1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

4302 Commits

Author SHA1 Message Date
Robert Watson
6f3933fa6f o Introduce kern.security.bsd.unprivileged_read_msgbuf, which allows
the administrator to restrict access to the kernel message buffer.
  It defaults to '1', which permits access, but if set to '0', requires
  that the process making the sysctl() have appropriate privilege.
o Note that for this to be effective, access to this data via system
  logs derived from /dev/klog must also be limited.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:40:52 +00:00
Robert Watson
e409590d0e o Further sysctl name simplification, generally stripping 'permitted',
using '_'s more consistently.

Discussed with:	bde, jhb
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 21:33:16 +00:00
Robert Watson
48713bdc3c o Move current inhabitants of kern.security to kern.security.bsd, so
that new models can inhabit kern.security.<modelname>.
o While I'm there, shorten somewhat excessive variable names, and clean
  things up a little.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2001-11-30 20:58:31 +00:00
Robert Watson
1e4b531bb6 o Cache req->td->td_proc->p_ucred->cr_prison in pr to improve
readability.
o Conditionalize only the SYSCTL definitions for the regression
  tree, not the variables itself, decreasing the number of #ifdef
  REGRESSIONs scattered in kern_mib.c, and making the code more
  readable.

Sponsored by:	DARPA, NAI Labs
2001-11-28 21:22:05 +00:00
John W. De Boskey
a5f75648d8 Return a more meaningful errno when the length of the interpreter
exceeds MAXSHELLCMDLEN to avoid secondary /bin/sh execution.

Update execve man page to reflect change.

Increase MAXSHELLCMDLEN to a slightly more meaningful value.

PR:		kern/32106
Submitted by:	b@etek.chalmers.se
Reviewed by:	bsd
MFC after:	2 weeks
2001-11-28 03:26:58 +00:00
Peter Wemm
023a0e6100 Dont print the sysctl node tree unless you're root.
Found by:	jkb (Yahoo OS troublemaker)
2001-11-28 03:11:16 +00:00
Bosko Milekic
a705398be0 Context:
For an object type, we maintain a variable mb_mapfull. It is 0 by default
and is only raised to 1 in one place: when an mb_pop_cont() fails for
the first time, on the assumption that the reason for the failure is
due to the underlying map for the object (e.g. clust_map, mbuf_map) being
exhausted.

Problem and Changes:
Change how we define "mb_mapfull." It now means: "set to 1 when the first
mb_pop_cont() fails only in the kmem_malloc()-ing of the object, and
only if the call was with the M_TRYWAIT flag." This is a more conservative
definition and should avoid odd [but theoretically possible] situations
from occuring. i.e. we had set mb_mapfull to 1 thinking the map for the
object was actually exhausted when we _actually_ failed in malloc()ing
the space for the bucket structure managing the objects in the page
we're allocating.
2001-11-25 04:42:54 +00:00
Doug Rabson
c36e48514d Since we used '#ifdef __i386__', don't close with '#endif /* !__alpha__ */' 2001-11-24 10:11:14 +00:00
David E. O'Brien
d970bcc9db Remove the use of _PATH_DEV in the example.
The kernel certainly doesn't use _PATH_DEV or even /dev/ to find the device.
It cannot, since "/" has not been mounted.  Maybe the only affect of using
/dev/ is that it gets put in the mounted-from name for "/", so that mount(8),
etc., display an absolute path before "/" has been remounted.  Many have
never bothered typing the full path, and code that constructs a path in
rootdevnames[] never bothered to construct a full path, so the example
shouldn't have it.

Submitted by:	bde
2001-11-24 01:34:12 +00:00
Peter Wemm
fef8392d99 Recognize the "fixed" geometry in boot1 so that DD disks are not
interpreted as real fdisk tables (and fail).
2001-11-21 08:31:45 +00:00
David E. O'Brien
cabb03fc76 We only have slices on i386 and IA-64. 2001-11-20 23:48:00 +00:00
Maxim Sobolev
783c41d432 Make kevents on pipes work as described in the manpage - when the last
reader/writer disconnects, ensure that anybody who is waiting for the
kevent on the other end of the pipe gets EV_EOF.

MFC after:	2 weeks
2001-11-19 09:25:30 +00:00
Matthew Dillon
849948a7cd cast hashing index to (int)(intptr_t) for calculation.
mtx_init() with MTX_QUIET and MTX_NOWITNESS to avoid bogus warnings
2001-11-19 00:20:36 +00:00
Andrew R. Reiter
b489b4075c - Ensure that linker file id's are unique, rather than blindly
incrementing the value.

