Commit Graph

1745 Commits

Author SHA1 Message Date
kan
b4bff5a977 Handle a race condition where NULLFS vnode can be cleaned while threads
can still be asleep waiting for lowervp lock.

Tested by:	kkenn
Discussed with: ssouhlal, jeffr
2005-09-15 19:21:26 +00:00
rwatson
7584b6b2c3 The socket pointers in fifoinfo are not permitted to be NULL, so
don't check if they are, it just confuses the fifo code more.

MFC after:	3 days
2005-09-15 15:45:34 +00:00
phk
3c4b94c1fe Various minor polishing. 2005-09-15 10:28:19 +00:00
phk
eafa84f647 Protect the devfs rule internal global lists with a sx lock, the per
mount locks are not enough.  Finer granularity (x)locking could be
implemented, but I prefer to keep it simple for now.
2005-09-15 08:50:16 +00:00
phk
1a7de63bbb Absolve devfs_rule.c from locking responsibility and call it with
all necessary locking held.
2005-09-15 08:36:37 +00:00
phk
a543c5b761 Close a race which could result in unwarranted "ruleset %d already
running" panics.

Previously, recursion through the "include" feature was prevented by
marking each ruleset as "running" when applied.  This doesn't work for
the case where two DEVFS instances try to apply the same ruleset at
the same time.

Instead introduce the sysctl vfs.devfs.rule_depth (default == 1) which
limits how many levels of "include" we will traverse.

Be aware that traversal of "include" is recursive and kernel stack
size is limited.

MFC:	after 3 days
2005-09-15 06:57:28 +00:00
rwatson
0e4f08263a Trim down now (believed to be) unused fifo_ioctl() and
fifo_kqfilter() VOP implementations, since they in theory are used
only on open file descriptors, in which case the ioctls are via
fifo_ioctl_f() and kqueue requests are via fifo_kqfilter_f().
Generate warnings if they are entered for now.  These printf()
calls should become panic() calls.

Annotate and re-implement fifo_ioctl_f(): don't arbitrarily
forward ioctls to the socket layer, only forward the ones we
explicitly support for fifos.  In the case of FIONREAD, don't
forward the request to the write socket on a read-write fifo, or
the read result is overwritten.  Annotate a nasty case for the
undefined POSIX O_RDWR on fifos, in which failure of the second
ioctl will result in the socket pair being in an inconsistent
state.

Assert copyright as I find myself rewriting non-trivial parts of
fifofs.

MFC after:	3 days
2005-09-13 17:46:48 +00:00
rwatson
afc7b6e916 As a result of kqueue locking work, socket buffer locks will always
be held when entering a kqueue filter for fifos via a socket buffer
event: as such, assert the lock unconditionally rather than acquiring
it conditionall.

MFC after:	3 days
2005-09-13 10:39:24 +00:00
rwatson
2bda369cf8 Annotate two issues:
1) fifo_kqfilter() is not actually ever used, it likely should be GC'd.

2) fifo_kqfilter_f() doesn't implement EVFILT_VNODE, so detecting events
   on the underlying vnode for a fifo no longer works (it did in 4.x).
   Likely, fifo_kqfilter_f() should forward the request to the VFS using
   fp->f_vnode, which would work once fifo_kqfilter() was detached from
   the vnode operation vector (removing the fifo override).

Discussed with:	phk
2005-09-13 09:23:22 +00:00
rwatson
bc5e7eb1f3 Introduce no-op nosup fifo kqueue filter and detach routine, which are
used when a read filter is requested on a write-only fifo descriptor, or
a write filter is requested on a read-only fifo descriptor.  This
permits the filters to be registered, but never raises the event, which
causes kqueue behavior for fifos to more closely match similar semantics
for poll and select, which permit testing for the condition even though
the condition will never be raised, and is consistent with POSIX's notion
that a fifo has identical semantics to a one-way IPC channel created
using pipe() on most operating systems.

The fifo regression test suite can now run to completion on HEAD without
errors.

MFC after:	3 days
2005-09-12 19:59:12 +00:00
rwatson
491de3e2d2 When a request is made to register a filter on a fifo that doesn't
apply to the fifo (i.e., not EVFILT_READ or EVFILT_WRITE), reject
it as EINVAL, not by returning 1 (EPERM).

