1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-22 11:17:19 +00:00
Commit Graph

1276 Commits

Author SHA1 Message Date
Robert Watson
dee93f2c52 Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify pseudofs so that it can support synthetic file systems with
the multilabel flag set.  In particular, implement vop_refreshlabel()
as pn_refreshlabel().  Implement pfs_refreshlabel() to invoke this,
and have it fall back to the mount label if the file system does
not implement pn_refreshlabel() for the node.  Otherwise, permit
the file system to determine how the service is provided.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:33:12 +00:00
Robert Watson
6742f32809 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 15:45:16 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Julian Elischer
1d7b9ed2e6 Create a new thread state to describe threads that would be ready to run
except for the fact tha they are presently swapped out. Also add a process
flag to indicate that the process has started the struggle to swap
back in. This will be  needed for the case where multiple threads
start the swapin action top a collision. Also add code to stop
a process fropm being swapped out if one of the threads in this
process is actually off running on another CPU.. that might hurt...

Submitted by:	Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
2002-07-29 18:33:32 +00:00
Dima Dorfman
ec7e38fb22 Correct misindentation of DRA_UID. 2002-07-28 06:57:57 +00:00
Dima Dorfman
af13e3abb9 Unimplement panic(8) by making sure that we don't recurse into a
ruleset.  If we do, that means there's a ruleset loop (10 includes 20
include 30 includes 10), which will quickly cause a double fault due
to stack overflow (since "include" is implemented by recursion).
(Previously, we only checked that X didn't include X.)
2002-07-28 03:52:44 +00:00
Jeff Roberson
17f888f15f - Explicitly state that specfs does not support locking by using
vop_no{lock,unlock,islocked}.  This should be the only vnode opv that does
   so.
2002-07-27 05:14:59 +00:00
Alan Cox
eb13174a6b o Lock page queue accesses by vm_page_activate() and vm_page_deactivate(). 2002-07-27 05:08:49 +00:00
Dima Dorfman
a1dc209638 Introduce the DEVFS "rule" subsystem. DEVFS rules permit the
administrator to define certain properties of new devfs nodes before
they become visible to the userland.  Both static (e.g., /dev/speaker)
and dynamic (e.g., /dev/bpf*, some removable devices) nodes are
supported.  Each DEVFS mount may have a different ruleset assigned to
it, permitting different policies to be implemented for things like
jails.

Approved by:	phk
2002-07-17 01:46:48 +00:00
Mark Murray
fa860c783c Unbreak LINT; sort the includes so that functions are explicitly
declared. Remove duplicate includes.
2002-07-16 09:33:33 +00:00
Jeff Roberson
ad70122060 - Change all LK_SHARE locks to LK_EXCLUSIVE. Shared locks aren't quite safe
yet
 - Use vop_std{lock,unlock,islocked}.
2002-07-09 19:43:39 +00:00
Jeff Roberson
922b974a44 Lock down pseudofs:
- Initialize lock structure in vncache_alloc
 - Return locked vnodes from vncache_alloc
 - Setup vnode op vectors to use default lock, unlock, and islocked
 - Implement simple locking scheme required for lookup
2002-07-08 01:50:14 +00:00
Julian Elischer
e602ba25fd Part 1 of KSE-III
The ability to schedule multiple threads per process
(one one cpu) by making ALL system calls optionally asynchronous.
to come: ia64 and power-pc patches, patches for gdb, test program (in tools)

Reviewed by:	Almost everyone who counts
	(at various times, peter, jhb, matt, alfred, mini, bernd,
	and a cast of thousands)

	NOTE: this is still Beta code, and contains lots of debugging stuff.
	expect slight instability in signals..
2002-06-29 17:26:22 +00:00
Maxime Henrion
4ce86ffd17 nmount'ify unionfs further by using separate options instead
of passing a flags mount options.  This removes the include of
sys/fs/unionfs/union.h in mount_unionfs as it should be.

Reviewed by:	phk
2002-06-15 22:48:14 +00:00
Maxime Henrion
c3210a83c0 Convert UDF to nmount.
Reviewed by:	scottl
2002-06-15 22:40:13 +00:00
Semen Ustimenko
1cfdefbb9f Fix a race during null node creation between relookuping the hash and
adding vnode to hash. The fix is to use atomic hash-lookup-and-add-if-
not-found operation. The odd thing is that this race can't happen
actually because the lowervp vnode is locked exclusively now during the
whole process of null node creation. This must be thought as a step
toward shared lookups.

Also remove vp->v_mount checks when looking for a match in the hash,
as this is the vestige.

Also add comments and cosmetic changes.
2002-06-13 21:49:09 +00:00
Semen Ustimenko
1542003115 Change null_hashlock into null_hashmtx, because there is no need for
lockmgr and this helps to vget() vnode from hash without a race.

Reviewed by:	bp
MFC after:	2 weeks
2002-06-13 20:18:50 +00:00
Semen Ustimenko
08720e34b0 Fix the "error" path (when dropping not fully initialized vnode).
Also move hash operations out of null_vnops.c and explicitly initialize
v_lock in null_node_alloc (to set wmesg).

Reviewed by:	bp
MFC after:	2 weeks
2002-06-13 18:25:06 +00:00
Semen Ustimenko
ebe0bdddac Fix wrong locking in null_inactive and null_reclaim. This makes nullfs
relatively working back.

Reviewed by:	mckusick, bp
2002-06-13 17:30:40 +00:00
Dag-Erling Smørgrav
a3d37b1322 Gratuitous whitespace cleanup. 2002-06-06 16:59:24 +00:00
Semen Ustimenko
c83fca1f1f Make devfs to give honour to PDIRUNLOCK flag.
Reviewed by:	jeff
MFC after:	1 week
2002-06-01 09:17:43 +00:00
Seigo Tanimura
4cc20ab1f0 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
Maxime Henrion
a9f5c04aae Convert unionfs to nmount. 2002-05-24 00:44:44 +00:00
Maxime Henrion
23bb7c1425 Fix comments. 2002-05-24 00:16:13 +00:00
Maxime Henrion
9fcc512cd6 Convert nullfs to nmount. 2002-05-23 23:07:27 +00:00
Bruce Evans
fba2e6106f Quick fix for non-unique inode numbers for hard links. We use the
byte offset of the directory entry for the inode number for all types
of files except directories, although this breaks hard links for
non-directories even if it doesn't cause overflow.  Just ignore this
broken inode number for stat() and readdir() and return a less broken
one (the block offset of the file), so that applications normally can't
see the brokenness.

This leaves at least the following brokenness:
- extra inodes, vnodes and caching for hard links.
- various overflow bugs.  cd9660 supports 64-bit block numbers, but we
  silently ignore the top 32 bits in isonum_733() and then drop another
  10 bits for our broken inode numbers.  We may also have sign extension
  bugs from storing 32-bit extents in ints and longs even if ints are
  32-bits.  These bugs affect DVDs.  mkisofs apparently limits them
  by writing directory entries first.

Inode numbers were broken mainly in 4.4BSD-Lite2.  FreeBSD-1.1.5 seems
to have a correct implementation modulo the overflow bugs.  We need
to look up directory entries from inodes for symlinks only.  FreeBSD-1.1.5
use separate fields (iso_parent_extent, iso_parent) to point to the
directory entry.  4.4BSD-Lite doesn't have these, and abuses i_ino to
point to the directory entry.  Correct pointers are impossible for
hard links, but symlinks can't be hard links.
2002-05-22 08:50:18 +00:00
Semen Ustimenko
96b825e7ca Fix null_lock() not unlocking vp->v_interlock if LK_THISLAYER.
Reviewed by:	bp@FreeBSD.org
MFC after:	1 week
2002-05-21 18:07:33 +00:00
Seigo Tanimura
102638407c Lock the writer socket across sorwakeup(fip->fi_writesock).
Spotted by:	peter
2002-05-21 02:37:56 +00:00
Seigo Tanimura
243917fe3b Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
John Baldwin
f44d9e24fb Change p_can{debug,see,sched,signal}()'s first argument to be a thread
pointer instead of a proc pointer and require the process pointed to
by the second argument to be locked.  We now use the thread ucred reference
for the credential checks in p_can*() as a result.  p_canfoo() should now
no longer need Giant.
2002-05-19 00:14:50 +00:00
Poul-Henning Kamp
17b5825d7e Remove a check of blocknumbers/offsets which will be pointless with
64 bit daddr_t.

Sponsored by: DARPA & NAI Labs.
2002-05-18 09:32:56 +00:00
Tom Rhodes
d394511de3 More s/file system/filesystem/g 2002-05-16 21:28:32 +00:00
Maxime Henrion
fc6f338fd2 In VOP_LOOKUP, don't assume that the final pathname component
will be in the same filesystem than the one where the current
component is.

