272461 |
03-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256281 |
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
256119 |
07-Oct-2013 |
dim |
Remove redundant declarations of szsigcode and sigcode in sys/i386/ibcs2/ibcs2_sysvec.c, to silence two gcc warnings.
Approved by: re (gjb) MFC after: 3 days
|
255426 |
09-Sep-2013 |
jhb |
Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping use an address in the first 2GB of the process's address space. This flag should have the same semantics as the same flag on Linux.
To facilitate this, add a new parameter to vm_map_find() that specifies an optional maximum virtual address. While here, fix several callers of vm_map_find() to use a VMFS_* constant for the findspace argument instead of TRUE and FALSE.
Reviewed by: alc Approved by: re (kib)
|
255219 |
05-Sep-2013 |
pjd |
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; };
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements.
The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
|
254025 |
07-Aug-2013 |
jeff |
Replace kernel virtual address space allocation with vmem. This provides transparent layering and better fragmentation.
- Normalize functions that allocate memory to use kmem_* - Those that allocate address space are named kva_* - Those that operate on maps are named kmap_* - Implement recursive allocation handling for kmem_arena in vmem.
Reviewed by: alc Tested by: pho Sponsored by: EMC / Isilon Storage Division
|
247602 |
02-Mar-2013 |
pjd |
Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer documented and should not be used in new code.
- The new syscall cap_rights_limit(2) should be used instead of cap_new(2), which limits capability rights of the given descriptor without creating a new one.
- The cap_getrights(2) syscall is renamed to cap_rights_get(2).
- If CAP_IOCTL capability right is present we can further reduce allowed ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed ioctls can be retrived with cap_ioctls_get(2) syscall.
- If CAP_FCNTL capability right is present we can further reduce fcntls that can be used with the new cap_fcntls_limit(2) syscall and retrive them with cap_fcntls_get(2).
- To support ioctl and fcntl white-listing the filedesc structure was heavly modified.
- The audit subsystem, kdump and procstat tools were updated to recognize new syscalls.
- Capability rights were revised and eventhough I tried hard to provide backward API and ABI compatibility there are some incompatible changes that are described in detail below:
CAP_CREATE old behaviour: - Allow for openat(2)+O_CREAT. - Allow for linkat(2). - Allow for symlinkat(2). CAP_CREATE new behaviour: - Allow for openat(2)+O_CREAT.
Added CAP_LINKAT: - Allow for linkat(2). ABI: Reuses CAP_RMDIR bit. - Allow to be target for renameat(2).
Added CAP_SYMLINKAT: - Allow for symlinkat(2).
Removed CAP_DELETE. Old behaviour: - Allow for unlinkat(2) when removing non-directory object. - Allow to be source for renameat(2).
Removed CAP_RMDIR. Old behaviour: - Allow for unlinkat(2) when removing directory.
Added CAP_RENAMEAT: - Required for source directory for the renameat(2) syscall.
Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR): - Allow for unlinkat(2) on any object. - Required if target of renameat(2) exists and will be removed by this call.
Removed CAP_MAPEXEC.
CAP_MMAP old behaviour: - Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and PROT_WRITE. CAP_MMAP new behaviour: - Allow for mmap(2)+PROT_NONE.
Added CAP_MMAP_R: - Allow for mmap(PROT_READ). Added CAP_MMAP_W: - Allow for mmap(PROT_WRITE). Added CAP_MMAP_X: - Allow for mmap(PROT_EXEC). Added CAP_MMAP_RW: - Allow for mmap(PROT_READ | PROT_WRITE). Added CAP_MMAP_RX: - Allow for mmap(PROT_READ | PROT_EXEC). Added CAP_MMAP_WX: - Allow for mmap(PROT_WRITE | PROT_EXEC). Added CAP_MMAP_RWX: - Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).
Renamed CAP_MKDIR to CAP_MKDIRAT. Renamed CAP_MKFIFO to CAP_MKFIFOAT. Renamed CAP_MKNODE to CAP_MKNODEAT.
CAP_READ old behaviour: - Allow pread(2). - Disallow read(2), readv(2) (if there is no CAP_SEEK). CAP_READ new behaviour: - Allow read(2), readv(2). - Disallow pread(2) (CAP_SEEK was also required).
CAP_WRITE old behaviour: - Allow pwrite(2). - Disallow write(2), writev(2) (if there is no CAP_SEEK). CAP_WRITE new behaviour: - Allow write(2), writev(2). - Disallow pwrite(2) (CAP_SEEK was also required).
Added convinient defines:
#define CAP_PREAD (CAP_SEEK | CAP_READ) #define CAP_PWRITE (CAP_SEEK | CAP_WRITE) #define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ) #define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE) #define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL) #define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W) #define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X) #define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X) #define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X) #define CAP_RECV CAP_READ #define CAP_SEND CAP_WRITE
#define CAP_SOCK_CLIENT \ (CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \ CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN) #define CAP_SOCK_SERVER \ (CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \ CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \ CAP_SETSOCKOPT | CAP_SHUTDOWN)
Added defines for backward API compatibility:
#define CAP_MAPEXEC CAP_MMAP_X #define CAP_DELETE CAP_UNLINKAT #define CAP_MKDIR CAP_MKDIRAT #define CAP_RMDIR CAP_UNLINKAT #define CAP_MKFIFO CAP_MKFIFOAT #define CAP_MKNOD CAP_MKNODAT #define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER)
Sponsored by: The FreeBSD Foundation Reviewed by: Christoph Mallon <christoph.mallon@gmx.de> Many aspects discussed with: rwatson, benl, jonathan ABI compatibility discussed with: kib
|
242476 |
02-Nov-2012 |
kib |
The r241025 fixed the case when a binary, executed from nullfs mount, was still possible to open for write from the lower filesystem. There is a symmetric situation where the binary could already has file descriptors opened for write, but it can be executed from the nullfs overlay.
Handle the issue by passing one v_writecount reference to the lower vnode if nullfs vnode has non-zero v_writecount. Note that only one write reference can be donated, since nullfs only keeps one use reference on the lower vnode. Always use the lower vnode v_writecount for the checks.
Introduce the VOP_GET_WRITECOUNT to read v_writecount, which is currently always bypassed to the lower vnode, and VOP_ADD_WRITECOUNT to manipulate the v_writecount value, which manages a single bypass reference to the lower vnode. Caling the VOPs instead of directly accessing v_writecount provide the fix described in the previous paragraph.
Tested by: pho MFC after: 3 weeks
|
241896 |
22-Oct-2012 |
kib |
Remove the support for using non-mpsafe filesystem modules.
In particular, do not lock Giant conditionally when calling into the filesystem module, remove the VFS_LOCK_GIANT() and related macros. Stop handling buffers belonging to non-mpsafe filesystems.
The VFS_VERSION is bumped to indicate the interface change which does not result in the interface signatures changes.
Conducted and reviewed by: attilio Tested by: pho
|
241394 |
10-Oct-2012 |
kevlo |
Revert previous commit...
Pointyhat to: kevlo (myself)
|
241370 |
09-Oct-2012 |
kevlo |
Prefer NULL over 0 for pointers
|
231885 |
17-Feb-2012 |
kib |
Fix misuse of the kernel map in miscellaneous image activators. Vnode-backed mappings cannot be put into the kernel map, since it is a system map.
Use exec_map for transient mappings, and remove the mappings with kmem_free_wakeup() to notify the waiters on available map space.
Do not map the whole executable into KVA at all to copy it out into usermode. Directly use vn_rdwr() for the case of not page aligned binary.
There is one place left where the potentially unbounded amount of data is mapped into exec_map, namely, in the COFF image activator enumeration of the needed shared libraries.
Reviewed by: alc MFC after: 2 weeks
|
230132 |
15-Jan-2012 |
uqs |
Convert files to UTF-8
|
229272 |
02-Jan-2012 |
ed |
Use strchr() and strrchr().
It seems strchr() and strrchr() are used more often than index() and rindex(). Therefore, simply migrate all kernel code to use it.
For the XFS code, remove an empty line to make the code identical to the code in the Linux kernel.
|
227692 |
19-Nov-2011 |
ed |
Regenerate system call tables.
|
227691 |
19-Nov-2011 |
ed |
Improve *access*() parameter name consistency.
The current code mixes the use of `flags' and `mode'. This is a bit confusing, since the faccessat() function as a `flag' parameter to store the AT_ flag.
Make this less confusing by using the same name as used in the POSIX specification -- `amode'.
|
225618 |
16-Sep-2011 |
kmacy |
Auto-generated code from sys_ prefixing makesyscalls.sh change
Approved by: re(bz)
|
225617 |
16-Sep-2011 |
kmacy |
In order to maximize the re-usability of kernel code in user space this patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls.
Reviewed by: rwatson Approved by: re (bz)
|
224778 |
11-Aug-2011 |
rwatson |
Second-to-last commit implementing Capsicum capabilities in the FreeBSD kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system call code to declare what capabilities are required when an integer file descriptor is converted into an in-kernel struct file *. With options CAPABILITIES compiled into the kernel, this enforces capability protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve information about the maximum rights at the time of mapping in the memory map so that they can later be enforced in mprotect(2) -- this is done by narrowing the rights in the existing max_protection field used for similar purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability mode, as we're not yet ready to enforce namespace capabilities there. This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they represent.
Approved by: re (bz) Submitted by: jonathan Sponsored by: Google Inc
|
224613 |
02-Aug-2011 |
kib |
Corrections for the iBCS2 support that seems to regressed from 4.x times.
In particular: - fix format specifiers in the DPRINTFs; - do not use kernel_map for temporal mapping backed by the vnode, this cannot work since kernel map is a system map. Use exec_map instead. - ignore error code from an attempt to insert the hole. If supposed hole is located at the region already populated by .bss, it is not an error. - correctly translate vm error codes to errno, when appropriate.
Reported and tested by: Rich Naill <rich enterprisesystems net> Approved by: re (kensmith) MFC after: 1 week
|
224126 |
17-Jul-2011 |
ed |
Restore binary compatibility for GIO_KEYMAP and PIO_KEYMAP.
Back in 2009 I changed the ABI of the GIO_KEYMAP and PIO_KEYMAP ioctls to support wide characters. I created a patch to add ABI compatibility for the old calls, but I didn't get any feedback to that.
It seems now people are upgrading from 8 to 9 they experience this issue, so add it anyway.
|
219405 |
08-Mar-2011 |
dchagin |
Extend struct sysvec with new method sv_schedtail, which is used for an explicit process at fork trampoline path instead of eventhadler(schedtail) invocation for each child process.
Remove eventhandler(schedtail) code and change linux ABI to use newly added sysvec method.
While here replace explicit comparing of module sysentvec structure with the newly created process sysentvec to detect the linux ABI.
Discussed with: kib
MFC after: 2 Week
|
213716 |
12-Oct-2010 |
kib |
Add macro DECLARE_MODULE_TIED to denote a module as requiring the kernel of exactly the same __FreeBSD_version as the headers module was compiled against.
Mark our in-tree ABI emulators with DECLARE_MODULE_TIED. The modules use kernel interfaces that the Release Engineering Team feel are not stable enough to guarantee they will not change during the life cycle of a STABLE branch. In particular, the layout of struct sysentvec is declared to be not part of the STABLE KBI.
Discussed with: bz, rwatson Approved by: re (bz, kensmith) MFC after: 2 weeks
|
209581 |
28-Jun-2010 |
kib |
Regenerate
|
208453 |
23-May-2010 |
kib |
Reorganize syscall entry and leave handling.
Extend struct sysvec with three new elements: sv_fetch_syscall_args - the method to fetch syscall arguments from usermode into struct syscall_args. The structure is machine-depended (this might be reconsidered after all architectures are converted). sv_set_syscall_retval - the method to set a return value for usermode from the syscall. It is a generalization of cpu_set_syscall_retval(9) to allow ABIs to override the way to set a return value. sv_syscallnames - the table of syscall names.
Use sv_set_syscall_retval in kern_sigsuspend() instead of hardcoding the call to cpu_set_syscall_retval().
The new functions syscallenter(9) and syscallret(9) are provided that use sv_*syscall* pointers and contain the common repeated code from the syscall() implementations for the architecture-specific syscall trap handlers.
Syscallenter() fetches arguments, calls syscall implementation from ABI sysent table, and set up return frame. The end of syscall bookkeeping is done by syscallret().
