Commit Graph

257 Commits

Author SHA1 Message Date
KATO Takenori
f8fc96b551 Fixed vnode corruption by undefined case in union_lookup(). When
uerror == 0 && lerror == EACCES, lowervp == NULLVP and union_allocvp
doesn't find existing union node and new union node is created.

Sicne it is dificult to cover all the case, union_lookup always
returns when union_lookup1() returns EACCES.

Submitted by:	Naofumi Honda <honda@Kururu.math.sci.hokudai.ac.jp>
Obtained from:	NetBSD/pc98
1997-08-12 07:18:59 +00:00
Sean Eric Fagan
66ad7973ce Check permissions for fp regs as well as normal regs. 1997-08-12 05:23:51 +00:00
Sean Eric Fagan
49356a1f4a Fix procfs security hole -- check permissions on meaningful I/Os (namely,
reading/writing of mem and regs).  Also have to check for the requesting
process being group KMEM -- this is a bit of a hack, but ps et al need it.

Reviewed by:	davidg
1997-08-12 04:34:30 +00:00
Bruce Evans
1fd0b0588f Removed unused #includes. 1997-08-02 14:33:27 +00:00
Alexander Langer
ee97e537f7 More comment cleanup. 1997-06-26 17:12:59 +00:00
Alexander Langer
09c8ff4a78 Typo police. 1997-06-26 16:13:56 +00:00
Alexander Langer
2c39c8177b Style fix my previous commit. 1997-06-26 16:12:53 +00:00
Alexander Langer
8a77722ad7 Block all write operations to /proc/1/* when securelevel > 0.
The additional check in procfs_ctl.c could be backed out, but
I'm leaving it in for good measure.

Reviewed by:	Theo de Raadt <deraadt@OpenBSD.org>
1997-06-21 16:09:49 +00:00
Tor Egge
14a4b83067 Don't remove the controlling tty from the session if the vnode is being
cleaned. This should help for PR kern/3581.
1997-05-29 13:29:13 +00:00
Peter Wemm
e9f7506f89 Fix some warnings (missing prototypes, wrong "generic" args etc)
umapfs uses one of nullfs's functions...
1997-05-25 04:50:02 +00:00
Poul-Henning Kamp
8a40593f4d Remove redundant check for vp == dvp (done in VFS before calling). 1997-05-17 18:32:53 +00:00
KATO Takenori
c9bf011176 1. Added cast and parenthesis in block size calculaion in
union_statfs().
2. staticized union vops.

Submitted by:	Doug Rabson <dfr@nlsystems.com>
1997-05-07 14:37:32 +00:00
Joerg Wunsch
08ed607a09 Hide the kernel-only stuff inside #ifdef KERNEL.
XXX should be #ifdef _KERNEL
XXX^2 the !KERNEL part should probably be moved out into a publically
      visible header file anyway.
1997-05-07 13:23:04 +00:00
Joerg Wunsch
62102247f6 Oops. The function cd9660_mountroot() is gone, but i've committed an
even more bogus prototype for it in my previous commit.
1997-05-04 16:17:49 +00:00
Joerg Wunsch
5a9714de76 This mega-commit brings the following:
. It makes cd9660 root f/s working again.
. It makes CD9660 a new-style option.
. It adds support to mount an ISO9660 multi-session CD-ROM as the root
  filesystem (the last session actually, but that's what is expected
  behaviour).

Sigh.  The CDIOREADTOCENTRYS did a copyout() of its own, and thus has
been unusable for me for this work.  Too bad it didn't simply stuff
the max 100 entries into the struct ioc_read_toc_entry, but relied on
a user supplied data buffer instead. :-(  I now had to reinvent the
wheel, and created a CDIOREADTOCENTRY ioctl command that can be used
in a kernel context.

While doing this, i noticed the following bogosities in existing CD-ROM
drivers:

wcd:	This driver is likely to be totally bogus when someone tries
	two succeeding CDIOREADTOCENTRYS (or now CDIOREADTOCENTRY)
	commands with requesting MSF format, since it apparently
	operates on an internal table.

scd:	This driver apparently returns just a single TOC entry only for
	the CDIOREADTOCENTRYS command.

I have only been able to test the CDIOREADTOCENTRY command with the
cd(4) driver.  I hereby request the respective maintainers of the
other CD-ROM drivers to verify my code for their driver.  When it
comes to merging this CD-ROM multisession stuff into RELENG_2_2 i will
only consider drivers where i've got a confirmation that it actually
works.
1997-05-04 15:24:23 +00:00
KATO Takenori
32cfb899a6 Fixed panic message in union_lock(): union_link --> union_lock. 1997-05-03 01:55:19 +00:00
KATO Takenori
5f3f68a8ba Access correct union mount point in union_access. Old vnode is saved
in savedvp variable and it is used for the argument of
MOUNTTOUNIONMOUNT().  I didn't realize ap->a_vp is modified before
MOUNTTOUNIONMOUNT(), so the change by revision 1.22 is incorrect.
1997-05-02 03:21:54 +00:00
Søren Schmidt
e34cbf1f59 Remove the dependancy on DEV_BSIZE, now specfs works on != 512byte
sector devices given that the fs uses a blocksize of at least a physical
sector size.
1997-05-01 19:12:22 +00:00
Joerg Wunsch
7d322c735e For multi-session CD-ROMs, we have to account for previous sessions as
well in volume_space_size.  Otherwise, NFS exports won't work.
1997-04-29 17:11:51 +00:00
Joerg Wunsch
3e1cf43148 Add support for ISO9660 multi-session CD-ROMs. This is just nothing
but searching the directory on something else than the default
location.

