1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

1221 Commits

Author SHA1 Message Date
Steve Passe
2897614119 informal discussion between Bruce Evans <bde@zeta.org.au>,
Peter Wemm <peter@spinner.DIALix.COM>, Steve Passe <smp@csn.net>

removed all the IPI_INTS code.
made the XFAST_IPI32 code default, renaming Xfastipi32 to Xinvltlb.
1997-04-27 21:17:56 +00:00
Garrett Wollman
a29f300e80 The long-awaited mega-massive-network-code- cleanup. Part I.
This commit includes the following changes:
1) Old-style (pr_usrreq()) protocols are no longer supported, the compatibility
glue for them is deleted, and the kernel will panic on boot if any are compiled
in.

2) Certain protocol entry points are modified to take a process structure,
so they they can easily tell whether or not it is possible to sleep, and
also to access credentials.

3) SS_PRIV is no more, and with it goes the SO_PRIVSTATE setsockopt()
call.  Protocols should use the process pointer they are now passed.

4) The PF_LOCAL and PF_ROUTE families have been updated to use the new
style, as has the `raw' skeleton family.

5) PF_LOCAL sockets now obey the process's umask when creating a socket
in the filesystem.

As a result, LINT is now broken.  I'm hoping that some enterprising hacker
with a bit more time will either make the broken bits work (should be
easy for netipx) or dike them out.
1997-04-27 20:01:29 +00:00
Alexander Langer
ee7877dfec Prevent debugger attachment to init when securelevel > 0.
Noticed by:	Brian Buchanan <brian@wasteland.calbbs.com>
1997-04-27 19:02:37 +00:00
Peter Wemm
c76e95c3c7 Create sysctl kern.fast_vfork, on for uniprocessor by default, off for
SMP.
1997-04-26 15:59:50 +00:00
Peter Wemm
c32ba2484e Disable RFMEM in vfork for smp case.. It doesn't seem to work too well
yet..
1997-04-26 14:31:36 +00:00
Peter Wemm
477a642cee Man the liferafts! Here comes the long awaited SMP -> -current merge!
There are various options documented in i386/conf/LINT, there is more to
come over the next few days.

The kernel should run pretty much "as before" without the options to
activate SMP mode.

There are a handful of known "loose ends" that need to be fixed, but
have been put off since the SMP kernel is in a moderately good condition
at the moment.

This commit is the result of the tinkering and testing over the last 14
months by many people.  A special thanks to Steve Passe for implementing
the APIC code!
1997-04-26 11:46:25 +00:00
Doug Rabson
be4952f1df Don't zero b_dirtyoff and b_dirtyend on error.
Submitted by:	Hidetoshi Shimokawa <simokawa@sat.t.u-tokyo.ac.jp>
1997-04-25 11:14:00 +00:00
Peter Wemm
5f61c81d66 copyin the export network mask to the correct variable.
Submitted by: Mike Hibler <mike@marker.cs.utah.edu>, PR#3380
1997-04-25 06:47:12 +00:00
Andrey A. Chernov
0eaa559cbf Restore memory space separation (RFMEM) for vfork() after
shell imgact memory clobbering fixed
1997-04-23 22:13:18 +00:00
Andrey A. Chernov
5cf3d12ca5 Don't clobber user space argv0 memory on shell exec, mainly for vfork()
Fix another bug: if argv[0] is NULL, garbadge args might be added for
shell script
Submitted by: Tor Egge <Tor.Egge@idi.ntnu.no> (with yet one fault detect from me)
1997-04-23 22:07:05 +00:00
John Dyson
6b707440d3 Give up on the fast vfork() for a while. 1997-04-23 01:59:14 +00:00
John Dyson
c58494e476 Re-institute the efficent version of vfork. It appears to make a
difference of approx 3mins in make world on my P6!!!  This means
that vfork now has full address space sharing, so beware with
sloppy vfork programming.  Also, you really do need to apply
the previously committed popen fix in libc.
1997-04-20 16:57:12 +00:00
Bruce Evans
0e4f24a34e Avoid division by 0 in check_part(). (It occurred when max_nsectors == 0.
This case is clearly an error, but we keep calling check_part() to get
diagnostics.)

Fixed nearby indentation and commenting bugs.
1997-04-19 14:14:17 +00:00
Doug Rabson
18cab10cb3 Don't allow partial buffers to be cluster-comitted.
Zero the b_dirty{off,end} after cluster-comitting a group of buffers.

