Commit Graph

82208 Commits

Author SHA1 Message Date
rwatson
615a42874b Add a new 'NOMACCHECK' flag to namei() NDINIT flags, which permits the
caller to indicate that MAC checks are not required for the lookup.
Similar to IO_NOMACCHECK for vn_rdwr(), this indicates that the caller
has already performed all required protections and that this is an
internally generated operation.  This will be used by the NFS server
code, as we don't currently enforce MAC protections against requests
delivered via NFS.

While here, add NOCROSSMOUNT to PARAMASK; apparently this was used at
one point for name lookup flag checking, but isn't any longer or it
would have triggered from the NFS server code passing it to indicate
that mountpoints shouldn't be crossed in lookups.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 21:25:51 +00:00
rwatson
4c2d375ca4 Regen from addition of execve_mac placeholder. 2002-10-19 21:15:10 +00:00
marcel
d8d309f454 Implement the CDROMREADAUDIO ioctl. 2002-10-19 21:11:43 +00:00
rwatson
f3cd77cf07 Add a placeholder for the execve_mac() system call, similar to SELinux's
execve_secure() system call, which permits a process to pass in a label
for a label change during exec.  This permits SELinux to change the
label for the resulting exec without a race following a manual label
change on the process.  Because this interface uses our general purpose
MAC label abstraction, we call it execve_mac(), and wrap our port of
SELinux's execve_secure() around it with appropriate sid mappings.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 21:06:57 +00:00
rwatson
ae81971478 Drop in the MAC check for file creation as part of open().
Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:56:44 +00:00
rwatson
08f5fce118 Make sure to clear the 'registered' flag for MAC policies when they
unregister.  Under some obscure (perhaps demented) circumstances,
this can result in a panic if a policy is unregistered, and then someone
foolishly unregisters it again.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:30:12 +00:00
rwatson
91dee1ecbb Hook up most of the MAC entry points relating to file/directory/node
creation, deletion, and rename.  There are one or two other stray
cases I'll catch in follow-up commits (such as unix domain socket
creation); this permits MAC policy modules to limit the ability to
perform these operations based on existing UNIX credential / vnode
attributes, extended attributes, and security labels.  In the rename
case using MAC, we now have to lock the from directory and file
vnodes for the MAC check, but this is done only in the MAC case,
and the locks are immediately released so that the remainder of the
rename implementation remains the same.  Because the create check
takes a vattr to know object type information, we now initialize
additional fields in the VATTR passed to VOP_SYMLINK() in the MAC
case.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:25:57 +00:00
gioria
0a95b481d9 SGML-ise accents 2002-10-19 20:07:01 +00:00
marcel
c0de70c997 Remove the _ia64_unwind_start and _ia64_unwind_end symbols. We now
find the unwind table through the ELF program headers.
2002-10-19 19:32:21 +00:00
marcel
2a53e50eeb Update the unwind information when modules are loaded and unloaded
by using the linker hooks. Since these hooks are called for the
kernel as well, we don't need to deal with that with a special
SYSINIT. The initialization implicitly performed on the first
update of the unwind information is made explicit with a SYSINIT.
We now don't need the _ia64_unwind_{start|end} symbols.
2002-10-19 19:30:38 +00:00
marcel
d35d608c07 Add two hooks to signal module load and module unload to MD code.
The primary reason for this is to allow MD code to process machine
specific attributes, segments or sections in the ELF file and
update machine specific state accordingly. An immediate use of this
is in the ia64 port where unwind information is updated to allow
debugging and tracing in/across modules. Note that this commit
does not add the functionality to the ia64 port. See revision 1.9
of ia64/ia64/elf_machdep.c.

