| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
| |
Tested by: "Jiawei Ye" <leafy7382 at gmail>
|
| |
|
|
|
|
| |
DEVFS.
Remove the opt_devfs.h file now that it is empty.
|
| |
|
|
|
|
|
| |
This prevents race conditions that can cause pagefaults or devfs
to use arbitrary vnodes.
MFC after: 1 week
|
| |
|
|
| |
to populate a close_args struct and change some of the places that do.
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
one byte less than needed.
This is a RELENG_x_y candidate, since it fixes a problem with Oracle 10.
Noticed by: Dmitry Ganenko <dima@apk-inform.com>
Testcase by: Dmitry Ganenko <dima@apk-inform.com>
Reviewed by: des
Submitted by: rdivacky
Sponsored by: Google SoC 2006
MFC after: 1 week
|
| |
|
|
| |
Submitted by: Pedro Martelletto
|
| |
|
|
|
|
|
| |
to resolve the directory access problem for processes with P_SUGID flag
set.
Suggested by: des
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove call to getmntopts(), and just pass -o options to
nmount(). This removes some confusion as to what options
msdosfs can parse, by pushing the responsibility of option parsing
to the VFS and FS specific code in the kernel.
msdosfs_vfsops.c:
- add "force" and "sync" to msdosfs_opts. They used to be specified
in mount_msdosfs.c, so move them here. It's not clear whethere these
options should be placed into global_opts in vfs_mount.c or not.
Motivated by: marcus
|
| |
|
|
|
|
|
|
| |
Correct a bug in the handling of backslash characters in smbfs which can
allow an attacker to escape from a chroot(2). [2]
Security: FreeBSD-SA-06:15.ypserv [1]
Security: FreeBSD-SA-06:16.smbfs [2]
|
| |
|
|
|
|
|
|
|
|
|
| |
will allow the NFS server to call vfs_stdcheckexp() on the exported nullfs
filesystem, not the underlying filesystem being nullfs mounted.
If the lower filesystem was not NFS exported, then the NFS exported
null filesystem would not work.
Pointed out by: scottl
PR: kern/87906
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
return EOPNOTSUPP if an "export" parameter was passed in.
This should allow nullfs mounts to be NFS exported.
PR: kern/87906
MFC after: 1 week
|
| |
|
|
|
| |
from individual filesystems. Call it instead in vfs_mount.c,
after we call VFS_MOUNT() for a specific filesystem.
|
| |
|
|
|
| |
from individual filesystems. Call it instead in vfs_mount.c,
after we call VFS_MOUNT() for a specific filesystem.
|
| |
|
|
|
|
| |
Submitted by: kensmith@
Reviewed by: mohans@
MFC after: 6 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If B_NOCACHE is set the pages of vm backed buffers will be invalidated.
However clean buffers can be backed by dirty VM pages so invalidating them
can lead to data loss.
Add support for flush dirty page in the data invalidation function
of some network file systems.
This fixes data losses during vnode recycling (and other code paths
using invalbuf(*,V_SAVE,*,*)) for data written using an mmaped file.
Collaborative effort by: jhb@,mohans@,peter@,ps@,ups@
Reviewed by: tegge@
MFC after: 7 days
|
| |
|
|
|
|
|
|
|
|
| |
if a process's uid or gid has changed, but the /proc/<PID> directory
itself was also set to mode 0. Assuming this doesn't open any
security holes, open access to the /proc/<PID> directory for users
other than root to read or search the directory.
Reviewed by: des (back in February)
MFC after: 3 weeks
|
| |
|
|
| |
unnecessary.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mount(2) system call:
* Add cmount hook to fdescfs and pseudofs (and, by extension, procfs and
linprocfs). This (mostly) restores the ability to mount these
filesystems using the old mount(2) system call (see below for the
rest of the fix).
* Remove not-NULL check for the data argument from the mount(2) entry
point. Per the mount(2) man page, it is up to the individual
filesystem being mounted to verify data. Or, in the case of procfs,
etc. the filesystem is free to ignore the data parameter if it does
not use it. Enforcing data to be not-NULL in the mount(2) system call
entry point prevented passing NULL to filesystems which ignored the
data pointer value. Apparently, passing NULL was common practice
in such cases, as even our own mount_std(8) used to do it in the
pre-nmount(2) world.
