2012-07-29 22:05:39 +04:00
|
|
|
/* $NetBSD: init_main.c,v 1.445 2012/07/29 18:05:48 mlelstv Exp $ */
|
2008-03-27 22:11:05 +03:00
|
|
|
|
|
|
|
|
/*-
|
2009-03-21 17:41:29 +03:00
|
|
|
* Copyright (c) 2008, 2009 The NetBSD Foundation, Inc.
|
2008-03-27 22:11:05 +03:00
|
|
|
* All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
|
|
|
|
|
* ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
|
|
|
|
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
|
|
|
|
|
* BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
|
|
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
|
|
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
|
|
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
|
|
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
|
|
|
* POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
1994-07-03 15:45:41 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1982, 1986, 1989, 1991, 1992, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
* (c) UNIX System Laboratories, Inc.
|
|
|
|
|
* All or some portions of this file are derived from material licensed
|
|
|
|
|
* to the University of California by American Telephone and Telegraph
|
|
|
|
|
* Co. or Unix System Laboratories, Inc. and are reproduced herein with
|
|
|
|
|
* the permission of UNIX System Laboratories, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2003-08-07 20:26:28 +04:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* @(#)init_main.c 8.16 (Berkeley) 5/14/95
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Copyright (c) 1995 Christopher G. Demetriou. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
1994-07-03 15:45:41 +04:00
|
|
|
* 3. All advertising materials mentioning features or use of this software
|
|
|
|
|
* must display the following acknowledgement:
|
|
|
|
|
* This product includes software developed by the University of
|
|
|
|
|
* California, Berkeley and its contributors.
|
|
|
|
|
* 4. Neither the name of the University nor the names of its contributors
|
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
1998-03-01 05:20:01 +03:00
|
|
|
* @(#)init_main.c 8.16 (Berkeley) 5/14/95
|
1994-07-03 15:45:41 +04:00
|
|
|
*/
|
|
|
|
|
|
2001-11-12 18:25:01 +03:00
|
|
|
#include <sys/cdefs.h>
|
2012-07-29 22:05:39 +04:00
|
|
|
__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.445 2012/07/29 18:05:48 mlelstv Exp $");
|
2001-11-12 18:25:01 +03:00
|
|
|
|
2008-10-25 19:40:59 +04:00
|
|
|
#include "opt_ddb.h"
|
2003-08-07 00:30:38 +04:00
|
|
|
#include "opt_ipsec.h"
|
2009-02-14 01:41:00 +03:00
|
|
|
#include "opt_modular.h"
|
2006-06-08 02:33:33 +04:00
|
|
|
#include "opt_ntp.h"
|
2002-02-11 21:11:41 +03:00
|
|
|
#include "opt_pipe.h"
|
2006-06-08 02:33:33 +04:00
|
|
|
#include "opt_syscall_debug.h"
|
|
|
|
|
#include "opt_sysv.h"
|
2007-02-10 00:55:00 +03:00
|
|
|
#include "opt_fileassoc.h"
|
|
|
|
|
#include "opt_ktrace.h"
|
2006-11-22 03:41:38 +03:00
|
|
|
#include "opt_pax.h"
|
2009-01-11 05:45:45 +03:00
|
|
|
#include "opt_compat_netbsd.h"
|
2008-07-31 09:38:04 +04:00
|
|
|
#include "opt_wapbl.h"
|
2009-10-03 02:18:56 +04:00
|
|
|
#include "opt_ptrace.h"
|
1998-02-10 17:08:44 +03:00
|
|
|
|
2009-09-30 02:40:15 +04:00
|
|
|
#include "drvctl.h"
|
2008-12-05 02:18:13 +03:00
|
|
|
#include "ksyms.h"
|
2012-02-02 23:42:57 +04:00
|
|
|
|
Imported envsys 2, a brief description of the new features:
(Part 1: API)
* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.
Tested by:
blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
2007-07-01 11:36:39 +04:00
|
|
|
#include "sysmon_envsys.h"
|
|
|
|
|
#include "sysmon_power.h"
|
2007-09-02 04:41:24 +04:00
|
|
|
#include "sysmon_taskq.h"
|
|
|
|
|
#include "sysmon_wdog.h"
|
2006-07-26 13:33:57 +04:00
|
|
|
#include "veriexec.h"
|
1997-10-13 04:46:08 +04:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/param.h>
|
2000-03-10 04:13:18 +03:00
|
|
|
#include <sys/acct.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/filedesc.h>
|
1998-09-01 03:55:37 +04:00
|
|
|
#include <sys/file.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/errno.h>
|
2000-01-19 23:05:30 +03:00
|
|
|
#include <sys/callout.h>
|
2007-05-17 18:51:11 +04:00
|
|
|
#include <sys/cpu.h>
|
2011-09-28 19:52:47 +04:00
|
|
|
#include <sys/cpufreq.h>
|
2009-11-03 08:23:27 +03:00
|
|
|
#include <sys/spldebug.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/kernel.h>
|
|
|
|
|
#include <sys/mount.h>
|
|
|
|
|
#include <sys/proc.h>
|
1998-11-12 01:45:32 +03:00
|
|
|
#include <sys/kthread.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/resourcevar.h>
|
|
|
|
|
#include <sys/signalvar.h>
|
|
|
|
|
#include <sys/systm.h>
|
|
|
|
|
#include <sys/vnode.h>
|
2007-01-19 17:49:08 +03:00
|
|
|
#include <sys/fstrans.h>
|
1996-10-09 04:59:15 +04:00
|
|
|
#include <sys/tty.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/conf.h>
|
1997-01-31 05:25:47 +03:00
|
|
|
#include <sys/disklabel.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/buf.h>
|
|
|
|
|
#include <sys/device.h>
|
2000-12-09 01:07:36 +03:00
|
|
|
#include <sys/exec.h>
|
1998-08-02 08:53:11 +04:00
|
|
|
#include <sys/socketvar.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/protosw.h>
|
2008-01-14 15:40:02 +03:00
|
|
|
#include <sys/percpu.h>
|
2011-07-30 21:01:04 +04:00
|
|
|
#include <sys/pserialize.h>
|
2008-03-09 18:39:14 +03:00
|
|
|
#include <sys/pset.h>
|
2008-01-14 15:40:02 +03:00
|
|
|
#include <sys/sysctl.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <sys/reboot.h>
|
2002-10-23 13:10:23 +04:00
|
|
|
#include <sys/event.h>
|
2003-11-14 10:13:25 +03:00
|
|
|
#include <sys/mbuf.h>
|
2007-05-17 18:51:11 +04:00
|
|
|
#include <sys/sched.h>
|
2007-02-10 00:55:00 +03:00
|
|
|
#include <sys/sleepq.h>
|
2006-12-07 23:23:38 +03:00
|
|
|
#include <sys/iostat.h>
|
2007-06-17 17:34:42 +04:00
|
|
|
#include <sys/vmem.h>
|
2007-07-10 00:51:58 +04:00
|
|
|
#include <sys/uuid.h>
|
|
|
|
|
#include <sys/extent.h>
|
2007-07-21 23:51:47 +04:00
|
|
|
#include <sys/disk.h>
|
2007-11-07 03:19:08 +03:00
|
|
|
#include <sys/msgbuf.h>
|
2008-01-16 15:34:50 +03:00
|
|
|
#include <sys/module.h>
|
2008-03-22 00:54:58 +03:00
|
|
|
#include <sys/event.h>
|
2008-05-28 17:35:32 +04:00
|
|
|
#include <sys/lockf.h>
|
2008-10-09 14:48:21 +04:00
|
|
|
#include <sys/once.h>
|
2011-08-07 17:33:01 +04:00
|
|
|
#include <sys/kcpuset.h>
|
2008-10-20 14:24:18 +04:00
|
|
|
#include <sys/ksyms.h>
|
2008-10-11 17:40:57 +04:00
|
|
|
#include <sys/uidinfo.h>
|
2009-01-01 18:10:20 +03:00
|
|
|
#include <sys/kprintf.h>
|
2004-03-09 05:35:45 +03:00
|
|
|
#ifdef FAST_IPSEC
|
2003-08-07 00:30:38 +04:00
|
|
|
#include <netipsec/ipsec.h>
|
|
|
|
|
#endif
|
1996-02-09 21:59:18 +03:00
|
|
|
#ifdef SYSVSHM
|
|
|
|
|
#include <sys/shm.h>
|
|
|
|
|
#endif
|
2004-03-09 05:35:45 +03:00
|
|
|
#ifdef SYSVSEM
|
1996-02-09 21:59:18 +03:00
|
|
|
#include <sys/sem.h>
|
|
|
|
|
#endif
|
|
|
|
|
#ifdef SYSVMSG
|
|
|
|
|
#include <sys/msg.h>
|
|
|
|
|
#endif
|
|
|
|
|
#include <sys/domain.h>
|
1997-01-31 03:50:38 +03:00
|
|
|
#include <sys/namei.h>
|
1997-10-10 03:17:37 +04:00
|
|
|
#include <sys/rnd.h>
|
2001-06-16 16:00:02 +04:00
|
|
|
#include <sys/pipe.h>
|
2006-07-22 14:34:26 +04:00
|
|
|
#if NVERIEXEC > 0
|
2005-04-20 17:44:45 +04:00
|
|
|
#include <sys/verified_exec.h>
|
2006-07-22 14:34:26 +04:00
|
|
|
#endif /* NVERIEXEC > 0 */
|
2007-02-10 00:55:00 +03:00
|
|
|
#ifdef KTRACE
|
|
|
|
|
#include <sys/ktrace.h>
|
|
|
|
|
#endif
|
2006-05-15 01:15:11 +04:00
|
|
|
#include <sys/kauth.h>
|
Resolve conflicts and adapt to NetBSD.
Thanks to dyoung@, scw@, and perry@ for help testing.
2005-08-30 15:27 avatar
Properly set ic_curchan before calling back to device driver to do channel
switching(ifconfig devX channel Y). This fix should make channel changing
works again in monitor mode.
Submitted by: sam
X-MFC-With: other ic_curchan changes
2005-08-13 18:50 sam
revert 1.64: we cannot use the channel characteristics to decide when to
do 11g erp sta accounting because b/g channels show up as false positives
when operating in 11b.
Noticed by: Michal Mertl
2005-08-13 18:31 sam
Extend acl support to pass ioctl requests through and use this to
add support for getting the current policy setting and collecting
the list of mac addresses in the acl table.
Submitted by: Michal Mertl (original version)
MFC after: 2 weeks
2005-08-10 18:42 sam
Don't use ic_curmode to decide when to do 11g station accounting,
use the station channel properties. Fixes assert failure/bogus
operation when an ap is operating in 11a and has associated stations
then switches to 11g.
Noticed by: Michal Mertl
Reviewed by: avatar
MFC after: 2 weeks
2005-08-10 17:22 sam
Clarify/fix handling of the current channel:
o add ic_curchan and use it uniformly for specifying the current
channel instead of overloading ic->ic_bss->ni_chan (or in some
drivers ic_ibss_chan)
o add ieee80211_scanparams structure to encapsulate scanning-related
state captured for rx frames
o move rx beacon+probe response frame handling into separate routines
o change beacon+probe response handling to treat the scan table
more like a scan cache--look for an existing entry before adding
a new one; this combined with ic_curchan use corrects handling of
stations that were previously found at a different channel
o move adhoc neighbor discovery by beacon+probe response frames to
a new ieee80211_add_neighbor routine
Reviewed by: avatar
Tested by: avatar, Michal Mertl
MFC after: 2 weeks
2005-08-09 11:19 rwatson
Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags. Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags. This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.
Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.
Reviewed by: pjd, bz
MFC after: 7 days
2005-08-08 19:46 sam
Split crypto tx+rx key indices and add a key index -> node mapping table:
Crypto changes:
o change driver/net80211 key_alloc api to return tx+rx key indices; a
driver can leave the rx key index set to IEEE80211_KEYIX_NONE or set
it to be the same as the tx key index (the former disables use of
the key index in building the keyix->node mapping table and is the
default setup for naive drivers by null_key_alloc)
o add cs_max_keyid to crypto state to specify the max h/w key index a
driver will return; this is used to allocate the key index mapping
table and to bounds check table loookups
o while here introduce ieee80211_keyix (finally) for the type of a h/w
key index
o change crypto notifiers for rx failures to pass the rx key index up
as appropriate (michael failure, replay, etc.)
Node table changes:
o optionally allocate a h/w key index to node mapping table for the
station table using the max key index setting supplied by drivers
(note the scan table does not get a map)
o defer node table allocation to lateattach so the driver has a chance
to set the max key id to size the key index map
o while here also defer the aid bitmap allocation
o add new ieee80211_find_rxnode_withkey api to find a sta/node entry
on frame receive with an optional h/w key index to use in checking
mapping table; also updates the map if it does a hash lookup and the
found node has a rx key index set in the unicast key; note this work
is separated from the old ieee80211_find_rxnode call so drivers do
not need to be aware of the new mechanism
o move some node table manipulation under the node table lock to close
a race on node delete
o add ieee80211_node_delucastkey to do the dirty work of deleting
unicast key state for a node (deletes any key and handles key map
references)
Ath driver:
o nuke private sc_keyixmap mechansim in favor of net80211 support
o update key alloc api
These changes close several race conditions for the ath driver operating
in ap mode. Other drivers should see no change. Station mode operation
for ath no longer uses the key index map but performance tests show no
noticeable change and this will be fixed when the scan table is eliminated
with the new scanning support.
Tested by: Michal Mertl, avatar, others
Reviewed by: avatar, others
MFC after: 2 weeks
2005-08-08 06:49 sam
use ieee80211_iterate_nodes to retrieve station data; the previous
code walked the list w/o locking
MFC after: 1 week
2005-08-08 04:30 sam
Cleanup beacon/listen interval handling:
o separate configured beacon interval from listen interval; this
avoids potential use of one value for the other (e.g. setting
powersavesleep to 0 clobbers the beacon interval used in hostap
or ibss mode)
o bounds check the beacon interval received in probe response and
beacon frames and drop frames with bogus settings; not clear
if we should instead clamp the value as any alteration would
result in mismatched sta+ap configuration and probably be more
confusing (don't want to log to the console but perhaps ok with
rate limiting)
o while here up max beacon interval to reflect WiFi standard
Noticed by: Martin <nakal@nurfuerspam.de>
MFC after: 1 week
2005-08-06 05:57 sam
fix debug msg typo
MFC after: 3 days
2005-08-06 05:56 sam
Fix handling of frames sent prior to a station being authorized
when operating in ap mode. Previously we allocated a node from the
station table, sent the frame (using the node), then released the
reference that "held the frame in the table". But while the frame
was in flight the node might be reclaimed which could lead to
problems. The solution is to add an ieee80211_tmp_node routine
that crafts a node that does exist in a table and so isn't ever
reclaimed; it exists only so long as the associated frame is in flight.
MFC after: 5 days
2005-07-31 07:12 sam
close a race between reclaiming a node when a station is inactive
and sending the null data frame used to probe inactive stations
MFC after: 5 days
2005-07-27 05:41 sam
when bridging internally bypass the bss node as traffic to it
must follow the normal input path
Submitted by: Michal Mertl
MFC after: 5 days
2005-07-27 03:53 sam
bandaid ni_fails handling so ap's with association failures are
reconsidered after a bit; a proper fix involves more changes to
the scanning infrastructure
Reviewed by: avatar, David Young
MFC after: 5 days
2005-07-23 01:16 sam
the AREF flag is only meaningful in ap mode; adhoc neighbors now
are timed out of the sta/neighbor table
2005-07-23 00:25 sam
o move inactivity-related debug msgs under IEEE80211_MSG_INACT
o probe inactive neighbors in adhoc mode (they don't have an
association id so previously were being timed out)
MFC after: 3 days
2005-07-22 22:11 sam
split xmit of probe request frame out into a separate routine that
takes explicit parameters; this will be needed when scanning is
decoupled from the state machine to do bg scanning
MFC after: 3 days
2005-07-22 21:48 sam
split 802.11 frame xmit setup code into ieee80211_send_setup
MFC after: 3 days
2005-07-22 18:57 sam
simplify ic_newassoc callback
MFC after: 3 days
2005-07-22 18:54 sam
simplify ieee80211_ibss_merge api
MFC after: 3 days
2005-07-22 18:50 sam
add stats we know we'll need soon and some spare fields for future expansion
MFC after: 3 days
2005-07-22 18:45 sam
simplify tim callback api
MFC after: 3 days
2005-07-22 18:42 sam
don't include 802.3 header in min frame length calculation as it may
not be present for a frag; fixes problem with small (fragmented) frames
being dropped
Obtained from: Atheros
MFC after: 3 days
2005-07-22 18:36 sam
simplify ieee80211_node_authorize and ieee80211_node_unauthorize api's
MFC after: 3 days
2005-07-22 18:31 sam
simplifiy ieee80211_send_nulldata api
MFC after: 3 days
2005-07-22 18:29 sam
simplify rate set api's by removing ic parameter (implicit in node reference)
MFC after: 3 days
2005-07-22 18:21 sam
reject association requests with a wpa/rsn ie when wpa/rsn is not
configured on the ap; previously we either ignored the ie or (possibly)
failed an assertion
Obtained from: Atheros
MFC after: 3 days
2005-07-22 18:16 sam
missed one in last commit; add device name to discard msgs
2005-07-22 18:13 sam
include device name in discard msgs
2005-07-22 18:12 sam
add diag msgs for frames discarded because the direction field is wrong
2005-07-22 18:08 sam
split data frame delivery out to a new function ieee80211_deliver_data
2005-07-22 18:00 sam
o add IEEE80211_IOC_FRAGTHRESHOLD for getting+setting the
tx fragmentation threshold
o fix bounds checking on IEEE80211_IOC_RTSTHRESHOLD
MFC after: 3 days
2005-07-22 17:55 sam
o add IEEE80211_FRAG_DEFAULT
o move default settings for RTS and frag thresholds to ieee80211_var.h
2005-07-22 17:50 sam
diff reduction against p4: define IEEE80211_FIXED_RATE_NONE and use
it instead of -1
2005-07-22 17:37 sam
add flags missed in last merge
2005-07-22 17:36 sam
Diff reduction against p4:
o add ic_flags_ext for eventual extention of ic_flags
o define/reserve flag+capabilities bits for superg,
bg scan, and roaming support
o refactor debug msg macros
MFC after: 3 days
2005-07-22 06:17 sam
send a response when an auth request is denied due to an acl;
might be better to silently ignore the frame but this way we
give stations a chance of figuring out what's wrong
2005-07-22 06:15 sam
remove excess whitespace
2005-07-22 05:55 sam
use IF_HANDOFF when bridging frames internally so if_start gets
called; fixes communication between associated sta's
MFC after: 3 days
2005-07-11 04:06 sam
Handle encrypt of arbitarily fragmented mbuf chains: previously
we bailed if we couldn't collect the 16-bytes of data required
for an aes block cipher in 2 mbufs; now we deal with it. While
here make space accounting signed so a sanity check does the
right thing for malformed mbuf chains.
Approved by: re (scottl)
2005-07-11 04:00 sam
nuke assert that duplicates real check
Reviewed by: avatar
Approved by: re (scottl)
2005-11-18 19:40:08 +03:00
|
|
|
#include <net80211/ieee80211_netbsd.h>
|
2009-10-03 02:18:56 +04:00
|
|
|
#ifdef PTRACE
|
|
|
|
|
#include <sys/ptrace.h>
|
|
|
|
|
#endif /* PTRACE */
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
#include <sys/cprng.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
|
1995-04-22 23:42:47 +04:00
|
|
|
#include <sys/syscall.h>
|
1994-10-20 07:22:35 +03:00
|
|
|
#include <sys/syscallargs.h>
|
|
|
|
|
|
2007-12-27 16:34:43 +03:00
|
|
|
#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
|
2006-11-22 03:41:38 +03:00
|
|
|
#include <sys/pax.h>
|
2007-12-27 16:34:43 +03:00
|
|
|
#endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */
|
|
|
|
|
|
Implement the register/deregister/evaluation API for secmodel(9). It
allows registration of callbacks that can be used later for
cross-secmodel "safe" communication.
When a secmodel wishes to know a property maintained by another
secmodel, it has to submit a request to it so the other secmodel can
proceed to evaluating the request. This is done through the
secmodel_eval(9) call; example:
bool isroot;
error = secmodel_eval("org.netbsd.secmodel.suser", "is-root",
cred, &isroot);
if (error == 0 && !isroot)
result = KAUTH_RESULT_DENY;
This one asks the suser module if the credentials are assumed to be root
when evaluated by suser module. If the module is present, it will
respond. If absent, the call will return an error.
Args and command are arbitrarily defined; it's up to the secmodel(9) to
document what it expects.
Typical example is securelevel testing: when someone wants to know
whether securelevel is raised above a certain level or not, the caller
has to request this property to the secmodel_securelevel(9) module.
Given that securelevel module may be absent from system's context (thus
making access to the global "securelevel" variable impossible or
unsafe), this API can cope with this absence and return an error.
We are using secmodel_eval(9) to implement a secmodel_extensions(9)
module, which plugs with the bsd44, suser and securelevel secmodels
to provide the logic behind curtain, usermount and user_set_cpu_affinity
modes, without adding hooks to traditional secmodels. This solves a
real issue with the current secmodel(9) code, as usermount or
user_set_cpu_affinity are not really tied to secmodel_suser(9).
The secmodel_eval(9) is also used to restrict security.models settings
when securelevel is above 0, through the "is-securelevel-above"
evaluation:
- curtain can be enabled any time, but cannot be disabled if
securelevel is above 0.
- usermount/user_set_cpu_affinity can be disabled any time, but cannot
be enabled if securelevel is above 0.
Regarding sysctl(7) entries:
curtain and usermount are now found under security.models.extensions
tree. The security.curtain and vfs.generic.usermount are still
accessible for backwards compat.
Documentation is incoming, I am proof-reading my writings.
Written by elad@, reviewed and tested (anita test + interact for rights
tests) by me. ok elad@.
See also
http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html
XXX might consider va0 mapping too.
XXX Having a secmodel(9) specific printf (like aprint_*) for reporting
secmodel(9) errors might be a good idea, but I am not sure on how
to design such a function right now.