Reviewed by: dfr, peter
2001-11-18 18:19:35 +00:00
Matthew Dillon
b1e4abd246 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
Peter Wemm
1b27b1ad08 Fix some warnings on 64 bit platforms. 2001-11-17 00:42:02 +00:00
Peter Wemm
857ff6155b utime/stime.tv_sec are elapsed times, not relative to 1970. We can
safely print them as longs.  Even if ^T overflows after a process
has accumulated 68 years of user or system time, it is no big deal.
2001-11-17 00:26:57 +00:00
Peter Wemm
aa89942676 You cannot cast a time_t to quad_t and printf it with %lld. quad_t is
64 bits, not long long.
2001-11-16 23:53:48 +00:00
Ian Dowse
7b9716bad2 Fix a number of misspellings of "dependency" and "dependencies" in
comments and function names.

PR:		kern/8589
Submitted by:	Rajesh Vaidheeswarran <rv@fore.com>
2001-11-16 21:08:40 +00:00
Poul-Henning Kamp
24d5c95471 Back out the previous fix to the leading zero problem, I hadn't
noticed it in there already.  That should teach me to check exit
code from cvsup.
2001-11-16 17:07:47 +00:00
Poul-Henning Kamp
10786074c5 Reject leading zeros in dev_stdclone().
PR:		32019
Submitted by:	fenner
2001-11-16 17:05:07 +00:00
Josef Karthauser
9ea6d9ef6a Switch warnings and strict back on again in a way that's compatible
with -stable as well as -current.

Reviewed by:	imp
2001-11-16 02:02:42 +00:00
Bill Fenner
b519852a02 Do not allow leading zeros on device names in dev_stdclone().
PR:		kern/32019
Reviewed by:	phk
2001-11-15 23:27:46 +00:00
John Baldwin
21a7a9aeb6 Use MTX_QUIET for the lock operations during clock interrupts so their logs
don't drown out more useful log messages.
2001-11-15 19:54:48 +00:00
John Baldwin
f4076cc158 Add a couple of returns to making recovering from a failed witness_assert()
more sane in the RESTARTABLE_PANICS case.
2001-11-15 19:46:36 +00:00
John Baldwin
ba48b69a13 Remove definition of witness and comment stating that this file implements
witness.  Witness moved off to subr_witness.c a while ago.
2001-11-15 19:08:55 +00:00
Matthew Dillon
b064d43d8f remove holdfp()
Replace uses of holdfp() with fget*() or fgetvp*() calls as appropriate

introduce fget(), fget_read(), fget_write() - these functions will take
a thread and file descriptor and return a file pointer with its ref
count bumped.

introduce fgetvp(), fgetvp_read(), fgetvp_write() - these functions will
take a thread and file descriptor and return a vref()'d vnode.

*_read() requires that the file pointer be FREAD, *_write that it be
FWRITE.

This continues the cleanup of struct filedesc and struct file access
routines which, when are all through with it, will allow us to then
make the API calls MP safe and be able to move Giant down into the fo_*
functions.
2001-11-14 06:30:36 +00:00
Matthew Dillon
f286003909 Create a mutex pool API for short term leaf mutexes.
Replace the manual mutex pool in kern_lock.c (lockmgr locks) with the new API.
Replace the mutexes embedded in sxlocks with the new API.
2001-11-13 21:55:13 +00:00
John Baldwin
00f13cb353 As a followup to the previous fixes to inferior, revert some of the
changes in 1.80 that were needed for locking that are no longer needed now
that a lock is simply asserted.

Submitted by:	bde
2001-11-13 16:55:54 +00:00
Paul Saab
817805d9c9 Fix a signed bug in the crashdump code for systems with > 2GB of ram.
Reviewed by:	peter
2001-11-13 01:08:54 +00:00
Giorgos Keramidas
7377f0d190 Remove EOL whitespace.
Reviewed by:	alfred
2001-11-12 20:51:40 +00:00
Giorgos Keramidas
074df01866 Make KASSERT's print the values that triggered a panic.
Reviewed by:	alfred
2001-11-12 20:50:06 +00:00
John Baldwin
5b29d6e906 Clean up breakage in inferior() I introduced in 1.92 of kern_proc.c:
- Restore inferior() to being iterative rather than recursive.
- Assert that the proctree_lock is held in inferior() and change the one
  caller to get a shared lock of it.  This also ensures that we hold the
  lock after performing the check so the check can't be made invalid out
  from under us after the check but before we act on it.

Requested by:	bde
2001-11-12 18:56:49 +00:00
Peter Wemm
658c434d90 Commit the better version that I had a while ago. This has only one
reference to curthread.  (#define curproc (curthread->td_proc)).
2001-11-12 08:53:34 +00:00
Matthew Dillon
5b1927bc01 When curproc is used repeatedly store curproc into a local
variable to reduce generated code.  This is a test case.
2001-11-12 08:42:20 +00:00
Alfred Perlstein
f03e89de68 turn vn_open() into a wrapper around vn_open_cred() which allows
one to perform a vn_open using temporary/other/fake credentials.