Take advantage of single place for MI syscall handling code and implement ptrace_lwpinfo pl_flags PL_FLAG_SCE, PL_FLAG_SCX and PL_FLAG_EXEC. The SCE and SCX flags notify the debugger that the thread is stopped at syscall entry or return point respectively. The EXEC flag augments SCX and notifies debugger that the process address space was changed by one of exec(2)-family syscalls.
The i386, amd64, sparc64, sun4v, powerpc and ia64 syscall()s are changed to use syscallenter()/syscallret(). MIPS and arm are not converted and use the mostly unchanged syscall() implementation.
Reviewed by: jhb, marcel, marius, nwhitehorn, stas Tested by: marcel (ia64), marius (sparc64), nwhitehorn (powerpc), stas (mips) MFC after: 1 month
|
205792 |
28-Mar-2010 |
ed |
Rename st_*timespec fields to st_*tim for POSIX 2008 compliance.
A nice thing about POSIX 2008 is that it finally standardizes a way to obtain file access/modification/change times in sub-second precision, namely using struct timespec, which we already have for a very long time. Unfortunately POSIX uses different names.
This commit adds compatibility macros, so existing code should still build properly. Also change all source code in the kernel to work without any of the compatibility macros. This makes it all a less ambiguous.
I am also renaming st_birthtime to st_birthtim, even though it was a local extension anyway. It seems Cygwin also has a st_birthtim.
|
203660 |
08-Feb-2010 |
ed |
Remove unused LIBCOMPAT keyword from syscalls.master.
|
202342 |
15-Jan-2010 |
brooks |
Only allocate the space we need before calling kern_getgroups instead of allocating what ever the user asks for up to "ngroups_max + 1". On systems with large values of kern.ngroups this will be more efficient.
The now redundant check that the array is large enough in kern_getgroups() is deliberate to allow this change to be merged to stable/8 without breaking potential third party consumers of the API.
Reported by: bde MFC after: 28 days
|
202143 |
12-Jan-2010 |
brooks |
Replace the static NGROUPS=NGROUPS_MAX+1=1024 with a dynamic kern.ngroups+1. kern.ngroups can range from NGROUPS_MAX=1023 to INT_MAX-1. Given that the Windows group limit is 1024, this range should be sufficient for most applications.
MFC after: 1 month
|
197064 |
10-Sep-2009 |
des |
As jhb@ pointed out to me, r197057 was incorrect, not least because these are generated files.
|
195458 |
08-Jul-2009 |
trasz |
There is an optimization in chmod(1), that makes it not to call chmod(2) if the new file mode is the same as it was before; however, this optimization must be disabled for filesystems that support NFSv4 ACLs. Chmod uses pathconf(2) to determine whether this is the case - however, pathconf(2) always follows symbolic links, while the 'chmod -h' doesn't.
This change adds lpathconf(3) to make it possible to solve that problem in a clean way.
Reviewed by: rwatson (earlier version) Approved by: re (kib)
|
194942 |
25-Jun-2009 |
rwatson |
Fix ibcs2_ipc.c build by adding missing limits.h include.
Submitted by: keramida
|
194910 |
24-Jun-2009 |
jhb |
Change the ABI of some of the structures used by the SYSV IPC API: - The uid/cuid members of struct ipc_perm are now uid_t instead of unsigned short. - The gid/cgid members of struct ipc_perm are now gid_t instead of unsigned short. - The mode member of struct ipc_perm is now mode_t instead of unsigned short (this is merely a style bug). - The rather dubious padding fields for ABI compat with SV/I386 have been removed from struct msqid_ds and struct semid_ds. - The shm_segsz member of struct shmid_ds is now a size_t instead of an int. This removes the need for the shm_bsegsz member in struct shmid_kernel and should allow for complete support of SYSV SHM regions >= 2GB. - The shm_nattch member of struct shmid_ds is now an int instead of a short. - The shm_internal member of struct shmid_ds is now gone. The internal VM object pointer for SHM regions has been moved into struct shmid_kernel. - The existing __semctl(), msgctl(), and shmctl() system call entries are now marked COMPAT7 and new versions of those system calls which support the new ABI are now present. - The new system calls are assigned to the FBSD-1.1 version in libc. The FBSD-1.0 symbols in libc now refer to the old COMPAT7 system calls. - A simplistic framework for tagging system calls with compatibility symbol versions has been added to libc. Version tags are added to system calls by adding an appropriate __sym_compat() entry to src/lib/libc/incldue/compat.h. [1]
PR: kern/16195 kern/113218 bin/129855 Reviewed by: arch@, rwatson Discussed with: kan, kib [1]
|
194552 |
20-Jun-2009 |
brooks |
Use NGROUPS instead of NGROUPS_MAX as the limits on setgroups and getgroups for ibcs emulation. It seems vanishingly likely any programs will actually be affected since they probably assume a much lower value and use a static array size.
|
194498 |
19-Jun-2009 |
brooks |
Rework the credential code to support larger values of NGROUPS and NGROUPS_MAX, eliminate ABI dependencies on them, and raise the to 1024 and 1023 respectively. (Previously they were equal, but under a close reading of POSIX, NGROUPS_MAX was defined to be too large by 1 since it is the number of supplemental groups, not total number of groups.)
The bulk of the change consists of converting the struct ucred member cr_groups from a static array to a pointer. Do the equivalent in kinfo_proc.
Introduce new interfaces crcopysafe() and crsetgroups() for duplicating a process credential before modifying it and for setting group lists respectively. Both interfaces take care for the details of allocating groups array. crsetgroups() takes care of truncating the group list to the current maximum (NGROUPS) if necessary. In the future, crsetgroups() may be responsible for insuring invariants such as sorting the supplemental groups to allow groupmember() to be implemented as a binary search.
Because we can not change struct xucred without breaking application ABIs, we leave it alone and introduce a new XU_NGROUPS value which is always 16 and is to be used or NGRPS as appropriate for things such as NFS which need to use no more than 16 groups. When feasible, truncate the group list rather than generating an error.
Minor changes: - Reduce the number of hand rolled versions of groupmember(). - Do not assign to both cr_gid and cr_groups[0]. - Modify ipfw to cache ucreds instead of part of their contents since they are immutable once referenced by more than one entity.
Submitted by: Isilon Systems (initial implementation) X-MFC after: never PR: bin/113398 kern/133867
|
194391 |
17-Jun-2009 |
jhb |
Regen for added flags field.
|
193511 |
05-Jun-2009 |
rwatson |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
193235 |
01-Jun-2009 |
rwatson |
Regenerate generated syscall files following changes to struct sysent in r193234.
|
193066 |
29-May-2009 |
jamie |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed.
Approved by: bz (mentor)
|
191921 |
08-May-2009 |
ed |
Regenerate system call tables to use SVN ids.
|
191920 |
08-May-2009 |
ed |
Regenerate ibcs2 system call table.
|
191919 |
08-May-2009 |
ed |
Burn TTY ioctl bridges in compat layers.
I really don't want any pieces of code to include ioctl_compat.h, so let the ibcs2 and svr4 compat leave sgtty alone. If they want to support sgtty, they should emulate it on top of termios, not sgtty.
The code has been marked with BURN_BRIDGES for a long time. ibcs2 and svr4 are not really popular pieces of code anyway.
|
191915 |
08-May-2009 |
zec |
Introduce a new virtualization container, provisionally named vprocg, to hold virtualized instances of hostname and domainname, as well as a new top-level virtualization struct vimage, which holds pointers to struct vnet and struct vprocg. Struct vprocg is likely to become replaced in the near future with a new jail management API import.
As a consequence of this change, change struct ucred to point to a struct vimage, instead of directly pointing to a vnet.
Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage branch.
Permit kldload / kldunload operations to be executed only from the default vimage context.
This change should have no functional impact on nooptions VIMAGE kernel builds.
Reviewed by: bz Approved by: julian (mentor)
|
188937 |
23-Feb-2009 |
jhb |
FreeBSD/i386 doesn't include a software FPU emulator anymore, so adjust an iBCS2 syscall to indicate that there is no FPU support at all rather than emulated support if an FPU is not present.
|
188588 |
13-Feb-2009 |
jhb |
Use shared vnode locks when invoking VOP_READDIR().
MFC after: 1 month
|
186564 |
29-Dec-2008 |
ed |
Push down Giant inside sysctl. Also add some more assertions to the code.
In the existing code we didn't really enforce that callers hold Giant before calling userland_sysctl(), even though there is no guarantee it is safe. Fix this by just placing Giant locks around the call to the oid handler. This also means we only pick up Giant for a very short period of time. Maybe we should add MPSAFE flags to sysctl or phase it out all together.
I've also added SYSCTL_LOCK_ASSERT(). We have to make sure sysctl_root() and name2oid() are called with the sysctl lock held.
Reviewed by: Jille Timmermans <jille quis cx>
|
185169 |
22-Nov-2008 |
kib |
Add sv_flags field to struct sysentvec with intention to provide description of the ABI of the currently executing image. Change some places to test the flags instead of explicit comparing with address of known sysentvec structures to determine ABI features.
Discussed with: dchagin, imp, jhb, peter
|
183322 |
24-Sep-2008 |
kib |
Change the static struct sysentvec and struct Elf_Brandinfo initializers to the C99 style. At least, it is easier to read sysent definitions that way, and search for the actual instances of sigcode etc.
Explicitely initialize sysentvec.sv_maxssiz that was missed in most sysvecs.
No objection from: jhb MFC after: 1 month
|
182371 |
28-Aug-2008 |
attilio |
Decontextualize the couplet VOP_GETATTR / VOP_SETATTR as the passed thread was always curthread and totally unuseful.
Tested by: Giovanni Trematerra <giovanni dot trematerra at gmail dot com>
|
181905 |
20-Aug-2008 |
ed |
Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to make it friendly to use. A good example is the output path, where the device drivers directly access the output buffers. This means that an in-kernel PPP implementation must always convert network buffers into TTY buffers.
If a PPP implementation would be built on top of the new TTY layer (still needs a hooks layer, though), it would allow the PPP implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from the system. This implementation has a two-step destructing design, where the driver first abandons the TTY. After all threads have left the TTY, the TTY layer calls a routine in the driver, which can be used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected to improve scalability when compared to the old Giant locking. Another change is the unbuffered copying to userspace, which is both used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions, existing kernel configuration files do not need to be changed, except when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/... Approved by: philip (ex-mentor) Discussed: on the lists, at BSDCan, at the DevSummit Sponsored by: Snow B.V., the Netherlands dcons(4) fixed by: kan
|
181803 |
17-Aug-2008 |
bz |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
180291 |
05-Jul-2008 |
rwatson |
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates.
Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted.
MFC after: 3 weeks
|
177997 |
08-Apr-2008 |
kib |
Implement the linux syscalls openat, mkdirat, mknodat, fchownat, futimesat, fstatat, unlinkat, renameat, linkat, symlinkat, readlinkat, fchmodat, faccessat.
Submitted by: rdivacky Sponsored by: Google Summer of Code 2007 Tested by: pho
|
177785 |
31-Mar-2008 |
kib |
Add the support for the AT_FDCWD and fd-relative name lookups to the namei(9).
Based on the submission by rdivacky, sponsored by Google Summer of Code 2007 Reviewed by: rwatson, rdivacky Tested by: pho
|
177633 |
26-Mar-2008 |
dfr |
Add the new kernel-mode NFS Lock Manager. To use it instead of the user-mode lock manager, build a kernel with the NFSLOCKD option and add '-k' to 'rpc_lockd_flags' in rc.conf.
Highlights include:
* Thread-safe kernel RPC client - many threads can use the same RPC client handle safely with replies being de-multiplexed at the socket upcall (typically driven directly by the NIC interrupt) and handed off to whichever thread matches the reply. For UDP sockets, many RPC clients can share the same socket. This allows the use of a single privileged UDP port number to talk to an arbitrary number of remote hosts.
* Single-threaded kernel RPC server. Adding support for multi-threaded server would be relatively straightforward and would follow approximately the Solaris KPI. A single thread should be sufficient for the NLM since it should rarely block in normal operation.
* Kernel mode NLM server supporting cancel requests and granted callbacks. I've tested the NLM server reasonably extensively - it passes both my own tests and the NFS Connectathon locking tests running on Solaris, Mac OS X and Ubuntu Linux.