Approved by:	scottl
2002-05-16 19:22:39 +00:00
Poul-Henning Kamp
98b0c78978 Make daddr_t and u_daddr_t 64bits wide.
Retire daddr64_t and use daddr_t instead.

Sponsored by:	DARPA & NAI Labs.
2002-05-14 11:09:43 +00:00
Maxime Henrion
8eee3a3d58 Fix several bugs in devfs_lookupx(). When we check the nameiop to
make sure it's a correct operation for devfs, do it only in the
ISLASTCN case.  If we don't, we are assuming that the final file will
be in devfs, which is not true if another partition is mounted on top
of devfs or with special filenames (like /dev/net/../../foo).

Reviewed by:	phk
2002-05-10 15:41:14 +00:00
Jeff Roberson
441271159e Include systm.h for panic(9) so that DEBUG_ALL_VFS_LOCKS compiles. 2002-05-04 02:37:00 +00:00
Poul-Henning Kamp
1ed91802ee HPFS picks up the vop_stdgetpages and vop_stdputpages member functions
via the default entry and the default vop vector.
2002-05-03 18:23:29 +00:00
Dag-Erling Smørgrav
d95ec55335 s/pfs_badop/vop_eopnotsupp/
Submitted by:	phk
2002-05-03 14:58:25 +00:00
Maxime Henrion
6dbde1fe23 Convert devfs to nmount.
Reviewed by:	phk
2002-05-02 20:27:42 +00:00
Maxime Henrion
8392a47923 Convert the pseudofs framework to nmount (thus procfs and linprocfs).
Reviewed by:	des (some time ago), phk
2002-05-02 20:25:55 +00:00
Maxime Henrion
4d8b916946 Convert fdescfs to nmount.
Reviewed by:	phk
2002-05-02 20:24:50 +00:00
Scott Long
1347b4e84f Don't reference vop_std* since they are already implicitly
referenced through the VOP_DEFAULT vector

Submitted by:	phk
2002-05-02 20:23:47 +00:00
Poul-Henning Kamp
ef41ad17bd Use vop_panic() instead of rolling our own. 2002-05-02 19:13:44 +00:00
Scott Long
cd1b1a1d35 In udf_bmap(), return the physical block number, not the logical
block number.  This fixes things like cp (ouch!) which use mmap.
2002-05-02 05:01:14 +00:00
Scott Long
d1def83b54 Fix udf_read(). Honor the uio_resid when determining the size of
the block to read and copy out.  This removes the hack in
udf_readatoffset() for only reading one block at a time.  WooHoo!
Remove a redundant test for fragmented fids in both udf_readdir()
and udf_lookup().  Add comment to both as to why the test is
written the way it is.  Add a few more safety checks for brelse().

Thanks to Timothy Shimmin <tes@boing.melbourne.sgi.com> for pointing
out these problems.
2002-04-30 05:05:05 +00:00
Seigo Tanimura
960ed29c4b Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
Robert Watson
a12cfddc0f Use vnode locking with devfs; permit VFS locking assertions to make
sense for devfs vnodes, and reduce/remove potential races in the devfs
code.

Submitted by:	iadowse
Approved by:	phk
2002-04-29 20:00:39 +00:00
Boris Popov
b88157559d UIO_NOCOPY is not supported for now, so refuse read opeartion if this flag
is set. The full emulation of bio are on its way...
2002-04-26 03:49:02 +00:00
Boris Popov
959b83b921 Track nfs's getpages() changes:
Properly count v_vnodepgsin.
    Do not reread page if is already valid.
    Properly handle partially filled pages.
2002-04-23 14:30:43 +00:00
Boris Popov
3f36e6f21a Get rid from extra #ifdefs. 2002-04-23 13:55:14 +00:00
Bruce Evans
4cc6241557 Don't attempt to decvlare M_DEVFS whern MALLOC_DECLARE is not defined.
This fixes warnings that should be errors in fstat.

Reminded by:	alpha tinderbox

Fixed some style bugs (ones near BOF and EOF; there are many more).
2002-04-21 15:47:03 +00:00
Bruce Evans
54a4c5bf21 Include <sys/systm.h> for (at least) the definition of atomic functions
which are sometimes used by the macros in <sys/mutex.h>; don't depend
on not-quite-necessary namespace pollution in <sys/mutex.h>.
2002-04-21 15:35:54 +00:00
Marcel Moolenaar
5ce9299f05 Don't put a line break in string literals. GCC 3.1 complains and GCC
3.2 drops the ball.
2002-04-20 01:42:56 +00:00
Robert Watson
d51ed1a04a Spelling fix for comment. 2002-04-20 01:14:25 +00:00
Alfred Perlstein
7858dcd629 Cleanup of logic, flow and comments.
Submitted by: bde
2002-04-18 14:47:34 +00:00
John Baldwin
ba626c1db2 Lock proctree_lock instead of pgrpsess_lock. 2002-04-16 17:11:34 +00:00
Jeroen Ruigrok van der Werven
c2d6947d14 Sync with UDF p4 tree: Use POSIX integer types instead of BSD types. 2002-04-15 19:49:15 +00:00
Scott Long
51a7b740a1 Actually add the UDF files! 2002-04-14 16:52:14 +00:00
John Baldwin
87484be35f Remove stale XXX comment. 2002-04-14 04:12:44 +00:00
John Baldwin
a92e7c792a - Change procfs_control()'s first argument to be a thread pointer instead
of a process pointer.
- Move the p_candebug() at the start of procfs_control() a bit to make
  locking feasible.  We still perform the access check before doing
  anything, we just now perform it after acquiring locks.
- Don't lock the sched_lock for TRACE_WAIT_P() and when checking to see if
  p_stat is SSTOP.  We lock the process while setting p_stat to SSTOP
  so locking the process is sufficient to do a read to see if p_stat is
  SSTOP or not.
2002-04-13 23:19:13 +00:00
John Baldwin
ce5aaf4554 Lock the target process for p_candebug(). 2002-04-13 23:15:28 +00:00
John Baldwin
ff7299d998 Lock the target process in procfs_doproc*regs() for p_candebug and while
reading/writing the registers.
2002-04-13 23:14:08 +00:00
John Baldwin
590ae816c2 - p_cansee() needs the target process locked.
- We need the proc lock held for more of procfs_doprocstatus().
2002-04-13 23:09:41 +00:00
Boris Popov
6e8681aa50 Check write permissions before creating anything.
PR:		kern/27883
MFC after:	1 week
2002-04-13 15:33:26 +00:00
Poul-Henning Kamp
a1f1e35d8b Remove 3 instances of vm_zone.h inclusion. 2002-04-08 08:12:46 +00:00
Jeff Roberson
8396dd9eaa Change the vm_zone calls over to uma calls. Remove the reference to the
vm_zone header.
2002-04-08 06:57:43 +00:00
Bruce Evans
11257f4d1a Fixed assorted bugs in setting of timestamps in devfs_setattr().
Setting of timestamps on devices had no effect visible to userland
because timestamps for devices were set in places that are never used.
This broke:
- update of file change time after a change of an attribute
- setting of file access and modification times.

The VA_UTIMES_NULL case did not work.  Revs 1.31-1.32 were supposed to
fix this by copying correct bits from ufs, but had little or no effect
because the old checks were not removed.
2002-04-05 15:16:08 +00:00
Bruce Evans
32a95d83f9 Fixed a very old bug in setting timestamps using utimes(2) on msdosfs
files.  We didn't clear the update marks when we set the times, so
some of the settings were sometimes clobbered with the current time a
little later.  This caused cp -p even by root to almost always fail
to preserve any times despite not reporting any errors in attempting
to preserve them.

Don't forget to set the archive attribute when we set the read-only
attribute.  We should only set the archive attribute if we actually
change something, but we mostly don't bother avoiding setting it
elsewhere, so don't bother here yet.

MFC after:	1 week
2002-04-05 14:01:04 +00:00
John Baldwin
6008862bc2 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
Bruce Evans
79065dba2a Moved signal handling and rescheduling from userret() to ast() so that
they aren't in the usual path of execution for syscalls and traps.
The main complication for this is that we have to set flags to control
ast() everywhere that changes the signal mask.

Avoid locking in userret() in most of the remaining cases.

Submitted by:	luoqi (first part only, long ago, reorganized by me)
Reminded by:	dillon
2002-04-04 17:49:48 +00:00
John Baldwin
44731cab3b Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
Bruce Evans
0508986cce In ffs_mountffs(), set mnt_iosize_max to si_iosize_max unconditionally
provided the latter is nonzero.  At this point, the former is a fairly
arbitrary default value (DFTPHYS), so changing it to any reasonable
value specified by the device driver is safe.  Using the maximum of
these limits broke ffs clustered i/o for devices whose si_iosize_max
is < DFLTPHYS.  Using the minimum would break device drivers' ability
to increase the active limit from DFTLPHYS up to MAXPHYS.