With these fixes, I was able to complete a 'make world' with remote src
and obj directories.
1997-04-18 14:12:17 +00:00
David Greenman
1ebd0c5945 Brought fix from the 2.2 branch forward (see rev 1.47.2.7): serious bugs
with reading the image header.
1997-04-18 02:43:05 +00:00
Poul-Henning Kamp
936342eff1 #include <sys/queue.h> 1997-04-14 18:23:48 +00:00
Bruce Evans
58611a61ed Fixed printing of registers in dbflalt_handler(). The registers
were always in a tss; that tss just changed from the one in the
pcb to common_tss (who knows where it was when there was no curpcb?).
Not using the pcb also fixed the problem that there is no pcb in
idle(), so we now always get useful register values.
1997-04-14 13:52:52 +00:00
John Dyson
d7f7f3f20e Make a problem that I cannot reproduce go away for now. This commit
is to decrease the inconvienience of other developers until I can
really fix the code.
Reviewed by:	Donald J. Maddox <dmaddox@scsn.net>
1997-04-14 01:28:58 +00:00
John Dyson
95395ca1c1 Improve the buffer cache memory policy by moving pages over to the
cache queue more often.  The pageout daemon had to be waken up
more often than necessary since pages were not put on the
cache queue, when they should have been.
Submitted by:	David Greenman <dg@freebsd.org>
1997-04-13 03:33:25 +00:00
John Dyson
492da96c9d Correct the previous thread-fix commit. I made a clerical error. 1997-04-13 03:05:31 +00:00
John Dyson
5856e12e69 Fully implement vfork. Vfork is now much much faster than even our
fork. (On my machine, fork is about 240usecs, vfork is 78usecs.)

Implement rfork(!RFPROC !RFMEM), which allows a thread to divorce its memory
	from the other threads of a group.

Implement rfork(!RFPROC RFCFDG), which closes all file descriptors, eliminating
	possible existing shares with other threads/processes.

Implement rfork(!RFPROC RFFDG), which divorces the file descriptors for a
	thread from the rest of the group.

Fix the case where a thread does an exec.  It is almost nonsense for a thread
	to modify the other threads address space by an exec, so we
	now automatically divorce the address space before modifying it.
1997-04-13 01:48:35 +00:00
John Dyson
c04b956c6f Effectively remove the previous commit to fix threads forking. The
change was a false-start, and needs more work.
1997-04-12 04:07:50 +00:00
John Dyson
af9ec88589 Allow a kernel-supported process thread to do an exec without blasting
away the VM space of all of the other, associated threads.
1997-04-11 23:37:23 +00:00
Bruce Evans
9dd8309d56 Removed support for OLD_PIPE. <sys/stat.h> is now missing the hack that
supported nameless pipes being indistinguishable from fifos.  We're not
going back.
1997-04-09 16:53:45 +00:00
Bruce Evans
4e7506495b Include <sys/buf.h> instead of <sys/vnode.h>. kern_sysctl.c no
longer has anything to do with vnodes and never had anything to do
with buffers, but it needs the definitions of B_READ and B_WRITE
for use with the bogus useracc() interface and was getting them
bogusly due to excessive cleanups in rev.1.49.
1997-04-09 15:23:09 +00:00
Peter Wemm
263a339213 Remove explicit zero of p_vmspace on creation, it's now in the startzero
section of the proc struct.
1997-04-07 09:38:39 +00:00
Peter Wemm
a2a1c95c10 The biggie: Get rid of the UPAGES from the top of the per-process address
space. (!)

Have each process use the kernel stack and pcb in the kvm space.  Since
the stacks are at a different address, we cannot copy the stack at fork()
and allow the child to return up through the function call tree to return
to user mode - create a new execution context and have the new process
begin executing from cpu_switch() and go to user mode directly.
In theory this should speed up fork a bit.

Context switch the tss_esp0 pointer in the common tss.  This is a lot
simpler since than swithching the gdt[GPROC0_SEL].sd.sd_base pointer
to each process's tss since the esp0 pointer is a 32 bit pointer, and the
sd_base setting is split into three different bit sections at non-aligned
boundaries and requires a lot of twiddling to reset.

The 8K of memory at the top of the process space is now empty, and unmapped
(and unmappable, it's higher than VM_MAXUSER_ADDRESS).