* Userland NLM client supported. While the NLM server doesn't have support for the local NFS client's locking needs, it does have to field async replies and granted callbacks from remote NLMs that the local client has contacted. We relay these replies to the userland rpc.lockd over a local domain RPC socket.
* Robust deadlock detection for the local lock manager. In particular it will detect deadlocks caused by a lock request that covers more than one blocking request. As required by the NLM protocol, all deadlock detection happens synchronously - a user is guaranteed that if a lock request isn't rejected immediately, the lock will eventually be granted. The old system allowed for a 'deferred deadlock' condition where a blocked lock request could wake up and find that some other deadlock-causing lock owner had beaten them to the lock.
* Since both local and remote locks are managed by the same kernel locking code, local and remote processes can safely use file locks for mutual exclusion. Local processes have no fairness advantage compared to remote processes when contending to lock a region that has just been unlocked - the local lock manager enforces a strict first-come first-served model for both local and remote lockers.
Sponsored by: Isilon Systems PR: 95247 107555 115524 116679 MFC after: 2 weeks
|
177091 |
12-Mar-2008 |
jeff |
Remove kernel support for M:N threading.
While the KSE project was quite successful in bringing threading to FreeBSD, the M:N approach taken by the kse library was never developed to its full potential. Backwards compatibility will be provided via libmap.conf for dynamically linked binaries and static binaries will be broken.
|
175294 |
13-Jan-2008 |
attilio |
VOP_LOCK1() (and so VOP_LOCK()) and VOP_UNLOCK() are only used in conjuction with 'thread' argument passing which is always curthread. Remove the unuseful extra-argument and pass explicitly curthread to lower layer functions, when necessary.
KPI results broken by this change, which should affect several ports, so version bumping and manpage update will be further committed.
Tested by: kris, pho, Diego Sardina <siarodx at gmail dot com>
|
175202 |
10-Jan-2008 |
attilio |
vn_lock() is currently only used with the 'curthread' passed as argument. Remove this argument and pass curthread directly to underlying VOP_LOCK1() VFS method. This modify makes the code cleaner and in particular remove an annoying dependence helping next lockmgr() cleanup. KPI results, obviously, changed.
Manpage and FreeBSD_version will be updated through further commits.
As a side note, would be valuable to say that next commits will address a similar cleanup about VFS methods, in particular vop_lock1 and vop_unlock.
Tested by: Diego Sardina <siarodx at gmail dot com>, Andrea Di Pasquale <whyx dot it at gmail dot com>
|
173361 |
05-Nov-2007 |
kib |
Fix for the panic("vm_thread_new: kstack allocation failed") and silent NULL pointer dereference in the i386 and sparc64 pmap_pinit() when the kmem_alloc_nofault() failed to allocate address space. Both functions now return error instead of panicing or dereferencing NULL.
As consequence, vmspace_exec() and vmspace_unshare() returns the errno int. struct vmspace arg was added to vm_forkproc() to avoid dealing with failed allocation when most of the fork1() job is already done.
The kernel stack for the thread is now set up in the thread_alloc(), that itself may return NULL. Also, allocation of the first process thread is performed in the fork1() to properly deal with stack allocation failure. proc_linkup() is separated into proc_linkup() called from fork1(), and proc_linkup0(), that is used to set up the kernel process (was known as swapper).
In collaboration with: Peter Holm Reviewed by: jhb
|
172930 |
24-Oct-2007 |
rwatson |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
171227 |
05-Jul-2007 |
peter |
Remove pad argument from ftruncate wrapper. Oops.
Approved by: re (kensmith)
|
170152 |
31-May-2007 |
kib |
Revert UF_OPENING workaround for CURRENT. Change the VOP_OPEN(), vn_open() vnode operation and d_fdopen() cdev operation argument from being file descriptor index into the pointer to struct file.
Proposed and reviewed by: jhb Reviewed by: daichi (unionfs) Approved by: re (kensmith)
|
167900 |
26-Mar-2007 |
jhb |
Fix a silly bogon that broke ibcs2_rename().
CID: 1065 Found by: Coverity Prevent (tm) Reported by: netchild
|
167086 |
27-Feb-2007 |
jhb |
Use pause() rather than tsleep() on stack variables and function pointers.
|
166074 |
17-Jan-2007 |
delphij |
Use FOREACH_PROC_IN_SYSTEM instead of using its unrolled form.
|
164184 |
11-Nov-2006 |
trhodes |
Merge posix4/* into normal kernel hierarchy.
Reviewed by: glanced at by jhb Approved by: silence on -arch@ and -standards@
|
164033 |
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
163606 |
22-Oct-2006 |
rwatson |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
162954 |
02-Oct-2006 |
phk |
First part of a little cleanup in the calendar/timezone/RTC handling.
Move relevant variables to <sys/clock.h> and fix #includes as necessary.
Use libkern's much more time- & spamce-efficient BCD routines.
|
161330 |
15-Aug-2006 |
jhb |
Regen to propogate <prefix>_AUE_<mumble> changes as well as the earlier systrace changes.
|
161328 |
15-Aug-2006 |
jhb |
- Remove unused sysvec variables from various syscalls.conf. - Send the systrace_args files for all the compat ABIs to /dev/null for now. Right now makesyscalls.sh generates a file with a hardcoded function name, so it wouldn't work for any of the ABIs anyway. Probably the function name should be configurable via a 'systracename' variable and the functions should be stored in a function pointer in the sysvec structure.
|
160799 |
28-Jul-2006 |
jhb |
Regen for MPSAFE flag removal.
|
160798 |
28-Jul-2006 |
jhb |
Now that all system calls are MPSAFE, retire the SYF_MPSAFE flag used to mark system calls as being MPSAFE: - Stop conditionally acquiring Giant around system call invocations. - Remove all of the 'M' prefixes from the master system call files. - Remove support for the 'M' prefix from the script that generates the syscall-related files from the master system call files. - Don't explicitly set SYF_MPSAFE when registering nfssvc.
|
160352 |
14-Jul-2006 |
jhb |
Regen.
|
160351 |
14-Jul-2006 |
jhb |
Somewhat surprisingly, ibcs2_ioctl() is MPSAFE as it is without needing any further fixes.
|
160350 |
14-Jul-2006 |
jhb |
Regen.
|
160349 |
14-Jul-2006 |
jhb |
Mark ibcs2_mount() (just returns EINVAL) and ibcs2_umount() (just calls unmount(2)) MPSAFE.
|
160347 |
14-Jul-2006 |
jhb |
Regen.
|
160346 |
14-Jul-2006 |
jhb |
ibcs2_sigprocmask() is already marked MPSAFE in syscalls.xenix, so mark it MPSAFE in syscalls.isc.
|
160277 |
11-Jul-2006 |
jhb |
Regen.
|
160276 |
11-Jul-2006 |
jhb |
- Add conditional VFS Giant locking to getdents_common() (linux ABIs), ibcs2_getdents(), ibcs2_read(), ogetdirentries(), svr4_sys_getdents(), and svr4_sys_getdents64() similar to that in getdirentries(). - Mark ibcs2_getdents(), ibcs2_read(), linux_getdents(), linux_getdents64(), linux_readdir(), ogetdirentries(), svr4_sys_getdents(), and svr4_sys_getdents64() MPSAFE.
|
160241 |
10-Jul-2006 |
jhb |
Retire the stackgap macros from ibcs2 as they are no longer used. Push the includes of <sys/exec.h> and <sys/sysent.h> down into the only files that now need them.
|
160238 |
10-Jul-2006 |
jhb |
Regen.
|
160237 |
10-Jul-2006 |
jhb |
Mark ibcs2_msgsys(), ibcs2_semsys(), and ibcs2_shmsys() MPSAFE.
|
160193 |
08-Jul-2006 |
jhb |
Regen.
|
160192 |
08-Jul-2006 |
jhb |
- Split ioctl() up into ioctl() and kern_ioctl(). The kern_ioctl() assumes that the 'data' pointer is already setup to point to a valid KVM buffer or contains the copied-in data from userland as appropriate (ioctl(2) still does this). kern_ioctl() takes care of looking up a file pointer, implementing FIONCLEX and FIOCLEX, and calling fi_ioctl(). - Use kern_ioctl() to implement xenix_rdchk() instead of using the stackgap and mark xenix_rdchk() MPSAFE.
|
160191 |
08-Jul-2006 |
jhb |
Use kern_connect() in spx_open() to avoid the need for the stackgap. I also used kern_close() for simplicity though close(2) wasn't requiring the use of the stackgap.
|
160189 |
08-Jul-2006 |
jhb |
- Split the IBCS2 ipc foosys() system calls up into subfunctions matching the organization in svr4_ipc.c. - Use kern_msgctl(), kern_semctl(), and kern_shmctl() instead of the stackgap.
|
160188 |
08-Jul-2006 |
jhb |
Use ibsc2_key_t rather than key_t.
|
160140 |
06-Jul-2006 |
jhb |
Regen.
|
160139 |
06-Jul-2006 |
jhb |
Add kern_setgroups() and kern_getgroups() and use them to implement ibcs2_[gs]etgroups() rather than using the stackgap. This also makes ibcs2_[gs]etgroups() MPSAFE. Also, it cleans up one bit of weirdness in the old setgroups() where it allocated an entire credential just so it had a place to copy the group list into. Now setgroups just allocates a NGROUPS_MAX array on the stack that it copies into and then passes to kern_setgroups().
|
160138 |
06-Jul-2006 |
jhb |
Use the regular poll(2) function to implement poll(2) for the IBCS2 compat ABI as FreeBSD's poll(2) is ABI compatible. The ibcs2_poll() function attempted to implement poll(2) using a wrapper around select(2). Besides being somewhat ugly, it also had at least one bug in that instead of allocating complete fdset's on the stack via the stackgap it just allocated pointers to fdsets.
|
155404 |
06-Feb-2006 |
rwatson |
Regenerate.
|
155403 |
06-Feb-2006 |
rwatson |
Assign audit event identifiers to ibcs2 system calls.
Obtained from: TrustedBSD Project
|
155402 |
06-Feb-2006 |
jhb |
- Always call exec_free_args() in kern_execve() instead of doing it in all the callers if the exec either succeeds or fails early. - Move the code to call exit1() if the exec fails after the vmspace is gone to the bottom of kern_execve() to cut down on some code duplication.
|
155401 |
06-Feb-2006 |
jhb |
Add a kern_eaccess() function and use it to implement xenix_eaccess() rather than kern_access().
Suggested by: rwatson
|
155361 |
05-Feb-2006 |
rwatson |
Regenerate.
|
155360 |
05-Feb-2006 |
rwatson |
Assign audit event identfiers to Xenix system calls. Note: AUE_EACCESS is assigned to xenix_eaccess() instead of AUE_ACCESS, as that is the intended meaning of the system call. xenix_eaccess() should be reimplemented using our native eaccess() implementation so that it works as intended.
Obtained from: TrustedBSD Project
|
155359 |
05-Feb-2006 |
rwatson |
Correct help line: list targets, not names of files generated by targets when no argument is provided to make.
MFC after: 1 week
|
155358 |
05-Feb-2006 |
rwatson |
Regenerate (accidentally also committed in commit that updated syscalls.isc).
|
155357 |
05-Feb-2006 |
rwatson |
Assign audit event identifiers to ibcs2 ISC system calls.
Obtained from: TrustedBSD Project
|
153997 |
03-Jan-2006 |
jhb |
Fix a couple of issues with the ibcs2 module event handler. First, return success instead of EOPNOTSUPP when being loaded. Secondly, if there are no ibcs2 processes running when a MOD_UNLOAD request is made, break out to return success instead of falling through into the default case which returns EOPNOTSUPP. With these fixes, I can now kldload and subsequently kldunload the ibcs2 module.
PR: kern/82026 (and several duplicates) Reported by: lots of folks MFC after: 1 week
|
148541 |
29-Jul-2005 |
jhb |
Add missing dependencies on the SYSVIPC modules.
|
147975 |
13-Jul-2005 |
jhb |
Regen.
|
147974 |
13-Jul-2005 |
jhb |
Make a pass through all the compat ABIs sychronizing the MP safe flags with the master syscall table as well as marking several ABI wrapper functions safe.
MFC after: 1 week
|
147822 |
07-Jul-2005 |
jhb |
Lock Giant around a call to userland_sysctl() in ibcs2_sysi86().