Copied the code for this and the associated (unnecessary?) fixup of
mp_iosize_max to all other filesystems that use clustering (ext2fs and
msdosfs).  It was completely missing.

PR:		36309
MFC-after:	1 week
2002-03-30 15:12:57 +00:00
Alfred Perlstein
e9b192b758 Protect proc struct (p_args and p_comm) when doing procfs IO that pulls
data from it.

Submitted by: Jonathan Mini <mini@haikugeek.com>
2002-03-29 19:12:40 +00:00
Bruce Evans
69c59d8703 Fixed some style bugs in the removal of __P(()). Continuation lines
were not outdented to preserve non-KNF lining up of code with parentheses.
Switch to KNF formatting in some cases.
2002-03-24 04:35:23 +00:00
Bruce Evans
b76d0b3217 Fixed some style bugs in the removal of __P(()). Continuation lines
were not outdented to preserve non-KNF lining up of code with parentheses.
Switch to KNF formatting.
2002-03-23 12:38:05 +00:00
Jeff Roberson
2684b6af7a Remove references to vm_zone.h and switch over to the new uma API. 2002-03-20 10:17:00 +00:00
Alfred Perlstein
89c9a48352 Remove __P. 2002-03-20 07:51:46 +00:00
Alfred Perlstein
aa075405f6 Remove __P. 2002-03-20 05:00:21 +00:00
Alfred Perlstein
11caded34f Remove __P. 2002-03-19 22:20:14 +00:00
Kirk McKusick
b70428b2f0 Cannot release vnode underlying the nullfs vnode in null_inactive
as it leaves the nullfs vnode allocated, but with no identity. The
effect is that a null mount can slowly accumulate all the vnodes
in the system, reclaiming them only when it is unmounted. Thus
the null_inactive state instead accelerates the release of the
null vnode by calling vrecycle which will in turn call the
null_reclaim operator. The null_reclaim routine then does the
freeing actions previosuly (incorrectly) done in null_inactive.
2002-03-18 05:39:04 +00:00
Kirk McKusick
a0595d0249 Add a flags parameter to VFS_VGET to pass through the desired
locking flags when acquiring a vnode. The immediate purpose is
to allow polling lock requests (LK_NOWAIT) needed by soft updates
to avoid deadlock when enlisting other processes to help with
the background cleanup. For the future it will allow the use of
shared locks for read access to vnodes. This change touches a
lot of files as it affects most filesystems within the system.
It has been well tested on FFS, loopback, and CD-ROM filesystems.
only lightly on the others, so if you find a problem there, please
let me (mckusick@mckusick.com) know.
2002-03-17 01:25:47 +00:00
Kirk McKusick
0d2af52141 Introduce the new 64-bit size disk block, daddr64_t. Change
the bio and buffer structures to have daddr64_t bio_pblkno,
b_blkno, and b_lblkno fields which allows access to disks
larger than a Terabyte in size. This change also requires
that the VOP_BMAP vnode operation accept and return daddr64_t
blocks. This delta should not affect system operation in
any way. It merely sets up the necessary interfaces to allow
the development of disk drivers that work with these larger
disk block addresses. It also allows for the development of
UFS2 which will use 64-bit block addresses.
2002-03-15 18:49:47 +00:00
Maxim Konovalov
e9fc9230a6 Be consistent with UFS in a way how devfs_setattr() checks credentials
for chmod(2), chown(2) and utimes(2) with respect to jail(2).

Reviewed by:		rwatson, ru
Not objected by:	phk
Approved by:		ru
2002-03-14 11:18:42 +00:00
Poul-Henning Kamp
26facaeb4d If in strategy we find that we have no devsw on the device anymore we
are probably talking about some disk-device which wente away, so
return ENXIO instead of panicing.
2002-03-05 13:25:57 +00:00
John Baldwin
a854ed9893 Simple p_ucred -> td_ucred changes to start using the per-thread ucred
reference.
2002-02-27 18:32:23 +00:00
Thomas Moestl
d2d45a4aa5 Fix LINT breakage by adding a missing include. 2002-02-23 22:55:47 +00:00
Seigo Tanimura
f591779bb5 Lock struct pgrp, session and sigio.
New locks are:

- pgrpsess_lock which locks the whole pgrps and sessions,
- pg_mtx which protects the pgrp members, and
- s_mtx which protects the session members.

Please refer to sys/proc.h for the coverage of these locks.

Changes on the pgrp/session interface:

- pgfind() needs the pgrpsess_lock held.

- The caller of enterpgrp() is responsible to allocate a new pgrp and
  session.

- Call enterthispgrp() in order to enter an existing pgrp.

- pgsignal() requires a pgrp lock held.

Reviewed by:	jhb, alfred
Tested on:	cvsup.jp.FreeBSD.org
		(which is a quad-CPU machine running -current)
2002-02-23 11:12:57 +00:00
Dag-Erling Smørgrav
cd9e3b208c Paranoia: if the process is setugid, set all sensitive files mode 0. 2002-02-18 21:41:11 +00:00
Poul-Henning Kamp
76b82a7ffb Don't even think about using v_id for magic tricks, v_id is giving
us enough trouble as it is for SMPng.
2002-02-17 20:39:42 +00:00
Bruce Evans
a21759a1a9 FIxed the following style bugs:
- clobbering of jsp's $Id$ by FreeBSD's old $Id$.
- long lines in recent KSE changes (procfs_ctl.c).
- other style bugs in KSE changes (most related to an shadowed variable
  in procfs_status.c -- the td in the outer scope is obfuscated by
  PFS_FILL_ARGS).

Approved by:	des
2002-02-16 05:59:26 +00:00
Bruce Evans
a76d60f014 FIxed the following style bugs:
- clobbering of jsp's $Id$ by FreeBSD's old $Id$.
- lost Berkeley id in procfs_dbregs.c
- long lines in recent KSE changes.
- various gratuitous differences between procfs_*regs.c.
2002-02-16 05:38:07 +00:00
Bruce Evans
ff3741f519 Fixed missing PHOLD()/PRELE().
Obtained from:	procfs_dbregs.c
Approved by:	des
2002-02-16 04:05:32 +00:00
Poul-Henning Kamp
40f7b5a9cc Various nit-picking, mostly of style(9) character.
Obtained from:	~bde/sys.dif.gz
2002-02-10 22:00:20 +00:00
Robert Watson
74237f55b0 Part I: Update extended attribute API and ABI:
o Modify the system call syntax for extattr_{get,set}_{fd,file}() so
  as not to use the scatter gather API (which appeared not to be used
  by any consumers, and be less portable), rather, accepts 'data'
  and 'nbytes' in the style of other simple read/write interfaces.
  This changes the API and ABI.

o Modify system call semantics so that extattr_get_{fd,file}() return
  a size_t.  When performing a read, the number of bytes read will
  be returned, unless the data pointer is NULL, in which case the
  number of bytes of data are returned.  This changes the API only.

o Modify the VOP_GETEXTATTR() vnode operation to accept a *size_t
  argument so as to return the size, if desirable.  If set to NULL,
  the size will not be returned.

o Update various filesystems (pseodofs, ufs) to DTRT.

These changes should make extended attributes more useful and more
portable.  More commits to rebuild the system call files, as well
as update userland utilities to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-02-10 04:43:22 +00:00
Julian Elischer
079b7badea Pre-KSE/M3 commit.
this is a low-functionality change that changes the kernel to access the main
thread of a process via the linked list of threads rather than
assuming that it is embedded in the process. It IS still embeded there
but remove all teh code that assumes that in preparation for the next commit
which will actually move it out.

Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
2002-02-07 20:58:47 +00:00
Robert Watson
416031dcb8 Change EPERM to EOPNOTSUPP when failing pseudofs_setattr() arbitrarily.
Quoth the alfred:	The latter would be better.
2002-02-04 18:21:59 +00:00
Robert Watson
dfe5fa8eb7 Return EPERM instead of 0 in the un-implemented pseudofs_setattr().
Conceivably, it should even return EOPNOTSUPP.
2002-02-04 18:09:29 +00:00
Alfred Perlstein
468485b8d2 Fix select on fifos.
Backout revision 1.56 and 1.57 of fifo_vnops.c.

Introduce a new poll op "POLLINIGNEOF" that can be used to ignore
EOF on a fifo, POLLIN/POLLRDNORM is converted to POLLINIGNEOF within
the FIFO implementation to effect the correct behavior.

This should allow one to view a fifo pretty much as a data source
rather than worry about connections coming and going.