NB: this comprises an interface change to the mount_cd9660(8)
utility (commit will follow).  You need to rebuild both.

I've got similar patches for RELENG_2_2, should i commit them too?
1997-04-29 15:52:53 +00:00
KATO Takenori
a9320ff3bd Revised fix for locking violation when unionfs calls vput with
UN_KLOCK flag.

When UN_KLOCK is set, VOP_UNLOCK should keep uppervp locked and clear
UN_ULOCK flag.  To do this, when UN_KLOCK is set, (1) union_unlock
clears UN_ULOCK and does not clear UN_KLOCK, (2) union_lock() does not
access uppervp and does not clear UN_KLOCK, and (3) callers of
vput/VOP_UNLOCK should clear UN_KLOCK.  For example, vput becomes:

	SETKLOCK(union_node);
	vput(vnode);
	CLEARKLOCK(union_node);

where SETKLOCK macro sets UN_KLOCK and CLEARKLOCK macro clears
UN_KLOCK.
1997-04-29 02:06:07 +00:00
Alexander Langer
898fcb3b84 Removed bogon from previous commit: doubly included sys/systm.h. 1997-04-27 21:32:21 +00:00
Alexander Langer
ee7877dfec Prevent debugger attachment to init when securelevel > 0.
Noticed by:	Brian Buchanan <brian@wasteland.calbbs.com>
1997-04-27 19:02:37 +00:00
KATO Takenori
c4ace78562 Undo 1.29. 1997-04-27 10:49:37 +00:00
KATO Takenori
a18ac0ffaf Do nothing instead of adjusting un_flags when (uppervp is locked) &&
(UN_ULOCK is not set) in union_lock.  This condition may indicate
race.  DIAGNOSTIC kernel still panic here.
1997-04-26 13:43:25 +00:00
KATO Takenori
928e13b6a1 Do not clear UN_ULOCK in certain case.
Our vput calls vm_object_deallocate() --> vm_object_terminate().  The
vm_object_terminate() calls vn_lock(), since UN_LOCKED has been
already cleared in union_unlock().  Then, union_lock locks upper vnode
when UN_ULOCK is not set.  The upper vnode is not unlocked when
UN_KLOCK is set in union_unlock(), thus, union_lock tries to lock
locked vnode and we get panic.
1997-04-26 04:09:40 +00:00
KATO Takenori
18b4c8e206 Dirty change in union_lock(). Sometimes upper vnode is locked without
UN_ULOCK flag.  This shows a locking violation but I couldn't find the
reason UN_ULOCK is not set or upper vnode is not unlocked.  I added
the code that detect this case and adjust un_flags.  DIAGNOSTIC kernel
doesn't adjust un_flags, but just panic here to help debug by kernel
hackers.
1997-04-21 15:32:24 +00:00
KATO Takenori
077f31be53 Replace VOP_LOCK with vn_lock. 1997-04-21 12:40:42 +00:00
John Dyson
7cac787bee Fix both a problem with accessing backing objects, and also release
the process map on nonexistant pages.
PR:		kern/3327
Submitted by:	Tor Egge <Tor.Egge@idi.ntnu.no>
1997-04-20 17:12:11 +00:00
KATO Takenori
747e915757 Avoid `lock against myself' panic by following operation:
# mount -t union (or null) dir1 dir2
	# mount -t union (or null) dir2 dir1

The function namei in union_mount calls union_root.  The upper vnode
has been already locked and vn_lock in union_root causes above panic.

Add printf's included in `#ifdef DIAGNOSTIC' for EDEADLK cases.
1997-04-19 06:04:13 +00:00
KATO Takenori
f85e8fc5ca Fix `locking against myself' panic by multi nullfs mount of same
directory pair.
1997-04-17 11:24:57 +00:00
KATO Takenori
c5e17d9e2b Use NULLVP instead of NULL. 1997-04-17 11:17:30 +00:00
KATO Takenori
b69aa7f11a Do not set the uppervp to NULLVP in union_removed_upper. If lowervp
is NULLVP, union node will have neither uppervp nor lowervp.  This
causes page fault trap.

The union_removed_upper just remove union node from cache and it
doesn't set uppervp to NULLVP.  Since union node is removed from
cache, it will not be referenced.

The code that remove union node from cache was copied from
union_inactive.
1997-04-16 16:24:24 +00:00
KATO Takenori
93d71a483c Undo previous commit to avoid panic, and fix order of argument of
VOP_LINK().  The reason of strange behavior was wrong order of the
argument, that is, the operation

	# ln foo bar

in a union fs tried to do

	# ln bar foo

in ufs layer.

