summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_xxx.c
Commit message (Collapse)AuthorAgeFilesLines
* Place hostnames and similar information fully under the prison system.jamie2009-05-291-11/+11
| | | | | | | | | | | | | | | | | The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible. The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed. Approved by: bz (mentor)
* Fix compilation. Also move ogetkerninfo() to kern_xxx.c.ed2008-12-291-1/+208
| | | | | | | It seems I forgot to remove `int error' from a single piece of code. I'm also moving ogetkerninfo() to kern_xxx.c, because it belongs to the class of compat system information system calls, not the generic sysctl code.
* Push down Giant inside sysctl. Also add some more assertions to the code.ed2008-12-291-34/+16
| | | | | | | | | | | | | | In the existing code we didn't really enforce that callers hold Giant before calling userland_sysctl(), even though there is no guarantee it is safe. Fix this by just placing Giant locks around the call to the oid handler. This also means we only pick up Giant for a very short period of time. Maybe we should add MPSAFE flags to sysctl or phase it out all together. I've also added SYSCTL_LOCK_ASSERT(). We have to make sure sysctl_root() and name2oid() are called with the sysctl lock held. Reviewed by: Jille Timmermans <jille quis cx>
* Mark uname(), getdomainname() and setdomainname() with COMPAT_FREEBSD4.ed2008-11-091-37/+26
| | | | | | | | | | | | | | | | | | | | | Looking at our source code history, it seems the uname(), getdomainname() and setdomainname() system calls got deprecated somewhere after FreeBSD 1.1, but they have never been phased out properly. Because we don't have a COMPAT_FREEBSD1, just use COMPAT_FREEBSD4. Also fix the Linuxolator to build without the setdomainname() routine by just making it call userland_sysctl on kern.domainname. Also replace the setdomainname()'s implementation to use this approach, because we're duplicating code with sysctl_domainname(). I wasn't able to keep these three routines working in our COMPAT_FREEBSD32, because that would require yet another keyword for syscalls.master (COMPAT4+NOPROTO). Because this routine is probably unused already, this won't be a problem in practice. If it turns out to be a problem, we'll just restore this functionality. Reviewed by: rdivacky, kib
* Step 1.5 of importing the network stack virtualization infrastructurezec2008-10-021-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | from the vimage project, as per plan established at devsummit 08/08: http://wiki.freebsd.org/Image/Notes200808DevSummit Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator macros, and CURVNET_SET() context setting macros, all currently resolving to NOPs. Prepare for virtualization of selected SYSCTL objects by introducing a family of SYSCTL_V_*() macros, currently resolving to their global counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT(). Move selected #defines from sys/sys/vimage.h to newly introduced header files specific to virtualized subsystems (sys/net/vnet.h, sys/netinet/vinet.h etc.). All the changes are verified to have zero functional impact at this point in time by doing MD5 comparision between pre- and post-change object files(*). (*) netipsec/keysock.c did not validate depending on compile time options. Implemented by: julian, bz, brooks, zec Reviewed by: julian, bz, brooks, kris, rwatson, ... Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
* Commit step 1 of the vimage project, (network stack)bz2008-08-171-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | virtualization work done by Marko Zec (zec@). This is the first in a series of commits over the course of the next few weeks. Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only. We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again. Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
* Introduce a new lock, hostname_mtx, and use it to synchronize accessrwatson2008-07-051-15/+17
| | | | | | | | | | | | to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates. Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted. MFC after: 3 weeks
* Someone cut and pasted a bunch of stuff here so lots ofjulian2008-06-261-15/+15
| | | | | | | | | indents were spaces when they should have been tabs, screwing up diffs and patches.. Whitespace commit as my first SVN commit. (yay) MFC after: 1 week
* Further system call comment cleanup:rwatson2007-03-051-6/+4
| | | | | | | | | | - Remove also "MP SAFE" after prior "MPSAFE" pass. (suggested by bde) - Remove extra blank lines in some cases. - Add extra blank lines in some cases. - Remove no-op comments consisting solely of the function name, the word "syscall", or the system call name. - Add punctuation. - Re-wrap some comments.