Reviewed by: bde
2002-01-14 22:03:48 +00:00
Semen Ustimenko
8a87e8a94f Commit a know fix for hpfs to use vop_defaultop plug instead of wrong
hpfs_bypass() routine.

MFC after:	1 day
2002-01-14 20:13:42 +00:00
Alfred Perlstein
3fc6a31403 don't initialize the mutex in the temporary struct file, the soo_*
functions just grab f_data and don't muck with anything else so this
should be ok.

this fixes a panic with invariants where it thinks we've doubly initialized
the filetmp mutex even though all we've done is neglect to bzero it.
2002-01-14 02:18:59 +00:00
Alfred Perlstein
a4db49537b Replace ffind_* with fget calls.
Make fget MPsafe.

Make fgetvp and fgetsock use the fget subsystem to reduce code bloat.

Push giant down in fpathconf().
2002-01-14 00:13:45 +00:00
Alfred Perlstein
6c697c900f remove unused socket pointer 2002-01-13 22:15:18 +00:00
Alfred Perlstein
9e209b124a Include sys/_lock.h and sys/_mutex.h to reduce namespace pollution.
Requested by: jhb
2002-01-13 21:37:49 +00:00
Alfred Perlstein
426da3bcfb SMP Lock struct file, filedesc and the global file list.
Seigo Tanimura (tanimura) posted the initial delta.

I've polished it quite a bit reducing the need for locking and
adapting it for KSE.

Locks:

1 mutex in each filedesc
   protects all the fields.
   protects "struct file" initialization, while a struct file
     is being changed from &badfileops -> &pipeops or something
     the filedesc should be locked.

1 mutex in each struct file
   protects the refcount fields.
   doesn't protect anything else.
   the flags used for garbage collection have been moved to
     f_gcflag which was the FILLER short, this doesn't need
     locking because the garbage collection is a single threaded
     container.
  could likely be made to use a pool mutex.

1 sx lock for the global filelist.

struct file *	fhold(struct file *fp);
        /* increments reference count on a file */

struct file *	fhold_locked(struct file *fp);
        /* like fhold but expects file to locked */

struct file *	ffind_hold(struct thread *, int fd);
        /* finds the struct file in thread, adds one reference and
                returns it unlocked */

struct file *	ffind_lock(struct thread *, int fd);
        /* ffind_hold, but returns file locked */

I still have to smp-safe the fget cruft, I'll get to that asap.
2002-01-13 11:58:06 +00:00
Mike Smith
a7489fe56f Add a new sysinit SI_SUB_DEVFS. Devfs hooks into the kernel at SI_ORDER_FIRST,
and devices can be created anytime after that.

Print a warning if an atttempt is made to create a device too early.
2002-01-09 04:58:49 +00:00
Mike Smith
92fef27d97 Use a sysinit to initialise the devfs hooks in kern_conf.c rather than common
variables.

Reviewed by:	phk (in principle)
2002-01-09 01:00:20 +00:00
Mike Smith
eeff042fb3 Staticise the coda vfsop pointer. 2002-01-08 19:33:51 +00:00
Mike Smith
7577116e1e Staticise pfs_vncache, it's not used anywhere else.
Reviewed by:	des
2002-01-08 11:15:57 +00:00
Seigo Tanimura
233beff278 Do not derefer null.
Reviewed by:	des
2002-01-04 01:03:46 +00:00
Robert Watson
9c4d63da6d o Make the credential used by socreate() an explicit argument to
socreate(), rather than getting it implicitly from the thread
  argument.

o Make NFS cache the credential provided at mount-time, and use
  the cached credential (nfsmount->nm_cred) when making calls to
  socreate() on initially connecting, or reconnecting the socket.

This fixes bugs involving NFS over TCP and ipfw uid/gid rules, as well
as bugs involving NFS and mandatory access control implementations.

Reviewed by:	freebsd-arch
2001-12-31 17:45:16 +00:00
Matthew Dillon
23b590188f Fix a BUF_TIMELOCK race against BUF_LOCK and fix a deadlock in vget()
against VM_WAIT in the pageout code.  Both fixes involve adjusting
the lockmgr's timeout capability so locks obtained with timeouts do not
interfere with locks obtained without a timeout.

Hopefully MFC: before the 4.5 release
2001-12-20 22:42:27 +00:00
Boris Popov
d9d8c8172d Previous commit was intented to silence a warning, not to change codepath. 2001-12-20 15:56:45 +00:00
Sheldon Hearn
5bd80fc519 Silence harmless "smbfs_closel: Negative opencount" messages at
unmount time.

Thanks to iedowse for the background information.

Submitted by:	bp
2001-12-20 11:23:49 +00:00
Matthew Dillon
08f3c74981 Pseudofs was leaking VFS cache entries badly due to its cache and use of
the wrong VOP descriptor.  This misuse caused VFS-cached vnodes to be
re-cached, resulting in the leak.  This commit is an interim fix until DES
has a chance to rework the code involved.
2001-12-19 23:58:09 +00:00
Sheldon Hearn
53f09e7248 Add module dependency on libmchain.
With this change, mounting an smb share (using mount_smb, which is not
yet included in the tree) without any of smbfs, libiconv or libmchain
compiled into the kernel or loaded works.
2001-12-13 13:08:34 +00:00
Alfred Perlstein
118fdf009f Fix select on named pipes without a reader.
PR: kern/19871
MFC after: 1 month
2001-12-12 09:35:33 +00:00
Brian Feldman
41a35633ba Add VOP_GETEXTATTR(9) passthrough support to pseudofs.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-12-11 20:48:20 +00:00
Dag-Erling Smørgrav
40e7a740c9 Remove an obsolete prototype for procfs_kmemaccess().
Submitted by:	rwatson
2001-12-11 19:07:10 +00:00
David E. O'Brien
6e551fb628 Update to C99, s/__FUNCTION__/__func__/,
also don't use ANSI string concatenation.
2001-12-10 08:09:49 +00:00
Dag-Erling Smørgrav
50cb89eed2 Fix various bugs in the debugging code and reenable it. 2001-12-09 00:35:30 +00:00
Dag-Erling Smørgrav
c07f9fc134 Fix an incorrect PFS_TRACE. Also, use __func__ instead of __FUNCTION__. 2001-12-09 00:28:12 +00:00
Dag-Erling Smørgrav
4aac2aa96c Fix a KSEfication brain-o in procfs_doprocfile(): return the path of the target process,
not the calling process.  While we're here, also unstaticize procfs_doprocfile() and
procfs_docurproc() so linprocfs can call them directly instead of duplicating them.

Submitted by:	Dominic Mitchell <dom@semantico.com>
2001-12-08 22:34:14 +00:00
Dag-Erling Smørgrav
3a669c52a8 Pseudofsize procfs(5). 2001-12-04 01:35:06 +00:00
Robert Watson
011376308f o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
  pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
  so as to enforce these protections, in particular, in kern_mib.c
  protection sysctl access to the hostname and securelevel, as well as
  kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
  mib entries (osname, osrelease, osversion) so that they don't return
  a pointer to the text in the struct linux_prison, rather, a copy
  to an array passed into the calls.  Likewise, update linprocfs to
  use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
  accessing struct prison.

Reviewed by:	jhb
2001-12-03 16:12:27 +00:00
Boris Popov
b1c996c40b Catch up with KSE changes.
Submitted by:	Max Khon <fjoe@iclub.nsu.ru>
2001-12-02 08:56:58 +00:00
John Baldwin
88736e1d37 Fix indentation after removing GEMDOS support. Whitespace changes only. 2001-11-28 18:29:16 +00:00
John Baldwin
5a7f3ebb94 Use suser_td() instead of explicitly checking cr_uid against 0.
PR:		kern/21809
Submitted by:	<mbendiks@eunet.no>
Reviewed by:	rwatson
2001-11-28 18:25:39 +00:00
John Baldwin
d3990d589f Axe more unused GEMDOS code that was #ifdef atari.
PR:		kern/21809
Submitted by:	<mbendiks@eunet.no>
2001-11-28 16:56:42 +00:00
John Baldwin
64bf8541f0 Remove GEMDOS support from msdosfs. I don't think anyone is going to
port FreeBSD to Atari machines any time soon.
2001-11-27 21:00:15 +00:00
Dag-Erling Smørgrav
98c7e22c50 Add support for a last-close handler.
Revert the module version bumps; they're quite pointless as long as the
only pseudofs consumer is linprocfs, which is in the tree.
2001-11-27 13:26:27 +00:00
Kenneth D. Merry
94a0557ad7 Fix mounting root from a ISO9660 filesystem on a SCSI CDROM.
The problem was that the ISO9660 code wasn't opening the device prior to
issuing ioctl calls.  In particular, the device must be open before
iso_get_ssector() is called in iso_mountroot().