2011-12-04 23:24:58 +04:00
|
|
|
#include <secmodel/secmodel.h>
|
|
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
#include <ufs/ufs/quota.h>
|
|
|
|
|
|
1999-11-15 21:49:07 +03:00
|
|
|
#include <miscfs/genfs/genfs.h>
|
|
|
|
|
#include <miscfs/syncfs/syncfs.h>
|
2009-11-15 05:37:13 +03:00
|
|
|
#include <miscfs/specfs/specdev.h>
|
1999-11-15 21:49:07 +03:00
|
|
|
|
2007-10-19 15:59:34 +04:00
|
|
|
#include <sys/cpu.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2011-01-17 10:13:31 +03:00
|
|
|
#include <uvm/uvm.h> /* extern struct uvm uvm */
|
1998-02-05 10:59:28 +03:00
|
|
|
|
2007-07-22 03:15:16 +04:00
|
|
|
#if NSYSMON_TASKQ > 0
|
|
|
|
|
#include <dev/sysmon/sysmon_taskq.h>
|
|
|
|
|
#endif
|
|
|
|
|
|
2002-08-23 10:17:08 +04:00
|
|
|
#include <dev/cons.h>
|
2007-07-22 03:15:16 +04:00
|
|
|
|
2007-09-02 04:41:24 +04:00
|
|
|
#if NSYSMON_ENVSYS > 0 || NSYSMON_POWER > 0 || NSYSMON_WDOG > 0
|
Imported envsys 2, a brief description of the new features:
(Part 1: API)
* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.
Tested by:
blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
2007-07-01 11:36:39 +04:00
|
|
|
#include <dev/sysmon/sysmonvar.h>
|
|
|
|
|
#endif
|
2002-08-23 10:17:08 +04:00
|
|
|
|
2010-01-20 01:06:18 +03:00
|
|
|
#include <net/bpf.h>
|
1996-02-04 05:15:01 +03:00
|
|
|
#include <net/if.h>
|
|
|
|
|
#include <net/raw_cb.h>
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2009-09-13 22:45:10 +04:00
|
|
|
#include <prop/proplib.h>
|
|
|
|
|
|
2009-01-11 05:45:45 +03:00
|
|
|
#ifdef COMPAT_50
|
|
|
|
|
#include <compat/sys/time.h>
|
|
|
|
|
struct timeval50 boottime50;
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-09-03 19:20:08 +04:00
|
|
|
#include <sys/userconf.h>
|
|
|
|
|
|
2005-08-05 15:03:18 +04:00
|
|
|
extern struct lwp lwp0;
|
2007-07-30 12:45:26 +04:00
|
|
|
extern time_t rootfstime;
|
2005-08-05 15:03:18 +04:00
|
|
|
|
2003-01-18 13:06:22 +03:00
|
|
|
#ifndef curlwp
|
|
|
|
|
struct lwp *curlwp = &lwp0;
|
1998-10-19 15:51:53 +04:00
|
|
|
#endif
|
1997-10-10 12:19:41 +04:00
|
|
|
struct proc *initproc;
|
1994-07-03 15:45:41 +04:00
|
|
|
|
|
|
|
|
struct vnode *rootvp, *swapdev_vp;
|
|
|
|
|
int boothowto;
|
1999-09-18 00:11:56 +04:00
|
|
|
int cold = 1; /* still working on startup */
|
2009-01-11 05:45:45 +03:00
|
|
|
struct timespec boottime; /* time at system startup - will only follow settime deltas */
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2008-05-27 21:50:03 +04:00
|
|
|
int start_init_exec; /* semaphore for start_init() */
|
2000-01-24 21:03:19 +03:00
|
|
|
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
cprng_strong_t *kern_cprng;
|
|
|
|
|
|
2005-12-11 15:16:03 +03:00
|
|
|
static void check_console(struct lwp *l);
|
2000-07-14 11:21:21 +04:00
|
|
|
static void start_init(void *);
|
2009-09-03 19:20:08 +04:00
|
|
|
static void configure(void);
|
|
|
|
|
static void configure2(void);
|
2010-06-25 19:10:42 +04:00
|
|
|
static void configure3(void);
|
2000-07-14 11:21:21 +04:00
|
|
|
void main(void);
|
2006-11-11 05:12:53 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
|
|
|
|
* System startup; initialize the world, create process 0, mount root
|
|
|
|
|
* filesystem, and fork to create init and pagedaemon. Most of the
|
|
|
|
|
* hard work is done in the lower-level initialization routines including
|
|
|
|
|
* startup(), which does memory initialization and autoconfiguration.
|
|
|
|
|
*/
|
1996-02-04 05:15:01 +03:00
|
|
|
void
|
2000-07-14 11:21:21 +04:00
|
|
|
main(void)
|
1994-07-03 15:45:41 +04:00
|
|
|
{
|
2009-01-11 05:45:45 +03:00
|
|
|
struct timespec time;
|
2003-01-18 13:06:22 +03:00
|
|
|
struct lwp *l;
|
1999-03-26 04:10:50 +03:00
|
|
|
struct proc *p;
|
2002-08-25 23:13:08 +04:00
|
|
|
int s, error;
|
2000-07-06 13:51:54 +04:00
|
|
|
#ifdef NVNODE_IMPLICIT
|
|
|
|
|
int usevnodes;
|
|
|
|
|
#endif
|
2007-08-04 15:02:56 +04:00
|
|
|
CPU_INFO_ITERATOR cii;
|
|
|
|
|
struct cpu_info *ci;
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2003-01-18 13:06:22 +03:00
|
|
|
l = &lwp0;
|
2007-11-07 19:51:28 +03:00
|
|
|
#ifndef LWP0_CPU_INFO
|
2003-01-18 13:06:22 +03:00
|
|
|
l->l_cpu = curcpu();
|
2007-11-07 19:51:28 +03:00
|
|
|
#endif
|
2009-07-19 14:11:55 +04:00
|
|
|
l->l_pflag |= LP_RUNNING;
|
2004-03-09 05:35:45 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
|
|
|
|
* Attempt to find console and initialize
|
|
|
|
|
* in case of early panic or other messages.
|
|
|
|
|
*/
|
|
|
|
|
consinit();
|
|
|
|
|
|
2007-10-11 23:45:24 +04:00
|
|
|
kernel_lock_init();
|
2008-10-09 14:48:21 +04:00
|
|
|
once_init();
|
2011-07-30 21:01:04 +04:00
|
|
|
|
2012-01-30 02:55:40 +04:00
|
|
|
mi_cpu_init();
|
2010-08-21 17:17:31 +04:00
|
|
|
kernconfig_lock_init();
|
2011-05-19 07:07:29 +04:00
|
|
|
kthread_sysinit();
|
2000-08-22 21:28:28 +04:00
|
|
|
|
2009-09-02 12:07:05 +04:00
|
|
|
/* Initialize the device switch tables. */
|
|
|
|
|
devsw_init();
|
|
|
|
|
|
2011-06-12 07:35:36 +04:00
|
|
|
/* Initialize event counters. */
|
|
|
|
|
evcnt_init();
|
|
|
|
|
|
1998-02-05 10:59:28 +03:00
|
|
|
uvm_init();
|
2011-08-07 17:33:01 +04:00
|
|
|
kcpuset_sysinit();
|
1998-08-01 05:36:35 +04:00
|
|
|
|
2009-09-13 22:45:10 +04:00
|
|
|
prop_kern_init();
|
|
|
|
|
|
2008-12-05 02:18:13 +03:00
|
|
|
#if ((NKSYMS > 0) || (NDDB > 0) || (NMODULAR > 0))
|
2008-11-30 21:21:31 +03:00
|
|
|
ksyms_init();
|
2008-12-05 02:18:13 +03:00
|
|
|
#endif
|
2009-01-01 18:10:20 +03:00
|
|
|
kprintf_init();
|
2008-11-30 21:21:31 +03:00
|
|
|
|
2008-01-14 15:40:02 +03:00
|
|
|
percpu_init();
|
|
|
|
|
|
2008-03-27 22:11:05 +03:00
|
|
|
/* Initialize lock caches. */
|
|
|
|
|
mutex_obj_init();
|
2009-04-19 18:04:51 +04:00
|
|
|
rw_obj_init();
|
2008-03-27 22:11:05 +03:00
|
|
|
|
2011-07-30 21:01:04 +04:00
|
|
|
/* Passive serialization. */
|
|
|
|
|
pserialize_init();
|
|
|
|
|
|
2007-07-10 00:51:58 +04:00
|
|
|
/* Initialize the extent manager. */
|
|
|
|
|
extent_init();
|
|
|
|
|
|
1999-04-01 04:22:45 +04:00
|
|
|
/* Do machine-dependent initialization. */
|
|
|
|
|
cpu_startup();
|
|
|
|
|
|
2008-12-07 23:58:46 +03:00
|
|
|
/* Initialize the sysctl subsystem. */
|
|
|
|
|
sysctl_init();
|
|
|
|
|
|
2007-07-10 00:51:58 +04:00
|
|
|
/* Initialize callouts, part 1. */
|
2000-03-24 14:57:14 +03:00
|
|
|
callout_startup();
|
2000-01-19 23:05:30 +03:00
|
|
|
|
2009-11-14 21:36:56 +03:00
|
|
|
/* Initialize the kernel authorization subsystem. */
|
|
|
|
|
kauth_init();
|
|
|
|
|
|
Implement the register/deregister/evaluation API for secmodel(9). It
allows registration of callbacks that can be used later for
cross-secmodel "safe" communication.
When a secmodel wishes to know a property maintained by another
secmodel, it has to submit a request to it so the other secmodel can
proceed to evaluating the request. This is done through the
secmodel_eval(9) call; example:
bool isroot;
error = secmodel_eval("org.netbsd.secmodel.suser", "is-root",
cred, &isroot);
if (error == 0 && !isroot)
result = KAUTH_RESULT_DENY;
This one asks the suser module if the credentials are assumed to be root
when evaluated by suser module. If the module is present, it will
respond. If absent, the call will return an error.
Args and command are arbitrarily defined; it's up to the secmodel(9) to
document what it expects.
Typical example is securelevel testing: when someone wants to know
whether securelevel is raised above a certain level or not, the caller
has to request this property to the secmodel_securelevel(9) module.
Given that securelevel module may be absent from system's context (thus
making access to the global "securelevel" variable impossible or
unsafe), this API can cope with this absence and return an error.
We are using secmodel_eval(9) to implement a secmodel_extensions(9)
module, which plugs with the bsd44, suser and securelevel secmodels
to provide the logic behind curtain, usermount and user_set_cpu_affinity
modes, without adding hooks to traditional secmodels. This solves a
real issue with the current secmodel(9) code, as usermount or
user_set_cpu_affinity are not really tied to secmodel_suser(9).
The secmodel_eval(9) is also used to restrict security.models settings
when securelevel is above 0, through the "is-securelevel-above"
evaluation:
- curtain can be enabled any time, but cannot be disabled if
securelevel is above 0.
- usermount/user_set_cpu_affinity can be disabled any time, but cannot
be enabled if securelevel is above 0.
Regarding sysctl(7) entries:
curtain and usermount are now found under security.models.extensions
tree. The security.curtain and vfs.generic.usermount are still
accessible for backwards compat.
Documentation is incoming, I am proof-reading my writings.
Written by elad@, reviewed and tested (anita test + interact for rights
tests) by me. ok elad@.
See also
http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html
XXX might consider va0 mapping too.
XXX Having a secmodel(9) specific printf (like aprint_*) for reporting
secmodel(9) errors might be a good idea, but I am not sure on how
to design such a function right now.
