05-09 11:41:54 +00:00
jlemon
7a74be42b6 Fix the problem of some directory entries going missing when
read by the linux version of 'ls'.

Spotted by: rwatson
2001-05-04 05:19:22 +00:00
markm
bcca5847d5 Undo part of the tangle of having sys/lock.h and sys/mutex.h included in
other "system" header files.

Also help the deprecation of lockmgr.h by making it a sub-include of
sys/lock.h and removing sys/lockmgr.h form kernel .c files.

Sort sys/*.h includes where possible in affected files.

OK'ed by:	bde (with reservations)
2001-05-01 08:13:21 +00:00
phk
608c1caf3b Add a vop_stdbmap(), and make it part of the default vop vector.
Make 7 filesystems which don't really know about VOP_BMAP rely
on the default vector, rather than more or less complete local
vop_nopbmap() implementations.
2001-04-29 11:48:41 +00:00
jhb
9c03a8ae91 Change the pfind() and zpfind() functions to lock the process that they
find before releasing the allproc lock and returning.

Reviewed by:	-smp, dfr, jake
2001-04-24 00:51:53 +00:00
jhb
074862548d Add missing includes of <sys/sx.h>
Reported by:	peter
2001-03-28 15:04:22 +00:00
jhb
79cf991a6b Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
jlemon
9060ef19e9 Eliminate global node types and instead use an operations vector for
each node in order to make it easier to add new entries.

Rewrite the internal directory structure so that it is possible to
have independent subdirectories.  Utilize this to add /proc/net/dev.

Reviewed by:  DES
2001-03-12 03:16:56 +00:00
jhb
9cd254601b Grab the process lock while calling psignal and before calling psignal. 2001-03-07 03:37:06 +00:00
jhb
6b93e2c5c0 Just hold the proc lock while getting the parent's PID rather than a
proctree lock.
2001-03-07 03:21:26 +00:00
adrian
4018955334 Reviewed by: jlemon
An initial tidyup of the mount() syscall and VFS mount code.

This code replaces the earlier work done by jlemon in an attempt to
make linux_mount() work.

* the guts of the mount work has been moved into vfs_mount().

* move `type', `path' and `flags' from being userland variables into being
  kernel variables in vfs_mount(). `data' remains a pointer into
  userspace.

* Attempt to verify the `type' and `path' strings passed to vfs_mount()
  aren't too long.

* rework mount() and linux_mount() to take the userland parameters
  (besides data, as mentioned) and pass kernel variables to vfs_mount().
  (linux_mount() already did this, I've just tidied it up a little more.)

* remove the copyin*() stuff for `path'. `data' still requires copyin*()
  since its a pointer into userland.

* set `mount->mnt_statf_mntonname' in vfs_mount() rather than in each
  filesystem.  This variable is generally initialised with `path', and
  each filesystem can override it if they want to.

* NOTE: f_mntonname is intiailised with "/" in the case of a root mount.
2001-03-01 21:00:17 +00:00
rwatson
ab5676fc87 o Move per-process jail pointer (p->pr_prison) to inside of the subject
credential structure, ucred (cr->cr_prison).
o Allow jail inheritence to be a function of credential inheritence.
o Abstract prison structure reference counting behind pr_hold() and
  pr_free(), invoked by the similarly named credential reference
  management functions, removing this code from per-ABI fork/exit code.
o Modify various jail() functions to use struct ucred arguments instead
  of struct proc arguments.
o Introduce jailed() function to determine if a credential is jailed,
  rather than directly checking pointers all over the place.
o Convert PRISON_CHECK() macro to prison_check() function.
o Move jail() function prototypes to jail.h.
o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the
  flag in the process flags field itself.
o Eliminate that "const" qualifier from suser/p_can/etc to reflect
  mutex use.

Notes:

o Some further cleanup of the linux/jail code is still required.
o It's now possible to consider resolving some of the process vs
  credential based permission checking confusion in the socket code.
o Mutex protection of struct prison is still not present, and is
  required to protect the reference count plus some fields in the
  structure.