If the device isn't opened first, the disk layer blows up due to an
uninitialized variable.

The solution was to open the device, call iso_get_ssector() and then close
it again.

The ATAPI CDROM driver doesn't have this problem because it doesn't use the
disk layer, and evidently doesn't mind if someone issues an ioctl without
first issuing an open call.

Thanks to phk for pointing me at the source of this problem.

Tested by:	dirk
MFC after:	1 week
2001-11-27 03:55:43 +00:00
John Baldwin
d2cb9f715f Replace 'p' with 'td' as appropriate. 2001-11-27 00:34:13 +00:00
John Baldwin
c5c6ef2c27 GC compat macros HASHINIT, VOP__LOCK, VOP__UNLOCK, VGET, and VN_LOCK. 2001-11-27 00:18:33 +00:00
John Baldwin
b2ba87cec3 Expand LOCKMGR() compat macro. 2001-11-27 00:08:04 +00:00
John Baldwin
cfaffc10b5 GC some KSE compatiblity macros that were somehow still here. 2001-11-26 23:52:35 +00:00
John Baldwin
8a918adb2b GC non-FreeBSD code that didn't work anyways. 2001-11-26 23:45:12 +00:00
Dima Dorfman
2ab80ed8cf Address two minor issues: implement the _PC_NAME_MAX and _PC_PATH_MAX
pathconf() variables for directories, and set st_size and st_blocks
(of struct stat) for directories as appropriate.  Note that st_size is
always set to DEV_BSIZE, since the size of the directories is not
currently kept.

Reviewed by:	phk, bde
2001-11-25 21:00:38 +00:00
Matthew Dillon
0dbd8b1b08 convert holdsock() to fget(). Add XXX reminder for future socket locking. 2001-11-24 18:28:22 +00:00
Peter Wemm
bc5f905080 Missing KSE s/curproc/curthread/ 2001-11-17 01:09:53 +00:00
Alfred Perlstein
d25c683ad5 Switch behavior of fifos to more closely match what goes on in other OSes.
Basically FIFOs become a real pain to abuse as a rendevous point without
this change because you can't really select(2) on them because they always
return ready even though there is no writer (to signal EOF).

Obtained from: BSD/os
2001-11-08 10:28:32 +00:00
Peter Wemm
4ff021c699 Fix printf format bugs introduced in rev 1.34 for printing times.
quad_t cannot be printed with %lld on 64 bit systems.

Dont waste cpu to round user and system times up to long long, it is
highly improbable that a process will have accumulated 68 years of
user or system cpu time (not wall clock time) before a reboot or
process restart.
2001-11-07 02:51:25 +00:00
Brian Feldman
4228024de2 Correctly unlock the target process if /proc/$foo/mem is open()ed by
another process which cannot p_candebug() it.  The bug was introduced
in rev. 1.100.

Approved by:	des
2001-11-06 17:00:40 +00:00
Matthew Dillon
67fa60faa8 Fix the fix. BIO_ERROR must be set in b_ioflags, not b_flags 2001-11-04 23:52:49 +00:00
Poul-Henning Kamp
d018a84cbc Fix "echo > /dev/null" for non-root users which broke in previous commit. 2001-11-04 19:12:59 +00:00
Matthew Dillon
6b8bd2efc1 Add mnt_reservedvnlist so we can MFC to 4.x, in order to make all mount
structure changes now rather then piecemeal later on.  mnt_nvnodelist
currently holds all the vnodes under the mount point.  This will eventually
be split into a 'dirty' and 'clean' list.  This way we only break kld's once
rather then twice.  nvnodelist will eventually turn into the dirty list
and should remain compatible with the klds.
2001-11-04 18:55:42 +00:00
Poul-Henning Kamp
d7c95b6e27 B_ERROR is BIO_ERROR on -current.
Now it compiles, I don't know if it works.
2001-11-04 08:53:38 +00:00
Matthew Dillon
aa454a4b53 Fix a bug in CD9660 when vmiodirenable is turned on. CD9660 was assuming
that a buffer's b_blkno would be valid.  This is true when vmiodirenable
is turned off because the B_MALLOC'd buffer's data is invalidated when
the buffer is destroyed.  But when vmiodirenable is turned on a buffer
can be reconstituted from its VMIO backing store.  The reconstituted buffer
will have no knowledge of the physical block translation and the result is
serious directory corruption of the CDROM.

The solution is to fix cd9660_blkatoff() to always BMAP the buffer if
b_lblkno == b_blkno.

MFC after:	0 days
2001-11-04 06:18:55 +00:00
Poul-Henning Kamp
9607027339 Use vfs_timestamp() instead of getnanotime().
Add magic stuff copied from ufs_setattr().

Instructed by:	bde
2001-11-03 17:00:02 +00:00
Poul-Henning Kamp
93432a92a4 Use vfs_timestamp() instead of getnanotime() directly.
Fix some modes on directories and symlinks.

Instructed by:	bde
2001-11-03 16:53:24 +00:00
Dag-Erling Smørgrav
41aa8697b5 Reduce the number of #include dependencies by declaring some of the structs
used in pseudofs.h as opaque structs.
2001-11-03 03:07:09 +00:00
Matthew Dillon
0e9fe2127c Adjust printfs to be time_t agnostic. 2001-10-28 22:53:45 +00:00
Dag-Erling Smørgrav
1831900053 Add VOP_IOCTL support, and fix a bug that would cause a panic if a file or
symlink lacked a filler function.
2001-10-26 18:52:47 +00:00
Matthew Dillon
c72ccd014d Change the vnode list under the mount point from a LIST to a TAILQ
in preparation for an implementation of limiting code for kern.maxvnodes.

MFC after:	3 days
2001-10-23 01:21:29 +00:00
Dag-Erling Smørgrav
c193b945eb No, you may not /* FALLTHROUGH */. Not only will you return an incorrect
result, but you'd corrupt the kernel malloc() arena if it weren't for a
small but life-saving optimization in ioctl().

MFC after:	1 week
2001-10-22 16:13:38 +00:00
Dag-Erling Smørgrav
7c62990641 Move procfs_* from procfs_machdep.c into sys_process.c, and rename them to
proc_* in the process; procfs_machdep.c is no longer needed.

Run-tested on i386, build-tested on Alpha, untested on other platforms.
2001-10-21 23:57:24 +00:00
John Baldwin
dee2bb2540 Assert that a ucred is unshared before we remap its ids. 2001-10-20 03:30:34 +00:00
Dag-Erling Smørgrav
32c798f806 Argh! I updated the version number in the MODULE_DEPEND() thingamagook but
not in the actual MODULE_VERSION().  Pass me the pointy hat.
2001-10-19 18:23:51 +00:00
Dag-Erling Smørgrav
33802b9eff Switch to dynamic rather than static initialization.
This makes it possible (in theory) for nodes to be added and / or removed
from pseudofs filesystems at runtime.
2001-10-19 01:43:06 +00:00
Bruce Evans
4e567de4ae Fixed bitrot in a banal comment by removing the comment. 2001-10-13 06:57:59 +00:00
Bruce Evans
c95b982aed Backed out vestiges of the quick fixes for the transient breakage of
<sys/mount.h> in rev.1.106 of the latter (don't include <sys/socket.h>
just to work around bugs in <sys/mount.h>).
2001-10-13 06:41:41 +00:00
John Baldwin
bd78cece5d Change the kernel's ucred API as follows:
- crhold() returns a reference to the ucred whose refcount it bumps.
- crcopy() now simply copies the credentials from one credential to
  another and has no return value.
- a new crshared() primitive is added which returns true if a ucred's
  refcount is > 1 and false (0) otherwise.
2001-10-11 23:38:17 +00:00
John Baldwin
7106ca0d1a Add missing includes of sys/lock.h. 2001-10-11 17:52:20 +00:00
Dag-Erling Smørgrav
3da3249106 Dissociate ptrace from procfs.
Until now, the ptrace syscall was implemented as a wrapper that called
various functions in procfs depending on which ptrace operation was
requested.  Most of these functions were themselves wrappers around
procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
which weren't necessary in the ptrace case anyway.

This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
(renaming it to proc_rwmem() in the process), and implements ptrace()
directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
having it fake up a struct uio and then call procfs_do{,db,fp}regs().

It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
except procfs_machdep.c as "optional procfs" instead of "standard".
2001-10-07 20:08:42 +00:00
Dag-Erling Smørgrav
080cf92b85 Remove some useless preprocesor paranoia. 2001-10-07 19:41:19 +00:00
Dag-Erling Smørgrav
8d5f9fac24 In procfs_readdir(), when the directory being read was a process directory,
the target process was being held locked during the uiomove() call.  If the
process calling readdir() was the same as the target process (for instance
'ls /proc/curproc/'), and uiomove() caused a page fault, the result would
be a proc lock recursion.  I have no idea how long this has been broken -
possibly ever since pfind() was changed to lock the process it returns.