Approved by: re (scottl)
|
147821 |
07-Jul-2005 |
jhb |
Remove an extra call to read() in ibcs2_read() that can never be reached. (It's already called a few lines earlier.)
Approved by: re (scottl)
|
147820 |
07-Jul-2005 |
jhb |
Conditionally acquire Giant around the ISC and Xenix system calls based on the SYF_MPSAFE flag in the wrapper system calls for the ISC and Xenix system call vectors.
Approved by: re (scottl)
|
147661 |
29-Jun-2005 |
rwatson |
Regenerate after addition of audit event type number to syscalls.master file format.
Approved by: re (scottl)
|
147660 |
29-Jun-2005 |
rwatson |
During the system call table format change adding audit record event fields for each system call, I missed two system call files because they weren't named syscalls.master. Catch up with this last two, mapping the system calls to the NULL event for now.
Spotted by: jhb Approved by: re (scottl)
|
146807 |
30-May-2005 |
rwatson |
Rebuild generated system call definition files following the addition of the audit event field to the syscalls.master file format.
Submitted by: wsalamon Obtained from: TrustedBSD Project
|
146806 |
30-May-2005 |
rwatson |
Introduce a new field in the syscalls.master file format to hold the audit event identifier associated with each system call, which will be stored by makesyscalls.sh in the sy_auevent field of struct sysent. For now, default the audit identifier on all system calls to AUE_NULL, but in the near future, other BSM event identifiers will be used. The mapping of system calls to event identifiers is many:one due to multiple system calls that map to the same end functionality across compatibility wrappers, ABI wrappers, etc.
Submitted by: wsalamon Obtained from: TrustedBSD Project
|
145584 |
27-Apr-2005 |
jeff |
- Pass the ISOPEN flag to namei so filesystems will know we're about to open them or otherwise access the data.
|
144501 |
01-Apr-2005 |
jhb |
- Change the vm_mmap() function to accept an objtype_t parameter specifying the type of object represented by the handle argument. - Allow vm_mmap() to map device memory via cdev objects in addition to vnodes and anonymous memory. Note that mmaping a cdev directly does not currently perform any MAC checks like mapping a vnode does. - Unbreak the DRM getbufs ioctl by having it call vm_mmap() directly on the cdev the ioctl is acting on rather than trying to find a suitable vnode to map from.
Reviewed by: alc, arch@
|
144451 |
31-Mar-2005 |
jhb |
Use kern_settimeofday() to avoid stackgap use.
|
142504 |
25-Feb-2005 |
sam |
correct bounds check of fd parameter
Noticed by: Coverity Prevent analysis tool
|
141815 |
13-Feb-2005 |
sobomax |
Backout previous change (disabling of security checks for signals delivered in emulation layers), since it appears to be too broad.
Requested by: rwatson
|
141812 |
13-Feb-2005 |
sobomax |
Split out kill(2) syscall service routine into user-level and kernel part, the former is callable from user space and the latter from the kernel one. Make kernel version take additional argument which tells if the respective call should check for additional restrictions for sending signals to suid/sugid applications or not.
Make all emulation layers using non-checked version, since signal numbers in emulation layers can have different meaning that in native mode and such protection can cause misbehaviour.
As a result remove LIBTHR from the signals allowed to be delivered to a suid/sugid application.
Requested (sorta) by: rwatson MFC after: 2 weeks
|
141488 |
07-Feb-2005 |
jhb |
- Implement ibcs2_emul_find() using kern_alternate_path(). This changes the semantics in that the returned filename to use is now a kernel pointer rather than a user space pointer. This required changing the arguments to the CHECKALT*() macros some and changing the various system calls that used pathnames to use the kern_foo() functions that can accept kernel space filename pointers instead of calling the system call directly. - Use kern_open(), kern_access(), kern_execve(), kern_mkfifo(), kern_mknod(), kern_setitimer(), kern_getrusage(), kern_utimes(), kern_unlink(), kern_chdir(), kern_chmod(), kern_chown(), kern_symlink(), kern_readlink(), kern_select(), kern_statfs(), kern_fstatfs(), kern_stat(), kern_lstat(), kern_fstat(). - Drop the unused 'uap' argument from spx_open(). - Replace a stale duplication of vn_access() in xenix_access() lacking recent additions such as MAC checks, etc. with a call to kern_access().
|
140992 |
29-Jan-2005 |
sobomax |
o Split out kernel part of execve(2) syscall into two parts: one that copies arguments into the kernel space and one that operates completely in the kernel space;
o use kernel-only version of execve(2) to kill another stackgap in linuxlator/i386.
Obtained from: DragonFlyBSD (partially) MFC after: 2 weeks
|
139799 |
06-Jan-2005 |
imp |
/* -> /*- for license, add FreeBSD tag
|
139739 |
05-Jan-2005 |
jhb |
- Move the function prototypes for kern_setrlimit() and kern_wait() to sys/syscallsubr.h where all the other kern_foo() prototypes live. - Resort kern_execve() while I'm there.
|
136418 |
12-Oct-2004 |
phk |
Add missing zero flag arguments to sysctl calls.
Add missing pointy hat to peter@
|
134267 |
24-Aug-2004 |
jhb |
Regenerate after fcntl() wrappers were marked MP safe.
|
134266 |
24-Aug-2004 |
jhb |
Fix the ABI wrappers to use kern_fcntl() rather than calling fcntl() directly. This removes a few more users of the stackgap and also marks the syscalls using these wrappers MP safe where appropriate.
Tested on: i386 with linux acroread5 Compiled on: i386, alpha LINT
|
132199 |
15-Jul-2004 |
phk |
Do a pass over all modules in the kernel and make them return EOPNOTSUPP for unknown events.
A number of modules return EINVAL in this instance, and I have left those alone for now and instead taught MOD_QUIESCE to accept this as "didn't do anything".
|
130892 |
21-Jun-2004 |
phk |
Put the pre FreeBSD-2.x tty compat code under BURN_BRIDGES.
|
130551 |
16-Jun-2004 |
julian |
Nice, is a property of a process as a whole.. I mistakenly moved it to the ksegroup when breaking up the process structure. Put it back in the proc structure.
|
127534 |
28-Mar-2004 |
rwatson |
Regen from ibcs2_wait() becoming MPSAFE.
Submitted by: Dan Nelson <dnelson@allantgroup.com>
|
127533 |
28-Mar-2004 |
rwatson |
ibcs2_wait() now MPSAFE.
Submitted by: Dan Nelson <dnelson@allantgroup.com>
|
127140 |
17-Mar-2004 |
jhb |
- Replace wait1() with a kern_wait() function that accepts the pid, options, status pointer and rusage pointer as arguments. It is up to the caller to copyout the status and rusage to userland if needed. This lets us axe the 'compat' argument and hide all that functionality in owait(), by the way. This also cleans up some locking in kern_wait() since it no longer has to drop locks around copyout() since all the copyout()'s are deferred. - Convert owait(), wait4(), and the various ABI compat wait() syscalls to use kern_wait() rather than wait1() or wait4(). This removes a bit more stackgap usage.
Tested on: i386 Compiled on: i386, alpha, amd64
|
125529 |
06-Feb-2004 |
jhb |
Regen.
|
125528 |
06-Feb-2004 |
jhb |
Sync up MP safe flags with global syscalls.master. This includes write(), close(), getpid(), ibcs2_setuid(), getuid(), ptrace(), ibcs2_pause(), ibcs2_nice(), ibcs2_kill(), ibcs2_pgrpsys(), dup(), pipe(), ibcs2_setgid(), getgid(), umask(), and sigreturn().
|
125457 |
04-Feb-2004 |
jhb |
Regen.
|
125455 |
04-Feb-2004 |
jhb |
The following compat syscalls are now mpsafe: linux_getrlimit(), linux_setrlimit(), linux_old_getrlimit(), osf1_getrlimit(), osf1_setrlimit(), svr4_sys_ulimit(), svr4_sys_setrlimit(), svr4_sys_getrlimit(), svr4_sys_setrlimit64(), svr4_sys_getrlimit64(), ibcs2_sysconf(), and ibcs2_ulimit().
|
125454 |
04-Feb-2004 |
jhb |
Locking for the per-process resource limits structure. - struct plimit includes a mutex to protect a reference count. The plimit structure is treated similarly to struct ucred in that is is always copy on write, so having a reference to a structure is sufficient to read from it without needing a further lock. - The proc lock protects the p_limit pointer and must be held while reading limits from a process to keep the limit structure from changing out from under you while reading from it. - Various global limits that are ints are not protected by a lock since int writes are atomic on all the archs we support and thus a lock wouldn't buy us anything. - All accesses to individual resource limits from a process are abstracted behind a simple lim_rlimit(), lim_max(), and lim_cur() API that return either an rlimit, or the current or max individual limit of the specified resource from a process. - dosetrlimit() was renamed to kern_setrlimit() to match existing style of other similar syscall helper functions. - The alpha OSF/1 compat layer no longer calls getrlimit() and setrlimit() (it didn't used the stackgap when it should have) but uses lim_rlimit() and kern_setrlimit() instead. - The svr4 compat no longer uses the stackgap for resource limits calls, but uses lim_rlimit() and kern_setrlimit() instead. - The ibcs2 compat no longer uses the stackgap for resource limits. It also no longer uses the stackgap for accessing sysctl's for the ibcs2_sysconf() syscall but uses kernel_sysctl() instead. As a result, ibcs2_sysconf() no longer needs Giant. - The p_rlimit macro no longer exists.
Submitted by: mtm (mostly, I only did a few cleanups and catchups) Tested on: i386 Compiled on: alpha, amd64
|
123790 |
24-Dec-2003 |
peter |
GC unused 'syshide' override to /dev/null. This was here to disable the output of the namespc column. Its functionality was removed some time ago, but the overrides and the namespc column remained.
|
123787 |
24-Dec-2003 |
peter |
Oops, remove references to namespc column in comment (I'm not going to bother regenerating after this)
|
123786 |
24-Dec-2003 |
peter |
Regen. (This should have been a NOP except it hasn't been regenerated after makesyscalls.sh changes and the last few syscall.master changes, and there have been some tree-sweeps that have touched generated files).
|
123785 |
24-Dec-2003 |
peter |
GC namespc column and unwrap long lines that now fit.
|
122882 |
18-Nov-2003 |
tjr |
Replace the dangerous strcpy() call with strlcpy(), instead of the safe one that was incorrectly changed in rev. 1.61.
Approved by: re
|
121016 |
12-Oct-2003 |
tjr |
Fix a multitude of security bugs in the iBCS2 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in ibcs2_emul_find(); other calls to stackgap_alloc() have not been changed since they are small fixed-size allocations. - Replace use of strcpy() with strlcpy() in exec_coff_imgact() to avoid buffer overflow - Use strlcat() instead of strcat() to avoid a one byte buffer overflow in ibcs2_setipdomainname() - Use copyinstr() instead of copyin() in ibcs2_setipdomainname() to ensure that the string is null-terminated - Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups() by checking that gidsetsize argument is non-negative and no larger than NGROUPS_MAX. - Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(), ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past the end (or before the start)
|
120422 |
25-Sep-2003 |
peter |
Add sysentvec->sv_fixlimits() hook so that we can catch cases on 64 bit systems where the data/stack/etc limits are too big for a 32 bit process.
Move the 5 or so identical instances of ELF_RTLD_ADDR() into imgact_elf.c.
Supply an ia32_fixlimits function. Export the clip/default values to sysctl under the compat.ia32 heirarchy.
Have mmap(0, ...) respect the current p->p_limits[RLIMIT_DATA].rlim_max value rather than the sysctl tweakable variable. This allows mmap to place mappings at sensible locations when limits have been reduced.
Have the imgact_elf.c ld-elf.so.1 placement algorithm use the same method as mmap(0, ...) now does.
Note that we cannot remove all references to the sysctl tweakable maxdsiz etc variables because /etc/login.conf specifies a datasize of 'unlimited'. And that causes exec etc to fail since it can no longer find space to mmap things.
|
118947 |
15-Aug-2003 |
jhb |
Remove a few ushorts I missed in my earlier pass.
Requested by: bde
|
118754 |
10-Aug-2003 |
nectar |
The iBCS2 system call translator for statfs(2) did not check the length parameter for validity.
Submitted by: David Rhodus <drhodus@catpa.com>
|
118047 |
26-Jul-2003 |
phk |
Add a "int fd" argument to VOP_OPEN() which in the future will contain the filedescriptor number on opens from userland.