2011-12-04 23:24:58 +04:00
|
|
|
secmodel_init();
|
|
|
|
|
|
2009-11-14 21:36:56 +03:00
|
|
|
spec_init();
|
|
|
|
|
|
2010-01-20 01:06:18 +03:00
|
|
|
/*
|
|
|
|
|
* Set BPF op vector. Can't do this in bpf attach, since
|
|
|
|
|
* network drivers attach before bpf.
|
|
|
|
|
*/
|
|
|
|
|
bpf_setops();
|
|
|
|
|
|
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
2009-10-02 22:50:12 +04:00
|
|
|
/* Start module system. */
|
2010-01-31 06:57:01 +03:00
|
|
|
module_init();
|
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
2009-10-02 22:50:12 +04:00
|
|
|
|
2007-01-28 01:54:58 +03:00
|
|
|
/*
|
|
|
|
|
* Initialize the kernel authorization subsystem and start the
|
|
|
|
|
* default security model, if any. We need to do this early
|
|
|
|
|
* enough so that subsystems relying on any of the aforementioned
|
|
|
|
|
* can work properly. Since the security model may dictate the
|
|
|
|
|
* credential inheritance policy, it is needed at least before
|
|
|
|
|
* any process is created, specifically proc0.
|
|
|
|
|
*/
|
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
2009-10-02 22:50:12 +04:00
|
|
|
module_init_class(MODULE_CLASS_SECMODEL);
|
2007-01-27 04:13:10 +03:00
|
|
|
|
2003-12-30 15:33:13 +03:00
|
|
|
/* Initialize the buffer cache */
|
|
|
|
|
bufinit();
|
|
|
|
|
|
1998-08-02 08:53:11 +04:00
|
|
|
/* Initialize sockets. */
|
|
|
|
|
soinit();
|
|
|
|
|
|
1999-09-18 00:11:56 +04:00
|
|
|
/*
|
2002-11-24 20:33:43 +03:00
|
|
|
* The following things must be done before autoconfiguration.
|
1999-09-18 00:11:56 +04:00
|
|
|
*/
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
rnd_init(); /* initialize entropy pool */
|
|
|
|
|
|
|
|
|
|
cprng_init(); /* initialize cryptographic PRNG */
|
2000-07-14 11:21:21 +04:00
|
|
|
|
2004-04-25 20:42:40 +04:00
|
|
|
/* Initialize process and pgrp structures. */
|
1994-08-30 07:04:28 +04:00
|
|
|
procinit();
|
2006-10-08 08:28:44 +04:00
|
|
|
lwpinit();
|
1994-08-30 07:04:28 +04:00
|
|
|
|
2005-08-05 15:03:18 +04:00
|
|
|
/* Initialize signal-related data structures. */
|
|
|
|
|
signal_init();
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2007-12-26 19:01:34 +03:00
|
|
|
/* Initialize resource management. */
|
|
|
|
|
resource_init();
|
|
|
|
|
|
2009-10-26 22:03:17 +03:00
|
|
|
/* Create process 0. */
|
2005-08-05 15:03:18 +04:00
|
|
|
proc0_init();
|
2010-06-11 00:54:53 +04:00
|
|
|
lwp0_init();
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2009-03-05 09:37:03 +03:00
|
|
|
/* Disable preemption during boot. */
|
|
|
|
|
kpreempt_disable();
|
|
|
|
|
|
2007-07-10 00:51:58 +04:00
|
|
|
/* Initialize the UID hash table. */
|
|
|
|
|
uid_init();
|
|
|
|
|
|
|
|
|
|
/* Charge root for one process. */
|
1994-07-03 15:45:41 +04:00
|
|
|
(void)chgproccnt(0, 1);
|
|
|
|
|
|
2007-11-15 23:12:04 +03:00
|
|
|
/* Initialize timekeeping. */
|
|
|
|
|
time_init();
|
|
|
|
|
|
2007-02-10 00:55:00 +03:00
|
|
|
/* Initialize the run queues, turnstiles and sleep queues. */
|
2007-05-17 18:51:11 +04:00
|
|
|
sched_rqinit();
|
2007-02-10 00:55:00 +03:00
|
|
|
turnstile_init();
|
|
|
|
|
sleeptab_init(&sleeptab);
|
|
|
|
|
|
2009-10-04 02:32:56 +04:00
|
|
|
sched_init();
|
|
|
|
|
|
2008-01-15 06:37:10 +03:00
|
|
|
/* Initialize processor-sets */
|
|
|
|
|
psets_init();
|
|
|
|
|
|
2011-09-28 19:52:47 +04:00
|
|
|
/* Initialize cpufreq(9) */
|
|
|
|
|
cpufreq_init();
|
|
|
|
|
|
2007-05-17 18:51:11 +04:00
|
|
|
/* MI initialization of the boot cpu */
|
|
|
|
|
error = mi_cpu_attach(curcpu());
|
|
|
|
|
KASSERT(error == 0);
|
|
|
|
|
|
2008-04-21 04:13:46 +04:00
|
|
|
/* Initialize timekeeping, part 2. */
|
|
|
|
|
time_init2();
|
|
|
|
|
|
2008-01-14 15:40:02 +03:00
|
|
|
/*
|
|
|
|
|
* Initialize mbuf's. Do this now because we might attempt to
|
|
|
|
|
* allocate mbufs or mbuf clusters during autoconfiguration.
|
|
|
|
|
*/
|
|
|
|
|
mbinit();
|
|
|
|
|
|
2006-12-07 23:23:38 +03:00
|
|
|
/* Initialize I/O statistics. */
|
|
|
|
|
iostat_init();
|
|
|
|
|
|
2007-11-07 03:19:08 +03:00
|
|
|
/* Initialize the log device. */
|
|
|
|
|
loginit();
|
|
|
|
|
|
First part of secmodel cleanup and other misc. changes:
- Separate the suser part of the bsd44 secmodel into its own secmodel
and directory, pending even more cleanups. For revision history
purposes, the original location of the files was
src/sys/secmodel/bsd44/secmodel_bsd44_suser.c
src/sys/secmodel/bsd44/suser.h
- Add a man-page for secmodel_suser(9) and update the one for
secmodel_bsd44(9).
- Add a "secmodel" module class and use it. Userland program and
documentation updated.
- Manage secmodel count (nsecmodels) through the module framework.
This eliminates the need for secmodel_{,de}register() calls in
secmodel code.
- Prepare for secmodel modularization by adding relevant module bits.
The secmodels don't allow auto unload. The bsd44 secmodel depends
on the suser and securelevel secmodels. The overlay secmodel depends
on the bsd44 secmodel. As the module class is only cosmetic, and to
prevent ambiguity, the bsd44 and overlay secmodels are prefixed with
"secmodel_".
- Adapt the overlay secmodel to recent changes (mainly vnode scope).
- Stop using link-sets for the sysctl node(s) creation.
- Keep sysctl variables under nodes of their relevant secmodels. In
other words, don't create duplicates for the suser/securelevel
secmodels under the bsd44 secmodel, as the latter is merely used
for "grouping".
- For the suser and securelevel secmodels, "advertise presence" in
relevant sysctl nodes (sysctl.security.models.{suser,securelevel}).
- Get rid of the LKM preprocessor stuff.
- As secmodels are now modules, there's no need for an explicit call
to secmodel_start(); it's handled by the module framework. That
said, the module framework was adjusted to properly load secmodels
early during system startup.
- Adapt rump to changes: Instead of using empty stubs for securelevel,
simply use the suser secmodel. Also replace secmodel_start() with a
call to secmodel_suser_start().
- 5.99.20.
Testing was done on i386 ("release" build). Spearated module_init()
changes were tested on sparc and sparc64 as well by martin@ (thanks!).
Mailing list reference:
http://mail-index.netbsd.org/tech-kern/2009/09/25/msg006135.html
2009-10-02 22:50:12 +04:00
|
|
|
/* Second part of module system initialization. */
|
2010-06-26 11:23:57 +04:00
|
|
|
module_start_unload_thread();
|
2008-05-01 18:44:48 +04:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/* Initialize the file systems. */
|
2001-07-18 04:51:54 +04:00
|
|
|
#ifdef NVNODE_IMPLICIT
|
|
|
|
|
/*
|
|
|
|
|
* If maximum number of vnodes in namei vnode cache is not explicitly
|
|
|
|
|
* defined in kernel config, adjust the number such as we use roughly
|
2008-06-16 15:26:28 +04:00
|
|
|
* 10% of memory for vnodes and associated data structures in the
|
|
|
|
|
* assumed worst case. Do not provide fewer than NVNODE vnodes.
|
2001-07-18 04:51:54 +04:00
|
|
|
*/
|
2008-03-26 02:21:42 +03:00
|
|
|
usevnodes =
|
2008-06-16 15:26:28 +04:00
|
|
|
calc_cache_size(kernel_map, 10, VNODE_VA_MAXPCT) / VNODE_COST;
|
2002-09-01 00:02:09 +04:00
|
|
|
if (usevnodes > desiredvnodes)
|
2001-07-18 04:51:54 +04:00
|
|
|
desiredvnodes = usevnodes;
|
1996-12-03 03:22:43 +03:00
|
|
|
#endif
|
1994-07-03 15:45:41 +04:00
|
|
|
vfsinit();
|
2008-05-28 17:35:32 +04:00
|
|
|
lf_init();
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2007-01-19 17:49:08 +03:00
|
|
|
/* Initialize fstrans. */
|
|
|
|
|
fstrans_init();
|
2006-06-08 02:33:33 +04:00
|
|
|
|
2007-10-08 19:12:05 +04:00
|
|
|
/* Initialize the file descriptor system. */
|
2008-03-22 00:54:58 +03:00
|
|
|
fd_sys_init();
|
2007-10-08 19:12:05 +04:00
|
|
|
|
2008-11-18 14:36:58 +03:00
|
|
|
/* Initialize cwd structures */
|
|
|
|
|
cwd_sys_init();
|
|
|
|
|
|
2008-03-22 21:04:42 +03:00
|
|
|
/* Initialize kqueue. */
|
2008-03-22 00:54:58 +03:00
|
|
|
kqueue_init();
|
2007-07-10 00:51:58 +04:00
|
|
|
|
2007-09-02 04:41:24 +04:00
|
|
|
/* Initialize the system monitor subsystems. */
|
2007-07-22 03:15:16 +04:00
|
|
|
#if NSYSMON_TASKQ > 0
|
|
|
|
|
sysmon_task_queue_preinit();
|
|
|
|
|
#endif
|
|
|
|
|
|
Imported envsys 2, a brief description of the new features:
(Part 1: API)
* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.
Tested by:
blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
2007-07-01 11:36:39 +04:00
|
|
|
#if NSYSMON_ENVSYS > 0
|
|
|
|
|
sysmon_envsys_init();
|
|
|
|
|
#endif
|
2007-07-22 03:15:16 +04:00
|
|
|
|
Imported envsys 2, a brief description of the new features:
(Part 1: API)
* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.