Also replace the one and only call to procfs_findtextvp() with a direct
test of td->td_proc->p_textvp.
2001-10-07 19:37:13 +00:00
Dag-Erling Smørgrav
b84ce33438 Add a PFS_DISABLED flag; pfs_visible() automatically returns 0 if it is set
on the node in question.  Also add two API functions for setting and clearing
this flag; setting it also reclaims all vnodes associated with the node.
2001-10-02 22:22:42 +00:00
Dag-Erling Smørgrav
b7004390b3 Only print "XXX (un)registered" message if bootverbose. 2001-10-02 22:21:07 +00:00
Dag-Erling Smørgrav
24efa9d3fa [the previous commit to pseudofs_vncache.c got the wrong log message]
YA pseudofs megacommit, part 2:

 - Merge the pfs_vnode and pfs_vdata structures, and make the vnode cache
   a doubly-linked list.  This eliminates the need to walk the list in
   pfs_vncache_free().

 - Add an exit callout which revokes vnodes associated with the process
   that just exited.  Since it needs to lock the cache when it does this,
   pfs_vncache_mutex needs MTX_RECURSE.
2001-10-01 04:26:33 +00:00
Dag-Erling Smørgrav
198bc14b1d YA pseudofs megacommit, part 1:
- Add a third callback to the pfs_node structure.  This one simply returns
   non-zero if the specified requesting process is allowed to access the
   specified node for the specified target process.  This is used in
   addition to the usual permission checks, e.g. when certain files don't
   make sense for certain (system) processes.

 - Make sure that pfs_lookup() and pfs_readdir() don't yap about files
   which aren't pfs_visible().  Also check pfs_visible() before performing
   reads and writes, to prevent the kind of races reported in SA-00:77 and
   SA-01:55 (fork a child, open /proc/child/ctl, have that child fork a
   setuid binary, and assume control of it).

 - Add some more trace points.
2001-10-01 04:22:20 +00:00
Dag-Erling Smørgrav
7d8f809f00 pseudofs.h:
- Rearrange the flag constants a little to simplify specifying and testing
    for readability and writeability.

pseudofs_vnops.c:

  - Track the aforementioned change.

  - Add checks to pfs_open() to prevent opening read-only files for writing
    or vice versa (pfs_{read,write} would block the actual reads and writes,
    but it's still a bug to allow the open() to succeed).  Also, return
    EOPNOTSUPP if the caller attempts to lock the file.

  - Add more trace points.
2001-09-30 19:41:29 +00:00
Poul-Henning Kamp
40739c02ae The behaviour of whiteout'ing symlinks were too confusing, instead
remove them when asked to.
2001-09-30 08:43:33 +00:00
Dag-Erling Smørgrav
80a3cef87d Pseudofs take 2:
- Remove hardcoded uid, gid, mode from struct pfs_node; make pfs_getattr()
   smart enough to get it right most of the time, and allow for callbacks
   to handle the remaining cases.  Rework the definition macros to match.

 - Add lots of (conditional) debugging output.

 - Fix a long-standing bug inherited from procfs: don't pretend to be a
   read-only file system.  Instead, return EOPNOTSUPP for operations we
   truly can't support and allow others to fail silently.  In particular,
   pfs_lookup() now treats CREATE as LOOKUP.  This may need more work.

 - In pfs_lookup(), if the parent node is process-dependent, check that
   the process in question still exists.

 - Implement pfs_open() - its only current function is to check that the
   process opening the file can see the process it belongs to.

 - Finish adding support for writeable nodes.

 - Bump module version number.

 - Introduce lots of new bugs.
2001-09-29 00:49:29 +00:00
Dag-Erling Smørgrav
b4056ade84 The previous commit introduced some references to "curproc" which should have
been references to "curthread".  Correct this.
2001-09-28 12:36:54 +00:00
Robert Watson
f86cf763ef o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
Bill Fenner
bd5b9e17b0 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
Dag-Erling Smørgrav
8712e867e1 Clean up my source tree to avoid getting hit too badly by the next KSE or
whatever mega-commit.  This goes some way towards adding support for
writeable files (needed by procfs).
2001-09-25 13:25:30 +00:00
Mike Barcroft
3273a63ed9 A process name may contain whitespace and unprintable characters,
so convert those characters to octal notation.  Also convert
backslashes to octal notation to avoid confusion.

Reviewed by:	des
MFC after:	1 week
2001-09-25 04:42:40 +00:00
John Baldwin
bce94723a4 Use the passed in thread to selrecord() instead of curthread. 2001-09-21 22:26:51 +00:00
Robert Watson
3f9e888ebe o Remove redundant securelevel/pid1 check in procfs_rw() -- this
protection is enforced at the invidual method layer using
  p_candebug().

Obtained from:	TrustedBSD Project
2001-09-18 19:53:10 +00:00
Julian Elischer
7405406837 fix typo
pointed out by: jhb
2001-09-13 21:59:40 +00:00
John Baldwin
f1cbf4f92c Restore these files to being portable:
- Use some simple #define's at the top of the files for proc -> thread
  changes instead of having lots of needless #ifdef's in the code.
- Don't try to use struct thread in !FreeBSD code.
- Don't use a few struct lwp's in some of the NetBSD code since it isn't
  in their HEAD.
The new diff relative to before KSE is now signficantly smaller and easier
to maintain.
2001-09-12 23:39:36 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Kris Kennaway
bf61e26696 Fix some signed/unsigned integer confusion, and add bounds checking of
arguments to some functions.

Obtained from:	NetBSD
Reviewed by:	peter
MFC after:	2 weeks
2001-09-10 11:28:07 +00:00
Semen Ustimenko
cc6b9b02be Stole unicode translation table from mount_msdos. Add kernel code
to support this translation.

MFC after:	2 weeks
2001-09-08 23:03:52 +00:00
Semen Ustimenko
0895d6c389 Fix opening particular file's attributes (as described in man page).
This is useful for debug purposes.

MFC after:	2 weeks
2001-09-08 22:59:12 +00:00
Semen Ustimenko
ebcc9d9c8c Reference devvp on ntnode creation and dereference on removal. Previous
code  lead to page faults becouse i_devvp went zero after VOP_RECLAIM, but
ntnode was reused (not reclaimed).

MFC after:	2 weeks
2001-09-08 22:57:03 +00:00
Semen Ustimenko
831aac011e Fix errors and warnings when compiling with NTFS_DEBUG > 1
MFC after:	2 weeks
2001-09-08 22:53:27 +00:00
Andrey A. Chernov
159247784c smbfs_advlock: simplify overflow checks (copy from kern_lockf.c)
minor formatting issues to minimize differences
2001-08-29 18:59:04 +00:00
Andrey A. Chernov
fcbe9614ef Cosmetique & style fixes from bde 2001-08-26 10:28:58 +00:00
Andrey A. Chernov
5215e1ea12 Copy from kern_lockf.c: remove extra check 2001-08-24 10:22:16 +00:00
Andrey A. Chernov
2a31175b6e Copy yet one check for SEEK_END overflow 2001-08-23 17:12:42 +00:00
Andrey A. Chernov
ea4313e351 Copy my newly introduced l_len<0 'oops' fix from kern_lockf.c 2001-08-23 16:06:14 +00:00
Andrey A. Chernov
e3e2c03de3 Copy POSIX l_len<0 handling from kern_lockf.c 2001-08-23 15:44:24 +00:00
Andrey A. Chernov
bbf6984cec Cosmetique: correct English in comments
non-cosmetique: add missing break; - original code was broken here
2001-08-23 14:45:31 +00:00
Andrey A. Chernov
fb2f187058 Move <machine/*> after <sys/*>
Pointed by:	bde
2001-08-23 13:27:58 +00:00
Andrey A. Chernov
4779017439 adv. lock:
copy EOVERFLOW handling code from main variant
fix type of 'size' arg
2001-08-23 08:54:22 +00:00
Boris Popov
798bb23e93 Use proper endian conversion.
Obtained from:	Mac OS X
MFC after:		1 week
2001-08-21 08:27:47 +00:00
Boris Popov
3419dc99dd Return proper length of _PC_NAME_MAX value if long names support is enabled.
Obtained from:	Mac OS X
MFC after:	1 week
2001-08-21 08:25:09 +00:00
Poul-Henning Kamp
12d1aec26f linux ls fails on DEVFS /dev because linux_getdents fails because
linux_getdents uses VOP_READDIR( ..., &ncookies, &cookies ) instead of
     VOP_READDIR( ..., NULL, NULL ) because it seems to need the offsets for
     linux_dirent and sizeof(dirent) != sizeof(linux_dirent)...

