1685 Commits

Author SHA1 Message Date
rwatson
2b82cd24f1 Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential.  Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential.  Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument.  This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.

Trickle this change down into fo_stat/poll() implementations:

- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
  MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
  than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
  to vn_stat().  Pass active_cred to MAC and fp->f_cred to VOP_POLL()
  to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
  and consumers so that this distinction is maintained at the VFS
  as well as 'struct file' layer.  Pass active_cred instead of
  td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.

- fifofs: modify the creation of a "filetemp" so that the file
  credential is properly initialized and can be used in the socket
  code if desired.  Pass ap->a_td->td_ucred as the active
  credential to soo_poll().  If we teach the vnop interface about
  the distinction between file and active credentials, we would use
  the active credential here.

Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained.  It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 12:52:03 +00:00
rwatson
44404e4547 In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
jeff
a996673e12 - Hold the vnode lock throughout execve.
- Set VV_TEXT in the top level execve code.
 - Fixup the image activators to deal with the newly locked vnode.
2002-08-13 06:55:28 +00:00
alc
216ea61cb6 o Remove an unnecessary vm_page_flash() from _pmap_unwire_pte_hold().
Reviewed by:	peter
2002-08-13 06:22:11 +00:00
rwatson
97ad1768f7 Teach the OSF/1 emulation layer a little more about mandatory access
control: perform checks during OSF/1 statfs()-related calls by
invoking mac_check_mount_stat().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-12 01:16:55 +00:00
mjacob
d8202a09a4 Add support for the LSI-Logic Fusion/MP architecture.
This is an architecture that present a thing message passing interface
to the OS. You can query as to how many ports and what kind are attached
and enable them and so on.

A less grand view is that this is just another way to package SCSI (SPI or
FC) and FC-IP into a one-driver interface set.

This driver support the following hardware:

LSI FC909:	Single channel, 1Gbps, Fibre Channel (FC-SCSI only)
LSI FC929:	Dual Channel, 1-2Gbps, Fibre Channel (FC-SCSI only)
LSI 53c1020:	Single Channel, Ultra4 (320M) (Untested)
LSI 53c1030:	Dual Channel, Ultra4 (320M)

Currently it's in fair shape, but expect a lot of changes over the
next few weeks as it stabilizes.

Credits:

The driver is mostly from some folks from Jeff Roberson's company- I've
been slowly migrating it to broader support that I it came to me as.

The hardware used in developing support came from:

	FC909: LSI-Logic, Advansys (now Connetix)
	FC929: LSI-Logic
	53c1030: Antares Microsystems (they make a very fine board!)

MFC after:	3 weeks
2002-08-11 23:34:20 +00:00
alc
4c29b0e7b7 o Remove the setting and clearing of the PG_MAPPED flag from the alpha and
ia64 pmap.
 o Remove the PG_MAPPED flag's declaration.
2002-08-10 18:01:39 +00:00
brooks
a59a8c94a5 Make ppp(4) devices clonable and unloadable. 2002-08-09 15:30:48 +00:00
alc
40626b3576 o Introduce pmap_page_is_mapped(). Its purpose is to obsolete
the PG_MAPPED flag.
2002-08-07 18:03:00 +00:00
alc
3b63a2bd2b o Don't set PG_MAPPED or PG_WRITEABLE when a page is mapped
using pmap_kenter() or pmap_qenter().
 o Use VM_ALLOC_WIRED in pmap_new_thread().
2002-08-05 00:04:18 +00:00
jeff
02517b6731 - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
peter
5885283d90 ptvmmap does not exist on alpha. 2002-08-02 18:40:01 +00:00
alc
a15cfdccfb o Lock page queue accesses by vm_page_deactivate(). 2002-08-02 04:40:10 +00:00
blackend
9c8ad2f838 Fix the link to the Handbook 2002-08-01 17:21:18 +00:00
jhb
8959d1076a - Split the unaligned access check flags out of md_flags in struct mdthread
and move them into md_uac in struct mdproc.  mdproc is protected by the
  proc lock.  md_flags now is only ever modified by the current thread, so
  it doesn't need a lock.
- Rename the constants for all the per-thread MD flags to use MDTD_*
  instead of MDP_*.
2002-07-31 19:37:03 +00:00
mike
9f0ddc464e Create a new header <machine/_stdint.h> for storing MD parts of
<stdint.h>.  Previously, parts were defined in <machine/ansi.h> and
<machine/limits.h>.  This resulted in two problems:
  (1) Defining macros in <machine/ansi.h> gets in the way of that
      header only defining types.
  (2) Defining C99 limits in <machine/limits.h> adds pollution to
      <limits.h>.
2002-07-29 17:41:23 +00:00
peter
5cf99313cd de-count pci now that ahc/ahd are taken care of. 2002-07-23 06:36:23 +00:00
peter
b4c4e09557 Add static unit count to pci 2002-07-21 23:10:59 +00:00
peter
0e1289a90e Add explicit unit count on 'device pci' for ahc/ahd 2002-07-21 23:07:31 +00:00
peter
cc7b2e4248 Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable
handler in the kernel at the same time.  Also, allow for the
exec_new_vmspace() code to build a different sized vmspace depending on
the executable environment.  This is a big help for execing i386 binaries
on ia64.   The ELF exec code grows the ability to map partial pages when
there is a page size difference, eg: emulating 4K pages on 8K or 16K
hardware pages.