Validated on: alpha, i386, ia64
2002-10-19 19:16:03 +00:00
marcel
c5e66cd2c6 Reduce code duplication by moving the common actions in
link_elf_init(), link_elf_link_preload_finish() and
link_elf_load_file() to link_elf_link_common_finish().
Since link_elf_init() did initializations as a side-effect
of doing the common actions, keep the initialization in
that function. Consequently, link_elf_add_gdb() is now also
called to insert the very first link_map() (ie the kernel).
2002-10-19 18:59:33 +00:00
marcel
6af943a484 Non-functional change in preparation of the next commit:
Move link_elf_add_gdb(), link_elf_delete_gdb() and link_elf_error()
near the top of the file. The *_gdb() functions are moved inside
the #ifdef DDB already present there.
2002-10-19 18:43:37 +00:00
alc
22918c79b0 Complete the page queues locking needed for the page-based copy-
on-write (COW) mechanism.  (This mechanism is used by the zero-copy
TCP/IP implementation.)
 - Extend the scope of the page queues lock in vm_fault()
   to cover vm_page_cowfault().
 - Modify vm_page_cowfault() to release the page queues lock
   if it sleeps.
2002-10-19 18:34:39 +00:00
phk
1ca1d78db8 Fix a missing initialization. 2002-10-19 17:19:41 +00:00
phk
f4a1c1173b Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.

Major features:

   * Based on AES, MD5 and ARC4 algorithms.
   * Four cryptographic barriers:
        1) Pass-phrase encrypts the master key.
        2) Pass-phrase + Lock data locates master key.
        3) 128 bit key derived from 2048 bit master key protects sector key.
        3) 128 bit random single-use sector keys protect data payload.
   * Up to four different changeable pass-phrases.
   * Blackening feature for provable destruction of master key material.
   * Isotropic disk contents offers no information about sector contents.
   * Configurable destination sector range allows steganographic deployment.

This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.

This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc.  under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.

Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.

Sponsored by:   DARPA & NAI Labs.
2002-10-19 17:02:17 +00:00
rwatson
b98187d339 Permits UFS ACLs to be used with the GENERIC kernel. Due to recent
ACL configuration changes, this shouldn't result in different code paths
for file systems not explicitly configured for ACLs by the system
administrator.  For UFS1, administrators must still recompile their
kernel to add support for extended attributes; for UFS2, it's sufficient
to enable ACLs using tunefs or at mount-time (tunefs preferred for
reliability reasons).  UFS2, for a variety of reasons, including
performance and reliability, is the preferred file system for use with
ACLs.

Approved by:	re
2002-10-19 16:54:15 +00:00
mux
b642891c54 - Remove ${NORMAL_C_NOWERROR}, it is not used anymore. To build
without -Werror, we do "make WERROR=", which doesn't need this
  variable.
- Use ${.IMPSRC} instead of $< in ${NORMAL_M} for consistency with
  the rest of the file.
- Add ${WERROR} for the ${NORMAL_M} case.

Tested on:	i386, sparc64
2002-10-19 16:47:13 +00:00
sam
7a49e303c4 Fixups to get make release going again for i386:
o mount (and unmount) devfs in the chroot'd filesystem
o handle umounting devfs in case of a keyboard interrupt
o remove MAKEDEV from the fixit floppy so things fit again (mount_devfs was
  added in a separate commit)
o explicitly remove mfsroot.gz and loader.conf when building the cd-rom area
  as otherwice cp -Rp aborts when a previous run left identical files around
o increase the number of inodes on the drivers floppy; moving drivers from
  the kernel there (to shrink it's size) caused things to overflow
o while we're increasing the driver's floppy inode config, separate out all
  parameters from the boot floppy

Approved by:	re
2002-10-19 16:44:16 +00:00
sam
715f7b0ad3 o since you can't use DIOCGDINFO and DIOCGSLICEINFO on drive nodes with geom,
get the xml configuration for the devices and "parse" the information to
  get what's needed
o replace #ifdef DEBUG constructs with DPRINT/DPRINTX to make the code more
  readable

Note the xml "parser" is very very hackish and should be replaced with a
real one.  This one was done to be very small and special-purpose; don't
think about copying it elsewhere.