The index is used rather than a "struct file *" since it conveys a bit more information, which may be useful to in particular fdescfs and /dev/fd/*
For now pass -1 all over the place.
|
116678 |
22-Jun-2003 |
phk |
Add a f_vnode field to struct file.
Several of the subtypes have an associated vnode which is used for stuff like the f*() functions.
By giving the vnode a speparate field, a number of checks for the specific subtype can be replaced simply with a check for f_vnode != NULL, and we can later free f_data up to subtype specific use.
At this point in time, f_data still points to the vnode, so any code I might have overlooked will still work.
|
115684 |
02-Jun-2003 |
obrien |
Use __FBSDID().
|
113859 |
22-Apr-2003 |
jhb |
- Replace inline implementations of sigprocmask() with calls to kern_sigprocmask() in the various binary compatibility emulators. - Replace calls to sigsuspend(), sigaltstack(), sigaction(), and sigprocmask() that used the stackgap with calls to the corresponding kern_sig*() functions instead without using the stackgap.
|
112888 |
31-Mar-2003 |
jeff |
- Move p->p_sigmask to td->td_sigmask. Signal masks will be per thread with a follow on commit to kern_sig.c - signotify() now operates on a thread since unmasked pending signals are stored in the thread. - PS_NEEDSIGCHK moves to TDF_NEEDSIGCHK.
|
111119 |
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
110299 |
03-Feb-2003 |
phk |
Split the global timezone structure into two integer fields to prevent the compiler from optimizing assignments into byte-copy operations which might make access to the individual fields non-atomic.
Use the individual fields throughout, and don't bother locking them with Giant: it is no longer needed.
Inspired by: tjr
|
109623 |
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
109153 |
13-Jan-2003 |
dillon |
Bow to the whining masses and change a union back into void *. Retain removal of unnecessary casts and throw in some minor cleanups to see if anyone complains, just for the hell of it.
|
109123 |
12-Jan-2003 |
dillon |
Change struct file f_data to un_data, a union of the correct struct pointer types, and remove a huge number of casts from code using it.
Change struct xfile xf_data to xun_data (ABI is still compatible).
If we need to add a #define for f_data and xf_data we can, but I don't think it will be necessary. There are no operational changes in this commit.
|
108533 |
01-Jan-2003 |
schweikh |
Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup, especially in troff files.
|
107849 |
14-Dec-2002 |
alfred |
SCARGS removal take II.
|
107839 |
13-Dec-2002 |
alfred |
Backout removal SCARGS, the code freeze is only "selectively" over.
|
107838 |
13-Dec-2002 |
alfred |
Remove SCARGS.
Reviewed by: md5
|
104306 |
01-Oct-2002 |
jmallett |
Back our kernel support for reliable signal queues.
Requested by: rwatson, phk, and many others
|
104266 |
01-Oct-2002 |
jmallett |
Add a missing include.
|
104264 |
01-Oct-2002 |
jmallett |
When working with sigset_t's, and needing to perform masking operations based on a process's pending signals, use the signal queue flattener, ksiginfo_to_sigset_t, on the process, and on a local sigset_t, and then work with that as needed.
|
103870 |
23-Sep-2002 |
alfred |
use __packed.
|
103767 |
21-Sep-2002 |
jake |
Use the fields in the sysentvec and in the vm map header in place of the constants VM_MIN_ADDRESS, VM_MAXUSER_ADDRESS, USRSTACK and PS_STRINGS. This is mainly so that they can be variable even for the native abi, based on different machine types. Get stack protections from the sysentvec too. This makes it trivial to map the stack non-executable for certain abis, on machines that support it.
|
103128 |
09-Sep-2002 |
robert |
- Fix iBCS2 emulation of COFF files that have multiple libraries in their library (STYP_LIB) section. - Attempt to make the code which calculates the next entry and string offsets look clearer.
PR: kern/42580 Tested by: Olaf Klein <ok@adimus.de> (on 4.7-PRERELEASE)
|
102808 |
01-Sep-2002 |
jake |
Added fields for VM_MIN_ADDRESS, PS_STRINGS and stack protections to sysentvec. Initialized all fields of all sysentvecs, which will allow them to be used instead of constants in more places. Provided stack fixup routines for emulations that previously used the default.
|
102412 |
25-Aug-2002 |
charnier |
Replace various spelling with FALLTHROUGH which is lint()able
|
102003 |
17-Aug-2002 |
rwatson |
In continuation of early fileop credential changes, modify fo_ioctl() to accept an 'active_cred' argument reflecting the credential of the thread initiating the ioctl operation.
- Change fo_ioctl() to accept active_cred; change consumers of the fo_ioctl() interface to generally pass active_cred from td->td_ucred. - In fifofs, initialize filetmp.f_cred to ap->a_cred so that the invocations of soo_ioctl() are provided access to the calling f_cred. Pass ap->a_td->td_ucred as the active_cred, but note that this is required because we don't yet distinguish file_cred and active_cred in invoking VOP's. - Update kqueue_ioctl() for its new argument. - Update pipe_ioctl() for its new argument, pass active_cred rather than td_ucred to MAC for authorization. - Update soo_ioctl() for its new argument. - Update vn_ioctl() for its new argument, use active_cred rather than td->td_ucred to authorize VOP_IOCTL() and the associated VOP_GETATTR().
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
101771 |
13-Aug-2002 |
jeff |
- Hold the vnode lock throughout execve. - Set VV_TEXT in the top level execve code. - Fixup the image activators to deal with the newly locked vnode.
|
101710 |
12-Aug-2002 |
rwatson |
Add necessary instrumentation to IBCS2 emulation support for mandatory access control: as with SVR4, very few changes required since almost all services are implemented by wrapping existing native FreeBSD system calls. Only readdir() calls need additional instrumentation.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
|
101308 |
04-Aug-2002 |
jeff |
- Replace v_flag with v_iflag and v_vflag - v_vflag is protected by the vnode lock and is used when synchronization with VOP calls is needed. - v_iflag is protected by interlock and is used for dealing with vnode management issues. These flags include X/O LOCK, FREE, DOOMED, etc. - All accesses to v_iflag and v_vflag have either been locked or marked with mp_fixme's. - Many ASSERT_VOP_LOCKED calls have been added where the locking was not clear. - Many functions in vfs_subr.c were restructured to provide for stronger locking.
Idea stolen from: BSD/OS
|
100384 |
20-Jul-2002 |
peter |
Infrastructure tweaks to allow having both an Elf32 and an Elf64 executable handler in the kernel at the same time. Also, allow for the exec_new_vmspace() code to build a different sized vmspace depending on the executable environment. This is a big help for execing i386 binaries on ia64. The ELF exec code grows the ability to map partial pages when there is a page size difference, eg: emulating 4K pages on 8K or 16K hardware pages.
Flesh out the i386 emulation support for ia64. At this point, the only binary that I know of that fails is cvsup, because the cvsup runtime tries to execute code in pages not marked executable.
Obtained from: dfr (mostly, many tweaks from me).
|
97748 |
02-Jun-2002 |
schweikh |
Fix typo in the BSD copyright: s/withough/without/
Spotted and suggested by: des MFC after: 3 weeks
|
97213 |
24-May-2002 |
peter |
Fix warnings; deprecated use of label at end of compound statement
|
93793 |
04-Apr-2002 |
bde |
Moved signal handling and rescheduling from userret() to ast() so that they aren't in the usual path of execution for syscalls and traps. The main complication for this is that we have to set flags to control ast() everywhere that changes the signal mask.
Avoid locking in userret() in most of the remaining cases.
Submitted by: luoqi (first part only, long ago, reorganized by me) Reminded by: dillon
|
93593 |
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
92761 |
20-Mar-2002 |
alfred |
Remove __P.
|
91462 |
28-Feb-2002 |
peter |
Fix warnings (prototype for nonexisting static function)
|
91415 |
27-Feb-2002 |
jhb |
Use td_ucred and thus remove now unneeded proc lock acquire and release.
|
91406 |
27-Feb-2002 |
jhb |
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
|
91393 |
27-Feb-2002 |
robert |
Use the updated getcredhostname() function.
|
91388 |
27-Feb-2002 |
robert |
- Use the new getcredhostname function in xenix_utsname(), ibcs2_getipdomainname(), and ibcs2_utssys().
Reviewed by: phk
|
91140 |
23-Feb-2002 |
tanimura |
Lock struct pgrp, session and sigio.
New locks are:
- pgrpsess_lock which locks the whole pgrps and sessions, - pg_mtx which protects the pgrp members, and - s_mtx which protects the session members.
Please refer to sys/proc.h for the coverage of these locks.
Changes on the pgrp/session interface:
- pgfind() needs the pgrpsess_lock held.
- The caller of enterpgrp() is responsible to allocate a new pgrp and session.
- Call enterthispgrp() in order to enter an existing pgrp.
- pgsignal() requires a pgrp lock held.
Reviewed by: jhb, alfred Tested on: cvsup.jp.FreeBSD.org (which is a quad-CPU machine running -current)
|
90361 |
07-Feb-2002 |
julian |
Pre-KSE/M3 commit. this is a low-functionality change that changes the kernel to access the main thread of a process via the linked list of threads rather than assuming that it is embedded in the process. It IS still embeded there but remove all teh code that assumes that in preparation for the next commit which will actually move it out.
Reviewed by: peter@freebsd.org, gallatin@cs.duke.edu, benno rice,
|
89319 |
14-Jan-2002 |
alfred |
Replace ffind_* with fget calls.
Make fget MPsafe.
Make fgetvp and fgetsock use the fget subsystem to reduce code bloat.
Push giant down in fpathconf().
|
89306 |
13-Jan-2002 |
alfred |
SMP Lock struct file, filedesc and the global file list.
Seigo Tanimura (tanimura) posted the initial delta.
I've polished it quite a bit reducing the need for locking and adapting it for KSE.
Locks:
1 mutex in each filedesc protects all the fields. protects "struct file" initialization, while a struct file is being changed from &badfileops -> &pipeops or something the filedesc should be locked.
1 mutex in each struct file protects the refcount fields. doesn't protect anything else. the flags used for garbage collection have been moved to f_gcflag which was the FILLER short, this doesn't need locking because the garbage collection is a single threaded container. could likely be made to use a pool mutex.
1 sx lock for the global filelist.
struct file * fhold(struct file *fp); /* increments reference count on a file */
struct file * fhold_locked(struct file *fp); /* like fhold but expects file to locked */
struct file * ffind_hold(struct thread *, int fd); /* finds the struct file in thread, adds one reference and returns it unlocked */
struct file * ffind_lock(struct thread *, int fd); /* ffind_hold, but returns file locked */
I still have to smp-safe the fget cruft, I'll get to that asap.
|
87599 |
10-Dec-2001 |
obrien |
Update to C99, s/__FUNCTION__/__func__/, also don't use ANSI string concatenation.
|
86468 |
16-Nov-2001 |
iedowse |
Handle the IBCS2 FIONREAD ioctl. I have only tested that this compiles, but the patch looks reasonable.
PR: i386/5784 Submitted by: Remy NONNENMACHER <remy@synx.com>
|
83366 |
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
82753 |
01-Sep-2001 |
dillon |
Synchronize syscalls.master(s) with recent Giant pushdown work
|
80108 |
21-Jul-2001 |
assar |
add <sys/sytm.h> (for cpufunc.h -> rdtsc)
|
80027 |
20-Jul-2001 |
jon |
Fix setting serial baud rate under ibcs2 emulation by moving a line to the right place. Reported by Jonathan Chen <jonc@pinnacle.co.nz> (someone with the same name who's not me)
PR: i386/8414 Submitted by: Jonathan Chen <jonc@pinnacle.co.nz> MFC after: 2 weeks
|
78962 |
29-Jun-2001 |
jhb |
Add a new MI pointer to the process' trapframe p_frame instead of using various differently named pointers buried under p_md.
Reviewed by: jake (in principle)
|
76166 |
01-May-2001 |
markm |
Undo part of the tangle of having sys/lock.h and sys/mutex.h included in other "system" header files.
Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files.
Sort sys/*.h includes where possible in affected files.
