summaryrefslogtreecommitdiffstats
path: root/sys/kern/sysv_sem.c
Commit message (Collapse)AuthorAgeFilesLines
* Don't leak memory in semop(2). (Fix a bug I introduced in rev 1.55.)alfred2002-10-191-1/+2
| | | | Detective work by: jake
* Make SYSVSEM mpsafe. Each semaphore set gets its own lock, howeveralfred2002-08-131-87/+172
| | | | | | | | | | | | | | | there is a global lock over the undo structures because of the way they are managed. Switch to using SLIST instead of rolling our own linked list. Fix several races where a permission check was done before a copyin/copyout, if the copy happened to fault it may have been possible to race for access to a semaphore set that one shouldn't have access to. Requested by: rwatson Tested by: NetBSD regression suite.
* Cleanup:alfred2002-08-051-28/+24
| | | | | | Fix line wrapping. Remove 'register'. malloc(9) with M_WAITOK can't fail, so remove checks for that.
* Cleanup:alfred2002-07-221-101/+51
| | | | | Define a debug printf macro rather than wrapping all calls to printf with #ifdefs.
* Remove caddr_t.alfred2002-07-221-14/+11
|
* Remove __P.alfred2002-03-191-12/+12
|
* Pacify gcc-3.1+, initialize two variables to avoid -Wuninitializedpeter2002-03-191-2/+2
| | | | warnings.
* Fix a typo, unbreak the world.maxim2002-03-061-1/+1
| | | | | Thanks to: mux Approved by: ru
* Maximum semid is seminfo.semmni not seminfo.semmsl.maxim2002-03-061-3/+3
| | | | | | | | PR: kern/34979 Submitted by: James Gritton <jamie@gritton.org> Reviewed by: alfred, ru Approved by: ru MFC after: 1 week
* - Use td_ucred for jail checks.jhb2002-03-051-25/+14
| | | | | | | | - Move jail checks and some other checks involving constants and stack variables out from under Giant. This isn't perfectly safe atm because jail_sysvipc_allowed is read w/o a lock meaning that its value could be stale. This global variable will soon become a per-jail flag, however, at which time it will either not need a lock or will use the prison lock.
* Fix Giant leakage in several error cases in __semctl().jhb2002-02-271-4/+4
|
* Simple p_ucred -> td_ucred changes to start using the per-thread ucredjhb2002-02-271-1/+1
| | | | reference.
* Rehash of 1.43: simply remove the comment, since it's highly redundantrwatson2002-02-181-13/+0
| | | | and only partially correct.
* style(9) prefers formatted comments in '/*' ... '*/' as opposed torwatson2002-02-181-12/+12
| | | | #if 0'd.
* Eliminate semexit_hook using at_exit(9) and rm_at_exit(9).alc2001-12-301-2/+2
| | | | Reviewed by: alfred
* Make AIO a loadable module.alfred2001-12-291-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | Remove the explicit call to aio_proc_rundown() from exit1(), instead AIO will use at_exit(9). Add functions at_exec(9), rm_at_exec(9) which function nearly the same as at_exec(9) and rm_at_exec(9), these functions are called on behalf of modules at the time of execve(2) after the image activator has run. Use a modified version of tegge's suggestion via at_exec(9) to close an exploitable race in AIO. Fix SYSCALL_MODULE_HELPER such that it's archetecuterally neutral, the problem was that one had to pass it a paramater indicating the number of arguments which were actually the number of "int". Fix it by using an inline version of the AS macro against the syscall arguments. (AS should be available globally but we'll get to that later.) Add a primative system for dynamically adding kqueue ops, it's really not as sophisticated as it should be, but I'll discuss with jlemon when he's around.
* Fix SysV Semaphore Handling.mr2001-10-111-38/+73
| | | | | | | | Updated by peter following KSE and Giant pushdown. I've running with this patch for two week with no ill side effects. PR: kern/12014: Fix SysV Semaphore handling Submitted by: Peter Jeremy <peter.jeremy@alcatel.com.au>
* PR: kern/29698 (part)mr2001-09-131-0/+19
| | | | | | Reviewed by: audit Implement SEM_STAT (like IPC_STAT but treats semid as sema-index). The linuxerator will need it.
* PR: kern/29698 (part)mr2001-09-131-0/+11
| | | | | | | Reviewed by: audit Add tunables for the sem* and shm* syscontrols for tuning on boottime until they become dynamic. SAP R/3 doesn't like the compiled in defaults.