MFC after:	3 days
2005-09-12 18:07:49 +00:00
rwatson
6b308e01a1 Remove DFLAG_SEEKABLE from fifo file descriptors: fifos are not seekable
according to POSIX, not to mention the fact that it doesn't make sense
(and hence isn't really implemented).  This causes the fifo_misc
regression test to succeed.
2005-09-12 12:15:12 +00:00
rwatson
1481446aae Only poll the fifo for read events if the fifo is attached to a readable
file descriptor.  Otherwise, the read end of a fifo might return that it
is writable (which it isn't).

Only poll the fifo for write events if the fifo attached to a writable
file descriptor.  Otherwise, the write end of a fifo might return that
it is readable (which it isn't).

In the event that a file is FREAD|FWRITE (which is allowed by POSIX, but
has undefined behavior), we poll for both.

MFC after:	3 days
2005-09-12 10:16:18 +00:00
rwatson
919d519cbb After going to some trouble to identify only the write-related events
to poll the write socket for, the fifo polling code proceeded to poll
for the complete set of events.  Use 'levents' instead of 'events' as
the argument to poll, and only poll the write socket if there is
interest in write events.

MFC after:	3 days
2005-09-12 10:13:15 +00:00
rwatson
5be69d1d56 When a writer opens a fifo, wake up the read socket for read, not the
write socket.

MFC after:	3 days
2005-09-12 10:07:21 +00:00
rwatson
c9f007b159 Add an assertion that fifo_open() doesn't race against other threads
while sleeping to allocate fifo state: due to using the vnode lock to
serialize access to a fifo during open, it shouldn't happen (tm).

MFC after:	3 days
2005-09-12 10:06:38 +00:00
rwatson
a079789c36 Rather than reaching into the internals of the UNIX domain socket code
by calling uipc_connect2() to connect two socket endpoints to create a
fifo, call soconnect2().

MFC after:	3 days
2005-09-12 10:05:08 +00:00
phk
aca041ee53 Clean up prototypes. 2005-09-12 08:03:15 +00:00
rodrigc
97c59ad2c7 Cast bf_sysid to const char * when passing it to strncmp(), because
strncmp does not take an unsigned char *.  Eliminates warning with GCC 4.0.
2005-09-11 16:02:14 +00:00
rodrigc
aeeba2bf5b Do not declare M_NTFSMNT with extern linkage here, since
it is defined with static linkage in ntfs_vfsops.c.
Fixes compilation with GCC 4.0.
2005-09-11 15:57:07 +00:00
obrien
4b003b6283 Ensure the full value is written into inode variables.
PR:		85503
Submitted by:	Dmitry Pryanishnikov <dmitry@atlantis.dp.ua>
2005-09-07 10:32:58 +00:00
ssouhlal
5ea64800e1 Unbreak hpfs/ntfs/udf/ext2fs/reiserfs mounting.
Another pointyhat to:	ssouhlal
2005-09-03 20:23:41 +00:00
ssouhlal
ad48f84298 Unbreak the build.
Pointyhat to:	ssouhlal
2005-09-03 00:40:19 +00:00
ssouhlal
45954b5047 Use vput() instead of vrele() in null_reclaim() since the lower vnode
is locked.

MFC after:	3 days
2005-09-02 15:49:55 +00:00
ssouhlal
f8217f350b *_mountfs() (if the filesystem mounts from a device) needs devvp to be
locked, so lock it.

Glanced at by:	phk
MFC after:	3 days
2005-09-02 15:27:23 +00:00
phk
a469be1ef3 Add a missing dev_relthread() call.
Remove unused variable.

Spotted by:	Hans Petter Selasky <hselasky@c2i.net>
2005-08-29 11:14:18 +00:00
phk
fcf6768753 Handle device drivers with D_NEEDGIANT in a way which does not
penalize the 'good' drivers:  Allocate a shadow cdevsw and populate
it with wrapper functions which grab Giant
2005-08-17 08:19:52 +00:00
phk
8a3fe94804 Collect the devfs related sysctls in one place 2005-08-16 19:25:02 +00:00
phk
e89ebd4119 Create a new internal .h file to communicate very private stuff
from kern_conf.c to devfs.