OK'ed by: bde (with reservations)
|
74940 |
28-Mar-2001 |
jhb |
Add missing includes of <sys/sx.h>
Reported by: peter
|
74927 |
28-Mar-2001 |
jhb |
Convert the allproc and proctree locks from lockmgr locks to sx locks.
|
72091 |
06-Feb-2001 |
asmodai |
Fix typo: seperate -> separate.
Seperate does not exist in the english language.
|
71699 |
27-Jan-2001 |
jhb |
Back out proc locking to protect p_ucred for obtaining additional references along with the actual obtaining of additional references.
|
71490 |
24-Jan-2001 |
jhb |
Use queue macros.
|
71489 |
23-Jan-2001 |
jhb |
Proc locking.
|
71488 |
23-Jan-2001 |
jhb |
- Use 'p' instead of 'curproc' for the namei lookup as this is what other image activators use. - Proc locking.
|
69947 |
13-Dec-2000 |
jake |
- Change the allproc_lock to use a macro, ALLPROC_LOCK(how), instead of explicit calls to lockmgr. Also provides macros for the flags pased to specify shared, exclusive or release which map to the lockmgr flags. This is so that the use of lockmgr can be easily replaced with optimized reader-writer locks. - Add some locking that I missed the first time.
|
68520 |
09-Nov-2000 |
marcel |
Make MINSIGSTKSZ machine dependent, and have the sigaltstack syscall compare against a variable sv_minsigstksz in struct sysentvec as to properly take the size of the machine- and ABI dependent struct sigframe into account.
The SVR4 and iBCS2 modules continue to have a minsigstksz of 8192 to preserve behavior. The real values (if different) are not known at this time. Other ABI modules use the real values.
The native MINSIGSTKSZ is now defined as follows:
Arch MINSIGSTKSZ ---- ----------- alpha 4096 i386 2048 ia64 12288
Reviewed by: mjacob Suggested by: bde
|
68157 |
01-Nov-2000 |
obrien |
Make the target a little bit more generic.
|
66834 |
08-Oct-2000 |
phk |
Initiate deorbit burn sequence for <machine/console.h>.
Replace all in-tree uses with necessary subset of <sys/{fb,kb,cons}io.h>. This is also the appropriate fix for exo-tree sources.
Put warnings in <machine/console.h> to discourage use. November 15th 2000 the warnings will be converted to errors. January 15th 2001 the <machine/console.h> files will be removed.
|
64002 |
29-Jul-2000 |
peter |
Regen. (Fix SYS_exit)
|
64001 |
29-Jul-2000 |
peter |
Sigh. Fix SYS_exit problems. I misunderstood the significance of these trailing options.
|
63987 |
29-Jul-2000 |
peter |
Regenerate with makesyscalls.sh
|
63986 |
29-Jul-2000 |
peter |
Change the 'exit()' system call to 'sys_exit()'. This avoids overlapping gcc's internal exit() prototypes and the (futile) hackery that we did to try and avoid warnings. main() was renamed for similar reasons. Remove an exit related hack from makesyscalls.sh.
|
60290 |
09-May-2000 |
bde |
Regenerated (fixed the calculation of sy_nargs in sysent tables).
|
60270 |
09-May-2000 |
bde |
Fixed the return type and args struct tag for exit(). They were wrong in all emulators. These entries were unused, so the bug had no effect, but the the args struct tag will be used to calculate sy_nargs correctly.
|
59794 |
30-Apr-2000 |
phk |
Remove unneeded #include <vm/vm_zone.h>
Generated by: src/tools/tools/kerninclude
|
59753 |
29-Apr-2000 |
peter |
Initial dependency so that the kld's will link. imgact_coff depends on the ibcs2 module being present.
|
54655 |
15-Dec-1999 |
eivind |
Introduce NDFREE (and remove VOP_ABORTOP)
|
53155 |
14-Nov-1999 |
eivind |
Fix case where vnode could be unlocked twice. Untested; bug found by code reading.
Reviewed by: phk
|
52635 |
29-Oct-1999 |
phk |
useracc() the prequel:
Merge the contents (less some trivial bordering the silly comments) of <vm/vm_prot.h> and <vm/vm_inherit.h> into <vm/vm.h>. This puts the #defines for the vm_inherit_t and vm_prot_t types next to their typedefs.
This paves the road for the commit to follow shortly: change useracc() to use VM_PROT_{READ|WRITE} rather than B_{READ|WRITE} as argument.
|
52084 |
10-Oct-1999 |
marcel |
Avoid using the osig* syscalls.
|
51793 |
29-Sep-1999 |
marcel |
sigset_t change (part 4 of 5) -----------------------------
The compatibility code and/or emulators have been updated:
iBCS2 now mostly uses the older syscalls. SVR4 now properly handles all signals. This has been achieved by using the new sigset_t throughout the emulator. The Linuxulator has been severely updated. Internally the new Linux sigset_t is made the default. These are then mapped to and from the new FreeBSD sigset_t.
Also, rt_sigsuspend has been implemented in the Linuxulator. Implementing this syscall basicly caused all this sigset_t changing in the first place and the syscall has been used throughout the change as a means for testing. It basicly is too much work to undo the implementation so that it can later be added again.
A special note on the use of sv_sigtbl and sv_sigsize in struct sysentvec: Every signal larger than sv_sigsize is not translated and is passed on to the signal handler unmodified. Signals in the range 1 upto and including sv_sigsize are translated. The rationale is that only the system defined signals need to be translated.
The emulators also have been updated so that the translation tables are only indexed for valid (system defined) signals. This change also fixes the translation bug already in the SVR4 emulator.
|
51418 |
19-Sep-1999 |
green |
This is what was "fdfix2.patch," a fix for fd sharing. It's pretty far-reaching in fd-land, so you'll want to consult the code for changes. The biggest change is that now, you don't use fp->f_ops->fo_foo(fp, bar) but instead fo_foo(fp, bar), which increments and decrements the fp refcount upon entry and exit. Two new calls, fhold() and fdrop(), are provided. Each does what it seems like it should, and if fdrop() brings the refcount to zero, the fd is freed as well.
Thanks to peter ("to hell with it, it looks ok to me.") for his review. Thanks to msmith for keeping me from putting locks everywhere :)
Reviewed by: peter
|
50482 |
28-Aug-1999 |
peter |
Regen after Id->FreeBSD
|
50477 |
28-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
48620 |
06-Jul-1999 |
cracauer |
Rename struct members sa_siginfo. POSIX reserves identifiers starting with sa_ when <signal.h> is included. They would conflict with the upcoming SA_SIGINFO implementation.
Reviewed by: BDE
|
46803 |
09-May-1999 |
peter |
Fix a couple of warnings and some bitrot in comments.
|
46568 |
06-May-1999 |
peter |
Add sufficient braces to keep egcs happy about potentially ambiguous if/else nesting.
|
46112 |
27-Apr-1999 |
phk |
Suser() simplification:
1: s/suser/suser_xxx/
2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with later.
There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
45577 |
11-Apr-1999 |
eivind |
Staticize.
|
43800 |
09-Feb-1999 |
guido |
Add missing poatch for ibcs2_ipc.h as well. Sorry this took so long but there was a routing problem earlier today.
|
43744 |
07-Feb-1999 |
guido |
1) Fix our view of how ibcs2_semid_ds looks. There is no padding int there (SVR4 does have it so that;s probably the cause of this bug) 2) Add a wrapper function for translation between ibcs2_ipc_perm and ipc_perm as I think we screwed up when defining the ipc_perm struct and mixed up 'normal' and creator [ug]id's 3) Fix IBCS2_IPC_STAT semctl. The FreeBSD version needs a union semun whereas the IBCS2 version gives a struct ibcs2_semid_ds.
Apparently this is all fixed in the SVR4 compatibility code. PR: 7729
|
43621 |
04-Feb-1999 |
newton |
Can't use elf_brand_inuse() here because iBCS2 doesn't use ELF. D'oh! Inlined the same logic elf_brand_inuse() utilizes instead.
|
43314 |
28-Jan-1999 |
dillon |
Fix warnings in preparation for adding -Wall -Wcast-qual to the kernel compile
|
42767 |
17-Jan-1999 |
peter |
Remove references to an LKM that isn't built any more.
|
41871 |
16-Dec-1998 |
bde |
Removed the cast to a pointer in the definition of PS_STRINGS and adjusted related casts to match (only in the kernel in this commit). The pointer was only wanted in one place in kern_exec.c. Applications should use the kern.ps_strings sysctl instead of PS_STRINGS, so they shouldn't notice this change.
|
41796 |
14-Dec-1998 |
dt |
Added 3 new errno values, requred by various standards: EOVERFLOW, ECANCELED, EILSEQ.
Fixed ibcs2 and especially linux EIDRM and ENOMSG errno mapping. Reviewed by: Dan Nelson <dnelson@emsphone.com>
|
41514 |
04-Dec-1998 |
archie |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Matthew Dillon <dillon@apollo.backplane.com> Reviewed by: Mike Spengler <mks@networkcs.com>
|
41173 |
15-Nov-1998 |
bde |
Finished updating module event handlers to be compatible with modeventhand_t.
|
40985 |
07-Nov-1998 |
peter |
Don't define the module glue if building as an LKM, this happens to have a same symbol name as the LKM glue.
|
40963 |
06-Nov-1998 |
peter |
Create an 'ibcs2' module so that scripts can tell if it's statically linked in or needs to be loaded.
|
40435 |
16-Oct-1998 |
peter |
*gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules. Two linker_sets were replaced by SYSINIT()'s. VFS's and exec handlers are self registered. kld is now a superset of lkm. I have converted most of them, they will follow as a seperate commit as samples. This all still works as a static a.out kernel using LKM's.
|
40286 |
13-Oct-1998 |
dg |
Fixed two potentially serious classes of bugs:
1) The vnode pager wasn't properly tracking the file size due to "size" being page rounded in some cases and not in others. This sometimes resulted in corrupted files. First noticed by Terry Lambert. Fixed by changing the "size" pager_alloc parameter to be a 64bit byte value (as opposed to a 32bit page index) and changing the pagers and their callers to deal with this properly. 2) Fixed a bogus type cast in round_page() and trunc_page() that caused some 64bit offsets and sizes to be scrambled. Removing the cast required adding casts at a few dozen callers. There may be problems with other bogus casts in close-by macros. A quick check seemed to indicate that those were okay, however.
|
39659 |
26-Sep-1998 |
des |
Silence a harmless warning.
|
39154 |
14-Sep-1998 |
jdp |
Add provisions for variant core dump file formats, depending on the object format of the executable being dumped. This is the first step toward producing ELF core dumps in the proper format. I will commit the code to generate the ELF core dumps Real Soon Now. In the meantime, ELF executables won't dump core at all. That is probably no less useful than dumping a.out-style core dumps as they have done until now.
Submitted by: Alex <garbanzo@hooked.net> (with very minor changes by me)
|
38404 |
17-Aug-1998 |
bde |
Removed unused includes. Fixed disordering of includes.
|
38403 |
17-Aug-1998 |
bde |
Backed out previous commit. The seconds part of microtime() is not the necessarily the same as the seconds part of getmicrotime() yet, and anyway, we should have used `time_second' if we only wanted a sloppy value for the seconds part. There is no point in making ibcs2's time(2) more efficient than FreeBSD's time(3).
|
38354 |
16-Aug-1998 |
bde |
Use [u]intptr_t instead of [u_]long for casts between pointers and integers. Don't forget to cast to (void *) as well.
|
36783 |
09-Jun-1998 |
bde |
Updated generated files.
|
36771 |
08-Jun-1998 |
bde |
Updated generated files.
|
36735 |
07-Jun-1998 |
dfr |
This commit fixes various 64bit portability problems required for FreeBSD/alpha. The most significant item is to change the command argument to ioctl functions from int to u_long. This change brings us inline with various other BSD versions. Driver writers may like to use (__FreeBSD_version == 300003) to detect this change.
The prototype FreeBSD/alpha machdep will follow in a couple of days time.
|
36582 |
02-Jun-1998 |
dyson |
Correct sleep priority.
|
35496 |
28-Apr-1998 |
eivind |
Translate T_PROTFLT to SIGSEGV instead of SIGBUS when running under Linux emulation. This make Allegro Common Lisp 4.3 work under FreeBSD!