Simplity the pmap code to manage process contexts, we no longer have to
double map the UPAGES, this simplifies and should measuably speed up fork().

The following parts came from John Dyson:

Set PG_G on the UPAGES that are now in kernel context, and invalidate
them when swapping them out.

Move the upages object (upobj) from the vmspace to the proc structure.

Now that the UPAGES (pcb and kernel stack) are out of user space, make
rfork(..RFMEM..) do what was intended by sharing the vmspace
entirely via reference counting rather than simply inheriting the mappings.
1997-04-07 07:16:06 +00:00
Peter Wemm
271b264e4c No longer use an i386tss as the basis of our pcb - it wasn't particularly
convenient and makes life difficult for my next commit.  We still need
an i386tss to point to for the tss slot in the gdt, so we use a common
tss shared between all processes.

Note that this is going to break debugging until this series of commits
is finished.  core dumps will change again too. :-(  we really need
a more modern core dump format that doesn't depend on the pcb/upages.

This change makes VM86 mode harder, but the following commits will remove
a lot of constraints for the VM86 system, including the possibility of
extending the pcb for an IO port map etc.

Obtained from: bde
1997-04-07 06:45:18 +00:00
Peter Dufault
0ddf9be1f0 Make MOD_* macros almost consistent:
Use the name argument almost the same in all LKM types.  Maintain
the current behavior for the external (e.g., modstat) name for DEV,
EXEC, and MISC types being #name ## "_mod" and SYCALL and VFS only
#name.  This is a candidate for change and I vote just the name without
the "_mod".

Change the DISPATCH macro to MOD_DISPATCH for consistency with the
other macros.

Add an LKM_ANON #define to eliminate the magic -1 and associated
signed/unsigned warnings.

Add MOD_PRIVATE to support wcd.c's poking around in the lkm structure.

Change source in tree to use the new interface.

Reviewed by:	Bruce Evans
1997-04-06 11:14:13 +00:00
John Dyson
a04c970a7a Fix the gdb executable modify problem. Thanks to the detective work
by Alan Cox <alc@cs.rice.edu>, and his description of the problem.

The bug was primarily in procfs_mem, but the mistake likely happened
due to the lack of vm system support for the operation.  I added
better support for selective marking of page dirty flags so that
vm_map_pageable(wiring) will not cause this problem again.

The code in procfs_mem is now less bogus (but maybe still a little
so.)
1997-04-06 02:29:45 +00:00
Doug Rabson
42146e3747 [Previous comment was incorrect for these files]
Added calls to VFS lock debugging macros to make fixing filesystems' locking
easier.
1997-04-04 17:47:43 +00:00
Doug Rabson
de15ef6aef Add a function vop_sharedlock which a copy of vop_nolock without the
implementation #ifdef out.  This can be used for now by NFS.  As soon
as all the other filesystems' locking is fixed, this can go away.

Print the vnode address in vprint for easier debugging.
1997-04-04 17:46:21 +00:00
David Greenman
66141753e6 Killed unnecessary vp == NULL check after namei. 1997-04-04 09:06:20 +00:00
David Greenman
a3cf6ebae3 Oops, only free component name buffer if namei() didn't. This bug has
been in here since I wrote the code 3 years ago! Thanks, Bruce!

Submitted by:	bde
1997-04-04 07:30:06 +00:00
David Greenman
6d5a0a8c23 Various fixes:
1. imgp->image_header needs to be cleared for the bp == NULL && `goto
   interpret' case, else exec_fail_dealloc would free it twice after
   an error.

2. Moved the vp->v_writecount check in exec_check_permissions() to
   near the end.  This fixes execve("/dev/null", ...) returning the
   bogus errno ETXTBSY.  ETXTBSY is still returned for attempts to
   exec interpreted files that are open for writing.  The man page
   is very old and wrong here.  It says that ETXTBSY is for pure
   procedure (shared text) files that are open for writing or reading.

3. Moved the setuid disabling in exec_check_permissions() to the end.
   Cosmetic.  It's more natural to dispose of all the error cases
   first.

...plus a couple of other cosmetic changes.

