#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
229272 |
|
02-Jan-2012 |
ed |
Use strchr() and strrchr().
It seems strchr() and strrchr() are used more often than index() and rindex(). Therefore, simply migrate all kernel code to use it.
For the XFS code, remove an empty line to make the code identical to the code in the Linux kernel.
|
#
225617 |
|
16-Sep-2011 |
kmacy |
In order to maximize the re-usability of kernel code in user space this patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls.
Reviewed by: rwatson Approved by: re (bz)
|
#
193066 |
|
29-May-2009 |
jamie |
Place hostnames and similar information fully under the prison system. The system hostname is now stored in prison0, and the global variable "hostname" has been removed, as has the hostname_mtx mutex. Jails may have their own host information, or they may inherit it from the parent/system. The proper way to read the hostname is via getcredhostname(), which will copy either the hostname associated with the passed cred, or the system hostname if you pass NULL. The system hostname can still be accessed directly (and without locking) at prison0.pr_host, but that should be avoided where possible.
The "similar information" referred to is domainname, hostid, and hostuuid, which have also become prison parameters and had their associated global variables removed.
Approved by: bz (mentor)
|
#
191915 |
|
08-May-2009 |
zec |
Introduce a new virtualization container, provisionally named vprocg, to hold virtualized instances of hostname and domainname, as well as a new top-level virtualization struct vimage, which holds pointers to struct vnet and struct vprocg. Struct vprocg is likely to become replaced in the near future with a new jail management API import.
As a consequence of this change, change struct ucred to point to a struct vimage, instead of directly pointing to a vnet.
Merge vnet / vimage / ucred refcounting infrastructure from p4 / vimage branch.
Permit kldload / kldunload operations to be executed only from the default vimage context.
This change should have no functional impact on nooptions VIMAGE kernel builds.
Reviewed by: bz Approved by: julian (mentor)
|
#
181803 |
|
17-Aug-2008 |
bz |
Commit step 1 of the vimage project, (network stack) virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course of the next few weeks.
Mark all uses of global variables to be virtualized with a V_ prefix. Use macros to map them back to their global names for now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/... Reviewed by: brooks, des, ed, mav, julian, jamie, kris, rwatson, zec, ... (various people I forgot, different versions) md5 (with a bit of help) Sponsored by: NLnet Foundation, The FreeBSD Foundation X-MFC after: never V_Commit_Message_Reviewed_By: more people than the patch
|
#
180291 |
|
05-Jul-2008 |
rwatson |
Introduce a new lock, hostname_mtx, and use it to synchronize access to global hostname and domainname variables. Where necessary, copy to or from a stack-local buffer before performing copyin() or copyout(). A few uses, such as in cd9660 and daemon_saver, remain under-synchronized and will require further updates.
Correct a bug in which a failed copyin() of domainname would leave domainname potentially corrupted.
MFC after: 3 weeks
|
#
164033 |
|
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
#
139799 |
|
06-Jan-2005 |
imp |
/* -> /*- for license, add FreeBSD tag
|
#
136418 |
|
12-Oct-2004 |
phk |
Add missing zero flag arguments to sysctl calls.
Add missing pointy hat to peter@
|
#
121016 |
|
12-Oct-2003 |
tjr |
Fix a multitude of security bugs in the iBCS2 emulator: - Return NULL instead of returning memory outside of the stackgap in stackgap_alloc() (FreeBSD-SA-00:42.linux) - Check for stackgap_alloc() returning NULL in ibcs2_emul_find(); other calls to stackgap_alloc() have not been changed since they are small fixed-size allocations. - Replace use of strcpy() with strlcpy() in exec_coff_imgact() to avoid buffer overflow - Use strlcat() instead of strcat() to avoid a one byte buffer overflow in ibcs2_setipdomainname() - Use copyinstr() instead of copyin() in ibcs2_setipdomainname() to ensure that the string is null-terminated - Avoid integer overflow in ibcs2_setgroups() and ibcs2_setgroups() by checking that gidsetsize argument is non-negative and no larger than NGROUPS_MAX. - Range-check signal numbers in ibcs2_wait(), ibcs2_sigaction(), ibcs2_sigsys() and ibcs2_kill() to avoid accessing array past the end (or before the start)
|
#
115684 |
|
02-Jun-2003 |
obrien |
Use __FBSDID().
|
#
93593 |
|
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
#
92761 |
|
20-Mar-2002 |
alfred |
Remove __P.
|
#
91393 |
|
27-Feb-2002 |
robert |
Use the updated getcredhostname() function.
|
#
91388 |
|
27-Feb-2002 |
robert |
- Use the new getcredhostname function in xenix_utsname(), ibcs2_getipdomainname(), and ibcs2_utssys().
Reviewed by: phk
|
#
83366 |
|
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
#
46112 |
|
27-Apr-1999 |
phk |
Suser() simplification:
1: s/suser/suser_xxx/
2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with later.
There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
#
43314 |
|
27-Jan-1999 |
dillon |
Fix warnings in preparation for adding -Wall -Wcast-qual to the kernel compile
|
#
41514 |
|
04-Dec-1998 |
archie |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Matthew Dillon <dillon@apollo.backplane.com> Reviewed by: Mike Spengler <mks@networkcs.com>
|
#
30994 |
|
06-Nov-1997 |
phk |
Move the "retval" (3rd) parameter from all syscall functions and put it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need recompiled.
|
#
27537 |
|
20-Jul-1997 |
bde |
Removed unused #includes.
|
#
24203 |
|
24-Mar-1997 |
bde |
Don't include <sys/ioctl.h> in the kernel. Stage 1: don't include it when it is not used. In most cases, the reasons for including it went away when the special ioctl headers became self-sufficient.
|
#
16322 |
|
12-Jun-1996 |
gpalmer |
Clean up -Wunused warnings.
Reviewed by: bde
|
#
16310 |
|
11-Jun-1996 |
nate |
Fixed GET/SETIPDOMAIN ioctl on /dev/socksys, which is used by various other socket functions (gethostname() for one).
Reviewed by: sef
|
#
11397 |
|
10-Oct-1995 |
swallace |
Remove old files no longer needed. Add new files created for emulator. Modify NetBSD import to work with FreeBSD and add new features and code. The complete emulator is essentially a combination of work/code implemented by Sean Eric Fagan, Soren Schmidt, Scott Bartram, and myself, Steven Wallace.
Features of this new emulator system include:
o "clean" code, including strict prototyping. o Auto-generation of ibcs2 system calls, xenix system calls, isc system calls. Generation includes system tables, structure definitions, and prototyping of function calls. o ibcs2 emulator does not rely on any COMPAT_43 system calls. o embedded socksys support o ibcs2 msgsys, semsys, shmsys calls supported if supported in kernel o alternate /emul/ibcs2 namespace searched first for files in ibcs2 system. Usefull to keep sysv libraries, binaries in /emul/ibcs2. o many other finer details and functions fixed or implemented.
|
#
8876 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
3672 |
|
17-Oct-1994 |
sos |
Got a little closer with socksys emulation.
|
#
3584 |
|
14-Oct-1994 |
sos |
iBCS2 emulator core files.
This is the main files for the iBCS2 emulator. It can be use compiled into the kernel by using:
options IBCS2 options COMPAT_IBCS2
or as a lkm module using:
options COMPAT_IBCS2
and then loading it via the ibcs2 script in /usr/bin
REMEMBER: this code is still experimental ! NO WARRENTY !
Submitted by: sef@kithrup.com, mostyn@mrl.com, sos@kmd-ac.dk
|