Approved by:	phk
2002-10-19 16:39:28 +00:00
gioria
a473d8d69c hardware/common/dev.sgml : MFen 1.106
Makefile relnotes/Makefile  : Bump Original revision
relnotes/common/new.sgml relnotes/common/relnotes.ent : Bump Original revision
relnotes/i386/Makefile share/sgml/release.dsl : Bump Original revision
2002-10-19 16:26:33 +00:00
bmah
f561deb6ab New release note: Wide character C library functions.
Modified release note:  Use manpage entity for pst(4).
2002-10-19 16:16:55 +00:00
bmah
8a89864f37 Use manpage entity for pst(4). 2002-10-19 16:16:04 +00:00
rwatson
a2eb2e3662 Clarify that the UFS1 extended attribute configuration steps do not apply
to UFS2 file systems.

Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2002-10-19 16:09:16 +00:00
tmm
fe000c215a Explicitely specify an alignment for struct pcb. While all regular pcb's
are positioned and aligned by md code, dumppcb is just a static
variable and requires this.
2002-10-19 15:54:34 +00:00
tmm
7c6a7904e8 The argument to the DIOCGMEDIASIZE ioctl() is an off_t, not an u_int.
Reviewed by:	phk
2002-10-19 15:40:39 +00:00
matusita
f025958c72 Since NEWCARD is the default pccard subsystem, pccard[cd] is no
longer needed.  Note that pc98 uses OLDCARD so this is only for i386
(thanks nyan-san).

OKed by: imp
2002-10-19 14:23:18 +00:00
tjr
6507d2b5f5 Indent code example with one tab, not two, for consistency with the rest. 2002-10-19 13:48:45 +00:00
tjr
058eca1b43 C89 does not specifiy strsep(), so our strsep() implementation cannot
conform to it.

Obtained from:	OpenBSD
2002-10-19 13:41:22 +00:00
tjr
a8ace8f312 The ftok() function has not been in libcompat for quite a while. 2002-10-19 13:33:12 +00:00
ache
8ad465aa86 Add sr_YU locales
Submitted by:    Toni Andjelkovic <toni@soth.at>
2002-10-19 13:04:05 +00:00
ache
5a6f4d4e46 Add sr_YU locales
Submitted by: Toni Andjelkovic <toni@soth.at>
2002-10-19 12:59:19 +00:00
ache
42a6db1ee1 Add sr_YU locale directories
Submitted by: Toni Andjelkovic <toni@soth.at>
2002-10-19 12:56:56 +00:00
markm
221c2ddb5d Style(9). Make some function declarations consistent with the rest,
and remove some nearby extraneous {}'s.
2002-10-19 11:57:38 +00:00
mux
451ff53efa Several malloc() calls were passing the M_DONTWAIT flag
which is an mbuf allocation flag.  Use the correct
M_NOWAIT malloc() flag.  Fortunately, both were defined
to 1, so this commit is a no-op.
2002-10-19 11:31:50 +00:00
sobomax
62ac3ba58f Fix a problem with RTLD_TRACE flag to dlopen(3), which sometimes can return
even if there was no error occured (when trying to dlopen(3) object that
already linked into executable which does dlopen(3) call). This is more
proper fix for `ldd /usr/lib/libc.so' problem, because the new behaviour
conforms to documentation.

Remove workaround from ldd.c (rev.1.32).

PR:		35099
Submitted by:	Nathan Hawkins <utsl@quic.net>
MFC after:	1 week
2002-10-19 10:18:29 +00:00
sobomax
ea5cbe7c7d Fix security bug in contains_dot_dot routine.
PR:             43575
Submitted by:   Brett Glass <brett@lariat.org>

X-MFC after:	immediately
2002-10-19 09:32:03 +00:00
mckusick
cedf84e607 Clear the pending counts in the superblock after a successful run
of fsck so that the kernel does not complain about them being
non-zero when the filesystem is mounted.

Sponsored by:	DARPA & NAI Labs.
2002-10-19 05:36:48 +00:00
marcel
9d60b8c542 In link_elf_load_file(), when SPARSE_MAPPING is defined and we
cannot allocate ef->object, we freed ef before bailing out with
an error. This is wrong because ef=lf and when we have an error
and lf is non-NULL (which holds if we try to alloc ef->object),
we free lf and thus ef as part of the bailing-out.
2002-10-19 05:01:54 +00:00
fanf
6221a0f65e So a positive time zone offset is west, right? or is it east? Um.
What is the standard for this, anyway? Ah, we get to choose. I see.

