ext2_vfsops.c:1.157, cd9660_vfsops.c:1.145, ffs_vfsops.c:1.314,
reiserfs_vfsops.c:1.5
Remove calls to vfs_export() for exporting a filesystem for NFS mounting
from individual filesystems. Call it instead in vfs_mount.c,
after we call VFS_MOUNT() for a specific filesystem.
Remove incorrect null_checkexp() routine. This
will allow the NFS server to call vfs_stdcheckexp() on the exported nullfs
filesystem, not the underlying filesystem being nullfs mounted.
If the lower filesystem was not NFS exported, then the NFS exported
null filesystem would not work.
Modify MNT_UPDATE behavior for nullfs so that it does not
return EOPNOTSUPP if an "export" parameter was passed in.
This should allow nullfs mounts to be NFS exported.
PR: kern/87906
1.13: Revision 1.4 set access for all sensitive files in /proc/<PID> to mode 0
if a process's uid or gid has changed, but the /proc/<PID> directory
itself was also set to mode 0. Assuming this doesn't open any
security holes, open access to the /proc/<PID> directory for users
other than root to read or search the directory.
1.14: Upon further review, DES prefers this change over that in revision 1.13
to resolve the directory access problem for processes with P_SUGID flag
set.
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
If fifo_open() is called with a negative file descriptor, return EINVAL
rather than panicking later. This can occur if the kernel calls
vn_open() on a fifo, as there will be no associated file descriptor,
and therefore the file descriptor operations cannot be modified to
point to the fifo operation set.
Reported by: Martin <nakal at nurfuerspam dot de>
PR: 94278
Approved by: re (scottl)
exit1() to block until any current PHOLD's are released. This includes
Simplifying the cleanup code in kern_ptrace() and removing the now
unnecessary vmspace ref counting magic from proc_rwmem(). Also, the
locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() have been fixed to be consistent across the
tree.
Approved by: re (scottl)
vnode_create_vobject() while preserving the binary ABI
to filesystem modules in RELENG_6: introduce a new function
vnode_create_vobject_off() that takes the size argument
as off_t; move all stock file systems to it; re-implement
the old vnode_create_vobject() using vnode_create_vobject_off()
so that old or binary-only FS modules can work w/o hitting the
bug. The trick is to pass a size of 0 to vnode_create_vobject_off()
so that it will call VOP_GETATTR() and thus get the actual,
untruncated file size even if the calling module still uses
the old vnode_create_vobject().
PR: kern/92243
Approved by: re (scottl)
Avoid creating (and subsequently using) fake opt_*.h files
when the modules are built with the kernel and hence actual
opt_*.h files are available in ${KERNBUILDDIR}. Fix a few
small bugs that would prevent this from working.
At last the build options of the modules become consistent
with those of the kernel unless the MODULES_WITH_WORLD way
still is used.
Approved by: re (kensmith, scottl)
Requested by: ru
Tested on: amd64 i386 sparc64
Tested by: md5
When returning EIO from DEVFSIO_RADD ioctl, drop the exclusive rule
lock. Otherwise the system comes to a rather sudden and grinding
halt.
As the underlying devfs locking changes that lead to this bug have not
been merged to RELENG_5, this fix to those locking changes does not
need to be merged.
src/sys/fs/devfs/devfs_vnops.c 1.128
src/sys/kern/vfs_subr.c 1.652
This is a workaround for a complicated issue involving VFS cookies and devfs.
The PR and patch have the details. The ultimate fix requires architectural
changes and clarifications to the VFS API, but this will prevent the system
from panicking when someone does "ls /dev" while running in a shell under the
linuxulator.
PR: 88249
Submitted by: "Devon H. O'Dell" <dodell@ixsystems.com>
Original commit message:
Modified files:
sys/fs/nwfs nwfs_vnops.c
Log:
Update nwfs_lookup() to match the current cache_lookup() API.
cache_lookup() has returned a ref'ed and locked vnode since
vfs_cache.c:1.96, dated Tue Mar 29 12:59:06 2005 UTC. This change
is similar to the change made to smbfs_lookup() in smbfs_vnops.c:1.58.
Tested by: "Antony Mawer" ant AT mawer.org
MFC after: 2 weeks
Revision Changes Path
1.42 +11 -26 src/sys/fs/nwfs/nwfs_vnops.c
Approved by: re (scottl)
| Ensure the full value is written into inode variables.
|
| PR: 85503
| Submitted by: Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
|
| Revision Changes Path
| 1.89 +2 -2 src/sys/fs/msdosfs/msdosfs_denode.c
Approved by: re (scottl)
Second attempt at a work-around for fifo-related socket panics during
make -j with high levels of parallelism: acquire Giant in fifo I/O
routines.
Discussed with: ups
Approved by: re (scottl)
msdosfs_vfsops.c v1.146
bootsect.h v1.13
Remove checks for BOOTSIG[23] from FAT32 bootblocks.
There seems to be very little documentary evidence outside this
implementation to suggest a these checks are neccessary, and more
than one camera-formatted flash disk fails the check, but mounts
successfully on most other systems.
Approved by: re (scottl@)
Assert v_fifoinfo is non-NULL in fifo_close() in order to catch
non-conforming cases sooner.