Now we can make a link in a union fs.
1997-04-16 03:08:34 +00:00
KATO Takenori
9095719e2b Quick-hack to avoid `lock against myself' panic. It is not the real
fix!

The ufs_link() assumes that vnode is not unlocked and tries to lock it
in certain case.  Because union_link calls VOP_LINK after locking vnode,
vn_lock in ufs_link causes above panic.

Currently, I don't know the real fix for a locking violation in
union_link, but I think it is important to avoid panic.

A vnode is unlocked before calling VOP_LINK and is locked after it if
the vnode is not union fs.  Even though panic went away, the process
that access the union fs in which link was made will hang-up.

Hang-up can be easily reproduced by following operation:

	mount -t union a b
	cd b
	ln foo bar
	ls
1997-04-15 12:56:57 +00:00
Bruce Evans
6a57385056 Removed more traces of ISODEVMAP. 1997-04-15 08:05:08 +00:00
Poul-Henning Kamp
438d3e3188 Remove all traces of undocumented feature ISODEVMAP. 1997-04-14 18:15:47 +00:00
KATO Takenori
6db918e371 Fix `lockmgr: locking against myself' panic by multi union mount of
same directory pair.

If we do:
    mount -t union a b
    mount -t union a b
then, (1) namei tries to lock fs which has been already locked by
first union mount and (2) union_root() tries to lock locked fs.  To
avoid first deadlock condition, unlock vnode if lowerrootvp is union
node, and to avoid second case, union_mount returns EDEADLK when multi
union mount is detected.
1997-04-14 10:52:25 +00:00
KATO Takenori
ee582cdff0 Fix locking violation when accessing `..'.
Obtained from:	NetBSD
1997-04-14 05:13:55 +00:00
KATO Takenori
3a946335ae Access correct union mount point in union_access. 1997-04-13 13:12:12 +00:00
Poul-Henning Kamp
363ad70091 The function union_fsync tries to lock overlaying vnode object when
dolock is not set (that is, targetvp == overlaying vnode object).
Current code use FIXUP macro to do this, and never unlocks overlaying
vnode object in union_fsync.  So, the vnode object will be locked
twice and never unlocked.

PR:		3271
Submitted by:	kato
1997-04-13 06:29:13 +00:00
Poul-Henning Kamp
b422956c56 The path name buffer, cn->cn_pnbuf, is FREEed by VOP_MKDIR when
relookup() in union_relookup() is succeeded.  However, if relookup()
returns non-zero value, that is relookup fails, VOP_MKDIR is never
called (c.f. union_mkshadow).  Thus, pathname buffer is never FREEed.

Reviewed by:	phk
Submitted by:	kato
PR:		3262
1997-04-13 06:27:09 +00:00
Poul-Henning Kamp
9fa6ee7671 Though malloc allocates only cn.cn_namelen bytes for cn.cn_pnbuf in
union_vn_create(), following bcopy copies cn.cn_namlen + 1 bytes to
cn.cn_pnbuf

PR:		3255
Reviewed by:	phk
Submitted by:	kato
1997-04-13 06:25:03 +00:00
Bruce Evans
c90607ba7f Get the declaration of `struct dirent' from <sys/dirent.h>, not from
<sys/dir.h>, and use the new macro GENERIC_DIRSIZ() instead of DIRSIZ().

Removed unused #includes.
1997-04-10 15:05:38 +00:00
Bruce Evans
3bea22184e Get the declaration of `struct dirent' from <sys/dirent.h>, not from
<sys/dir.h>.

Removed unused #include.

Fixed type and order of struct members in pseudo-declaration of `struct
vop_readdir_args'.
1997-04-10 14:56:49 +00:00
Bruce Evans
1a2efb7550 Removed unused or apparently-unused #includes, especially of the
deprecated header <sys/dir.h>.
1997-04-10 14:35:32 +00:00
John Dyson
a04c970a7a Fix the gdb executable modify problem. Thanks to the detective work
by Alan Cox <alc@cs.rice.edu>, and his description of the problem.

The bug was primarily in procfs_mem, but the mistake likely happened
due to the lack of vm system support for the operation.  I added
better support for selective marking of page dirty flags so that
vm_map_pageable(wiring) will not cause this problem again.

The code in procfs_mem is now less bogus (but maybe still a little
so.)
1997-04-06 02:29:45 +00:00
Bruce Evans
71455815cc Don't include <sys/ioctl.h> in the kernel. Stage 3: include
<sys/filio.h> instead of <sys/ioctl.h> in non-network non-tty files.
1997-03-24 11:37:53 +00:00
Bruce Evans
fce002fdef Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include
it when it is not used.  In most cases, the reasons for including it
went away when the special ioctl headers became self-sufficient.
1997-03-24 11:25:10 +00:00
Bruce Evans
3ac4d1ef0c Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined.
Fixed everything that depended on getting fcntl.h stuff from the wrong
place.  Most things don't depend on file.h stuff at all.
1997-03-23 03:37:54 +00:00