* KSE Milestone 2julian2001-09-121-49/+45
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* Correct a debugging message.dd2001-09-111-1/+1
|
* Make the `nsops' variable in `semop' unsigned. This prevents andd2001-09-101-5/+5
| | | | | | | | | | overflow if uap->nsops (which is already unsigned) is over INT_MAX; consequently, the bounds check below becomes valid. Previously, if a value over INT_MAX was passed in uap->nsops, the bounds check wouldn't catch it, and the value would be used to compute copyin()'s third argument. Obtained from: NetBSD
* Giant Pushdown: sysv shm, sem, and msg calls.dillon2001-08-311-109/+186
|
* Export via sysctl:dd2001-05-301-0/+11
| | | | | | | | | | | * all members of msginfo from sysv_msg.c; * msqids from sysv_msg.c; * sema from sysv_sem.c; and * shmsegs from sysv_shm.c; These will be used by ipcs(1) in non-kvm mode. Reviewed by: tmm
* o Move per-process jail pointer (p->pr_prison) to inside of the subjectrwatson2001-02-211-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | credential structure, ucred (cr->cr_prison). o Allow jail inheritence to be a function of credential inheritence. o Abstract prison structure reference counting behind pr_hold() and pr_free(), invoked by the similarly named credential reference management functions, removing this code from per-ABI fork/exit code. o Modify various jail() functions to use struct ucred arguments instead of struct proc arguments. o Introduce jailed() function to determine if a credential is jailed, rather than directly checking pointers all over the place. o Convert PRISON_CHECK() macro to prison_check() function. o Move jail() function prototypes to jail.h. o Emulate the P_JAILED flag in fill_kinfo_proc() and no longer set the flag in the process flags field itself. o Eliminate that "const" qualifier from suser/p_can/etc to reflect mutex use. Notes: o Some further cleanup of the linux/jail code is still required. o It's now possible to consider resolving some of the process vs credential based permission checking confusion in the socket code. o Mutex protection of struct prison is still not present, and is required to protect the reference count plus some fields in the structure. Reviewed by: freebsd-arch Obtained from: TrustedBSD Project
* Use predictable internal names for the sysvipc modules, so we have ades2001-01-141-3/+4
| | | | chance of getting dependencies working.
* sysvipc loadable.alfred2000-12-011-6/+58
| | | | | | new syscall entry lkmressys - "reserved loadable syscall" Make syscall_register allow overwriting of such entries (lkmressys).
* o Deny access to System V IPC from within jail by default, as in therwatson2000-10-311-0/+13
| | | | | | | | | | | | current implementation, jail neither virtualizes the Sys V IPC namespace, nor provides inter-jail protections on IPC objects. o Support for System V IPC can be enabled by setting jail.sysvipc_allowed=1 using sysctl. o This is not the "real fix" which involves virtualizing the System V IPC namespace, but prevents processes within jail from influencing those outside of jail when not approved by the administrator. Reported by: Paulo Fragoso <paulo@nlink.com.br>
* Convert all users of fldoff() to offsetof(). fldoff() is badphk2000-10-271-4/+0
| | | | | | | | | | | | | | | | | | | | | | | because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde
* Move the MSG* and SEM* options to opt_sysvipc.hpeter2000-05-011-14/+129
| | | | | | | | | | | | | | | Remove evil allocation macros from machdep.c (why was that there???) and use malloc() instead. Move paramters out of param.h and into the code itself. Move a bunch of internal definitions from public sys/*.h headers (without #ifdef _KERNEL even) into the code itself. I had hoped to make some of this more dynamic, but the cost of doing wakeups on all sleeping processes on old arrays was too frightening. The other possibility is to initialize on the first use, and allow dynamic sysctl changes to parameters right until that point. That would allow /etc/rc.sysctl to change SEM* and MSG* defaults as we presently do with SHM*, but without the nightmare of changing a running system.