Submitted by:	bde
1997-04-04 04:17:11 +00:00
David Greenman
8677f5094d Lose the vnode lock on a permissions failure.
Submitted by:	Tor Egge <Tor.Egge@idi.ntnu.no>
1997-04-04 01:30:33 +00:00
Peter Wemm
b79c6a8603 Don't incorrectly set P_SUGID in setre[ug]id() for no reason, as noticed
by bde.
Don't return EPERM in setre[ug]id() just because the caller passes in
the current effective id in the second arg (ie: no change), as suggested
by ache.
1997-04-02 17:05:49 +00:00
Bruce Evans
0f1adf65ab Use OID_AUTO instead of magic number for the Lite2 sysctl debug.busyprt.
Removed declaration of vfs_unmountroot() again.

Staticized vgonel().
1997-04-01 13:05:34 +00:00
Bruce Evans
f9cf920341 Use OID_AUTO instead of magic number for the old sysctl debug.rcluster.
The magic number conflicted with the rotting disabled one in ext2fs for
debug.doasyncfree.

Removed messy debugging variable/constant/sysctl debug.doreallocblks.
Lite2 removed it, and we don't use the code that it controls.
1997-04-01 11:48:30 +00:00
Bruce Evans
d8a4f230d5 Use OID_AUTO instead of magic number for old sysctl debug.elf_trace. The
magic number conflicted with the one for the Lite2 sysctl debug.busyprt.

Staticized some variables.

Removed unused #includes.
1997-04-01 10:41:48 +00:00
Bruce Evans
7f725eacc1 Use OID_AUTO instead of a magic number for Lite2 sysctl debug.lockf_debug.
Removed unused #includes.
1997-04-01 10:30:06 +00:00
Bruce Evans
6898627ce2 Fixed commented-out Lite2 sysctl debug.lockpausetime.
Removed unused #includes.
1997-04-01 10:18:51 +00:00
Bruce Evans
3f39dbc52d Removed potentially harmful garbage <vm/lock.h> and fixed bogus
use of it.  It was actually harmless because the use was null due
to fortuitous include orders and identical (wrong) idempotency
macros.
1997-04-01 08:39:07 +00:00
Peter Wemm
b67cbc6548 Implement code for an OpenBSD-style issetuigid().
This is valueable for library code which needs to be able to find out
whether the current process is or *was* set[ug]id at some point in the
past, and may have a "tainted" execution environment.  This is especially
a problem with the trend to immediately revoke privs at startup and regain
them for critical sections.  One problem with this is that if a cracker
is able to compromise the program while it's still got a saved id, the
cracker can direct the program to regain the privs.  Another problem is
that the user may be able to affect the program in some other way (eg:
setting resolver host aliases) and the library code needs to know when it
should disable these sorts of features.

Reviewed by: ache
Inspired by: OpenBSD (but with a different implementation)
1997-03-31 15:13:33 +00:00
Peter Wemm
7ec6369d7e Regenerate (added issetugid) 1997-03-31 14:55:05 +00:00
Peter Wemm
56f12a6cb5 issetugid is now implemented rather than reserved 1997-03-31 14:52:50 +00:00
Peter Wemm
a89a5370c5 Do not set the P_SUGID flag in seteuid()/setegid() if nothing has changed.
(for supporting issetugid())

Reviewed by: ache  (as was the previous commit, rev 1.29)
1997-03-31 13:47:00 +00:00
Peter Wemm
229a15f084 Do not set the P_SUGID flag in seteuid()/setegid() if nothing has changed.
(for supporting issetugid())
1997-03-31 13:41:49 +00:00
Peter Wemm
a08f4bf601 Fully implement the clause in Appendix B.4.2.2 from Posix 1003.1
that allows traditional BSD setuid/setgid behavior.

The only visible difference should be that a non-root setuid program
(eg: inn's "rnews" program) that is setuid to news, can completely
"become" uid news. (ie: setuid(geteuid())  This was allowed in
traditional 4.2/4.3BSD and is now "blessed" by Posix as a special
case of "appropriate privilige".

Also, be much more careful with the P_SUGID flag so that we can use it
for issetugid() - only set it if something changed.

Reviewed by: ache
1997-03-31 13:36:46 +00:00
Peter Wemm
8a5d815aa0 Make setgroups(0, xxx) behave as it does on SYSV, namely clear the groups
vector except for the egid in groups[0].  There is a risk that programs
that come from SYSV/Linux that expect this to work and don't check for
error returns may accidently pass root's groups on to child processes.

We now do what is least suprising (to non BSD programs/programmers) in
this scenario, and nothing is changed for programs written with BSD groups
rules in mind.

Reviewed by: ache
1997-03-31 13:21:37 +00:00