Reviewed by:	freebsd-arch
Obtained from:	TrustedBSD Project
2001-02-21 06:39:57 +00:00
bmilekic
f364d4ac36 Change and clean the mutex lock interface.
mtx_enter(lock, type) becomes:

mtx_lock(lock) for sleep locks (MTX_DEF-initialized locks)
mtx_lock_spin(lock) for spin locks (MTX_SPIN-initialized)

similarily, for releasing a lock, we now have:

mtx_unlock(lock) for MTX_DEF and mtx_unlock_spin(lock) for MTX_SPIN.
We change the caller interface for the two different types of locks
because the semantics are entirely different for each case, and this
makes it explicitly clear and, at the same time, it rids us of the
extra `type' argument.

The enter->lock and exit->unlock change has been made with the idea
that we're "locking data" and not "entering locked code" in mind.

Further, remove all additional "flags" previously passed to the
lock acquire/release routines with the exception of two:

MTX_QUIET and MTX_NOSWITCH

The functionality of these flags is preserved and they can be passed
to the lock/unlock routines by calling the corresponding wrappers:

mtx_{lock, unlock}_flags(lock, flag(s)) and
mtx_{lock, unlock}_spin_flags(lock, flag(s)) for MTX_DEF and MTX_SPIN
locks, respectively.

Re-inline some lock acq/rel code; in the sleep lock case, we only
inline the _obtain_lock()s in order to ensure that the inlined code
fits into a cache line. In the spin lock case, we inline recursion and
actually only perform a function call if we need to spin. This change
has been made with the idea that we generally tend to avoid spin locks
and that also the spin locks that we do have and are heavily used
(i.e. sched_lock) do recurse, and therefore in an effort to reduce
function call overhead for some architectures (such as alpha), we
inline recursion for this case.

Create a new malloc type for the witness code and retire from using
the M_DEV type. The new type is called M_WITNESS and is only declared
if WITNESS is enabled.

Begin cleaning up some machdep/mutex.h code - specifically updated the
"optimized" inlined code in alpha/mutex.h and wrote MTX_LOCK_SPIN
and MTX_UNLOCK_SPIN asm macros for the i386/mutex.h as we presently
need those.

Finally, caught up to the interface changes in all sys code.

Contributors: jake, jhb, jasone (in no particular order)
2001-02-09 06:11:45 +00:00
jhb
ce468ee38d - Proc locking.
- Use queue macros.
- Use NULL instead of 0 for pointers.

Reviewed by:	des
2001-01-23 22:13:07 +00:00
jake
bc8ff44100 Protect proc.p_pptr with the proctree lock. 2001-01-10 15:41:26 +00:00
des
fc2494740f Use kinfo_proc instead of eproc (which Kirk deep-sixed earlier this week)
Generate a version string that looks just like a real Linux one - almost :)

Use sbufs everywhere instead of sprintf(). Note that this is still imperfect,
as the code does not check whether the sbuf overflowed - but it'll still
work better than before, since if the sbuf overflows, the code now simply
copies out 0 bytes instead of causing a trap (or worse, corrupting kernel
structures)
2000-12-13 20:22:24 +00:00
des
7016d6317c Add dependency on linux, which is needed for proc/version. 2000-12-13 20:19:06 +00:00
jake
4a2d5eea92 Lock the allproc list.
Approved by:	DES
2000-12-13 09:05:45 +00:00
des
cc029f329a Point #includes at compat/linprocfs instead of i386/linux/linprocfs. 2000-12-12 22:06:05 +00:00
des
27bb2ad1a8 Add proc/<pid>/cmdline. 2000-12-09 16:20:48 +00:00
des
5837f3e5b4 Add a dependency on procfs. 2000-12-09 16:20:35 +00:00
des
861f7be108 A bunch of fixes that have been rotting in my tree for a month or two
waiting for procfs to get fixed:

  - Use fill_eproc() to obtain correct VM stats. Attempt to compute VmLib.

