d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
b38d37f7b5
freebsd-skq/sys/vm
History
Pawel Jakub Dawidek 2609222ab4 Merge Capsicum overhaul: 
- Capability is no longer separate descriptor type. Now every descriptor
  has set of its own capability rights.

- The cap_new(2) system call is left, but it is no longer documented and
  should not be used in new code.

- The new syscall cap_rights_limit(2) should be used instead of
  cap_new(2), which limits capability rights of the given descriptor
  without creating a new one.

- The cap_getrights(2) syscall is renamed to cap_rights_get(2).

- If CAP_IOCTL capability right is present we can further reduce allowed
  ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
  ioctls can be retrived with cap_ioctls_get(2) syscall.

- If CAP_FCNTL capability right is present we can further reduce fcntls
  that can be used with the new cap_fcntls_limit(2) syscall and retrive
  them with cap_fcntls_get(2).

- To support ioctl and fcntl white-listing the filedesc structure was
  heavly modified.

- The audit subsystem, kdump and procstat tools were updated to
  recognize new syscalls.

- Capability rights were revised and eventhough I tried hard to provide
  backward API and ABI compatibility there are some incompatible changes
  that are described in detail below:

	CAP_CREATE old behaviour:
	- Allow for openat(2)+O_CREAT.
	- Allow for linkat(2).
	- Allow for symlinkat(2).
	CAP_CREATE new behaviour:
	- Allow for openat(2)+O_CREAT.

	Added CAP_LINKAT:
	- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
	- Allow to be target for renameat(2).

	Added CAP_SYMLINKAT:
	- Allow for symlinkat(2).

	Removed CAP_DELETE. Old behaviour:
	- Allow for unlinkat(2) when removing non-directory object.
	- Allow to be source for renameat(2).

	Removed CAP_RMDIR. Old behaviour:
	- Allow for unlinkat(2) when removing directory.

	Added CAP_RENAMEAT:
	- Required for source directory for the renameat(2) syscall.

	Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
	- Allow for unlinkat(2) on any object.
	- Required if target of renameat(2) exists and will be removed by this
	  call.

	Removed CAP_MAPEXEC.

	CAP_MMAP old behaviour:
	- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
	  PROT_WRITE.
	CAP_MMAP new behaviour:
	- Allow for mmap(2)+PROT_NONE.

	Added CAP_MMAP_R:
	- Allow for mmap(PROT_READ).
	Added CAP_MMAP_W:
	- Allow for mmap(PROT_WRITE).
	Added CAP_MMAP_X:
	- Allow for mmap(PROT_EXEC).
	Added CAP_MMAP_RW:
	- Allow for mmap(PROT_READ | PROT_WRITE).
	Added CAP_MMAP_RX:
	- Allow for mmap(PROT_READ | PROT_EXEC).
	Added CAP_MMAP_WX:
	- Allow for mmap(PROT_WRITE | PROT_EXEC).
	Added CAP_MMAP_RWX:
	- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).

	Renamed CAP_MKDIR to CAP_MKDIRAT.
	Renamed CAP_MKFIFO to CAP_MKFIFOAT.
	Renamed CAP_MKNODE to CAP_MKNODEAT.

	CAP_READ old behaviour:
	- Allow pread(2).
	- Disallow read(2), readv(2) (if there is no CAP_SEEK).
	CAP_READ new behaviour:
	- Allow read(2), readv(2).
	- Disallow pread(2) (CAP_SEEK was also required).

	CAP_WRITE old behaviour:
	- Allow pwrite(2).
	- Disallow write(2), writev(2) (if there is no CAP_SEEK).
	CAP_WRITE new behaviour:
	- Allow write(2), writev(2).
	- Disallow pwrite(2) (CAP_SEEK was also required).

	Added convinient defines:

	#define	CAP_PREAD		(CAP_SEEK | CAP_READ)
	#define	CAP_PWRITE		(CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_R		(CAP_MMAP | CAP_SEEK | CAP_READ)
	#define	CAP_MMAP_W		(CAP_MMAP | CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_X		(CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
	#define	CAP_MMAP_RW		(CAP_MMAP_R | CAP_MMAP_W)
	#define	CAP_MMAP_RX		(CAP_MMAP_R | CAP_MMAP_X)
	#define	CAP_MMAP_WX		(CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_MMAP_RWX		(CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_RECV		CAP_READ
	#define	CAP_SEND		CAP_WRITE

	#define	CAP_SOCK_CLIENT \
		(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
		 CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
	#define	CAP_SOCK_SERVER \
		(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
		 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
		 CAP_SETSOCKOPT | CAP_SHUTDOWN)

	Added defines for backward API compatibility:

	#define	CAP_MAPEXEC		CAP_MMAP_X
	#define	CAP_DELETE		CAP_UNLINKAT
	#define	CAP_MKDIR		CAP_MKDIRAT
	#define	CAP_RMDIR		CAP_UNLINKAT
	#define	CAP_MKFIFO		CAP_MKFIFOAT
	#define	CAP_MKNOD		CAP_MKNODAT
	#define	CAP_SOCK_ALL		(CAP_SOCK_CLIENT | CAP_SOCK_SERVER)

Sponsored by:	The FreeBSD Foundation
Reviewed by:	Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with:	rwatson, benl, jonathan
ABI compatibility discussed with:	kib
2013-03-02 00:53:12 +00:00
..
default_pager.c Replace pointer to "struct uidinfo" with pointer to "struct ucred" 2010-12-02 17:37:16 +00:00
device_pager.c Fix a bug in the device pager code that can trigger an assertion 2013-01-09 16:48:38 +00:00
memguard.c Fix a bug with memguard(9) on 32-bit architectures without a 2012-07-15 20:29:48 +00:00
memguard.h Fix a bug with memguard(9) on 32-bit architectures without a 2012-07-15 20:29:48 +00:00
phys_pager.c Remove unneeded includes of <sys/linker_set.h>. Other headers that use 2011-01-11 13:59:06 +00:00
pmap.h The page flag PGA_WRITEABLE is set and cleared exclusively by the pmap 2012-06-16 18:56:19 +00:00
redzone.c Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs. 2011-11-07 15:43:11 +00:00
redzone.h
sg_pager.c Move the declaration of vm_phys_paddr_to_vm_page() from vm/vm_page.h 2012-11-16 05:55:56 +00:00
swap_pager.c Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
swap_pager.h Implement the linprocfs swaps file, providing information about the 2011-08-01 19:12:15 +00:00
uma_core.c Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
uma_dbg.c
uma_dbg.h
uma_int.h Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
uma.h Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
vm_extern.h Eliminate vm_phys_bootstrap_alloc(). It was a failed attempt at 2011-10-30 05:06:14 +00:00
vm_fault.c - Add system wide page faults requiring I/O counter. 2013-01-28 12:54:53 +00:00
vm_glue.c Move the corresponding MTX_SYSINIT() next to their struct mtx declaration 2012-10-26 17:31:35 +00:00
vm_init.c Introduce exec_alloc_args(). The objective being to encapsulate the 2010-07-27 17:31:03 +00:00
vm_kern.c On arm, like sparc64, the end of the kernel map varies from one type of 2013-02-18 01:02:48 +00:00
vm_kern.h
vm_map.c Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
vm_map.h - Get rid of unused function vmspace_wired_count(). 2013-01-14 12:12:56 +00:00
vm_meter.c - Add system wide page faults requiring I/O counter. 2013-01-28 12:54:53 +00:00
vm_mmap.c Merge Capsicum overhaul: 2013-03-02 00:53:12 +00:00
vm_object.c Merge from vmc-playground branch: 2013-02-26 23:35:27 +00:00
vm_object.h Merge from vmobj-rwlock: 2013-02-27 18:12:13 +00:00
vm_page.c Wrap the sleeps synchronized by the vm_object lock into the specific 2013-02-26 17:22:08 +00:00
vm_page.h Update a comment to reflect the elimination of the hold queue in r242300. 2012-11-17 04:00:19 +00:00
vm_pageout.c - Add sysctls to show number of stats scans. 2013-01-28 12:20:20 +00:00
vm_pageout.h Move what remains of vm/vm_contig.c into vm/vm_pageout.c, where similar 2012-07-18 05:21:34 +00:00
vm_pager.c vm_pager_object_lookup: small performance optimization 2012-05-23 12:51:49 +00:00
vm_pager.h Add new pager type, OBJT_MGTDEVICE. It provides the device pager 2012-05-12 20:49:58 +00:00
vm_param.h On Alan's advice, rather than do a wholesale conversion on a single 2010-04-30 00:46:43 +00:00
vm_phys.c Make VM_NDOMAIN a kernel option so that it can be enabled from a kernel 2013-02-14 19:38:04 +00:00
vm_phys.h Move the declaration of vm_phys_paddr_to_vm_page() from vm/vm_page.h 2012-11-16 05:55:56 +00:00
vm_reserv.c Correct an off-by-one error in vm_reserv_alloc_contig() that resulted in 2012-07-15 21:46:19 +00:00
vm_reserv.h Introduce vm_reserv_alloc_contig() and teach vm_page_alloc_contig() how to 2011-12-05 18:29:25 +00:00
vm_unix.c - Improve readability of sys_obreak(). 2013-01-11 09:58:35 +00:00
vm_zeroidle.c
vm.h - Fix locked memory accounting for maps with MAP_WIREFUTURE flag. 2012-12-18 07:35:01 +00:00
vnode_pager.c Remove white spaces. 2013-02-26 20:35:40 +00:00
vnode_pager.h Account the writeable shared mappings backed by file in the vnode 2012-02-23 21:07:16 +00:00