Tested by:
blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
2007-07-01 11:36:39 +04:00
|
|
|
#if NSYSMON_POWER > 0
|
|
|
|
|
sysmon_power_init();
|
|
|
|
|
#endif
|
2007-09-02 04:41:24 +04:00
|
|
|
|
|
|
|
|
#if NSYSMON_WDOG > 0
|
|
|
|
|
sysmon_wdog_init();
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-06-10 02:47:56 +04:00
|
|
|
inittimecounter();
|
2006-06-08 02:33:33 +04:00
|
|
|
ntp_init();
|
|
|
|
|
|
2007-11-07 18:56:11 +03:00
|
|
|
/* Initialize tty subsystem. */
|
|
|
|
|
tty_init();
|
|
|
|
|
ttyldisc_init();
|
|
|
|
|
|
2008-01-02 14:48:20 +03:00
|
|
|
/* Initialize the buffer cache, part 2. */
|
|
|
|
|
bufinit2();
|
|
|
|
|
|
2007-07-21 23:51:47 +04:00
|
|
|
/* Initialize the disk wedge subsystem. */
|
|
|
|
|
dkwedge_init();
|
|
|
|
|
|
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
2011-11-20 02:51:18 +04:00
|
|
|
/* Initialize the kernel strong PRNG. */
|
|
|
|
|
kern_cprng = cprng_strong_create("kernel", IPL_VM,
|
|
|
|
|
CPRNG_INIT_ANY|CPRNG_REKEY_ANY);
|
|
|
|
|
|
2008-06-18 13:06:25 +04:00
|
|
|
/* Initialize interfaces. */
|
|
|
|
|
ifinit1();
|
|
|
|
|
|
2009-11-03 08:23:27 +03:00
|
|
|
spldebug_start();
|
|
|
|
|
|
2011-07-02 21:53:50 +04:00
|
|
|
/* Initialize sockets thread(s) */
|
|
|
|
|
soinit1();
|
|
|
|
|
|
1999-09-18 00:11:56 +04:00
|
|
|
/* Configure the system hardware. This will enable interrupts. */
|
|
|
|
|
configure();
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2009-02-12 21:24:18 +03:00
|
|
|
ssp_init();
|
|
|
|
|
|
2010-12-16 03:42:22 +03:00
|
|
|
ubc_init(); /* must be after autoconfig */
|
|
|
|
|
|
2011-06-12 07:35:36 +04:00
|
|
|
mm_init();
|
|
|
|
|
|
2009-02-12 21:24:18 +03:00
|
|
|
configure2();
|
2009-03-05 09:37:03 +03:00
|
|
|
/* Now timer is working. Enable preemption. */
|
|
|
|
|
kpreempt_enable();
|
|
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
#ifdef SYSVSHM
|
|
|
|
|
/* Initialize System V style shared memory. */
|
|
|
|
|
shminit();
|
|
|
|
|
#endif
|
|
|
|
|
|
2010-02-05 14:06:36 +03:00
|
|
|
vmem_rehash_start(); /* must be before exec_init */
|
|
|
|
|
|
|
|
|
|
/* Initialize exec structures */
|
|
|
|
|
exec_init(1); /* seminit calls exithook_establish() */
|
|
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
#ifdef SYSVSEM
|
|
|
|
|
/* Initialize System V style semaphores. */
|
|
|
|
|
seminit();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef SYSVMSG
|
|
|
|
|
/* Initialize System V style message queues. */
|
|
|
|
|
msginit();
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-07-22 14:34:26 +04:00
|
|
|
#if NVERIEXEC > 0
|
2006-11-26 19:22:36 +03:00
|
|
|
/*
|
|
|
|
|
* Initialise the Veriexec subsystem.
|
|
|
|
|
*/
|
|
|
|
|
veriexec_init();
|
2006-07-22 14:34:26 +04:00
|
|
|
#endif /* NVERIEXEC > 0 */
|
2005-08-05 15:03:18 +04:00
|
|
|
|
2007-12-27 16:34:43 +03:00
|
|
|
#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD) || defined(PAX_ASLR)
|
2006-11-22 03:41:38 +03:00
|
|
|
pax_init();
|
2007-12-27 16:34:43 +03:00
|
|
|
#endif /* PAX_MPROTECT || PAX_SEGVGUARD || PAX_ASLR */
|
2006-11-22 03:41:38 +03:00
|
|
|
|
2003-08-07 00:30:38 +04:00
|
|
|
#ifdef FAST_IPSEC
|
|
|
|
|
/* Attach network crypto subsystem */
|
|
|
|
|
ipsec_attach();
|
|
|
|
|
#endif
|
|
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
|
|
|
|
* Initialize protocols. Block reception of incoming packets
|
|
|
|
|
* until everything is ready.
|
|
|
|
|
*/
|
2001-04-14 03:29:55 +04:00
|
|
|
s = splnet();
|
1994-07-03 15:45:41 +04:00
|
|
|
ifinit();
|
2009-05-28 03:44:35 +04:00
|
|
|
domaininit(true);
|
2002-05-27 17:46:45 +04:00
|
|
|
if_attachdomain();
|
1994-07-03 15:45:41 +04:00
|
|
|
splx(s);
|
|
|
|
|
|
|
|
|
|
#ifdef GPROF
|
|
|
|
|
/* Initialize kernel profiling. */
|
|
|
|
|
kmstartup();
|
|
|
|
|
#endif
|
|
|
|
|
|
2008-04-24 12:51:06 +04:00
|
|
|
/* Initialize system accounting. */
|
2000-03-10 04:13:18 +03:00
|
|
|
acct_init();
|
|
|
|
|
|
2007-03-13 20:23:49 +03:00
|
|
|
#ifndef PIPE_SOCKETPAIR
|
2007-03-13 00:31:03 +03:00
|
|
|
/* Initialize pipes. */
|
|
|
|
|
pipe_init();
|
2007-03-13 20:23:49 +03:00
|
|
|
#endif
|
2007-03-13 00:31:03 +03:00
|
|
|
|
2007-02-10 00:55:00 +03:00
|
|
|
#ifdef KTRACE
|
|
|
|
|
/* Initialize ktrace. */
|
|
|
|
|
ktrinit();
|
|
|
|
|
#endif
|
|
|
|
|
|
2009-10-03 02:18:56 +04:00
|
|
|
#ifdef PTRACE
|
|
|
|
|
/* Initialize ptrace. */
|
|
|
|
|
ptrace_init();
|
|
|
|
|
#endif /* PTRACE */
|
|
|
|
|
|
2007-07-10 00:51:58 +04:00
|
|
|
/* Initialize the UUID system calls. */
|
|
|
|
|
uuid_init();
|
|
|
|
|
|
2009-10-07 01:07:05 +04:00
|
|
|
machdep_init();
|
|
|
|
|
|
2011-01-28 21:44:44 +03:00
|
|
|
procinit_sysctl();
|
|
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/*
|
|
|
|
|
* Create process 1 (init(8)). We do this now, as Unix has
|
|
|
|
|
* historically had init be process 1, and changing this would
|
|
|
|
|
* probably upset a lot of people.
|
|
|
|
|
*
|
|
|
|
|
* Note that process 1 won't immediately exec init(8), but will
|
|
|
|
|
* wait for us to inform it that the root file system has been
|
|
|
|
|
* mounted.
|
|
|
|
|
*/
|
2003-01-18 13:06:22 +03:00
|
|
|
if (fork1(l, 0, SIGCHLD, NULL, 0, start_init, NULL, NULL, &initproc))
|
2000-01-24 21:03:19 +03:00
|
|
|
panic("fork init");
|
|
|
|
|
|
2008-01-16 15:34:50 +03:00
|
|
|
/*
|
|
|
|
|
* Load any remaining builtin modules, and hand back temporary
|
2010-06-26 11:23:57 +04:00
|
|
|
* storage to the VM system. Then require force when loading any
|
|
|
|
|
* remaining un-init'ed built-in modules to avoid later surprises.
|
2008-01-16 15:34:50 +03:00
|
|
|
*/
|
|
|
|
|
module_init_class(MODULE_CLASS_ANY);
|
2010-06-26 11:23:57 +04:00
|
|
|
module_builtin_require_force();
|
2008-01-16 15:34:50 +03:00
|
|
|
|
2002-10-01 22:11:57 +04:00
|
|
|
/*
|
|
|
|
|
* Finalize configuration now that all real devices have been
|
|
|
|
|
* found. This needs to be done before the root device is
|
|
|
|
|
* selected, since finalization may create the root device.
|
|
|
|
|
*/
|
|
|
|
|
config_finalize();
|
|
|
|
|
|
2009-09-16 19:23:04 +04:00
|
|
|
sysctl_finalize();
|
|
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/*
|
|
|
|
|
* Now that autoconfiguration has completed, we can determine
|
|
|
|
|
* the root and dump devices.
|
|
|
|
|
*/
|
2012-07-29 22:05:39 +04:00
|
|
|
cpu_rootconf();
|
1997-06-14 08:18:34 +04:00
|
|
|
cpu_dumpconf();
|
1997-03-27 01:38:40 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/* Mount the root file system. */
|
1997-01-31 05:25:47 +03:00
|
|
|
do {
|
2010-01-31 05:04:43 +03:00
|
|
|
domountroothook(root_device);
|
1997-01-31 05:25:47 +03:00
|
|
|
if ((error = vfs_mountroot())) {
|
1997-02-02 05:55:06 +03:00
|
|
|
printf("cannot mount root, error = %d\n", error);
|
1997-01-31 05:25:47 +03:00
|
|
|
boothowto |= RB_ASKNAME;
|
|
|
|
|
setroot(root_device,
|
1999-06-08 00:16:08 +04:00
|
|
|
(rootdev != NODEV) ? DISKPART(rootdev) : 0);
|
1997-01-31 05:25:47 +03:00
|
|
|
}
|
|
|
|
|
} while (error != 0);
|
|
|
|
|
mountroothook_destroy();
|
|
|
|
|
|
2010-06-25 19:10:42 +04:00
|
|
|
configure3();
|
|
|
|
|
|
2004-07-05 11:28:45 +04:00
|
|
|
/*
|
|
|
|
|
* Initialise the time-of-day clock, passing the time recorded
|
|
|
|
|
* in the root filesystem (if any) for use by systems that
|
|
|
|
|
* don't have a non-volatile time-of-day device.
|
|
|
|
|
*/
|
|
|
|
|
inittodr(rootfstime);
|
|
|
|
|
|
1999-05-01 01:23:49 +04:00
|
|
|
/*
|
2000-01-24 21:03:19 +03:00
|
|
|
* Now can look at time, having had a chance to verify the time
|
2007-02-10 00:55:00 +03:00
|
|
|
* from the file system. Reset l->l_rtime as it may have been
|
2000-01-24 21:03:19 +03:00
|
|
|
* munched in mi_switch() after the time got set.