PR:	29467
Submitted by:	Michael Reifenberger <root@nihil.plaut.de>
Reviewed by:	phk
2001-08-14 06:42:32 +00:00
Robert Watson
7d69e57088 Remove dangling prototype for the now defunct procfs_kmemaccess()
call.

Obtained from:	TrustedBSD Project
2001-08-03 17:51:05 +00:00
Robert Watson
436b89d434 Collapse a Pmem case in with the other debugging files case for procfs,
as there are now "unusual" protection properties to Pmem that differ
from the other files.  While I'm at it, introduce proc locking for
the other files, which was previously present only in the Pmem case.

Obtained from:	TrustedBSD Project
2001-08-03 17:20:34 +00:00
Robert Watson
57de737e82 Remove read permission for group on the /proc/*/mem file, since kmem
no longer requires access.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:15:40 +00:00
Robert Watson
f2e6be5865 Prior to support for almost all ps activity via sysctl, ps used procfs,
and so special-casing was introduced to provide extra procfs privilege
to the kmem group.  With the advent of non-setgid kmem ps, this code
is no longer required, and in fact, can is potentially harmful as it
allocates privilege to a gid that is increasingly less meaningful.
Knowledge of specific gid's in kernel is also generally bad precedent,
as the kernel security policy doesn't distinguish gid's specifically,
only uid 0.

This commit removes reference to kmem in procfs, both in terms of
access control decisions, and the applying of gid kmem to the
/proc/*/mem file, simplifying the associated code considerably.
Processes are still permitted to access the mem file based on
the debugging policy, so ps -e still works fine for normal
processes and use.

Reviewed by:	tmm
Obtained from:	TrustedBSD Project
2001-08-03 17:13:23 +00:00
Assar Westerlund
ac01ecd9fb remove support for creating files and directories from msdosfs_mknod 2001-07-19 19:15:42 +00:00
John Baldwin
7063595315 Grab the process lock around psignal().
Noticed by:	tanimura
2001-07-18 19:17:36 +00:00
Robert Watson
a0f75161f9 o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx().
The p_can(...) construct was a premature (and, it turns out,
  awkward) abstraction.  The individual calls to p_canxxx() better
  reflect differences between the inter-process authorization checks,
  such as differing checks based on the type of signal.  This has
  a side effect of improving code readability.
o Replace direct credential authorization checks in ktrace() with
  invocation of p_candebug(), while maintaining the special case
  check of KTR_ROOT.  This allows ktrace() to "play more nicely"
  with new mandatory access control schemes, as well as making its
  authorization checks consistent with other "debugging class"
  checks.
o Eliminate "privused" construct for p_can*() calls which allowed the
  caller to determine if privilege was required for successful
  evaluation of the access control check.  This primitive is currently
  unused, and as such, serves only to complicate the API.

Approved by:	({procfs,linprocfs} changes) des
Obtained from:	TrustedBSD Project
2001-07-05 17:10:46 +00:00
John Baldwin
4a370459cc - Update the vmmeter statistics for vnode pageins and pageouts in
getpages/putpages.
- Use vm_page_undirty() instead of messing with pages' dirty fields
  directly.
2001-07-04 19:55:01 +00:00
Matthew Dillon
0cddd8f023 With Alfred's permission, remove vm_mtx in favor of a fine-grained approach
(this commit is just the first stage).  Also add various GIANT_ macros to
formalize the removal of Giant, making it easy to test in a more piecemeal
fashion. These macros will allow us to test fine-grained locks to a degree
before removing Giant, and also after, and to remove Giant in a piecemeal
fashion via sysctl's on those subsystems which the authors believe can
operate without Giant.
2001-07-04 16:20:28 +00:00
John Baldwin
797c3dba25 Fix a mntvnode and vnode interlock reversal. 2001-06-28 03:52:04 +00:00
John Baldwin
805d90f763 Protect the mnt_vnode list with the mntvnode lock. 2001-06-28 03:50:17 +00:00
Dag-Erling Smørgrav
56fe60b131 #if 0 out pfs_null() to silence the warning about it not being referenced. 2001-06-15 12:30:46 +00:00
Peter Wemm
70439d2750 Fix warning: 568: warning: `portal_badop' defined but not used 2001-06-15 00:38:03 +00:00
Peter Wemm
f14f48a226 Fix warning (exposed NetBSD code):
94: warning: `ntfs_bmap' declared `static' but never defined
2001-06-15 00:32:07 +00:00
Peter Wemm
e75a45be56 Fix warnings (mostly harmless, due to struct bio being embedded in buf):
738: warning: passing arg 1 of `biodone' from incompatible pointer type
745: warning: passing arg 1 of `biodone' from incompatible pointer type
2001-06-15 00:30:27 +00:00
Peter Wemm
42c187b77e Fix warning: 552: warning: `fdesc_badop' defined but not used 2001-06-15 00:27:21 +00:00
Peter Wemm
13f961dbfd Warning fix: coda_fbsd.c:113: warning: unused variable `ret' 2001-06-15 00:02:27 +00:00
Boris Popov
4587152a71 Coda do not call vop_defaultop(), so add nesessary calls for VM objects.
Submitted by:	Greg Troxel <gdt@ir.bbn.com>
MFC after:	2 days
2001-06-14 09:28:30 +00:00
Matt Jacob
aa56d911a6 the last argument to copyinstr is of t ype size_t, not u_int 2001-06-13 18:58:11 +00:00
Peter Wemm
f41325db5f With this commit, I hereby pronounce gensetdefs past its use-by date.
Replace the a.out emulation of 'struct linker_set' with something
a little more flexible.  <sys/linker_set.h> now provides macros for
accessing elements and completely hides the implementation.

The linker_set.h macros have been on the back burner in various
forms since 1998 and has ideas and code from Mike Smith (SET_FOREACH()),
John Polstra (ELF clue) and myself (cleaned up API and the conversion
of the rest of the kernel to use it).

The macros declare a strongly typed set.  They return elements with the
type that you declare the set with, rather than a generic void *.

For ELF, we use the magic ld symbols (__start_<setname> and
__stop_<setname>).  Thanks to Richard Henderson <rth@redhat.com> for the
trick about how to force ld to provide them for kld's.

For a.out, we use the old linker_set struct.

NOTE: the item lists are no longer null terminated.  This is why
the code impact is high in certain areas.

The runtime linker has a new method to find the linker set
boundaries depending on which backend format is in use.

linker sets are still module/kld unfriendly and should never be used
for anything that may be modular one day.

Reviewed by:	eivind
2001-06-13 10:58:39 +00:00
Dag-Erling Smørgrav
21ceb6efa2 For some reason, though the module builds just fine without <sys/lock.h>,
LINT fails to build without it.
2001-06-11 15:04:48 +00:00
Dag-Erling Smørgrav
b27acc8dd1 Bail out if the fill function failed. 2001-06-10 21:39:01 +00:00
Dag-Erling Smørgrav
7005ce8a5f Whoops, some of my test code snuck in here. 2001-06-10 21:37:11 +00:00
Dag-Erling Smørgrav
497806b394 Argh. Fix braino in previous commit. 2001-06-10 18:54:04 +00:00
Dag-Erling Smørgrav
1828efef8d Add a 'flags' argument to the PFS_PROCDIR macro. 2001-06-10 18:52:55 +00:00
Dag-Erling Smørgrav
649ad985c9 Add support for process-dependent directories. This means that save for
the lack of a man page, pseudofs is mostly complete now.
2001-06-10 18:39:21 +00:00
Dag-Erling Smørgrav
1e4ebf4e8d Blah, not my day. This file needs <sys/mutex.h> now. 2001-06-10 10:42:55 +00:00
Dag-Erling Smørgrav
ec09e7f25c Remember to unlock the process pfind() returns. 2001-06-10 10:42:01 +00:00
Dag-Erling Smørgrav
49fa664f4e Add missing #include of <sys/mutex.h>. 2001-06-10 10:36:16 +00:00
Dag-Erling Smørgrav
31f73b3fcd Catch up with the change in sbuf_new's prototype. 2001-06-10 10:34:21 +00:00
Jonathan Lemon
2247e23a97 The kq write filter was hooked up to the wrong socket, and thus was
not behaving correctly.  Fix by attaching to the correct socket.