Modify the nfs client side locking code to use vn_open_cred() passing
proc0's ucred instead of the old way which was to temporary raise
privs while running vn_open().  This should close the race hopefully.
2001-11-11 22:39:07 +00:00
Andrew R. Reiter
b49c67f03f - No need for resetting values to 0 when M_ZERO flag is used.
Approved: jhb
2001-11-10 21:36:56 +00:00
Ian Dowse
cca8f9808b Properly sanity-check the old msgbuf structure before we accept it
as being valid. Previously only the magic number and the virtual
address were checked, but it makes little sense to require that
the virtual address is the same (the message buffer is located at
the end of physical memory), and checks on the msg_bufx and msg_bufr
indices were missing.

Submitted by:	Bodo Rueskamp <br@clabsms.de>
Tripped over during a kernel debugging tutorial given by: grog
Reviewed by:	grog, dwmalone
MFC after:	1 week
2001-11-09 23:58:07 +00:00
Matthew Dillon
8ba1f55b49 Placemark an interrupt race in -current which is currently protected by
Giant.  -stable will get spl*() fixes for the race.

Reported by: Rob Anderson <rob@isilon.com>
MFC after:	0 days
2001-11-08 18:09:18 +00:00
Robert Watson
eacb362f8a o General style improvemnts.
Submitted by:	bde
2001-11-08 15:31:19 +00:00
Robert Watson
44a280a67e o Trim trailing whitespace from kern_mib.c, as suggested by bde. Good
grief.
2001-11-08 15:20:00 +00:00
Robert Watson
ce17880650 o Replace reference to 'struct proc' with 'struct thread' in 'struct
sysctl_req', which describes in-progress sysctl requests.  This permits
  sysctl handlers to have access to the current thread, permitting work
  on implementing td->td_ucred, migration of suser() to using struct
  thread to derive the appropriate ucred, and allowing struct thread to be
  passed down to other code, such as network code where td is not currently
  available (and curproc is used).

o Note: netncp and netsmb are not updated to reflect this change, as they
  are not currently KSE-adapted.

Reviewed by:		julian
Obtained from:	TrustedBSD Project
2001-11-08 02:13:18 +00:00
Peter Wemm
c3699b5f63 For what its worth, sync up the type of ps_arg_cache_max (unsigned long)
with the sysctl type (signed long).
2001-11-08 00:24:48 +00:00
Robert Watson
d3c9fa0463 o Cache the process's struct prison so as to create a more visually
appealing code structure.  In particular, s/req->p->p_ucred->cr_prison/pr/

Requested by:	imp, jhb, jake, other hangers on
2001-11-06 20:09:33 +00:00
Robert Watson
5c0c46c684 o Remove a tab missed in the previous whitespace commit. 2001-11-06 19:58:43 +00:00
Robert Watson
9afc1eee4f o Remove double-indentation of sysctl_kern_securelvl. This change is
consistent with the one other function in the file, and prevents long
  lines in up-coming changes.  This nominally pulls kern_mib.c a little
  further down the long path to style(9) compliance.
2001-11-06 19:56:58 +00:00
Andrew R. Reiter
22524ad0e2 o No need to set values to 0 when we utilize M_ZERO
Approved by: peter
2001-11-05 22:27:46 +00:00
Matthew Dillon
7e76bb562e Implement IO_NOWDRAIN and B_NOWDRAIN - prevents the buffer cache from blocking
in wdrain during a write.  This flag needs to be used in devices whos
strategy routines turn-around and issue another high level I/O, such as
when MD turns around and issues a VOP_WRITE to vnode backing store, in order
to avoid deadlocking the dirty buffer draining code.

Remove a vprintf() warning from MD when the backing vnode is found to be
in-use.  The syncer of buf_daemon could be flushing the backing vnode at
the time of an MD operation so the warning is not correct.

MFC after:	1 week
2001-11-05 18:48:54 +00:00
Robert Watson
149e39ea9e Update copyrights to include Thomas Moestl.
Submitted by:	"Ilmar S. Habibulin" <ilmar@watson.org>
Obtained from:	TrustedBSD Project
2001-11-05 15:36:24 +00:00
Poul-Henning Kamp
751a2cd05b Define a new mount flag "MNT_JAILDEVFS"
Collect the magic combination of flags which can be updated into
a macro in sys/mount.h rather than inlining them (twice!) in
vfs_syscalls.c
2001-11-05 10:33:45 +00:00