|
1999-05-01 01:23:49 +04:00
|
|
|
*/
|
2009-01-11 05:45:45 +03:00
|
|
|
getnanotime(&time);
|
2006-06-08 02:33:33 +04:00
|
|
|
boottime = time;
|
2009-01-11 05:45:45 +03:00
|
|
|
#ifdef COMPAT_50
|
|
|
|
|
{
|
|
|
|
|
struct timeval tv;
|
|
|
|
|
TIMESPEC_TO_TIMEVAL(&tv, &time);
|
|
|
|
|
timeval_to_timeval50(&tv, &boottime50);
|
|
|
|
|
}
|
|
|
|
|
#endif
|
2008-04-24 19:35:27 +04:00
|
|
|
mutex_enter(proc_lock);
|
2003-11-02 19:42:22 +03:00
|
|
|
LIST_FOREACH(p, &allproc, p_list) {
|
2007-02-18 01:31:36 +03:00
|
|
|
KASSERT((p->p_flag & PK_MARKER) == 0);
|
2008-04-24 22:39:20 +04:00
|
|
|
mutex_enter(p->p_lock);
|
2009-01-11 05:45:45 +03:00
|
|
|
TIMESPEC_TO_TIMEVAL(&p->p_stats->p_start, &time);
|
2003-11-02 19:42:22 +03:00
|
|
|
LIST_FOREACH(l, &p->p_lwps, l_sibling) {
|
2007-02-10 00:55:00 +03:00
|
|
|
lwp_lock(l);
|
2007-12-22 04:14:53 +03:00
|
|
|
memset(&l->l_rtime, 0, sizeof(l->l_rtime));
|
2007-02-10 00:55:00 +03:00
|
|
|
lwp_unlock(l);
|
2003-11-02 19:42:22 +03:00
|
|
|
}
|
2008-04-24 22:39:20 +04:00
|
|
|
mutex_exit(p->p_lock);
|
2000-01-24 21:03:19 +03:00
|
|
|
}
|
2008-04-24 19:35:27 +04:00
|
|
|
mutex_exit(proc_lock);
|
2007-12-22 04:14:53 +03:00
|
|
|
binuptime(&curlwp->l_stime);
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2007-08-04 15:02:56 +04:00
|
|
|
for (CPU_INFO_FOREACH(cii, ci)) {
|
|
|
|
|
ci->ci_schedstate.spc_lastmod = time_second;
|
|
|
|
|
}
|
|
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/* Create the pageout daemon kernel thread. */
|
|
|
|
|
uvm_swap_init();
|
2008-01-02 14:48:20 +03:00
|
|
|
if (kthread_create(PRI_PGDAEMON, KTHREAD_MPSAFE, NULL, uvm_pageout,
|
2007-07-10 00:51:58 +04:00
|
|
|
NULL, NULL, "pgdaemon"))
|
1998-11-11 09:34:43 +03:00
|
|
|
panic("fork pagedaemon");
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/* Create the filesystem syncer kernel thread. */
|
2008-01-02 14:48:20 +03:00
|
|
|
if (kthread_create(PRI_IOFLUSH, KTHREAD_MPSAFE, NULL, sched_sync,
|
|
|
|
|
NULL, NULL, "ioflush"))
|
1999-11-15 21:49:07 +03:00
|
|
|
panic("fork syncer");
|
|
|
|
|
|
2000-11-27 11:39:39 +03:00
|
|
|
/* Create the aiodone daemon kernel thread. */
|
2006-12-21 18:55:21 +03:00
|
|
|
if (workqueue_create(&uvm.aiodone_queue, "aiodoned",
|
2008-01-02 14:48:20 +03:00
|
|
|
uvm_aiodone_worker, NULL, PRI_VM, IPL_NONE, WQ_MPSAFE))
|
2000-11-27 11:39:39 +03:00
|
|
|
panic("fork aiodoned");
|
|
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/*
|
|
|
|
|
* Okay, now we can let init(8) exec! It's off to userland!
|
|
|
|
|
*/
|
2008-05-27 21:50:03 +04:00
|
|
|
mutex_enter(proc_lock);
|
2000-01-24 21:03:19 +03:00
|
|
|
start_init_exec = 1;
|
2008-05-27 21:50:03 +04:00
|
|
|
cv_broadcast(&lbolt);
|
|
|
|
|
mutex_exit(proc_lock);
|
2000-01-24 21:03:19 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/* The scheduler is an infinite loop. */
|
1998-02-05 10:59:28 +03:00
|
|
|
uvm_scheduler();
|
1994-07-03 15:45:41 +04:00
|
|
|
/* NOTREACHED */
|
|
|
|
|
}
|
|
|
|
|
|
2009-09-03 19:20:08 +04:00
|
|
|
/*
|
|
|
|
|
* Configure the system's hardware.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
|
|
|
|
configure(void)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/* Initialize autoconf data structures. */
|
2009-09-21 16:14:46 +04:00
|
|
|
config_init_mi();
|
2009-09-03 19:20:08 +04:00
|
|
|
/*
|
|
|
|
|
* XXX
|
|
|
|
|
* callout_setfunc() requires mutex(9) so it can't be in config_init()
|
|
|
|
|
* on amiga and atari which use config_init() and autoconf(9) fucntions
|
|
|
|
|
* to initialize console devices.
|
|
|
|
|
*/
|
|
|
|
|
config_twiddle_init();
|
|
|
|
|
|
|
|
|
|
pmf_init();
|
|
|
|
|
#if NDRVCTL > 0
|
|
|
|
|
drvctl_init();
|
|
|
|
|
#endif
|
|
|
|
|
|
2011-05-26 08:25:26 +04:00
|
|
|
userconf_init();
|
2009-09-03 19:20:08 +04:00
|
|
|
if (boothowto & RB_USERCONF)
|
2011-05-26 08:25:26 +04:00
|
|
|
userconf_prompt();
|
2009-09-03 19:20:08 +04:00
|
|
|
|
|
|
|
|
if ((boothowto & (AB_SILENT|AB_VERBOSE)) == AB_SILENT) {
|
|
|
|
|
printf_nolog("Detecting hardware...");
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Do the machine-dependent portion of autoconfiguration. This
|
|
|
|
|
* sets the configuration machinery here in motion by "finding"
|
|
|
|
|
* the root bus. When this function returns, we expect interrupts
|
|
|
|
|
* to be enabled.
|
|
|
|
|
*/
|
|
|
|
|
cpu_configure();
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
configure2(void)
|
|
|
|
|
{
|
|
|
|
|
CPU_INFO_ITERATOR cii;
|
|
|
|
|
struct cpu_info *ci;
|
|
|
|
|
int s;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now that we've found all the hardware, start the real time
|
|
|
|
|
* and statistics clocks.
|
|
|
|
|
*/
|
|
|
|
|
initclocks();
|
|
|
|
|
|
|
|
|
|
cold = 0; /* clocks are running, we're warm now! */
|
|
|
|
|
s = splsched();
|
|
|
|
|
curcpu()->ci_schedstate.spc_flags |= SPCF_RUNNING;
|
|
|
|
|
splx(s);
|
|
|
|
|
|
|
|
|
|
/* Boot the secondary processors. */
|
|
|
|
|
for (CPU_INFO_FOREACH(cii, ci)) {
|
|
|
|
|
uvm_cpu_attach(ci);
|
|
|
|
|
}
|
|
|
|
|
mp_online = true;
|
|
|
|
|
#if defined(MULTIPROCESSOR)
|
|
|
|
|
cpu_boot_secondary_processors();
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
/* Setup the runqueues and scheduler. */
|
|
|
|
|
runq_init();
|
2009-10-04 02:32:56 +04:00
|
|
|
synch_init();
|
2009-09-03 19:20:08 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Bus scans can make it appear as if the system has paused, so
|
|
|
|
|
* twiddle constantly while config_interrupts() jobs are running.
|
|
|
|
|
*/
|
|
|
|
|
config_twiddle_fn(NULL);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create threads to call back and finish configuration for
|
|
|
|
|
* devices that want interrupts enabled.
|
|
|
|
|
*/
|
|
|
|
|
config_create_interruptthreads();
|
|
|
|
|
|
|
|
|
|
/* Get the threads going and into any sleeps before continuing. */
|
|
|
|
|
yield();
|
|
|
|
|
}
|
|
|
|
|
|
2010-06-25 19:10:42 +04:00
|
|
|
static void
|
|
|
|
|
configure3(void)
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Create threads to call back and finish configuration for
|
|
|
|
|
* devices that want the mounted root file system.
|
|
|
|
|
*/
|
|
|
|
|
config_create_mountrootthreads();
|
|
|
|
|
|
|
|
|
|
/* Get the threads going and into any sleeps before continuing. */
|
|
|
|
|
yield();
|
|
|
|
|
}
|
|
|
|
|
|
2012-06-10 21:05:18 +04:00
|
|
|
static void
|
|
|
|
|
rootconf_handle_wedges(void)
|
|
|
|
|
{
|
|
|
|
|
struct partinfo dpart;
|
|
|
|
|
struct partition *p;
|
|
|
|
|
struct vnode *vp;
|
|
|
|
|
daddr_t startblk;
|
|
|
|
|
uint64_t nblks;
|
|
|
|
|
device_t dev;
|
|
|
|
|
int error;
|
|
|
|
|
|
|
|
|
|
if (booted_nblks) {
|
|
|
|
|
/*
|
|
|
|
|
* bootloader passed geometry
|
|
|
|
|
*/
|
|
|
|
|
dev = booted_device;
|
|
|
|
|
startblk = booted_startblk;
|
|
|
|
|
nblks = booted_nblks;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* keep booted_device and booted_partition
|
|
|
|
|
* in case the kernel doesn't identify a wedge
|
|
|
|
|
*/
|
|
|
|
|
} else {
|
|
|
|
|
/*
|
|
|
|
|
* bootloader passed partition number
|
|
|
|
|
*
|
|
|
|
|
* We cannot ask the partition device directly when it is
|
|
|
|
|
* covered by a wedge. Instead we look up the geometry in
|
|
|
|
|
* the disklabel.
|
|
|
|
|
*/
|
|
|
|
|
vp = opendisk(booted_device);
|
2012-06-15 00:18:16 +04:00
|
|
|
|
|
|
|
|
if (vp == NULL)
|
|
|
|
|
return;
|
|
|
|
|
|
2012-06-10 21:05:18 +04:00
|
|
|
error = VOP_IOCTL(vp, DIOCGPART, &dpart, FREAD, NOCRED);
|
|
|
|
|
VOP_CLOSE(vp, FREAD, NOCRED);
|
|
|
|
|
vput(vp);
|
|
|
|
|
if (error)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
KASSERT(booted_partition >= 0
|
|
|
|
|
&& booted_partition < MAXPARTITIONS);
|
|
|
|
|
|
|
|
|
|
p = &dpart.disklab->d_partitions[booted_partition];
|
|
|
|
|
|
|
|
|
|
dev = booted_device;
|
|
|
|
|
startblk = p->p_offset;
|
|
|
|
|
nblks = p->p_size;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
dev = dkwedge_find_partition(dev, startblk, nblks);
|
|
|
|
|
if (dev != NULL) {
|
|
|
|
|
booted_device = dev;
|
|
|
|
|
booted_partition = 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2012-07-29 22:05:39 +04:00
|
|
|
void
|
2012-06-10 21:05:18 +04:00
|
|
|
rootconf(void)
|
|
|
|
|
{
|
2012-07-29 22:05:39 +04:00
|
|
|
if (booted_device != NULL)
|
|
|
|
|
rootconf_handle_wedges();
|
2012-06-10 21:05:18 +04:00
|
|
|
|
|
|
|
|
setroot(booted_device, booted_partition);
|
|
|
|
|
}
|
|
|
|
|
|
1997-01-31 03:47:12 +03:00
|
|
|
static void
|
2005-12-11 15:16:03 +03:00
|
|
|
check_console(struct lwp *l)
|
1997-01-31 03:47:12 +03:00
|
|
|
{
|
Convert 67 namei call sites to use namei_simple, in these functions:
check_console, veriexecclose, veriexec_delete, veriexec_file_add,
emul_find_root, coff_load_shlib (sh3 version), coff_load_shlib,
compat_20_sys_statfs, compat_20_netbsd32_statfs,
ELFNAME2(netbsd32,probe_noteless), darwin_sys_statfs,
ibcs2_sys_statfs, ibcs2_sys_statvfs, linux_sys_uselib,
osf1_sys_statfs, sunos_sys_statfs, sunos32_sys_statfs,
ultrix_sys_statfs, do_sys_mount, fss_create_files (3 of 4),
adosfs_mount, cd9660_mount, coda_ioctl, coda_mount, ext2fs_mount,
ffs_mount, filecore_mount, hfs_mount, lfs_mount, msdosfs_mount,
ntfs_mount, sysvbfs_mount, udf_mount, union_mount, sys_chflags,
sys_lchflags, sys_chmod, sys_lchmod, sys_chown, sys_lchown,
sys___posix_chown, sys___posix_lchown, sys_link, do_sys_pstatvfs,
sys_quotactl, sys_revoke, sys_truncate, do_sys_utimes, sys_extattrctl,
sys_extattr_set_file, sys_extattr_set_link, sys_extattr_get_file,
sys_extattr_get_link, sys_extattr_delete_file,
sys_extattr_delete_link, sys_extattr_list_file, sys_extattr_list_link,
sys_setxattr, sys_lsetxattr, sys_getxattr, sys_lgetxattr,
sys_listxattr, sys_llistxattr, sys_removexattr, sys_lremovexattr
All have been scrutinized (several times, in fact) and compile-tested,
but not all have been explicitly tested in action.