Flesh out the i386 emulation support for ia64.  At this point, the only
binary that I know of that fails is cvsup, because the cvsup runtime
tries to execute code in pages not marked executable.

Obtained from:  dfr (mostly, many tweaks from me).
2002-07-20 02:56:12 +00:00
alc
bf14f2641b o Introduce an argument, VM_ALLOC_WIRED, that requests vm_page_alloc()
to return a wired page.
 o Use VM_ALLOC_WIRED within Alpha's pmap_growkernel().  Also, because
   Alpha's pmap_growkernel() calls vm_page_alloc() from within a critical
   section, specify VM_ALLOC_INTERRUPT instead of VM_ALLOC_SYSTEM.  (Only
   VM_ALLOC_INTERRUPT is implemented entirely with a spin mutex.)
 o Assert that the page queues mutex is held in vm_page_wire()
   on Alpha, just like the other platforms.
2002-07-18 04:08:10 +00:00
jhb
0dbee33a27 Various comment and minor style fixes. No actual content changes.
Inspired by:	bde
2002-07-16 18:20:17 +00:00
jhb
f37064088a Some style cleanups.
Submitted by:	bde
2002-07-16 15:40:19 +00:00
markm
8b9e48e9c0 Retire the perl gethints.conf in favour of an awk version. Move
the awk version to a central place for maintenance.

Submitted by:	Cyrille Lefevre <cyrille.lefevre@laposte.net>
2002-07-16 09:28:25 +00:00
jhb
1495816eb1 Add a NOTES file for the Alpha architecture. 2002-07-15 17:50:17 +00:00
jhb
7e179908e1 The sources to the non-working esp device are no longer present in current. 2002-07-15 14:54:36 +00:00
jhb
cc6a81f898 - Remove an irrelevant comment from i386 GENERIC.
- Remove unneeded quotes.
- Remove 'config' line.
- Rename ident to SIMOS.
2002-07-15 14:33:20 +00:00
alc
ec8a106e8a o Lock page queue accesses by vm_page_wire() that aren't
within a critical section.
 o Assert that the page queues lock is held in vm_page_wire()
   unless an Alpha.
2002-07-14 23:51:55 +00:00
alc
828e129a10 o Complete the locking of page queue accesses by vm_page_unwire().
o Assert that the page queues lock is held in vm_page_unwire().
 o Make vm_page_lock_queues() and vm_page_unlock_queues() visible
   to kernel loadable modules.
2002-07-13 20:55:21 +00:00
alfred
b349285ecb Move COMPAT_FREEBSD4 to arch-neutral sys/conf/NOTES.
Add COMPAT_FREEBSD4 to GENERIC for arches that existed in FreeBSD 4's time,
not just i386. (alpha and pc98)

Requested by: bde
2002-07-13 16:43:53 +00:00
mini
a02f691cf3 Add additional cred_free_thread() calls that I had missed the first time.
Pointed out by:	jhb
2002-07-13 04:36:50 +00:00
jhb
91bb8201ee Set the thread state of the newly chosen to run thread to TDS_RUNNING in
choosethread() in MI C code instead of doing it in in assembly in all the
various cpu_switch() functions.  This fixes problems on ia64 and sparc64.

Reviewed by:	julian, peter, benno
Tested on:	i386, alpha, sparc64
2002-07-12 18:34:22 +00:00
mike
7ffb7525e5 Remove label_t and physadr, which seem to have never been used in
FreeBSD.

Submitted by:	bde
2002-07-10 15:47:59 +00:00
obrien
0c368924ad Desupport the TurboChannel Alpha's. This means the DEC3000/300* Pelic*
and DEC3000/[4-9]00 Flamingo/Sandpiper families.
2002-07-09 19:20:18 +00:00
mike
ebfda4c0dd Move __offsetof() macro from <machine/ansi.h> to <sys/cdefs.h>. It's
hardly MD, since all our platforms share the same macro.  It's not
really compiler dependent either, but this helps in reducing
<machine/ansi.h> to only type definitions.
2002-07-08 16:43:35 +00:00
peter
62e40d1277 Add a special page zero entry point intended to be called via the single
threaded VM pagezero kthread outside of Giant.  For some platforms, this
is really easy since it can just use the direct mapped region.  For others,
IPI sending is involved or there are other issues, so grab Giant when
needed.