Submitted by: Fred Gilham <gilham@csl.sri.com> Commented on by: bde, dg, msmith, tg Hoping he got everything right: eivind
|
35179 |
13-Apr-1998 |
sos |
Added EIDRM & ENOMSG errno in translation table.
|
35061 |
06-Apr-1998 |
phk |
Use getmicrotime insted of microtime, we only use the second part.
|
35058 |
06-Apr-1998 |
phk |
Make a kernel version of the timer* functions called timerval* to be more consistent.
OK'ed by: bde
|
33233 |
11-Feb-1998 |
eivind |
De-staticize enough to make all the LKMs work again. Add comments where deemed relevant.
|
33181 |
09-Feb-1998 |
eivind |
Staticize.
|
33134 |
06-Feb-1998 |
eivind |
Back out DIAGNOSTIC changes.
|
33108 |
04-Feb-1998 |
eivind |
Turn DIAGNOSTIC into a new-style option.
|
33071 |
04-Feb-1998 |
eivind |
Make SPX_HACK a new-style option.
|
32011 |
27-Dec-1997 |
bde |
Unspammed nested include of <vm/vm_zone.h>.
|
31561 |
05-Dec-1997 |
bde |
Don't include <sys/lock.h> in headers when only `struct simplelock' is required. Fixed everything that depended on the pollution.
|
30994 |
06-Nov-1997 |
phk |
Move the "retval" (3rd) parameter from all syscall functions and put it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need recompiled.
|
29653 |
21-Sep-1997 |
dyson |
Change the M_NAMEI allocations to use the zone allocator. This change plus the previous changes to use the zone allocator decrease the useage of malloc by half. The Zone allocator will be upgradeable to be able to use per CPU-pools, and has more intelligent usage of SPLs. Additionally, it has reasonable stats gathering capabilities, while making most calls inline.
|
28751 |
25-Aug-1997 |
bde |
Fixed type mismatches for functions with args of type vm_prot_t and/or vm_inherit_t. These types are smaller than ints, so the prototypes should have used the promoted type (int) to match the old-style function definitions. They use just vm_prot_t and/or vm_inherit_t. This depends on gcc features to work. I fixed the definitions since this is easiest. The correct fix may be to change the small types to u_int, to optimize for time instead of space.
|
28750 |
25-Aug-1997 |
bde |
Added an XXX comment.
|
28749 |
25-Aug-1997 |
bde |
Removed an unused variable.
|
28748 |
25-Aug-1997 |
bde |
Fixed a pedantic syntax error (case labels without a statement).
|
27537 |
20-Jul-1997 |
bde |
Removed unused #includes.
|
26910 |
25-Jun-1997 |
sef |
Do The Right Thing when an iBCS2 program does getgroups(0, whatever) -- we were returning EFAULT, when it is a completely acceptable thing to do. Also, at the same time, be a *bit* optimizing and don't allocate any "stackgrap" memory if we're not going to use it.
This is another Oracle-discovered problem.
Submitted by: Steven Wallace
|
26819 |
22-Jun-1997 |
sef |
For the xenix_ftime() routine, don't use the native version of the struct -- the XENIX version is packed, and two bytes smaller than ours. So, define the structure, and have it packed. I used the __attribte__((packed)) modifier for this; I could also have surrounded the struct definition with #pragma pack(2) -- but that would have meant making ibcs2_timeb's definition outside the function. This may need to be revisited if we ever want to compile with a compiler other than gcc. (I also used 'unsigned long' instead of 'time_t' because I am writing to match an external specification -- and the definition of time_t could change.)
Reviewed by: Steven Wallace
|
25553 |
07-May-1997 |
peter |
md_regs is a struct trapframe * now, not int []
|
24848 |
13-Apr-1997 |
dyson |
Fully implement vfork. Vfork is now much much faster than even our fork. (On my machine, fork is about 240usecs, vfork is 78usecs.)
Implement rfork(!RFPROC !RFMEM), which allows a thread to divorce its memory from the other threads of a group.
Implement rfork(!RFPROC RFCFDG), which closes all file descriptors, eliminating possible existing shares with other threads/processes.
Implement rfork(!RFPROC RFFDG), which divorces the file descriptors for a thread from the rest of the group.
Fix the case where a thread does an exec. It is almost nonsense for a thread to modify the other threads address space by an exec, so we now automatically divorce the address space before modifying it.
|
24785 |
10-Apr-1997 |
bde |
Removed unused or apparently-unused #includes, especially of the deprecated header <sys/dir.h>.
|
24748 |
09-Apr-1997 |
bde |
Regenerate (removed unused #includes from ibcs2*_sysent.c).
|
24747 |
09-Apr-1997 |
bde |
Removed unused #includes.
|
24677 |
06-Apr-1997 |
dfr |
Fixes to ibcs2_getdents, including using struct dirent instead of struct direct, not using UFS' definition of DIRBLKSIZ, using directory seek cookies to make reading non-UFS directories reliable (e.g. cd9660, ext2fs).
A special thanks to Robert Eckardt for providing an ISC binary of GNU ls so that I could test these changes.
|
24478 |
01-Apr-1997 |
bde |
Removed potentially harmful garbage <vm/lock.h> and fixed bogus use of it. It was actually harmless because the use was null due to fortuitous include orders and identical (wrong) idempotency macros.
|
24384 |
29-Mar-1997 |
peter |
Regenerate (include file changes, stray blank lines (cosmetic), and a syscall vector was out of sync with it's .master file)
|
24374 |
29-Mar-1997 |
peter |
Add a Makefile to build all three syscall tables
|
24206 |
24-Mar-1997 |
bde |
Don't include <sys/ioctl.h> in the kernel. Stage 4: include <sys/ttycom.h> and sometimes <sys/filio.h> instead of <sys/ioctl.h> in miscellaneous files. Most of these files have nothing to do with ttys but need to include <sys/ttycom.h> to get the definitions of TIOC[SG]PGRP which are (ab)used to convert F[SG]ETOWN fcntls into ioctls.
|
24205 |
24-Mar-1997 |
bde |
Don't include <sys/ioctl.h> in the kernel. Stage 3: include <sys/filio.h> instead of <sys/ioctl.h> in non-network non-tty files.
|
24203 |
24-Mar-1997 |
bde |
Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include it when it is not used. In most cases, the reasons for including it went away when the special ioctl headers became self-sufficient.
|
24131 |
23-Mar-1997 |
bde |
Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined. Fixed everything that depended on getting fcntl.h stuff from the wrong place. Most things don't depend on file.h stuff at all.
|
22975 |
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
22542 |
10-Feb-1997 |
mpp |
Make this compile again after the Lite2 merge.
VOP_UNLOCK was being called with the wrong mumber of arguments.
|
22521 |
10-Feb-1997 |
dyson |
This is the kernel Lite/2 commit. There are some requisite userland changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes.
The system boots and can mount UFS filesystems.
Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed.
Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
|
21673 |
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
20652 |
18-Dec-1996 |
bde |
Added a missing prototype.
|
20601 |
17-Dec-1996 |
swallace |
In the IBCS2 semctl system call, the last parameter arg is passed by value, but in the FreeBSD semctl system call implementation, is passed by reference.
Submitted by: msagre@cactus.fi.uba.ar <Miguel Angel Sagreras>
|
20203 |
08-Dec-1996 |
swallace |
Perform special sigset() check. Make sure signal is not blocked. If it is, return SIG_HOLD instead of handler and unblock the signal.
|
20143 |
05-Dec-1996 |
nate |
Better fix for the previous overflow problem using the code from ogetrlimit().
Suggested by: bde
|
20141 |
05-Dec-1996 |
nate |
'ulimit' can overflow the int return value, so avoid the overflow by subtracting one if ulimit returns -1.
Submitted by: Miguel Angel Sagreras <msagre@cactus.fi.uba.ar>
|
18444 |
21-Sep-1996 |
bde |
Cleaned up all headers that include <sys/ioctl.h> or <sys/ioccom.h>: - don't include <sys/ioctl.h> in any header. Include <sys/ioccom.h> instead. This was already done in 4.4Lite for the most important ioctl headers. Header spam currently increases kernel build times by 10-20%. There are more than 30000 #includes (not counting duplicates) for compiling LINT. - include <sys/types.h> if and only it is necessary to make the header almost self-sufficient (some ioctl headers still need structs from elsewhere). - uniformized idempotency ifdefs. Copied the style in the 4.4Lite ioctl headers.
|
18027 |
03-Sep-1996 |
bde |
Changed type of ni_dirp in `struct namei' from caddr_t to `const char *' so that the compiler can see that it is OK to use const strings in NDINIT(). Some emulators want to use paths of the form "/compat/foo". Removed the casts that hid the non-problem. Didn't fix the missing consts in syscalls.master that hid the non-problem.
|
18024 |
03-Sep-1996 |
bde |
Fixed some more easy cases of const poisoning in the kernel. Cosmetic.
|
16474 |
18-Jun-1996 |
dyson |
Clean-up the new VM map procfs code, and also add support for executable format file "etype". It contains a description of the binary type for a process.
|
16322 |
12-Jun-1996 |
gpalmer |
Clean up -Wunused warnings.
Reviewed by: bde
|
16310 |
12-Jun-1996 |
nate |
Fixed GET/SETIPDOMAIN ioctl on /dev/socksys, which is used by various other socket functions (gethostname() for one).
Reviewed by: sef
|
16230 |
08-Jun-1996 |
nate |
Change the 'sysi86()' function not implemented' printf to be called only when compiled with -DDIAGNOSTIC. Almost all significant SCO binaries I've run call an unsupported function and run correctly. Given that they aren't needed, the messages only clutter up the logfiles and console.
|
16193 |
08-Jun-1996 |
nate |
When uname() returns the system name, try to use the unqualified domain name (ie; strip off the domain). Given a hostname 'fooey.bar.com', the previous code returned a system name of 'fooey.ba', instead of the more correct 'fooey'. SCO uses 'uname' for many things, including some of it's socket code so this patch is necessary for running certain legacy SCO apps. :)
A variant of this code has been running on my box for 2 months now.
|
15494 |
01-May-1996 |
bde |
Removed unnecessary #includes from <sys/imgact.h> so that it is self-sufficient and added explicit #includes where required.
|
14885 |
28-Mar-1996 |
swallace |
Implement ioctl's IBCS2_TCFLSH and IBCS2_TCXONC. Improve termios conversion. Implement xenix_eaccess() system call.
Obtained from: NetBSD
|
14843 |
27-Mar-1996 |
swallace |
The recently introduced sv_sendsig entry of the sysentvec structure is incorrectly set to 0, for the purpose of "ignoring" the signal. This does not ignore the signal, but rather, executes the function at location 0 in kernel mode, which shortly thereafter causes a panic.
The sv_sensig entry for ibcs2 emulation should be set to the system's normal sendsig routine.
|
14584 |
12-Mar-1996 |
peter |
Remove references to MAP_FILE.. That is now "default" and is only a "#define MAP_FILE 0" that is still there for net-2 source compatability.
|
14583 |
12-Mar-1996 |
peter |
The same data segment length rounding problem that was in the elf loader is also present in the coff loader. It was possible to get one more page allocated than needed, which would cause brk()/malloc()/etc to fail with ENOMEM when it tried to re-allocate the space.
Also, change a bcopy() from kernel to user space to a copyout().
|
14464 |
10-Mar-1996 |
peter |
Fix a (mostly harmless) bogon when calculating the start of the stack gap.
|
14331 |
02-Mar-1996 |
peter |
Mega-commit for Linux emulator update.. This has been stress tested under netscape-2.0 for Linux running all the Java stuff. The scrollbars are now working, at least on my machine. (whew! :-)
I'm uncomfortable with the size of this commit, but it's too inter-dependant to easily seperate out.
The main changes:
COMPAT_LINUX is *GONE*. Most of the code has been moved out of the i386 machine dependent section into the linux emulator itself. The int 0x80 syscall code was almost identical to the lcall 7,0 code and a minor tweak allows them to both be used with the same C code. All kernels can now just modload the lkm and it'll DTRT without having to rebuild the kernel first. Like IBCS2, you can statically compile it in with "options LINUX".
A pile of new syscalls implemented, including getdents(), llseek(), readv(), writev(), msync(), personality(). The Linux-ELF libraries want to use some of these.
linux_select() now obeys Linux semantics, ie: returns the time remaining of the timeout value rather than leaving it the original value.
Quite a few bugs removed, including incorrect arguments being used in syscalls.. eg: mixups between passing the sigset as an int, vs passing it as a pointer and doing a copyin(), missing return values, unhandled cases, SIOC* ioctls, etc.