XXX: While I haven't (intentionally) changed the use or nonuse of
XXX: TRYEMULROOT in any of these places, I'm not convinced all the
XXX: uses are correct; an audit might be desirable.
2009-06-29 09:08:15 +04:00
|
|
|
struct vnode *vp;
|
1997-01-31 03:47:12 +03:00
|
|
|
int error;
|
|
|
|
|
|
Convert 67 namei call sites to use namei_simple, in these functions:
check_console, veriexecclose, veriexec_delete, veriexec_file_add,
emul_find_root, coff_load_shlib (sh3 version), coff_load_shlib,
compat_20_sys_statfs, compat_20_netbsd32_statfs,
ELFNAME2(netbsd32,probe_noteless), darwin_sys_statfs,
ibcs2_sys_statfs, ibcs2_sys_statvfs, linux_sys_uselib,
osf1_sys_statfs, sunos_sys_statfs, sunos32_sys_statfs,
ultrix_sys_statfs, do_sys_mount, fss_create_files (3 of 4),
adosfs_mount, cd9660_mount, coda_ioctl, coda_mount, ext2fs_mount,
ffs_mount, filecore_mount, hfs_mount, lfs_mount, msdosfs_mount,
ntfs_mount, sysvbfs_mount, udf_mount, union_mount, sys_chflags,
sys_lchflags, sys_chmod, sys_lchmod, sys_chown, sys_lchown,
sys___posix_chown, sys___posix_lchown, sys_link, do_sys_pstatvfs,
sys_quotactl, sys_revoke, sys_truncate, do_sys_utimes, sys_extattrctl,
sys_extattr_set_file, sys_extattr_set_link, sys_extattr_get_file,
sys_extattr_get_link, sys_extattr_delete_file,
sys_extattr_delete_link, sys_extattr_list_file, sys_extattr_list_link,
sys_setxattr, sys_lsetxattr, sys_getxattr, sys_lgetxattr,
sys_listxattr, sys_llistxattr, sys_removexattr, sys_lremovexattr
All have been scrutinized (several times, in fact) and compile-tested,
but not all have been explicitly tested in action.
XXX: While I haven't (intentionally) changed the use or nonuse of
XXX: TRYEMULROOT in any of these places, I'm not convinced all the
XXX: uses are correct; an audit might be desirable.
2009-06-29 09:08:15 +04:00
|
|
|
error = namei_simple_kernel("/dev/console",
|
|
|
|
|
NSM_FOLLOW_NOEMULROOT, &vp);
|
1997-01-31 08:25:24 +03:00
|
|
|
if (error == 0)
|
Convert 67 namei call sites to use namei_simple, in these functions:
check_console, veriexecclose, veriexec_delete, veriexec_file_add,
emul_find_root, coff_load_shlib (sh3 version), coff_load_shlib,
compat_20_sys_statfs, compat_20_netbsd32_statfs,
ELFNAME2(netbsd32,probe_noteless), darwin_sys_statfs,
ibcs2_sys_statfs, ibcs2_sys_statvfs, linux_sys_uselib,
osf1_sys_statfs, sunos_sys_statfs, sunos32_sys_statfs,
ultrix_sys_statfs, do_sys_mount, fss_create_files (3 of 4),
adosfs_mount, cd9660_mount, coda_ioctl, coda_mount, ext2fs_mount,
ffs_mount, filecore_mount, hfs_mount, lfs_mount, msdosfs_mount,
ntfs_mount, sysvbfs_mount, udf_mount, union_mount, sys_chflags,
sys_lchflags, sys_chmod, sys_lchmod, sys_chown, sys_lchown,
sys___posix_chown, sys___posix_lchown, sys_link, do_sys_pstatvfs,
sys_quotactl, sys_revoke, sys_truncate, do_sys_utimes, sys_extattrctl,
sys_extattr_set_file, sys_extattr_set_link, sys_extattr_get_file,
sys_extattr_get_link, sys_extattr_delete_file,
sys_extattr_delete_link, sys_extattr_list_file, sys_extattr_list_link,
sys_setxattr, sys_lsetxattr, sys_getxattr, sys_lgetxattr,
sys_listxattr, sys_llistxattr, sys_removexattr, sys_lremovexattr
All have been scrutinized (several times, in fact) and compile-tested,
but not all have been explicitly tested in action.
XXX: While I haven't (intentionally) changed the use or nonuse of
XXX: TRYEMULROOT in any of these places, I'm not convinced all the
XXX: uses are correct; an audit might be desirable.
2009-06-29 09:08:15 +04:00
|
|
|
vrele(vp);
|
1997-01-31 08:25:24 +03:00
|
|
|
else if (error == ENOENT)
|
|
|
|
|
printf("warning: no /dev/console\n");
|
|
|
|
|
else
|
|
|
|
|
printf("warning: lookup /dev/console: error %d\n", error);
|
1997-01-31 03:47:12 +03:00
|
|
|
}
|
|
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
|
|
|
|
* List of paths to try when searching for "init".
|
|
|
|
|
*/
|
2007-11-07 19:51:28 +03:00
|
|
|
static const char * const initpaths[] = {
|
1994-07-03 15:45:41 +04:00
|
|
|
"/sbin/init",
|
|
|
|
|
"/sbin/oinit",
|
|
|
|
|
"/sbin/init.bak",
|
|
|
|
|
NULL,
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Start the initial user process; try exec'ing each pathname in "initpaths".
|
|
|
|
|
* The program is invoked with one argument containing the boot flags.
|
|
|
|
|
*/
|
|
|
|
|
static void
|
2000-07-14 11:21:21 +04:00
|
|
|
start_init(void *arg)
|
1994-07-03 15:45:41 +04:00
|
|
|
{
|
2003-01-18 13:06:22 +03:00
|
|
|
struct lwp *l = arg;
|
|
|
|
|
struct proc *p = l->l_proc;
|
1998-08-13 06:10:37 +04:00
|
|
|
vaddr_t addr;
|
1995-10-07 09:25:19 +03:00
|
|
|
struct sys_execve_args /* {
|
1997-10-19 06:00:19 +04:00
|
|
|
syscallarg(const char *) path;
|
1996-12-22 13:21:06 +03:00
|
|
|
syscallarg(char * const *) argp;
|
|
|
|
|
syscallarg(char * const *) envp;
|
1994-10-20 07:22:35 +03:00
|
|
|
} */ args;
|
|
|
|
|
int options, i, error;
|
|
|
|
|
register_t retval[2];
|
1994-10-11 12:26:01 +03:00
|
|
|
char flags[4], *flagsp;
|
2002-08-23 10:17:08 +04:00
|
|
|
const char *path, *slash;
|
2000-07-14 11:21:21 +04:00
|
|
|
char *ucp, **uap, *arg0, *arg1 = NULL;
|
2002-08-23 10:17:08 +04:00
|
|
|
char ipath[129];
|
|
|
|
|
int ipx, len;
|
1994-07-03 15:45:41 +04:00
|
|
|
|
1995-03-26 01:05:15 +03:00
|
|
|
/*
|
|
|
|
|
* Now in process 1.
|
|
|
|
|
*/
|
1999-04-12 04:22:08 +04:00
|
|
|
strncpy(p->p_comm, "init", MAXCOMLEN);
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2000-01-24 21:03:19 +03:00
|
|
|
/*
|
|
|
|
|
* Wait for main() to tell us that it's safe to exec.
|
|
|
|
|
*/
|
2008-05-27 21:50:03 +04:00
|
|
|
mutex_enter(proc_lock);
|
2000-01-24 21:03:19 +03:00
|
|
|
while (start_init_exec == 0)
|
2008-05-27 21:50:03 +04:00
|
|
|
cv_wait(&lbolt, proc_lock);
|
|
|
|
|
mutex_exit(proc_lock);
|
2000-01-24 21:03:19 +03:00
|
|
|
|
1997-01-31 03:47:12 +03:00
|
|
|
/*
|
|
|
|
|
* This is not the right way to do this. We really should
|
|
|
|
|
* hand-craft a descriptor onto /dev/console to hand to init,
|
|
|
|
|
* but that's a _lot_ more work, and the benefit from this easy
|
|
|
|
|
* hack makes up for the "good is the enemy of the best" effect.
|
|
|
|
|
*/
|
2005-12-11 15:16:03 +03:00
|
|
|
check_console(l);
|
1997-01-31 03:47:12 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
|
|
|
|
* Need just enough stack to hold the faked-up "execve()" arguments.