Also call so{rw}wakeup in addition to the fifo wakeup, so that any
kqfilters attached to the socket buffer get poked.
2001-06-06 17:38:36 +00:00
Seigo Tanimura
326f419bb9 Lock VM Giant prior to locking a vm map.
Spotted by:	Daniel Rock <D.Rock@t-online.de>
Tested by:	David Wolfskill <david@catwhisker.org>,
		Sean Eric Fagan <sef@kithrup.com>
2001-06-06 04:13:11 +00:00
Shafeeq Sinnamohideen
ba8aae1baf Now works again and as a module and with devfs.
Used the bpf & tun drivers as examples as to what is necessary for devfs.
2001-06-05 19:45:16 +00:00
Brian Somers
51716196a4 Support /dev/tun cloning. Ansify if_tun.c while I'm there.
Only tun0 -> tun32767 may now be opened as struct ifnet's if_unit
is a short.

It's now possible to open /dev/tun and get a handle back for an available
tun device (use devname to find out what you got).

The implementation uses rman by popular demand (and against my judgement)
to track opened devices and uses the new dev_depends() to ensure that
all make_dev()d devices go away before the module is unloaded.

Reviewed by:	phk
2001-06-01 15:51:10 +00:00
Ruslan Ermilov
4ccd754686 - VFS_SET(msdos) -> VFS_SET(msdosfs)
- msdos.ko -> msdosfs.ko
- mount_msdos(8) -> mount_msdosfs(8)
- "msdos" -> "msdosfs" compatibility glue in mount(8)
2001-06-01 10:57:26 +00:00
Poul-Henning Kamp
e33457d7eb Don't copy the trailing zero in readlink, it confuses namei().
PR:		27656
2001-05-26 20:07:57 +00:00
Ruslan Ermilov
8a8402d3a5 - sys/n[tw]fs moved to sys/fs/n[tw]fs
- /usr/include/n[tw]fs moved to /usr/include/fs/n[tw]fs
2001-05-26 11:57:45 +00:00
Poul-Henning Kamp
3344c5a17e Create a general facility for making dev_t's depend on another
dev_t.  The dev_depends(dev_t, dev_t) function is for tying them
to each other.

When destroy_dev() is called on a dev_t, all dev_t's depending
on it will also be destroyed (depth first order).

Rewrite the make_dev_alias() to use this dependency facility.

kern/subr_disk.c:
Make the disk mini-layer use dependencies to make sure all
relevant dev_t's are removed when the disk disappears.

Make the disk mini-layer precreate some magic sub devices
which the disk/slice/label code expects to be there.

kern/subr_disklabel.c:
Remove some now unneeded variables.

kern/subr_diskmbr.c:
Remove some ancient, commented out code.

kern/subr_diskslice.c:
Minor cleanup.  Use name from dev_t instead of dsname()
2001-05-26 08:27:58 +00:00
Robert Watson
b1fc0ec1a7 o Merge contents of struct pcred into struct ucred. Specifically, add the
real uid, saved uid, real gid, and saved gid to ucred, as well as the
  pcred->pc_uidinfo, which was associated with the real uid, only rename
  it to cr_ruidinfo so as not to conflict with cr_uidinfo, which
  corresponds to the effective uid.
o Remove p_cred from struct proc; add p_ucred to struct proc, replacing
  original macro that pointed.
  p->p_ucred to p->p_cred->pc_ucred.
o Universally update code so that it makes use of ucred instead of pcred,
  p->p_ucred instead of p->p_pcred, cr_ruidinfo instead of p_uidinfo,
  cr_{r,sv}{u,g}id instead of p_*, etc.
o Remove pcred0 and its initialization from init_main.c; initialize
  cr_ruidinfo there.
o Restruction many credential modification chunks to always crdup while
  we figure out locking and optimizations; generally speaking, this
  means moving to a structure like this:
        newcred = crdup(oldcred);
        ...
        p->p_ucred = newcred;
        crfree(oldcred);
  It's not race-free, but better than nothing.  There are also races
  in sys_process.c, all inter-process authorization, fork, exec, and
  exit.
o Remove sigio->sio_ruid since sigio->sio_ucred now contains the ruid;
  remove comments indicating that the old arrangement was a problem.
o Restructure exec1() a little to use newcred/oldcred arrangement, and
  use improved uid management primitives.
o Clean up exit1() so as to do less work in credential cleanup due to
  pcred removal.
o Clean up fork1() so as to do less work in credential cleanup and
  allocation.
o Clean up ktrcanset() to take into account changes, and move to using
  suser_xxx() instead of performing a direct uid==0 comparision.
o Improve commenting in various kern_prot.c credential modification
  calls to better document current behavior.  In a couple of places,
  current behavior is a little questionable and we need to check
  POSIX.1 to make sure it's "right".  More commenting work still
  remains to be done.
o Update credential management calls, such as crfree(), to take into
  account new ruidinfo reference.
o Modify or add the following uid and gid helper routines:
      change_euid()
      change_egid()
      change_ruid()
      change_rgid()
      change_svuid()
      change_svgid()
  In each case, the call now acts on a credential not a process, and as
  such no longer requires more complicated process locking/etc.  They
  now assume the caller will do any necessary allocation of an
  exclusive credential reference.  Each is commented to document its
  reference requirements.
o CANSIGIO() is simplified to require only credentials, not processes
  and pcreds.
o Remove lots of (p_pcred==NULL) checks.
o Add an XXX to authorization code in nfs_lock.c, since it's
  questionable, and needs to be considered carefully.
o Simplify posix4 authorization code to require only credentials, not
  processes and pcreds.  Note that this authorization, as well as
  CANSIGIO(), needs to be updated to use the p_cansignal() and
  p_cansched() centralized authorization routines, as they currently
  do not take into account some desirable restrictions that are handled
  by the centralized routines, as well as being inconsistent with other
  similar authorization instances.
o Update libkvm to take these changes into account.

Obtained from:	TrustedBSD Project
Reviewed by:	green, bde, jhb, freebsd-arch, freebsd-audit
2001-05-25 16:59:11 +00:00
Ruslan Ermilov
1166fb516b - sys/msdosfs moved to sys/fs/msdosfs
- msdos.ko renamed to msdosfs.ko
- /usr/include/msdosfs moved to /usr/include/fs/msdosfs
2001-05-25 08:14:14 +00:00
Ruslan Ermilov
c7b23e0fb4 Actually rename FDESC, PORTAL, UMAP and UNION file systems.
OK'ed by:	bp
2001-05-24 15:20:11 +00:00
Ruslan Ermilov
c99d12581a mount_umap(8) -> mount_umapfs(8). 2001-05-24 13:20:41 +00:00
Ruslan Ermilov
57a523ae6b mount_null(8) -> mount_nullfs(8). 2001-05-24 13:17:47 +00:00
John Baldwin
c7f52620e0 Don't acquire/release Giant around some of the places that need it in
spec_getpages().  Instead, assert that Giant is held by the caller.
2001-05-23 22:20:29 +00:00
Poul-Henning Kamp
5a9300c451 Change the way deletes are managed in DEVFS.
This fixes a number of warnings relating to removed cloned devices.

It also makes it possible to recreate deleted devices with
mknod(2).  The major/minor arguments are ignored.
2001-05-23 17:48:20 +00:00
Ruslan Ermilov
99d300a1ec - FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file
systems were repo-copied from sys/miscfs to sys/fs.

- Renamed the following file systems and their modules:
  fdesc -> fdescfs, portal -> portalfs, union -> unionfs.

- Renamed corresponding kernel options:
  FDESC -> FDESCFS, PORTAL -> PORTALFS, UNION -> UNIONFS.

- Install header files for the above file systems.

- Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
  Makefiles.
2001-05-23 09:42:29 +00:00
John Baldwin
2178ff8b9f Sort includes from previous commit. 2001-05-21 23:19:50 +00:00
Alfred Perlstein
2395531439 Introduce a global lock for the vm subsystem (vm_mtx).
vm_mtx does not recurse and is required for most low level
vm operations.

faults can not be taken without holding Giant.

Memory subsystems can now call the base page allocators safely.

Almost all atomic ops were removed as they are covered under the
vm mutex.

Alpha and ia64 now need to catch up to i386's trap handlers.

FFS and NFS have been tested, other filesystems will need minor
changes (grabbing the vm lock when twiddling page properties).

Reviewed (partially) by: jake, jhb
2001-05-19 01:28:09 +00:00
Boris Popov
10fa1684ed Currently there is no way to tell if write operation invoked via
vn_start_write() on the given vnode will be successful. VOP_LEASE() may
help to solve this problem, but its return value ignored nearly everywhere.
For now just assume that the missing upper layer on write means insufficient
access rights (which is correct for most cases).
2001-05-18 07:43:13 +00:00
Boris Popov
f3d1ec67b2 VOP getwritemount() can be invoked on vnodes with VFREE flag set (used in
snapshots code). At this point upper vp may not exist.
2001-05-17 04:58:25 +00:00