| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
code that is still not safe. suser() reads p_ucred so it still needs
Giant for the time being. This should allow kern.giant.proc to be set
to 0 for the time being.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Move the network code from using cr_cansee() to check whether a
socket is visible to a requesting credential to using a new
function, cr_canseesocket(), which accepts a subject credential
and object socket. Implement cr_canseesocket() so that it does a
prison check, a uid check, and add a comment where shortly a MAC
hook will go. This will allow MAC policies to seperately
instrument the visibility of sockets from the visibility of
processes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
pointer which will then result in the allocated route's reference
count never being decremented. Just flood ping the localhost and
watch refcnt of the 127.0.0.1 route with netstat(1).
Submitted by: jayanth
Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed
ip_output() to be called with a NULL route pointer. The previous
paragraph shows why this was a bad idea in the first place.
MFC after: 0 days
|
| |
|
|
| |
lock as the data may be paged out and cause a fault.
|
| |
|
|
|
|
|
| |
check. I don't know how this went unnoticed for so long.
obtained from: NetBSD
MFC after: 7 days
|
| |
|
|
| |
Pointy hat to: jeff
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks. Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL. Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Discussed with: bde
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
NULL, turn warning printf's into panic's, since this call has been
restructured such that a NULL cred would result in a page fault anyway.
There appears to be one case where NULL is explicitly passed in in the
sysctl code, and this is believed to be in error, so will be modified.
Securelevels now always require a credential context so that per-jail
securelevels are properly implemented.
Obtained from: TrustedBSD Project
Sponsored by: NAI Labs
Discussed with: bde
|
| |
|
|
|
|
|
|
| |
3c996B-T, with the 5701 rev B5 ASIC). One thing that confuses me
still is that the 'link state change' bit in the status block seems
to change state an awful lot. I have a workaround for this in place
now, but it needs more investigation. For the moment though, this
is enough to get the driver to work with this card.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
made aware in jail environments. Supposedly something is broken, so
this should be backed out until further investigation proves otherwise,
or a proper fix can be provided.
|
| |
|
|
|
|
|
|
|
| |
This increases the number of concurrent outgoing connections from ~4000
to ~16000. Other OSes (Solaris, OS X, NetBSD) and many other NAT
products have already made this change without ill effects, so we
should not run into any problems.
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
method-based inter-process security checks. To do this, introduce
a new cr_seeotheruids(u1, u2) function, which encapsulates the
"see_other_uids" logic. Call out to this policy following the
jail security check for all of {debug,sched,see,signal} inter-process
checks. This more consistently enforces the check, and makes the
check easy to modify. Eventually, it may be that this check should
become a MAC policy, loaded via a module.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
|
| |
|
|
|
| |
This allows me to reimplement [sf]u{byte,word} as separate functions and not
as calls to copy{in,out}.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
soon because it's just getting harder and harder to find switches
that correctly implement the GET ALL NEXT subcommands for the SNS
protocol.
Latch up result out pointer and set a busy flag when we're looking
at the response queue. This allows for a cleaner way to make sure
we don't get multiple CPUs trying to read the same response queue
entries.
Change how isp_handle_other_response returns values (clarity).
Make PORT UNAVAILABLE the same as PORT LOGOUT (force a LIP).
Do some formatting changes.
MFC after: 0 days
|
| |
|
|
|
| |
and trapwrite().
o On i386/pc98, remove the (now) unused grow_stack().
|
| | |
|
| | |
|
| |
|
|
|
|
| |
previous commit.
Pointy hats to: arr, rwatson
|
| |
|
|
|
| |
register_t values.
- Implement an inline for isync.
|
| |
|
|
| |
implementations of intr_disable and intr_restore.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
with the NO_IPFILTER make.conf(5) knob.
(So that we can "make the-rest-of-the-world" again.)
|
| |
|
|
|
| |
this was only done as a side effect of calling cpu_mp_start(). I haven't
actually tested that this fixes UP kernels, but it feels about right.
|
| | |
|
| |
|
|
|
|
|
| |
intr_{disable,restore} as well as providing an implemenation of
intr_{disable,restore}.
Reviewed by: jake, rwatson, jhb
|
| |
|
|
|
| |
intr_{disable,restore} as well as providing an implemenation of
intr_{disable,restore}.
|
| |
|
|
| |
Reviewed by: jake, jhb, rwatson
|
| |
|
|
|
|
|
| |
This makes kernel builds with DIAGNOSTIC work again.
Apparently forgotten by: jhb
Might want to be checked by: jhb
|
| |
|
|
| |
Approved by: peter
|
| |
|
|
| |
Reviewed by: jake
|
| |
|
|
|
|
| |
was spammed with GetCurrentResources.
Submitted by: Munehiro Matsuda <haro@h4.dion.ne.jp>
|
| | |
|
| | |
|
| |
|
|
|
|
| |
profile.h and bus.h were excluded because there is currently WIP.
Reviewed by: tmm
|
| |
|
|
| |
Reviewd by: peter
|
| |
|
|
| |
Reveiwed by: benno
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount. Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case. In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place. This also removse td_cache_ucred from struct thread. This is
still only done #ifdef DIAGNOSTIC.
[ missed this file in the previous commit ]
Tested on: i386, alpha
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount. Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case. In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place. This also removse td_cache_ucred from struct thread. This is
still only done #ifdef DIAGNOSTIC.
Tested on: i386, alpha
|
| |
|
|
|
|
| |
- Add a cred_free_thread() function (conditional on DIAGNOSTICS) that drops
a per-thread ucred reference to be used in debugging code when leaving
the kernel.
|
| |
|
|
| |
Sponsored by: The Weather Channel
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