|
|
|
|
|
*/
|
2002-11-18 01:53:46 +03:00
|
|
|
addr = (vaddr_t)STACK_ALLOC(USRSTACK, PAGE_SIZE);
|
2002-09-01 00:02:09 +04:00
|
|
|
if (uvm_map(&p->p_vmspace->vm_map, &addr, PAGE_SIZE,
|
2000-09-13 19:00:15 +04:00
|
|
|
NULL, UVM_UNKNOWN_OFFSET, 0,
|
1998-02-05 10:59:28 +03:00
|
|
|
UVM_MAPFLAG(UVM_PROT_ALL, UVM_PROT_ALL, UVM_INH_COPY,
|
|
|
|
|
UVM_ADV_NORMAL,
|
2001-03-15 09:10:32 +03:00
|
|
|
UVM_FLAG_FIXED|UVM_FLAG_OVERLAY|UVM_FLAG_COPYONW)) != 0)
|
1998-02-05 10:59:28 +03:00
|
|
|
panic("init: couldn't allocate argument space");
|
2007-03-04 08:59:00 +03:00
|
|
|
p->p_vmspace->vm_maxsaddr = (void *)STACK_MAX(addr, PAGE_SIZE);
|
1994-07-03 15:45:41 +04:00
|
|
|
|
2002-08-23 10:17:08 +04:00
|
|
|
ipx = 0;
|
|
|
|
|
while (1) {
|
|
|
|
|
if (boothowto & RB_ASKNAME) {
|
|
|
|
|
printf("init path");
|
|
|
|
|
if (initpaths[ipx])
|
|
|
|
|
printf(" (default %s)", initpaths[ipx]);
|
|
|
|
|
printf(": ");
|
|
|
|
|
len = cngetsn(ipath, sizeof(ipath)-1);
|
2008-10-28 18:33:10 +03:00
|
|
|
if (len == 4 && strcmp(ipath, "halt") == 0) {
|
2008-10-25 19:40:59 +04:00
|
|
|
cpu_reboot(RB_HALT, NULL);
|
|
|
|
|
} else if (len == 6 && strcmp(ipath, "reboot") == 0) {
|
|
|
|
|
cpu_reboot(0, NULL);
|
|
|
|
|
#if defined(DDB)
|
|
|
|
|
} else if (len == 3 && strcmp(ipath, "ddb") == 0) {
|
|
|
|
|
console_debugger();
|
|
|
|
|
continue;
|
|
|
|
|
#endif
|
2008-10-28 18:33:10 +03:00
|
|
|
} else if (len > 0 && ipath[0] == '/') {
|
2002-08-23 10:17:08 +04:00
|
|
|
ipath[len] = '\0';
|
|
|
|
|
path = ipath;
|
2008-10-28 18:33:10 +03:00
|
|
|
} else if (len == 0 && initpaths[ipx] != NULL) {
|
|
|
|
|
path = initpaths[ipx++];
|
|
|
|
|
} else {
|
|
|
|
|
printf("use absolute path, ");
|
|
|
|
|
#if defined(DDB)
|
|
|
|
|
printf("\"ddb\", ");
|
|
|
|
|
#endif
|
|
|
|
|
printf("\"halt\", or \"reboot\"\n");
|
|
|
|
|
continue;
|
2002-08-23 10:17:08 +04:00
|
|
|
}
|
|
|
|
|
} else {
|
2008-10-25 19:40:59 +04:00
|
|
|
if ((path = initpaths[ipx++]) == NULL) {
|
|
|
|
|
ipx = 0;
|
|
|
|
|
boothowto |= RB_ASKNAME;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2002-08-23 10:17:08 +04:00
|
|
|
}
|
|
|
|
|
|
2002-11-18 01:53:46 +03:00
|
|
|
ucp = (char *)USRSTACK;
|
1994-09-10 08:44:23 +04:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
/*
|
1994-09-10 08:44:23 +04:00
|
|
|
* Construct the boot flag argument.
|
1994-07-03 15:45:41 +04:00
|
|
|
*/
|
1994-10-11 12:26:01 +03:00
|
|
|
flagsp = flags;
|
|
|
|
|
*flagsp++ = '-';
|
1994-07-03 15:45:41 +04:00
|
|
|
options = 0;
|
1994-10-11 12:26:01 +03:00
|
|
|
|
1994-07-03 15:45:41 +04:00
|
|
|
if (boothowto & RB_SINGLE) {
|
1994-09-10 08:44:23 +04:00
|
|
|
*flagsp++ = 's';
|
1994-07-03 15:45:41 +04:00
|
|
|
options = 1;
|
|
|
|
|
}
|
|
|
|
|
#ifdef notyet
|
|
|
|
|
if (boothowto & RB_FASTBOOT) {
|
1994-09-10 08:44:23 +04:00
|
|
|
*flagsp++ = 'f';
|
1994-07-03 15:45:41 +04:00
|
|
|
options = 1;
|
|
|
|
|
}
|
|
|
|
|
#endif
|
1994-09-10 08:44:23 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Move out the flags (arg 1), if necessary.
|
|
|
|
|
*/
|
|
|
|
|
if (options != 0) {
|
|
|
|
|
*flagsp++ = '\0';
|
|
|
|
|
i = flagsp - flags;
|
|
|
|
|
#ifdef DEBUG
|
2010-01-31 03:43:37 +03:00
|
|
|
aprint_normal("init: copying out flags `%s' %d\n", flags, i);
|
1994-09-10 08:44:23 +04:00
|
|
|
#endif
|
2002-11-18 01:53:46 +03:00
|
|
|
arg1 = STACK_ALLOC(ucp, i);
|
|
|
|
|
ucp = STACK_MAX(arg1, i);
|
2007-03-04 08:59:00 +03:00
|
|
|
(void)copyout((void *)flags, arg1, i);
|
1994-09-10 08:44:23 +04:00
|
|
|
}
|
1994-07-03 15:45:41 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Move out the file name (also arg 0).
|
|
|
|
|
*/
|
1994-09-10 08:44:23 +04:00
|
|
|
i = strlen(path) + 1;
|
|
|
|
|
#ifdef DEBUG
|
2010-01-31 03:43:37 +03:00
|
|
|
aprint_normal("init: copying out path `%s' %d\n", path, i);
|
2002-08-23 10:17:08 +04:00
|
|
|
#else
|
2002-08-24 04:47:17 +04:00
|
|
|
if (boothowto & RB_ASKNAME || path != initpaths[0])
|
2002-08-23 10:17:08 +04:00
|
|
|
printf("init: trying %s\n", path);
|
1994-09-10 08:44:23 +04:00
|
|
|
#endif
|
2002-11-18 01:53:46 +03:00
|
|
|
arg0 = STACK_ALLOC(ucp, i);
|
|
|
|
|
ucp = STACK_MAX(arg0, i);
|
2005-05-30 02:24:14 +04:00
|
|
|
(void)copyout(path, arg0, i);
|
1994-07-03 15:45:41 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Move out the arg pointers.
|
|
|
|
|
*/
|
2012-01-25 00:03:36 +04:00
|
|
|
ucp = (void *)STACK_ALIGN(ucp, STACK_ALIGNBYTES);
|
2002-11-18 01:53:46 +03:00
|
|
|
uap = (char **)STACK_ALLOC(ucp, sizeof(char *) * 3);
|
|
|
|
|
SCARG(&args, path) = arg0;
|
|
|
|
|
SCARG(&args, argp) = uap;
|
|
|
|
|
SCARG(&args, envp) = NULL;
|
1999-03-05 10:26:21 +03:00
|
|
|
slash = strrchr(path, '/');
|
|
|
|
|
if (slash)
|
2007-03-04 08:59:00 +03:00
|
|
|
(void)suword((void *)uap++,
|
1999-03-05 10:26:21 +03:00
|
|
|
(long)arg0 + (slash + 1 - path));
|
|
|
|
|
else
|
2007-03-04 08:59:00 +03:00
|
|
|
(void)suword((void *)uap++, (long)arg0);
|
2002-11-18 01:53:46 +03:00
|
|
|
if (options != 0)
|
2007-03-04 08:59:00 +03:00
|
|
|
(void)suword((void *)uap++, (long)arg1);
|
|
|
|
|
(void)suword((void *)uap++, 0); /* terminator */
|
1994-07-03 15:45:41 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now try to exec the program. If can't for any reason
|
|
|
|
|
* other than it doesn't exist, complain.
|
|
|
|
|
*/
|
2005-12-11 15:16:03 +03:00
|
|
|
error = sys_execve(l, &args, retval);
|
2000-08-22 21:28:28 +04:00
|
|
|
if (error == 0 || error == EJUSTRETURN) {
|
2007-02-10 00:55:00 +03:00
|
|
|
KERNEL_UNLOCK_LAST(l);
|
1994-07-03 15:45:41 +04:00
|
|
|
return;
|
2000-08-22 21:28:28 +04:00
|
|
|
}
|
2002-08-23 10:17:08 +04:00
|
|
|
printf("exec %s: error %d\n", path, error);
|
1994-07-03 15:45:41 +04:00
|
|
|
}
|
1996-10-13 06:32:29 +04:00
|
|
|
printf("init: not found\n");
|
1994-07-03 15:45:41 +04:00
|
|
|
panic("no init");
|
|
|
|
|
}
|
2008-03-23 13:39:52 +03:00
|
|
|
|
|
|
|
|
/*
|
2011-04-14 20:20:52 +04:00
|
|
|
* calculate cache size (in bytes) from physmem and vm_map size.
|
2008-03-23 13:39:52 +03:00
|
|
|
*/
|
|
|
|
|
vaddr_t
|
2008-03-26 02:21:42 +03:00
|
|
|
calc_cache_size(struct vm_map *map, int pct, int va_pct)
|
2008-03-23 13:39:52 +03:00
|
|
|
{
|
|
|
|
|
paddr_t t;
|
|
|
|
|
|
|
|
|
|
/* XXX should consider competing cache if any */
|
|
|
|
|
/* XXX should consider submaps */
|
2008-03-26 02:21:42 +03:00
|
|
|
t = (uintmax_t)physmem * pct / 100 * PAGE_SIZE;
|
|
|
|
|
if (map != NULL) {
|
|
|
|
|
vsize_t vsize;
|
|
|
|
|
|
|
|
|
|
vsize = vm_map_max(map) - vm_map_min(map);
|
|
|
|
|
vsize = (uintmax_t)vsize * va_pct / 100;
|
|
|
|
|
if (t > vsize) {
|
|
|
|
|
t = vsize;
|
|
|
|
|
}
|
2008-03-23 13:39:52 +03:00
|
|
|
}
|
|
|
|
|
return t;
|
|
|
|
|
}
|
2009-03-29 14:58:28 +04:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Print the system start up banner.
|
|
|
|
|
*
|
|
|
|
|
* - Print a limited banner if AB_SILENT.
|
|
|
|
|
* - Always send normal banner to the log.
|
|
|
|
|
*/
|
2009-04-07 14:49:54 +04:00
|
|
|
#define MEM_PBUFSIZE sizeof("99999 MB")
|
|
|
|
|
|
2009-03-29 14:58:28 +04:00
|
|
|
void
|
|
|
|
|
banner(void)
|
|
|
|
|
{
|
|
|
|
|
static char notice[] = " Notice: this software is "
|
|
|
|
|
"protected by copyright";
|
2009-03-29 19:23:54 +04:00
|
|
|
char pbuf[81];
|
2009-03-29 14:58:28 +04:00
|
|
|
void (*pr)(const char *, ...);
|
|
|
|
|
int i;
|
|
|
|
|
|
|
|
|
|
if ((boothowto & AB_SILENT) != 0) {
|
|
|
|
|
snprintf(pbuf, sizeof(pbuf), "%s %s (%s)",
|
|
|
|
|
ostype, osrelease, kernel_ident);
|
2009-07-18 03:31:51 +04:00
|
|
|
printf_nolog("%s", pbuf);
|
2009-04-02 23:43:11 +04:00
|
|
|
for (i = 80 - strlen(pbuf) - sizeof(notice); i > 0; i--)
|
2009-03-29 14:58:28 +04:00
|
|
|
printf(" ");
|
2009-07-18 03:31:51 +04:00
|
|
|
printf_nolog("%s\n", notice);
|
2009-03-29 14:58:28 +04:00
|
|
|
pr = aprint_normal;
|
|
|
|
|
} else {
|
|
|
|
|
pr = printf;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
memset(pbuf, 0, sizeof(pbuf));
|
|
|
|
|
(*pr)("%s%s", copyright, version);
|
2009-04-07 14:49:54 +04:00
|
|
|
format_bytes(pbuf, MEM_PBUFSIZE, ctob((uint64_t)physmem));
|
2009-03-29 14:58:28 +04:00
|
|
|
(*pr)("total memory = %s\n", pbuf);
|
2009-04-07 14:49:54 +04:00
|
|
|
format_bytes(pbuf, MEM_PBUFSIZE, ctob((uint64_t)uvmexp.free));
|
2009-03-29 14:58:28 +04:00
|
|
|
(*pr)("avail memory = %s\n", pbuf);
|
|
|
|
|
}
|