| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
filesystem may hold the lock. Otherwise unavoidable deadlock will occur.
This shouldn't have any side effects as long as we hold vfs lock.
Obtained from: NetBSD
|
| |
|
|
|
| |
quite right on i386 as the CPU who runs statclock() doesn't have a valid
clockframe to calculate statistics with.
|
| |
|
|
|
|
| |
curproc was initialized. curproc == NULL was interpreted as matching
the process holding Giant... Just skip mtx_enter() and mtx_exit() in
trap() if (curproc == NULL && cold) (&& cold for safety).
|
| |
|
|
|
|
|
| |
They will be used by nullfs and other stacked filesystems to support full
cache coherency.
Reviewed in general by: mckusick, dillon
|
| |
|
|
| |
the alpha.
|
| |
|
|
|
|
| |
A couple of new warnings may be emitted during boot if drivers DTWT.
Tested by: George Cox <gjvc@gjvc.com>
|
| |
|
|
|
|
| |
idleproc pointers instead of our own for comparisons.
Submitted by: tegge
|
| |
|
|
| |
Submitted by: tegge
|
| |
|
|
| |
Reviewed by: peter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
released before sleeping and re-acquired before msleep
returns. A compatibility cpp macro has been provided for
tsleep to avoid changing all occurences of it in the kernel.
Remove an assertion that the Giant mutex be held before
calling tsleep or asleep.
This is intended to serve the same purpose as condition
variables, but does not preclude their addition in the
future.
Approved by: jasone
Obtained from: BSD/OS
|
| |
|
|
|
|
| |
"dirty buffers during shutdown" problem introduced by the SMPng commit.
Submitted by: tegge, cg
|
| |
|
|
| |
snprintf().
|
| | |
|
| |
|
|
| |
snprintf().
|
| |
|
|
| |
Submitted by: jhay
|
| |
|
|
| |
Reduce number of indirections by using already fetched values.
|
| |
|
|
| |
will be done correctly in the future.
|
| | |
|
| |
|
|
|
|
| |
__FILE__ and __LINE__ don't get expanded usefully in inline functions.
Add const to all witness*() arguments that are filenames.
|
| |
|
|
| |
without owning the Giant lock.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
were not present when dev_mkdb(8) was run.
First the dev_mkdb(8) database is searched, this caters for non-DEVFS
cases where people have renamed a device.
If that fails we ask the kernel using sysctl kern.devname if the device
driver has put a name in the dev_t. This covers DEVFS cloned devices.
If that also fails we format a string which isn't entirely useless.
|
| |
|
|
|
|
|
|
| |
macros that expand to pass filename and line number information. This is
necessary since we're using inline functions instead of macros now.
Add const to the filename pointers passed througout the mtx and witness
code.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
include:
* Mutual exclusion is used instead of spl*(). See mutex(9). (Note: The
alpha port is still in transition and currently uses both.)
* Per-CPU idle processes.
* Interrupts are run in their own separate kernel threads and can be
preempted (i386 only).
Partially contributed by: BSDi (BSD/OS)
Submissions by (at least): cp, dfr, dillon, grog, jake, jhb, sheldonh
|
| |
|
|
|
|
|
| |
debugging.
Acquired from: BSDi (BSD/OS)
Submitted by: dfr, grog, jake, jhb
|
| |
|
|
|
| |
to printf(). Any errors detected are not likely to be fatal, so it
should be safe to let things keep running.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update copyrights.
Introduce a new sysctl node:
net.inet.accf
Although acceptfilters need refcounting to be properly (safely) unloaded
as a temporary hack allow them to be unloaded if the sysctl
net.inet.accf.unloadable is set, this is really for developers who want
to work on thier own filters.
A near complete re-write of the accf_http filter:
1) Parse check if the request is HTTP/1.0 or HTTP/1.1 if not dump
to the application.
Because of the performance implications of this there is a sysctl
'net.inet.accf.http.parsehttpversion' that when set to non-zero
parses the HTTP version.
The default is to parse the version.
2) Check if a socket has filled and dump to the listener
3) optimize the way that mbuf boundries are handled using some voodoo
4) even though you'd expect accept filters to only be used on TCP
connections that don't use m_nextpkt I've fixed the accept filter
for socket connections that use this.
This rewrite of accf_http should allow someone to use them and maintain
full HTTP compliance as long as net.inet.accf.http.parsehttpversion is
set.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
sanity check, but it is too easy to run into, eg: making an ACL syscall
when no filesystems have the ACL implementation enabled.
The original reason for the panic was that the VOP_ vector had not been
assigned and therefor could not be passed down the stack.. and there
was no point passing it down since nothing implemented it anyway.
vop_defaultop entries could not pass it on because it had a zero (unknown)
vector that was indistinguishable from another unknown VOP vector.
Anyway, we can do something reasonable in this case, we shouldn't need
to panic here as there is a reasonable recovery option (return EOPNOTSUPP
and dont pass it down the stack).
