1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

33803 Commits

Author SHA1 Message Date
Robert Watson
9453a033ff Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:03:26 +00:00
Josef Karthauser
7ebe6f9e2f Regen 2002-07-30 23:30:56 +00:00
Josef Karthauser
3fc6710b56 Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD
2002-07-30 23:30:15 +00:00
Ian Dowse
b4dc6ff9bc Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.
2002-07-30 23:26:22 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Robert Watson
549e4c9e4e Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:09:20 +00:00
Robert Watson
19930ae546 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:06:07 +00:00
Robert Watson
39bd868cc3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
Robert Watson
55fb783052 Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
Robert Watson
781caa8157 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
Robert Watson
87acada933 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
Warner Losh
abf24f80a6 Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
Robert Watson
fae89e29b1 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
Robert Watson
3b2e600940 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
Robert Watson
f8ef020e2e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
Robert Watson
f3cfa6072e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00
Robert Watson
f33168f292 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:03:57 +00:00
Bill Fenner
e34c1b84b7 Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump . 2002-07-30 21:47:14 +00:00
Robert Watson
95fab37ea8 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:36:05 +00:00
Robert Watson
ddcdf2650b Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:32:34 +00:00
Julian Elischer
4d492b4369 Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org
2002-07-30 21:13:48 +00:00
Bosko Milekic
c89137ff90 Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.
2002-07-30 21:06:27 +00:00
Alan Cox
1812190d09 o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
in vfs_busy_pages().
2002-07-30 20:41:10 +00:00
Julian Elischer
b8e45df779 Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.
2002-07-30 20:34:30 +00:00
Mitsuru IWASAKI
b69ed3f4c6 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
Mitsuru IWASAKI
432a633569 This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.
2002-07-30 19:33:39 +00:00
Mitsuru IWASAKI
da9df8d45e Vendor import of the Intel ACPI CA 20020725 drop. 2002-07-30 19:33:39 +00:00
Alan Cox
1161b86a15 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.
2002-07-30 18:51:07 +00:00
Robert Watson
e66c87b70e When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:48:25 +00:00
Robert Watson
e37b1fcdee Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:28:58 +00:00
Josef Karthauser
ca095220db Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>
2002-07-30 17:44:28 +00:00
John Baldwin
c038666eae If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp
2002-07-30 17:31:42 +00:00
Robert Watson
4266d0d0ce Regen. 2002-07-30 16:52:22 +00:00
Robert Watson
aedbd622fe Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 16:50:25 +00:00
Maxim Sobolev
47c7de587b Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks
2002-07-30 16:24:00 +00:00
Jacques Vidrine
89ab930718 For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>
2002-07-30 15:38:29 +00:00
Poul-Henning Kamp
9fbc6a330d Fix braino in last commit. 2002-07-30 12:02:41 +00:00
Poul-Henning Kamp
17b1994bbe Move ffs_isfreeblock() to ffs_alloc.c and make it static.
Sponsored by: DARPA & NAI Labs.
2002-07-30 11:54:48 +00:00
Maxim Sobolev
3c7d68acc8 Regen after usbdevs rev.1.95. 2002-07-30 11:03:50 +00:00
Maxim Sobolev
b8d95a688e Add ID for Luwen EasyDisk USB flash memory drive.
PR:		41081
Submitted by:	demon
MFC after:	5 days
2002-07-30 11:02:35 +00:00
Maxim Sobolev
b047aa218b Add a quick check that device actually has sound capabilities. The problem
is that some cards built around fm801 chip have the same device ID, only
have radio tuner onboard, but no sound capabilities. Therefore, with such
card inserted and `device pcm' in kernel the user has a big problem, as
the fm801 driver effectively hangs the machine when trying to initialise
nonexistent ac97 codecs (it does 500 retries with 1 second interval!).
It would be better if MediaForte's engeneers were smart enough to put
different device ID into such cards, but it isn't an option.

MFC after:	2 weeks
2002-07-30 10:54:19 +00:00
Seigo Tanimura
133267776c In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may
be swapped out.  Do not put such the thread directly back to the run
queue.

Spotted by:	David Xu <davidx@viasoft.com.cn>

While I am here, s/PS_TIMEOUT/TDF_TIMEOUT/.
2002-07-30 10:12:11 +00:00
Jeff Roberson
c72f085d04 - Add vfs_badlock_{print,panic} support to the remaining VOP_ASSERT_*
macros.
2002-07-30 09:57:37 +00:00
Jeff Roberson
cf409a0a98 - Add automatic post vop debug checks. These work in both the success and
failure cases.
2002-07-30 08:52:00 +00:00
Jeff Roberson
1e4c7a1368 - Acknowledge recursive vnode locks in the vop_unlock specification. The
vnode may not be unlocked even if the operation succeeded.
2002-07-30 08:50:52 +00:00
Alan Cox
32585dd617 o In vm_object_madvise() and vm_object_page_remove() replace
vm_page_sleep_busy() with vm_page_sleep_if_busy().  At the same time,
   increase the scope of the page queues lock.  (This should significantly
   reduce the locking overhead in vm_object_page_remove().)
 o Apply some style fixes.
2002-07-30 07:23:04 +00:00
Seigo Tanimura
9eb881f804 - Optimize wakeup() and its friends; if a thread waken up is being
swapped in, we do not have to ask for the scheduler thread to do
  that.

- Assert that a process is not swapped out in runq functions and
  swapout().

- Introduce thread_safetoswapout() for readability.

- In swapout_procs(), perform a test that may block (check of a
  thread working on its vm map) first.  This lets us call swapout()
  with the sched_lock held, providing a better atomicity.
2002-07-30 06:54:05 +00:00
Alan Cox
bfd2867046 o Lock page queue accesses by pmap_release_free_page(). 2002-07-30 06:45:39 +00:00
Jake Burkholder
61f869600d Add definitions for statistical and high-resolution profiling. The calling
conventions for _mcount and __cyg_profile_func_enter are different, so
statistical profiling kernels build and link but don't actually work.
IWBNI one could tell gcc to only generate calls to the former.

Define uintfptr_t properly for userland, but not for the kernel (I hope).
2002-07-30 06:14:34 +00:00
Jake Burkholder
c465faf9d4 The data cache on UltraSPARC III is not directly mapped, so don't assert
that.  This breaks assumptions made by some of the cache flushing code,
but UltraSPARC III has different methods for invalidating cache lines
anyway.
2002-07-30 05:48:33 +00:00