All userland programs in the tree were converted to nmount(2) long ago,
but I've found at least one external program which broke due to this
(presumably unintentional) mount(2) API change. One could argue that
external programs should also be converted to nmount(2), but then there
isn't much point in keeping the mount(2) interface for backward
compatibility if it isn't backward compatible.
|
| | |
|
| |
|
|
|
| |
the vnode is never recycled. It is bogus because the reference really
should be associated with the devfs dirent.
|
| | |
|
| |
|
|
|
| |
MFC after: 3 days
Submitted by: Kostik Belousov <kostikbel at gmail dot com>
|
| |
|
|
|
|
|
|
|
|
|
| |
rather than panicking later. This can occur if the kernel calls
vn_open() on a fifo, as there will be no associated file descriptor,
and therefore the file descriptor operations cannot be modified to
point to the fifo operation set.
MFC after: 3 days
Reported by: Martin <nakal at nurfuerspam dot de>
PR: 94278
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
processing, this actually means there's a double slash recorded in the
symbolic link's path name. We used to start over from / then, which
caused link targets like ../../bsdi.1.0/include//pathnames.h to be
interpreted as /pathnahes.h. This is both contradictionary to our
conventional slash interpretation, as well as potentially dangerous.
The right thing to do is (obviously) to just ignore that element.
bde once pointed out that mistake when he noticed it on the
4.4BSD-Lite2 CD-ROM, and asked me for help.
Reviewed by: bde (about half a year ago)
MFC after: 3 days
|
| |
|
|
|
|
|
| |
filesystem so that nullfs doesn't permit you to circumvent snapshots.
Discussed with: tegge
Sponsored by: Isilon Systems, Inc.
|
| |
|
|
|
|
|
| |
PR: kern/93905
Submitted by: Kostik Belousov <kostikbel@gmail.com>
Reviewed by: jeff
MFC After: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Otherwise a kernel build would break in the coda5 module if the main
kernel conf file enabled CODA_COMPAT_5, too. Redefined symbols are
strictly disallowed by -Werror.
To overcome this issue, introduce a different symbol indicating coda5
build, CODA5_MODULE, and translate it to CODA_COMPAT_5 appropriately
in /sys/coda/coda.h.
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Reorder the events in exit(2) slightly so that we trigger the S_EXIT
stop event earlier. After we have signalled that, we set P_WEXIT and
then wait for any processes with a hold on the vmspace via PHOLD to
release it. PHOLD now KASSERT()'s that P_WEXIT is clear when it is
invoked, and PRELE now does a wakeup if P_WEXIT is set and p_lock drops
to zero.
- Change proc_rwmem() to require that the processing read from has its
vmspace held via PHOLD by the caller and get rid of all the junk to
screw around with the vmspace reference count as we no longer need it.
- In ptrace() and pseudofs(), treat a process with P_WEXIT set as if it
doesn't exist.
- Only do one PHOLD in kern_ptrace() now, and do it earlier so it covers
FIX_SSTEP() (since on alpha at least this can end up calling proc_rwmem()
to clear an earlier single-step simualted via a breakpoint). We only
do one to avoid races. Also, by making the EINVAL error for unknown
requests be part of the default: case in the switch, the various
switch cases can now just break out to return which removes a _lot_ of
duplicated PRELE and proc unlocks, etc. Also, it fixes at least one bug
where a LWP ptrace command could return EINVAL with the proc lock still
held.
- Changed the locking for ptrace_single_step(), ptrace_set_pc(), and
ptrace_clear_single_step() to always be called with the proc lock
held (it was a mixed bag previously). Alpha and arm have to drop
the lock while the mess around with breakpoints, but other archs
avoid extra lock release/acquires in ptrace(). I did have to fix a
couple of other consumers in kern_kse and a few other places to
hold the proc lock and PHOLD.