For now just two prototypes, more to come.
2005-08-16 19:08:01 +00:00
phk
4edc625526 Eliminate effectively unused dm_basedir field from devfs_mount. 2005-08-15 19:40:53 +00:00
grehan
ba88fd3c57 - restore the ability to mount cd9660 filesystems as root by inverting
some of the options test, specifically the joliet and rockridge tests.
  Since the root mount callchain doesn't go through cd9660_cmount, the
  default mount options aren't set. Rather than having the main codepath
  assume the options are there, test for the absence of the inverted
  optioin

  e.g. instead of vfs_flagopt(.. "joliet" ..), test for
  !vfs_flagopt(.. "nojoliet" ..)

  This works for root mount, non-root mount and future nmount cases.

- in cd9660_cmount, remove inadvertent setting of "gens" when "extatt"
  was set.

Reported by:	grehan, Dario Freni <saturnero at freesbie org>
Tested by:	Dario Freni
Not objected to by:	phk

MFC after:	3 days
2005-08-14 04:19:36 +00:00
des
5610061cd3 Eliminate an unnecessary bcopy(). 2005-08-12 12:22:05 +00:00
obrien
d5d343a0fd Remove public declarations of variables that were forgotten when they were
made static.
2005-08-10 07:10:02 +00:00
obrien
10886230c5 Remove the need to forward declare statics by moving them around. 2005-08-10 07:08:14 +00:00
rwatson
daa1c89f45 Merge the dev_clone and dev_clone_cred event handlers into a single
event handler, dev_clone, which accepts a credential argument.
Implementors of the event can ignore it if they're not interested,
and most do.  This avoids having multiple event handler types and
fall-back/precedence logic in devfs.

This changes the kernel API for /dev cloning, and may affect third
party packages containg cloning kernel modules.

Requested by:	phk
MFC after:	3 days
2005-08-08 19:55:32 +00:00
kris
509594693e devfs is not yet fully MPSAFE - for example, multiple concurrent devfs(8)
processes can cause a panic when operating on rulesets.

Approved by:	phk
2005-07-29 23:00:56 +00:00
simon
dd09386bed Correct devfs ruleset bypass.
Submitted by:	csjp
Reviewed by:	phk
Security:	FreeBSD-SA-05:17.devfs
Approved by:	cperciva
2005-07-20 13:34:16 +00:00
imura
a519d1b3a0 [1] unix2doschr()
If a character cannot be converted to DOS code page,
 unix2doschr() returned `0'. As a result, unix2dosfn()
 was forced to return `0', so we saw a file which was
 composed of these characters as `Invalid argument'.
 To correct this, if a character can be converted to
 Unicode, unix2doschr() now returns `1' which is a magic
 number to make unix2dosfn() know that the character
 must be converted to `_'.

[2] unix2dosfn()
 The above-mentioned solution only works if a file
 has both of Unicode name and DOS code page name.
 Unicode name would not be recorded if file name
 can be settled within 11 bytes (DOS short name)
 and if no conversion from Unix charset to DOS code
 page has occurred. Thus, FreeBSD can create a file
 which has only short name, but there is no guarantee
 that the short name contains allways valid characters
 because we leave it to people by using mount_msdosfs(8)
 to select which conversion is used between DOS code
 page and unix charset.
 To avoid this, Unicode file name should be recorded
 unless a character is an ascii character. This is
 the way Windows XP do.

PR:		77074 [1]
MFC after:	1 week
2005-07-17 07:10:05 +00:00
rwatson
79690d711b When devfs cloning takes place, provide access to the credential of the
process that caused the clone event to take place for the device driver
creating the device.  This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.

- Add a cred reference to struct cdev, so that when a device node is
  instantiated as a vnode, the cloning credential can be exposed to
  MAC.

- Add make_dev_cred(), a version of make_dev() that additionally
  accepts the credential to stick in the struct cdev.  Implement it and
  make_dev() in terms of a back-end make_dev_credv().

- Add a new event handler, dev_clone_cred, which can be registered to
  receive the credential instead of dev_clone, if desired.

- Modify the MAC entry point mac_create_devfs_device() to accept an
  optional credential pointer (may be NULL), so that MAC policies can
  inspect and act on the label or other elements of the credential
  when initializing the skeleton device protections.

- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
  so that the pty clone credential is exposed to the MAC Framework.

While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty.  This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.