Reported by: Peter Holm <peter at holm dot cc>
Approved by: re (scottl)
sys/fs/msdosfs/msdosfs_vfsops.c:1.145,
sys/fs/ntfs/ntfs_vfsops.c:1.79-1.80,
sys/fs/udf/udf_vfsops.c:1.34-1.35,
sys/gnu/fs/ext2fs/ext2_vfsops.c:1.152-1.153,
sys/gnu/fs/reiserfs/reiserfs_vfsops.c:1.2-1.3 (by ssouhlal):
*_mountfs() (if the filesystem mounts from a device) needs devvp to be
locked, so lock it.
Approved by: re (scottl)
Lock the read socket receive buffer when frobbing the sb_state flag on
that socket during open, not the write socket receive buffer.
Spotted by: ups
Approved by: re (scottl)
For reasons of consistency (and necessity), assert an exclusive vnode
lock on the fifo vnode in fifo_open(): we rely on the vnode lock to
serialize access to v_fifoinfo.
Approved by: re (scottl)
Assert that (vp) is locked in fifo_close(), since we rely on the
exclusive vnode lock to synchronize the reference counts on struct
fifoinfo.
Approved by: re (scottl)
The socket pointers in fifoinfo are not permitted to be NULL, so
don't check if they are, it just confuses the fifo code more.
Approved by: re (kensmith)
Handle a race condition where NULLFS vnode can be cleaned while threads
can still be asleep waiting for lowervp lock.
Tested by: kkenn
Discussed with: ssouhlal, jeffr
(this is an early MFC for inclusion in the upcoming 6.0-BETA5)
Approved by: re (scottl)
Use vput() instead of vrele() in null_reclaim() since the lower vnode
is locked.
MFC 1.89 (by kan):
Handle a race condition where NULLFS vnode can be cleaned while threads
can still be asleep waiting for lowervp lock.
Tested by: kkenn
Discussed with: ssouhlal, jeffr
(rev. 1.89 is an early MFC for inclusion in the upcoming 6.0-BETA5)
Approved by: re (scottl)
Trim down now (believed to be) unused fifo_ioctl() and
fifo_kqfilter() VOP implementations, since they in theory are used
only on open file descriptors, in which case the ioctls are via
fifo_ioctl_f() and kqueue requests are via fifo_kqfilter_f().
Generate warnings if they are entered for now. These printf()
calls should become panic() calls.
Annotate and re-implement fifo_ioctl_f(): don't arbitrarily
forward ioctls to the socket layer, only forward the ones we
explicitly support for fifos. In the case of FIONREAD, don't
forward the request to the write socket on a read-write fifo, or
the read result is overwritten. Annotate a nasty case for the
undefined POSIX O_RDWR on fifos, in which failure of the second
ioctl will result in the socket pair being in an inconsistent
state.
Assert copyright as I find myself rewriting non-trivial parts of
fifofs.
Approved by: re (scottl)
Annotate two issues:
1) fifo_kqfilter() is not actually ever used, it likely should be GC'd.
2) fifo_kqfilter_f() doesn't implement EVFILT_VNODE, so detecting events
on the underlying vnode for a fifo no longer works (it did in 4.x).
Likely, fifo_kqfilter_f() should forward the request to the VFS using
fp->f_vnode, which would work once fifo_kqfilter() was detached from
the vnode operation vector (removing the fifo override).
Discussed with: phk
Approved by: re (scottl)
As a result of kqueue locking work, socket buffer locks will always
be held when entering a kqueue filter for fifos via a socket buffer
event: as such, assert the lock unconditionally rather than acquiring
it conditionally.
Approved by: re (scottl)
Introduce no-op nosup fifo kqueue filter and detach routine, which are
used when a read filter is requested on a write-only fifo descriptor, or
a write filter is requested on a read-only fifo descriptor. This
permits the filters to be registered, but never raises the event, which
causes kqueue behavior for fifos to more closely match similar semantics
for poll and select, which permit testing for the condition even though
the condition will never be raised, and is consistent with POSIX's notion
that a fifo has identical semantics to a one-way IPC channel created
using pipe() on most operating systems.
The fifo regression test suite can now run to completion on HEAD without
errors.
Approved by: re (kensmith)
When a request is made to register a filter on a fifo that doesn't
apply to the fifo (i.e., not EVFILT_READ or EVFILT_WRITE), reject
it as EINVAL, not by returning 1 (EPERM).
Approved by: re (kensmith)
Remove DFLAG_SEEKABLE from fifo file descriptors: fifos are not seekable
according to POSIX, not to mention the fact that it doesn't make sense
(and hence isn't really implemented). This causes the fifo_misc
regression test to succeed.
Approved by: re (scottl)
Only poll the fifo for read events if the fifo is attached to a readable
file descriptor. Otherwise, the read end of a fifo might return that it
is writable (which it isn't).
Only poll the fifo for write events if the fifo attached to a writable
file descriptor. Otherwise, the write end of a fifo might return that
it is readable (which it isn't).
In the event that a file is FREAD|FWRITE (which is allowed by POSIX, but
has undefined behavior), we poll for both.
Approved by: re (kensmith)
After going to some trouble to identify only the write-related events
to poll the write socket for, the fifo polling code proceeded to poll
for the complete set of events. Use 'levents' instead of 'events' as
the argument to poll, and only poll the write socket if there is
interest in write events.
Approved by: re (kensmith)