We still have preemption issues to deal with, but Alan Cox has an
interesting suggestion on how to minimize the problem on x86.

Use Luigi's hack for preserving the (lack of) priority.

Turn the idle zeroing back on since it can now actually do something useful
outside of Giant in many cases.
2002-07-08 04:24:26 +00:00
peter
b73c441dad Collect all the (now equivalent) pmap_new_proc/pmap_dispose_proc/
pmap_swapin_proc/pmap_swapout_proc functions from the MD pmap code
and use a single equivalent MI version.  There are other cleanups
needed still.

While here, use the UMA zone hooks to keep a cache of preinitialized
proc structures handy, just like the thread system does.  This eliminates
one dependency on 'struct proc' being persistent even after being freed.
There are some comments about things that can be factored out into
ctor/dtor functions if it is worth it.  For now they are mostly just
doing statistics to get a feel of how it is working.
2002-07-07 23:05:27 +00:00
peter
1ddb738816 Retrofit changes from i386/pmap.c rev 1.328-1.331.
XXX should really replace the pmap_{new,swapin,swapout,dispose}_{proc,thread}
functions with the much cleaner sparc64 versions.
2002-07-04 01:53:09 +00:00
mike
beba9fcf0e Since printf(3) now supports the `j' conversion specifier, use that
when printing intmax_t and uintmax_t.

Forgotten by:	mike
Noticed by:	bde
2002-06-30 05:48:03 +00:00
julian
b858fa511c Fix reverse ordering of locks. add a comment about locks on some platforms.
Submitted by:	jhb@freebsd.org
2002-06-29 23:58:50 +00:00
julian
aa2dc0a5d9 Part 1 of KSE-III
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)

Reviewed by:	Almost everyone who counts
	(at various times, peter, jhb, matt, alfred, mini, bernd,
	and a cast of thousands)

	NOTE: this is still Beta code, and contains lots of debugging stuff.
	expect slight instability in signals..
2002-06-29 17:26:22 +00:00
julian
a06b68b34f Add files that are new for KSE. 2002-06-29 07:04:59 +00:00
jeff
9d6ea37a8c Set the UMA_ZONE_VM flag on the pvzone to avoid kmem_map recursion. 2002-06-27 04:08:45 +00:00
jake
e102a9b6dd Add an MD callout like cpu_exit, but which is called after sched_lock is
obtained, when all other scheduling activity is suspended.  This is needed
on sparc64 to deactivate the vmspace of the exiting process on all cpus.
Otherwise if another unrelated process gets the exact same vmspace structure
allocated to it (same address), its address space will not be activated
properly.  This seems to fix some spontaneous signal 11 problems with smp
on sparc64.
2002-06-24 15:48:02 +00:00
mini
ef6f2f567d Remove unused diagnostic function cread_free_thread().
Approved by:	alfred
2002-06-24 06:22:00 +00:00
peter
b045fa53c5 Update an 'XXX what is this?' type comment about suswintr and fuswintr.
These are 16 bit short values used only by the profiling code.
2002-06-20 07:40:53 +00:00
peter
df4ec1a7b3 Deorbit suibyte(). It was only used for split address space systems
for supporting UIO_USERISPACE (ie: it wasn't used).
2002-06-20 07:13:35 +00:00
peter
4830c34648 Move the "- 1" into the RQB_FFS(mask) macro itself so that
implementations can provide a base zero ffs function if they wish.
This changes
  #define RQB_FFS(mask) (ffs64(mask))
  foo = RQB_FFS(mask) - 1;
to
  #define RQB_FFS(mask) (ffs64(mask) - 1)
  foo = RQB_FFS(mask);
On some platforms we can get the "- 1" for free, eg: those that use the
C code for ffs64().

Reviewed by:	jake (in principle)
2002-06-20 06:21:20 +00:00
alfred
bfa1cb192c Squish the "could sleep with process lock" messages caused by calling
uifind() with a proc lock held.

change_ruid() and change_euid() have been modified to take a uidinfo
structure which will be pre-allocated by callers, they will then
call uihold() on the uidinfo structure so that the caller's logic
is simplified.

This allows one to call uifind() before locking the proc struct and
thereby avoid a potential blocking allocation with the proc lock
held.

This may need revisiting, perhaps keeping a spare uidinfo allocated
per process to handle this situation or re-examining if the proc
lock needs to be held over the entire operation of changing real
or effective user id.

Submitted by: Don Lewis <dl-freebsd@catspoiler.org>
2002-06-19 06:39:25 +00:00
mjacob
e8bb840a6d Botcho. I included in the last commit the
device		mpt		# LSI-Logic MPT-Fusion

line. This driver isn't ready yet.

Submitted by:	Scott Long
2002-06-16 06:48:42 +00:00