* Remove 'MPSAFE' annotations from the comments above most system calls: allrwatson2007-03-041-24/+0
| | | | | | | | system calls now enter without Giant held, and then in some cases, acquire Giant explicitly. Remove a number of other MPSAFE annotations in the credential code and tweak one or two other adjacent comments.
* Sweep kernel replacing suser(9) calls with priv(9) calls, assigningrwatson2006-11-061-4/+6
| | | | | | | | | | | | | specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
* /* -> /*- for copyright notices, minor format tweaks as necessaryimp2005-01-061-1/+1
|
* In osethostname(), don't need to call suser() directly asrwatson2004-10-221-4/+2
| | | | | userland_sysctl() will perform all necessary privilege checks for the caller.
* Add missing zero flag arguments to calls to userland_sysctl()phk2004-10-121-2/+3
|
* Put on my peril sensitive sunglasses and add a flags field to the internalpeter2004-10-111-5/+5
| | | | | | | | | | | | | | | | sysctl routines and state. Add some code to use it for signalling the need to downconvert a data structure to 32 bits on a 64 bit OS when requested by a 32 bit app. I tried to do this in a generic abi wrapper that intercepted the sysctl oid's, or looked up the format string etc, but it was a real can of worms that turned into a fragile mess before I even got it partially working. With this, we can now run 'sysctl -a' on a 32 bit sysctl binary and have it not abort. Things like netstat, ps, etc have a long way to go. This also fixes a bug in the kern.ps_strings and kern.usrstack hacks. These do matter very much because they are used by libc_r and other things.
* Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This iscperciva2004-07-261-1/+1
| | | | | | | | | | | somewhat clearer, but more importantly allows for a consistent naming scheme for suser_cred flags. The old name is still defined, but will be removed in a few days (unless I hear any complaints...) Discussed with: rwatson, scottl Requested by: jhb
* Deorbit COMPAT_SUNOS.phk2004-06-111-2/+2
| | | | | We inherited this from the sparc32 port of BSD4.4-Lite1. We have neither a sparc32 port nor a SunOS4.x compatibility desire these days.
* Remove advertising clause from University of California Regent's license,imp2004-04-051-4/+0
| | | | | | per letter dated July 22, 1999. Approved by: core
* Correct mostly harmless off-by-one error in getdomainname().nectar2003-09-131-2/+2
| | | | Reviewed by: imp
* Fix a logic error in osethostid() that was introduced in rev. 1.34:tjr2003-08-231-3/+4
| | | | | allow hostid to be set when suser() returns 0, not when it returns an error. This would have allowed non-root users to set the host ID.
* Use __FBSDID().obrien2003-06-111-1/+3
|
* more caddr_t removal.alfred2002-06-291-2/+2
|
* Change the suser() API to take advantage of td_ucred as well as do ajhb2002-04-011-3/+3
| | | | | | | | | | | | general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag. Discussed on: smp@
* KSE Milestone 2julian2001-09-121-27/+27
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Pushdown Giant for: profil(), ntp_adjtime(), ogethostname(),dillon2001-09-011-36/+86
| | | | osethostname(), ogethostid(), osethostid()
* This is kind of a hack, but it should work. Currently, world is brokenpeter2001-03-241-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | because libc/rpc/key_call.c references uname(), and ps/print.c also defines uname(), and ps is linked statically. This leads to a symbol clash. The userland uname(3) kinda sucked anyway as the hostname etc was too short. And since the libc rpc interface now uses the utsname.nodename which gets truncated, I was tempted into doing something about it. Create a new userland uname function, called __xuname() which takes an extra argument that allows you to change the size of the fields. uname() becomes a static inline function in sys/utsname.h that passes the extra argument in. struct utsname has its field members expanded by default now in userland. We still provide a 'uname' externally linkable function for things that either think that they ``know'' the utsname format and assume 32 character strings and bypass the include file, or objects that are linked against old libcs. ie: just about every plausible case that I can think of is covered. Should we ever change the default lengths again, a libc major bump should not be required as the size is now passed to the function. XXX the uname(2) in the kernel is for FreeBSD 1.1 binary compatability! All the uname(3) functions that are exported to userland are actually implemented in libc with sysctl. uname(1) uses sysctl directly and does not call uname(3). PR: bin/4688
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* This Implements the mumbled about "Jail" feature.phk1999-04-281-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
* Suser() simplification:phk1999-04-271-4/+4
| | | | | | | | | | | | | | | | | | | 1: s/suser/suser_xxx/ 2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>. 3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/ The remaining suser_xxx() calls will be scrutinized and dealt with later. There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce. More changes to the suser() API will come along with the "jail" code.