  - Fill some more fields in proc/<pid>/stat, and add four (unimplemented)
    fields after studying a recent Linux kernel.

  - Compute CPU frequency only once instead of twice.

  - Fix some comments that were OBE.

  - Fix indentation except where it makes the code less readable.
2000-12-09 13:25:54 +00:00
jhb
a33939f7ae Protect access to p_stat with sched_lock. 2000-12-01 06:34:19 +00:00
des
20635f6047 Add bogomips to cpuinfo (set it equal to the CPU frequency, which is bogus
but not more so than Linux' definition).
This should get the IBM JDK 1.3 working again.

Prompted by:	sobomax
2000-11-27 11:10:03 +00:00
des
eed51b49c8 Check that p->p_pptr is not NULL - kernel processes have no parents! 2000-11-06 03:23:56 +00:00
des
6f876111db Bring cpuinfo closer to what it looks like in Linux 2.2.
Submitted by:	R Bradford Jones <brad@kazrak.com>
2000-10-25 22:38:23 +00:00
des
6928b6c124 Add /proc/<pid>/status and /proc/<pid>/stat (the latter being mostly
zeroes for the time being).

Prompted by:	Nathan Boeger <nathan@khmere.com>
2000-10-25 22:12:59 +00:00
des
e9a1ef51c6 Mark directories as directories, not as regular files. 2000-10-10 12:32:44 +00:00
des
1c37bf6427 Fix cut'n'paste bogon.
Submitted by:	Jim Pirzyk <Jim.Pirzyk@disney.com>
2000-09-18 17:46:01 +00:00
des
5ea50b42cc Remove unused variables. 2000-09-09 14:35:35 +00:00
des
3b46d8759e Add stat, uptime and version.
Note that version currently returns the first line of the version string
from vers.c, which is not quite what a Linux system would return.
2000-09-09 11:44:58 +00:00
des
1883bff184 Pierre Beyssac originally derived linprocfs from procfs, and I've made (and
will keep making) significant modifications, so I'm adding both our copyrights
to the top of these files.
2000-09-07 16:44:26 +00:00
des
1c7254b5aa Remove obsolete comment (see rev 1.84 of procfs_vnops.c) 2000-09-04 18:19:04 +00:00
rwatson
997c80bdd8 o Synchronize linprocfs authorization with procfs authorization improvements
(better hiding of hidden processes, more access checks, use vaccess(), et
  al)

Approved by:	des
Obtained from:	TrustedBSD Project
2000-09-01 18:40:52 +00:00
rwatson
579561d0b0 o Update linprocfs to include similar changes as those in procfs, fixing
the build (oops!): replace calls to p_trespass() and PRISON_CHECK()
  with p_can(..., {P_CAN_SEE, P_CAN_DEBUG}, NULL)
o Remove volatile usage from procfs_readdir() to remove warnings
o Apply bp's CREATE fix to linprocfs, causing EROFS to be returned on
  CREATE calls to procfs_lookup()
o Some further synchronization still needs to occur: only existing
  access checks were replaced, to fix the build--the new ones were not
  added.  I'll do this later today, this is a "fix the build quickly"
  commit.  This means that, in the interim, some information leakage
  can still occur via linprocfs when using jail or kern.ps_showallprocs

Submitted by:	knu
Approved by:	des
Obtained from:	TrustedBSD Project
2000-08-30 13:23:19 +00:00
bde
73dafc9420 Fixed null pointer panic for accessing "meminfo" when there is no swap. 2000-08-12 21:08:42 +00:00
des
f3c347774d Make exe a symlink. 2000-05-24 07:37:02 +00:00
msmith
fc637387ee Fix include paths so that this builds correctly.
Submitted by:	Mike Pritchard <mpp@mppsystems.com>
2000-04-21 05:54:11 +00:00
msmith
9848084c38 Move the linprocfs bits under the rest of the i386 linux compatibility
code.
2000-04-20 03:54:27 +00:00