The build for the code has changed. i386/conf/files now knows how to build linux_genassym and generate linux_assym.h on the fly.
Supporting changes elsewhere in the kernel:
The user-mode signal trampoline has moved from the U area to immediately below the top of the stack (below PS_STRINGS). This allows the different binary emulations to have their own signal trampoline code (which gets rid of the hardwired syscall 103 (sigreturn on BSD, syslog on Linux)) and so that the emulator can provide the exact "struct sigcontext *" argument to the program's signal handlers.
The sigstack's "ss_flags" now uses SS_DISABLE and SS_ONSTACK flags, which have the same values as the re-used SA_DISABLE and SA_ONSTACK which are intended for sigaction only. This enables the support of a SA_RESETHAND flag to sigaction to implement the gross SYSV and Linux SA_ONESHOT signal semantics where the signal handler is reset when it's triggered.
makesyscalls.sh no longer appends the struct sysentvec on the end of the generated init_sysent.c code. It's a lot saner to have it in a seperate file rather than trying to update the structure inside the awk script. :-)
At exec time, the dozen bytes or so of signal trampoline code are copied to the top of the user's stack, rather than obtaining the trampoline code the old way by getting a clone of the parent's user area. This allows Linux and native binaries to freely exec each other without getting trampolines mixed up.
|
13765 |
30-Jan-1996 |
mpp |
Fix a bunch of spelling errors in the comment fields of a bunch of system include files.
|
13504 |
19-Jan-1996 |
dyson |
Fixed vm_map_find for new vm changes.
|
13338 |
08-Jan-1996 |
peter |
Reran makesyscalls.sh..
|
13337 |
08-Jan-1996 |
peter |
Oops. forgot to remove #include "opt_sysvipc.h"
|
13334 |
08-Jan-1996 |
peter |
reran makesyscalls
Always call the SYSV ipc functions, stubs will take their place if necessary.
|
13331 |
08-Jan-1996 |
peter |
Remove the #ifdef SYSVSHM etc. Always call the functions, some stubs are about to go in. This is to fix the problem with the ibcs2 and linux lkm's not being able to call the sysv ipc functions unless the build is modified.
|
13226 |
04-Jan-1996 |
wollman |
Convert SYSV IPC to new-style options. (I hope I got everything...) The LKMs will need an extra file, to come later.
|
13123 |
30-Dec-1995 |
peter |
This commit was generated by cvs2svn to compensate for changes in r13122, which included commits to RCS files with non-trunk default branches.
|
13122 |
30-Dec-1995 |
peter |
recording cvs-1.6 file death
|
12681 |
09-Dec-1995 |
peter |
Update ibcs2 to use the new ps_strings / stack gap arrangements..
|
12662 |
07-Dec-1995 |
dg |
Untangled the vm.h include file spaghetti.
|
12658 |
06-Dec-1995 |
bde |
Removed unnecessary #includes of <sys/user.h>. Some of these were just to get the definitions of TRUE and FALSE which happen to be defined in a deeply nested include.
Added nearby #includes of <sys/conf.h> where appropriate.
|
12418 |
20-Nov-1995 |
phk |
Change call to kern_sysctl to userland_sysctl. Not tested.
|
12257 |
13-Nov-1995 |
bde |
Added bogus casts to avoid compiler warnings.
|
12256 |
13-Nov-1995 |
bde |
Fixed parentheses in macros.
|
12218 |
12-Nov-1995 |
bde |
Added (null for the i386) conversions from ibcs2's bogus fcntl args struct to the standard bogus fcntl args struct.
|
12130 |
06-Nov-1995 |
dg |
All: Changed vnodep -> vp for consistency with the rest of the kernel, and changed iparams -> imgp for brevity.
kern_exec.c: Explicitly initialized some additional parts of the image_params struct to avoid bzeroing it. Rewrote the set-id code to reduce the number of logical tests. The rewrite exposed a mostly benign bug in the algorithm: traced set-id images would get ktracing disabled even if the set-id didn't happen for other reasons.
|
11865 |
28-Oct-1995 |
phk |
Sorry, the last commit screwed up for me, this is the right one (I hope!) Please refer to the previous commit message about sysctl variables.
|
11734 |
23-Oct-1995 |
swallace |
Add code to properly translate signal returned in status argument of wait4() call for STOPPED and SIGNALED status (exit status identical).
|
11628 |
21-Oct-1995 |
swallace |
In bsd_to_ibcs2_sigaction(), flag for ibcs2 system should be IBCS2_SA_NOCLDSTOP and not SA_NOCLDSTOP.
Submitted by: bde
|
11605 |
21-Oct-1995 |
swallace |
sigset() should have sa_flags cleared to sig is maked before calling handler (remove SA_NODEFER).
On the other hand, signal() case should set sa_flags to SA_NODEFER as in previous change.
In addition, added #ifdef'd code for signal() to or in SA_RESETHAND flag for when that compatability is implemented.
|
11574 |
19-Oct-1995 |
swallace |
Use sa_flag option SA_NODEFER in sigsys() emulation because SVR3 does not automatically mask signal upon delivery.
|
11527 |
16-Oct-1995 |
swallace |
Add a hack to emulator to emulat spx device for local X connections. This is truly a hack. The idea is taken from the Linux ibcs2 emulator.
To use this feature, you must use the option, options SPX_HACK in your config.
Also, in /compat/ibcs2/dev, you must do:
lrwxr-xr-x 1 root wheel 9 Oct 15 22:20 X0R@ -> /dev/null lrwxr-xr-x 1 root wheel 7 Oct 15 22:20 nfsd@ -> socksys lrwxr-xr-x 1 root wheel 9 Oct 15 22:20 socksys@ -> /dev/null crw-rw-rw- 1 root wheel 41, 1 Oct 15 22:14 spx
Do NOT use old socksys driver as that has been removed. This hack needs /compat/ibcs2/dev/spx to be any device that does NOT exist/configured (so the now non-existant spx major/minor works fine). When an open() is called, the error ENXIO is checked and then the path is checked. If spx open detected, then a unix socket is opened to the hardcoded path "/tmp/.X11-unix/X0".
As the Linux hacker author mentioned, the real way would be to detect the getmsg/putmsg through /dev/X0R and /dev/spx. Until this true solution is implemented (if ever), I think this hack is important enough to be put into the tree, even though I don't like it dirtying up my clean code (which is what #ifdef SPX_HACK is for).
|
11525 |
16-Oct-1995 |
swallace |
Do a better fake for uname information returned in utssys() call. Currently, the emulator defaults to returning "FreeBSD" as the system name, release "3.2", and version "2.0". Some programs want to make sure they are on a SYSV 3.2 system and check for 3.X release number.
Use the following defines to override the defaults: IBCS2_UNAME_SYSNAME IBCS2_UNAME_RELEASE IBCS2_UNAME_VERSION (should be string) for system name, release, and version, respectively. This allows someone to compile the emulator into the kernel so it can pretend to be a specific system if needed.
|
11417 |
10-Oct-1995 |
swallace |
Fix the getdirentries of ibcs2 to handle uneven DIRBLKSIZ offsets. Same bug as was in linux.
Also, fix problem where an entry would be skipped next call if not enough room in buffer current call.
|
11414 |
10-Oct-1995 |
swallace |
Change alternate space base name from /emul/ibcs2 to /compat/ibcs2, in line with linux alt space of /compat/linux. This was pointed out by Stefan Esser.
In cheching alt space for libraries in imgact_coff.c, use const ibcs2_emul_path instead of its own local string. Also do a proper malloc of temp name according to MAXPATHLEN.
|
11404 |
10-Oct-1995 |
swallace |
Remove redundant getmsg and putmesg function declarations and #include directive
|
11397 |
10-Oct-1995 |
swallace |
Remove old files no longer needed. Add new files created for emulator. Modify NetBSD import to work with FreeBSD and add new features and code. The complete emulator is essentially a combination of work/code implemented by Sean Eric Fagan, Soren Schmidt, Scott Bartram, and myself, Steven Wallace.
Features of this new emulator system include:
o "clean" code, including strict prototyping. o Auto-generation of ibcs2 system calls, xenix system calls, isc system calls. Generation includes system tables, structure definitions, and prototyping of function calls. o ibcs2 emulator does not rely on any COMPAT_43 system calls. o embedded socksys support o ibcs2 msgsys, semsys, shmsys calls supported if supported in kernel o alternate /emul/ibcs2 namespace searched first for files in ibcs2 system. Usefull to keep sysv libraries, binaries in /emul/ibcs2. o many other finer details and functions fixed or implemented.
|
11395 |
10-Oct-1995 |
swallace |
This commit was generated by cvs2svn to compensate for changes in r11394, which included commits to RCS files with non-trunk default branches.
|
10705 |
13-Sep-1995 |
sef |
Unlock the vnode after checking permissions; this is necessary to prevent a panic whenever an iBCS2 file is exec'd.
Obtained from: FreeBSD
|
10358 |
28-Aug-1995 |
julian |
Reviewed by: julian with quick glances by bruce and others Submitted by: terry (terry lambert) This is a composite of 3 patch sets submitted by terry. they are: New low-level init code that supports loadbal modules better some cleanups in the namei code to help terry in 16-bit character support some changes to the mount-root code to make it a little more modular..
NOTE: mounting root off cdrom or NFS MIGHT be broken as I haven't been able to test those cases..
certainly mounting root of disk still works just fine.. mfs should work but is untested. (tomorrows task)
The low level init stuff includes a total rewrite of init_main.c to make it possible for new modules to have an init phase by simply adding an entry to a TEXT_SET (or is it DATA_SET) list. thus a new module can be added to the kernel without editing any other files other than the 'files' file.
|
10221 |
24-Aug-1995 |
dg |
Moved setting of VTEXT flag into the appropriate image activators. This fixes a bug where linux binaries would get the flag set inappropriately.
|
8876 |
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
8224 |
02-May-1995 |
ache |
Fix CHOWN_RESTRICTED and NO_TRUNC to return correct values per POSIX
|
8222 |
02-May-1995 |
ache |
Back out incorrect jkh's fix and apply correct one (POSIX_SAVED_IDS,POSIX_JOB_CONTROL)
|
8221 |
02-May-1995 |
jkh |
The handling of _SC_SAVED_IDS was wrong; _POSIX_SAVED_IDS has no value to assign this way!
|
8184 |
30-Apr-1995 |
ache |
Fix handling of POSIX_JOB_CONTROL and POSIX_SAVED_IDS, pointed out by Bruce.
|
7667 |
08-Apr-1995 |
joerg |
Some long-waiting fixes for the COFF module. They silence compiler warnings and are cosmetic only. Poul once requested them, but neither Sean nor Søren commented on them, so i commit it now before it's getting lost some day.
|
6855 |
03-Mar-1995 |
nate |
emoved redundant definition of imcs2_close() since it already exists in ibcs2_file.c
Reviewed by: Sean and S'oren
|
6581 |
20-Feb-1995 |
dg |
Use of vm_allocate and vm_deallocate has been deprecated.
|
6163 |
03-Feb-1995 |
bde |
Don't depend on namespace pollution in <machine/limits.h> for the definition of CLK_TCK. Use _BSD_CLK_TCK_ instead of CLK_TCK so that we don't have to include the user header <time.h>.
|
5110 |
14-Dec-1994 |
sos |
Fix bug around VOP_READDIR, now takes 6 parameters not 4. The MAXBSIZE has changed, so use DEFAULT_PAGE_SIZE instead.
|
3811 |
23-Oct-1994 |
sos |
First shot README file for iBCS support Reviewed by: sef@kithrup.com
|
3810 |
23-Oct-1994 |
sos |
Fixed some video returns.
|
3672 |
17-Oct-1994 |
sos |
Got a little closer with socksys emulation.
|
3584 |
14-Oct-1994 |
sos |
iBCS2 emulator core files.
This is the main files for the iBCS2 emulator. It can be use compiled into the kernel by using:
options IBCS2 options COMPAT_IBCS2
or as a lkm module using:
options COMPAT_IBCS2
and then loading it via the ibcs2 script in /usr/bin
REMEMBER: this code is still experimental ! NO WARRENTY !
Submitted by: sef@kithrup.com, mostyn@mrl.com, sos@kmd-ac.dk
|
3569 |
13-Oct-1994 |
sos |
Main iBCS2 include file. First part of iBCS2 emulator.
|