Submitted by:	Andrew Reisse <andrew.reisse@sparta.com>
Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
MFC after:	1 week
MFC note:	Merge to 6.x, but not 5.x for ABI reasons
2005-07-14 10:22:09 +00:00
tanimura
f03d3eb58c Regrab dvp only when ISDOTDOT.
Approved by:	re (scottl)
2005-07-09 13:52:49 +00:00
jeff
0d69457df8 - Since we don't hold a usecount in pfs_exit we have to get a holdcnt
prior to calling vgone() to prevent any races.

Sponsored by:	Isilon Systems, Inc.
Approved by:	re (vfs blanket)
2005-07-07 07:33:10 +00:00
peter
921b3c5ee4 Jumbo-commit to enhance 32 bit application support on 64 bit kernels.
This is good enough to be able to run a RELENG_4 gdb binary against
a RELENG_4 application, along with various other tools (eg: 4.x gcore).
We use this at work.

ia32_reg.[ch]: handle the 32 bit register file format, used by ptrace,
	procfs and core dumps.
procfs_*regs.c: vary the format of proc/XXX/*regs depending on the client
	and target application.
procfs_map.c: Don't print a 64 bit value to 32 bit consumers, or their
	sscanf fails.  They expect an unsigned long.
imgact_elf.c: produce a valid 32 bit coredump for 32 bit apps.
sys_process.c: handle 32 bit consumers debugging 32 bit targets.  Note
	that 64 bit consumers can still debug 32 bit targets.

IA64 has got stubs for ia32_reg.c.

Known limitations: a 5.x/6.x gdb uses get/setcontext(), which isn't
implemented in the 32/64 wrapper yet.  We also make a tiny patch to
gdb pacify it over conflicting formats of ld-elf.so.1.

Approved by:	re
2005-06-30 07:49:22 +00:00
peter
2778435f72 Conditionally weaken sys_generic.c rev 1.136 to allow certain dubious
ioctl numbers in backwards compatability mode.  eg: an IOC_IN ioctl with
a size of zero.  Traditionally this was what you did before IOC_VOID
existed, and we had some established users of this in the tree, namely
procfs.  Certain 3rd party drivers with binary userland components also
have this too.

This is necessary to have 4.x and 5.x binaries use these ioctl's.  We
found this at work when trying to run 4.x binaries.

Approved by:	re
2005-06-30 00:19:08 +00:00
imura
5809391d17 Avoid casting from (int *) to (size_t *) in order to fix udf_iconv on amd64.
Reviewed by:	scottl
MFC after:	2 weeks
2005-06-05 02:09:48 +00:00
rodrigc
dba46a3ce7 Do not declare a struct as extern, and then implement
it as static in the same file.  This is not legal C,
and GCC 4.0 will issue an error.

Reviewed by:	phk
Approved by:	das (mentor)
2005-05-31 14:50:49 +00:00
brueffer
7bc989441b Fix three typos in comments. Two of them obtained from OpenBSD.
MFC after:	3 days
2005-05-11 21:10:35 +00:00
kan
3f8ab6c93f Do not dereference dvp pointer before doing a NULL check.
Noticed by: Coverity Prevent analysis tool.
2005-05-11 19:08:38 +00:00
anholt
b6be180393 Staticize a symbol used only in this file.
PR:		kern/43613
Submitted by:	Matt Emmerton, matt at gsicomp dot on dot ca
2005-05-06 20:47:09 +00:00
robert
38711d8dea The printf(9) `%p' conversion specifier puts an "0x" in
front of the pointer value.  Therefore, remove the "0x"
from the format string.
2005-05-06 00:15:57 +00:00
robert
46abb4815c Fix our NTFS readdir function.
To check a directory's in-use bitmap bit by bit, we use
a pointer to an 8 bit wide unsigned value.

The index used to dereference this pointer is calculated
by shifting the bit index right 3 bits.  Then we do a
logical AND with the bit# represented by the lower 3
bits of the bit index.

This is an idiomatic way of iterating through a bit map
with simple bitwise operations.

This commit fixes the bug that we only checked bits
3:0 of each 8 bit chunk, because we only used bits 1:0
of the bit index for the bit# in the current 8 bit value.
This resulted in files not being returned by getdirentries(2).

Change the type of the bit map pointer from `char *' to
`u_int8_t *'.
2005-05-06 00:06:06 +00:00