This commit is brought to you by the numbers 2001 and 2822 and the
letters P, O, S, I, X and R, F, C.
2002-10-19 04:49:10 +00:00
marcel
26dbe2eb12 Make this compile when DDB is not defined by conditionally compiling
all references to ksym_start and ksym_end.
2002-10-19 04:14:08 +00:00
marcel
fdc552bda2 Make the unwind functions standard and not optional on ddb. They
will eventually be used for ktrace(2) too.
2002-10-19 04:02:16 +00:00
marcel
724ced313d Add the libz derived files, added in the previous commit, to
CLEANFILES. We were not cleaning up after ourselves.
2002-10-19 02:23:09 +00:00
alfred
657dbda997 Don't leak memory in semop(2). (Fix a bug I introduced in rev 1.55.)
Detective work by: jake
2002-10-19 02:07:35 +00:00
benno
3832720b63 Update the documentation for kthread_create to include the pages argument.
Reviewed by:	sheldonh
Forgotten by:	scottl
2002-10-19 01:39:44 +00:00
tmm
bef256b79f Pass the right number of tlb slots to the kernel. The allocation scheme
was changed in r1.4, but I neglected to update most of the code in
metadata.c.

Pointy hat to:	tmm
2002-10-18 23:49:18 +00:00
bmah
60e242d985 Add sab driver to serial interfaces section. 2002-10-18 23:24:20 +00:00
bmah
160787defa New release notes: P1003_1B gone, CPU_DISABLE_CMPXCHG, FAST_IPSEC,
ifconfig(8) monitor, ofwdump(8), ping(8) -o, quota(1) -l, tunefs(8)
-a/-l, ugidfw(8).

Modified release notes:  se driver replaced by sab driver.
2002-10-18 23:23:32 +00:00
mckusick
f5032b44ed Bound the size of the superblock to SBLOCKSIZE.
Submitted by:	BOUWSMA Beery <freebsd-misuser@netscum.dyndns.dk>
Sponsored by:	DARPA & NAI Labs.
2002-10-18 23:17:30 +00:00
dillon
d155b8f135 Fix a file-rewrite performance case for UFS[2]. When rewriting portions
of a file in chunks that are less then the filesystem block size, if the
data is not already cached the system will perform a read-before-write.
The problem is that it does this on a block-by-block basis, breaking up the
I/Os and making clustering impossible for the writes.  Programs such
as INN using cyclic file buffers suffer greatly.  This problem is only going
to get worse as we use larger and larger filesystem block sizes.

The solution is to extend the sequential heuristic so UFS[2] can perform
a far larger read and readahead when dealing with this case.

(note: maximum disk write bandwidth is 27MB/sec thru filesystem)
(note: filesystem blocksize in test is 8K (1K frag))
dd if=/dev/zero of=test.dat bs=1k count=2m conv=notrunc

Before:  (note half of these are reads)
      tty             da0              da1             acd0             cpu
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   0   76 14.21 598  8.30   0.00   0  0.00   0.00   0  0.00   0  0  7  1 92
   0   76 14.09 813 11.19   0.00   0  0.00   0.00   0  0.00   0  0  9  5 86
   0   76 14.28 821 11.45   0.00   0  0.00   0.00   0  0.00   0  0  8  1 91

After:	(note half of these are reads)
      tty             da0              da1             acd0             cpu
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   0   76 63.62 434 26.99   0.00   0  0.00   0.00   0  0.00   0  0 18  1 80
   0   76 63.58 424 26.30   0.00   0  0.00   0.00   0  0.00   0  0 17  2 82
   0   76 63.82 438 27.32   0.00   0  0.00   0.00   0  0.00   1  0 19  2 79

Reviewed by:	mckusick
Approved by:	re
X-MFC after:	immediately (was heavily tested in -stable for 4 months)
2002-10-18 22:52:41 +00:00