* Remove the undocumented, flawed, broken-as-designed semconfig() syscall.peter2000-05-011-79/+2
|
* Remove #ifdef for sem_wakeup() - we just use wakeup().peter2000-03-301-10/+2
|
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* Change suser_xxx() to suser() where it applies.phk1999-04-271-14/+13
|
* Fixed problems with kernel config file overrides of sysv semaphoredillon1998-12-141-2/+2
| | | | | | | parameters. Prior to this fix a kernel config override would effect only some of the kernel files, resulting in panics. PR: kern/9068
* Eradicate the variable "time" from the kernel, using various measures.phk1998-03-301-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "time" wasn't a atomic variable, so splfoo() protection were needed around any access to it, unless you just wanted the seconds part. Most uses of time.tv_sec now uses the new variable time_second instead. gettime() changed to getmicrotime(0. Remove a couple of unneeded splfoo() protections, the new getmicrotime() is atomic, (until Bruce sets a breakpoint in it). A couple of places needed random data, so use read_random() instead of mucking about with time which isn't random. Add a new nfs_curusec() function. Mark a couple of bogosities involving the now disappeard time variable. Update ffs_update() to avoid the weird "== &time" checks, by fixing the one remaining call that passwd &time as args. Change profiling in ncr.c to use ticks instead of time. Resolution is the same. Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call hzto() which subtracts time" sequences. Reviewed by: bde
* Move the "retval" (3rd) parameter from all syscall functions and putphk1997-11-061-21/+15
| | | | | | | | | | | | it in struct proc instead. This fixes a boatload of compiler warning, and removes a lot of cruft from the sources. I have not removed the /*ARGSUSED*/, they will require some looking at. libkvm, ps and other userland struct proc frobbing programs will need recompiled.
* Removed unused #includes.bde1997-08-021-3/+1
|
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Clean up -Wunused warnings.gpalmer1996-06-121-2/+1
| | | | Reviewed by: bde
* Somehow managed to miss these four files when converting the SYSV IPCwollman1996-01-051-1/+3
| | | | options over to the new style.
* Gack - if you're going to call semexit() from elsewhere, it shouldn'tjkh1995-12-281-2/+2
| | | | be static.. :-)
* Call semexit() from exit(), in order to process `undo vectors'.joerg1995-12-271-2/+1
| | | | This function has actually never been called.
* Update sysv_*.c to get their argument definitions from sysproto.hpeter1995-12-151-14/+27
|
* A Major staticize sweep. Generates a couple of warnings that I'll dealphk1995-12-141-14/+16
| | | | | | with later. A number of unused vars removed. A number of unused procs removed or #ifdefed.
* Start including <sys/sysproto.h> to get the correct args structs andbde1995-10-211-17/+38
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | prototypes for all syscalls. The args structs are still declared in comments as in VOP implementation functions. I don't like the duplication for this, but several more layers of changes are required to get it right. First we need to catch up with 4.4lite2, which uses macros to handle struct padding. Then we need to catch up with NetBSD, which passes the args correctly (as void *). Then we need to handle varargs functions and struct padding better. I think all the details can be hidden in machine-generated functions so that the args structs and verbose macros to reference them don't have to appear in the core sources. Add prototypes. Add bogus casts to hide the evil type puns exposed by the previous steps. &uap[1] was used to get at the args after the first. This worked because only the first arg in *uap was declared. This broke when the machine- genenerated args struct declared all the args (actually it declares extra args in some cases and depends on the user stack having some accessible junk after the last arg, not to mention the user args being on the stack. It isn't possible to declare a correct args struct for a varargs syscall). The msgsys(), semsys() and shmsys() syscall interfaces are BAD because they multiplex several syscalls that have different types of args. There was no reason to duplicate this sysv braindamage but now we're stuck with it. NetBSD has reimplemented the syscalls properly as separate syscalls #220-231. Declare static functions as static in both their prototype and their implementation (the latter is optional, and this misfeature was used). Remove gratuitous #includes. Continue cleaning up new init stuff.
* Fixed init functions argument type - caddr_t -> void *. Fixed a couple ofdg1995-09-091-3/+3
| | | | compiler warnings.
* Fix several sysinit functions that had the wrong type and unnecessarilybde1995-08-301-7/+4
| | | | | | | | | external linkage. Remove useless comments saying that SYSINIT() does system initialization. shm.c: Remove nearly useless comment that gave wrong pseudo-prototypes.
* Reviewed by: julian with quick glances by bruce and othersjulian1995-08-281-1/+8
| | | | | | | | | | | | | | | | | | | | | | Submitted by: terry (terry lambert) This is a composite of 3 patch sets submitted by terry. they are: New low-level init code that supports loadbal modules better some cleanups in the namei code to help terry in 16-bit character support some changes to the mount-root code to make it a little more modular.. NOTE: mounting root off cdrom or NFS MIGHT be broken as I haven't been able to test those cases.. certainly mounting root of disk still works just fine.. mfs should work but is untested. (tomorrows task) The low level init stuff includes a total rewrite of init_main.c to make it possible for new modules to have an init phase by simply adding an entry to a TEXT_SET (or is it DATA_SET) list. thus a new module can be added to the kernel without editing any other files other than the 'files' file.
OpenPOWER on IntegriCloud