* Change various syscalls to use size_t arguments instead of u_int.dfr1998-08-241-3/+6
| | | | | | | | | | Add some overflow checks to read/write (from bde). Change all modifications to vm_page::flags, vm_page::busy, vm_object::flags and vm_object::paging_in_progress to use operations which are not interruptable. Reviewed by: Bruce Evans <bde@zeta.org.au>
* Make COMPAT_43 and COMPAT_SUNOS new-style options.eivind1997-12-161-1/+3
|
* Move the "retval" (3rd) parameter from all syscall functions and putphk1997-11-061-18/+10
| | | | | | | | | | | | it in struct proc instead. This fixes a boatload of compiler warning, and removes a lot of cruft from the sources. I have not removed the /*ARGSUSED*/, they will require some looking at. libkvm, ps and other userland struct proc frobbing programs will need recompiled.
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Collect all the functioons concerned with rebooting into one placejulian1996-08-191-55/+1
| | | | | also add the at_shutdown callout list, and change the one user of the present (broken) method (the vn driver) to use the new scheme.
* Removed unnecessary #includes of vm stuff. Most of them were oncebde1995-12-061-2/+1
| | | | | | | prerequisites for <sys/sysctl.h>. subr_prof.c: Also replaced #include of <sys/user.h> by #include of <sys/resourcevar.h>.
* Completed function declarations and/or added prototypes.bde1995-12-021-2/+2
|
* Remove unused var.phk1995-11-201-2/+2
|
* Get rid of domainnamelen.phk1995-11-141-2/+3
|
* Restored the (buggy) historical behaviour of getdomainname().bde1995-11-121-6/+6
| | | | | Negative name lengths for getdomainname() and setdomainname() were converted to large positive ones by misdeclaring the args struct.
* Included <sys/sysproto.h> to get central declarations for syscall argsbde1995-11-121-1/+18
| | | | | | | | | | structs and prototypes for syscalls. Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that.
* Fixed types of ogethostid() and osethostid(). The args struct namesbde1995-11-111-6/+9
| | | | | | conflicted with the machine generated ones in <sys/sysproto.h>. Fixed type of oquota(). It didn't even use an args struct.
* Make the old compat functions use the sysctl front door, rather thanphk1995-11-091-19/+27
| | | | | crashing through the walls. This should save Peters blood pressure and netscapes uname call.
* Removed unused local variable from shutdown_nice()nate1995-09-061-3/+1
|
* Call boot() instead of cpu_reset() if init isn't running in shutdown_nice.dg1995-08-201-7/+6
|
* Extentd David's recent change to shutdown_nice() by callingjoerg1995-08-061-1/+5
| | | | cpu_reset() directly in case init(8) is *not* running.
* Rewrote shutdown_nice() to fix the init-not-yet-started panic().dg1995-07-301-3/+3
|
* Remove trailing whitespace.rgrimes1995-05-301-2/+2
|
* Implemented a "TEXT_SET" called 'cleanup_set' which will be called beforephk1994-12-041-1/+20
| | | | | the reboot takes place (if not RB_NOSYNC that is). The vn driver needs this. Other places might benefit too.
* All of this is cosmetic. prototypes, #includes, printfs and so on. Makesphk1994-10-021-1/+2
| | | | GCC a lot more silent.
OpenPOWER on IntegriCloud