Tested by: ps (1 mostly, but some bits of 2-4 as well)
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
associated with the passed in pfs_node. If it does return a pointer, it
keeps the process locked. This allows a lot of places that were calling
pfind() again right after pfs_visible() to not have to do that and avoids
races since we don't drop the proc lock just to turn around and lock it
again. This will become more important with future changes to fix races
between procfs/ptrace and exit(2). Also, removed a duplicate pfs_visible()
call in pfs_getextattr().
Reviewed by: des
MFC after: 1 week
|
| |
|
|
|
|
|
| |
it and remove a PRELE() that didn't have a matching PHOLD(). The calling
code already has a PHOLD anyway.
MFC after: 1 week
|
| |
|
|
|
|
|
| |
it may not be removed from the freelist.
MFC After: 1 week
Found by: kris
|
| |
|
|
|
|
|
|
|
|
|
| |
vop_lock_post do not trigger.
- Rearrange null_inactive to null_hashrem earlier so there is no chance
of finding the null node on the hash list after the locks have been
switched.
- We should never have a NULL lowervp in null_reclaim() so there is
no need to handle this situation. panic instead.
MFC After: 1 week
|
| |
|
|
|
|
|
|
|
|
| |
- Simplify the logic dealing with recycled vnodes in null_hashget() and
null_hashins(). Since we hold the lower node locked in both cases
the null node can not be undergoing recycling unless reclaim somehow
called null_nodeget(). The logic that was in place was not safe and
was essentially dead code.
MFC After: 1 week
|
| |
|
|
|
|
| |
returns NULL.
MFC After: 1 week
|
| |
|
|
|
|
|
|
| |
always turning it on along with any flags set in the lower mount.
Tested by: kris
Reviewed by: jeff
MFC after: 3 days
|
| |
|
|
|
|
|
| |
prone way later.
Reported by: kkenn
MFC After: 3 days
|
| |
|
|
|
| |
Submitted by: Pedro Martelletto <pedro@ambientworks.net> (via scottl)
Tested on: sparc64
|
| |
|
|
|
|
|
|
|
|
|
|
| |
directory. vrele() may lock the passed vnode, which in these cases would
give an invalid lock order of child -> parent. These situations are
deadlock prone although do not typically deadlock because the vrele
is typically not releasing the last reference to the vnode. Users of
vrele must consider it as a call to vn_lock() and order it appropriately.
MFC After: 1 week
Sponsored by: Isilon Systems, Inc.
Tested by: kkenn
|
| |
|
|
|
|
| |
time ago.
Sponsored by: Isilon Systems, Inc.
|
| |
|
|
|
|
| |
over fs corruption.
Discussed with: alfred, phk
|
| |
|
|
|
|
|
| |
`char direntry::deName[8]' and access deExtension[] explicitly.
Found by: Coverity Prevent(tm)
CID: 350, 351, 352
|
| |
|
|
|
|
|
| |
declarations. I knew I would get to fix something in Coda
eventually.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
last few days. I tracked it down to the fact that nfs_reclaim()
is setting vp->v_data to NULL _before_ calling vnode_destroy_object().
After silence from the mailing list I checked further and discovered
that ufs_reclaim() is unique among FreeBSD filesystems for calling
vnode_destroy_object() early, long before tossing v_data or much
of anything else, for that matter. The rest, including NFS, appear
to be identical, as if they were just clones of one original routine.
The enclosed patch fixes all file systems in essentially the same
way, by moving the call to vnode_destroy_object() to early in the
routine (before the call to vfs_hash_remove(), if any). I have
only tested NFS, but I've now run for over eighteen hours with the
patch where I wouldn't get past four or five without it.
Submitted by: Frank Mayhar
Requested by: Mohan Srinivasan
MFC After: 1 week
|
| |
|
|
|
|
| |
iterated over when using MNT_VNODE_FOREACH.
Reviewed by: truckman
|
| |
|
|
|
|
| |
was harmless because the define is not used in coda_vfsops.c.
Submitted by: Hugo Meiland
|
| |
|
|
|
| |
PR: kern/91346
Submitted by: Gavin Atkinson
|