Requested by: rwatson
|
| |
|
|
|
|
| |
tree.
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
| |
live in ``/boot/kernel/''.
Submitted by: Hisashi Hiramoto <hiramoto@phys.chs.nihon-u.ac.jp>
|
| |
|
|
| |
Reviewed by: peter
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
chgsbsize(), which are called rather frequently and may be called from an
interrupt context in the case of chgsbsize(). Instead, do the hash table
lookup and maintenance when credentials are changed, which is a lot less
frequent. Add pointers to the uidinfo structures to the ucred and pcred
structures for fast access. Pass a pointer to the credential to chgproccnt()
and chgsbsize() instead of passing the uid. Add a reference count to the
uidinfo structure and use it to decide when to free the structure rather
than freeing the structure when the resource consumption drops to zero.
Move the resource tracking code from kern_proc.c to kern_resource.c. Move
some duplicate code sequences in kern_prot.c to separate helper functions.
Change KASSERTs in this code to unconditional tests and calls to panic().
|
| |
|
|
| |
Remove race condition in vn_isdisk().
|
| |
|
|
|
|
| |
vn_finished_write() if IO_NODELOCKED is not set.
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
| |
extattr_{get,set} syscalls in the face of partial reads or writes.
Obtained from: TrustedBSD Project
|
| |
|
|
|
| |
what we picked. Otherwise it is anybody's guess as to where the
device ended up.
|
| |
|
|
|
|
| |
nanokernel.
The FreeBSD private mode hardpps Type 2 PLL has been removed.
|
| |
|
|
|
| |
to JOBST_JOBFINISHED) in case the aio_read() or aio_write() was performed
via the high-performance physio method, i.e., aio_qphysio().
|
| |
|
|
| |
support with extreme prejudice.
|
| |
|
|
|
|
|
| |
function which may lead to stack lossage and clobbered variables.
This isn't the case here, but there is no way to tell gcc that.
Work around this in a kinda bizzare way, but it shuts gcc up.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cloning infrastructure standard in kern_conf. Modules are now
the same with or without devfs support.
If you need to detect if devfs is present, in modules or elsewhere,
check the integer variable "devfs_present".
This happily removes an ugly hack from kern/vfs_conf.c.
This forces a rename of the eventhandler and the standard clone
helper function.
Include <sys/eventhandler.h> in <sys/conf.h>: it's a helper #include
like <sys/queue.h>
Remove all #includes of opt_devfs.h they no longer matter.
|
| |
|
|
|
|
|
| |
credential. Create a temporary copy of the current credential and
modify the copy.
Submitted by: tegge
|
| |
|
|
| |
Submitted by: tor
|
| |
|
|
|
|
|
|
| |
kern.ps_showallprocs. Apparently got lost in the merge process from
the capability patches. Now fixed.
Submitted by: jdp
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
| |
Thanks, Nickolay, for figuring out this is the problem.
Submitted by: Nickolay Dudorov <nnd@mail.nsk.ru>
|
| |
|
|
|
|
| |
kernel can instigate an orderly shutdown but still determine the form of
that shutdown. Make it possible eg. to cleanly shutdown and power off the
system under ACPI when the power button is pressed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
int p_can(p1, p2, operation, privused)
which allows specification of subject process, object process,
inter-process operation, and an optional call-by-reference privused
flag, allowing the caller to determine if privilege was required
for the call to succeed. This allows jail, kern.ps_showallprocs and
regular credential-based interaction checks to occur in one block of
code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL,
and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a
series of static function checks in kern_prot, which should not
be invoked directly.
o Commented out capabilities entries are included for some checks.
o Update most inter-process authorization to make use of p_can() instead
of manual checks, PRISON_CHECK(), P_TRESPASS(), and
kern.ps_showallprocs.
o Modify suser{,_xxx} to use const arguments, as it no longer modifies
process flags due to the disabling of ASU.
o Modify some checks/errors in procfs so that ENOENT is returned instead
of ESRCH, further improving concealment of processes that should not
be visible to other processes. Also introduce new access checks to
improve hiding of processes for procfs_lookup(), procfs_getattr(),
procfs_readdir(). Correct a bug reported by bp concerning not
handling the CREATE case in procfs_lookup(). Remove volatile flag in
procfs that caused apparently spurious qualifier warnigns (approved by
bde).
o Add comment noting that ktrace() has not been updated, as its access
control checks are different from ptrace(), whereas they should
probably be the same. Further discussion should happen on this topic.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
|
| |
|
|
|
|
|
|
|
|
|
|
| |
time being, the ASU accounting flag will no longer be available, but
may be reinstituted in the future once authorization have been redone.
As it is, the kernel went through contortions in access control to
avoid calling suser, which always set the flag. This will also allow
suser to accept const struct *{cred, proc} arguments.
Reviewed by: bde, green, phk, freebsd-security, others
Approved by: bde
Obtained from: TrustedBSD Project
|
| | |
|
