Commit Graph

711 Commits

Author SHA1 Message Date
elad
8fc0d7a9c3 Introduce per-page fingerprints in Veriexec.
This closes a hole pointed out by Thor Lancelot Simon on tech-kern ~3
years ago.

The problem was with running binaries from remote storage, where our
kernel (and Veriexec) has no control over any changes to files.

An attacker could, after the fingerprint has been verified and
program loaded to memory, inject malicious code into the backing
store on the remote storage, followed by a forced flush, causing
a page-in of the malicious data from backing store, bypassing
integrity checks.

Initial implementation by Brett Lymn.
2005-10-05 13:48:48 +00:00
atatat
fca6393ad4 Add "cwd" and "root" symlinks to each process's directory. The cwd
link points to the process's current working directory, and the root
link points to the process's root directory.  What else would you
expect?

For directories that are out of reach (caller is in a chroot, target
process is in a different chroot, etc), the links point to "/"
instead.
2005-10-01 03:17:37 +00:00
jmmv
9ba32cead7 Follow compat naming tradition: rename compat_export_args to export_args30. 2005-09-25 21:17:05 +00:00
jmmv
2a3e5eeb7c Apply the NFS exports list rototill patch:
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
  function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
  file sys/nfs/nfs_export.c.  The former was becoming large and its code
  is always compiled, regardless of the build options.  Using the latter,
  the code is only compiled in when NFSSERVER is enabled.  While doing this,
  also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
  path and a set of export entries.  At the moment it can only clear the
  exports list or append entries, one by one, but it is done in a way that
  allows setting the whole set of entries atomically in the future (see the
  comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
  that it becomes file system agnostic.  In fact, all this whole thing was
  done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
  exports initialization; done internally by the kernel when initializing
  the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
  subsystems can run arbitrary code upon receipt of specific VFS events.
  At the moment, this only provides support for unmount and is used to
  destroy NFS exports lists from the file systems being unmounted, though it
  has room for extension.

Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
2005-09-23 12:10:31 +00:00
christos
eefcfba9b0 When readdir() is called from vfs_getcwd, uio->uio_procp is NULL. Deal with
that. Fixes 'cd /dev/fd && pwd'
2005-09-14 14:53:47 +00:00
elad
a894866511 Implement curtain for procfs. 2005-09-11 20:15:53 +00:00
xtraeme
0cbb812de5 Add sysctl options for the syncer:
vfs.sync.delay: max time to delay syncing data
vfs.sync.filedelay: time to delay syncing files
vfs.sync.dirdelay: time to delay syncing directories
vfs.sync.metadelay: time to delay syncing metadata

Note that using a value of 0 is allowed, but it's not
recommended.
2005-09-11 17:55:56 +00:00
chs
0840b7949f in spec_ioctl(), don't dereference v_specinfo if it's NULL.
this is needed due to rev. 1.231 of kern/vfs_subr.c, which now sets
v_specinfo to NULL before changing the vnode's ops vector.
2005-09-11 14:18:54 +00:00
christos
7791a8f18b Also protect the ipsec ioctls from negative offsets to prevent panics
in m_copydata(). Pointed out by Karl Janmar. Move the negative offset
check from kernfs_xread() to kernfs_read().
2005-09-01 06:25:26 +00:00
christos
218f69d99f Don't allow negative offsets when reading the message buffer, because it
can allow reading arbitrary kernel memory.
2005-08-31 09:54:54 +00:00
xtraeme
af97f2e875 Remove __P() 2005-08-30 20:08:01 +00:00
christos
50f8955b6e 64 bit inode changes. 2005-08-19 02:04:03 +00:00
yamt
79ff185ac4 don't write-protect wired pages. pointed by Chuck Silvers.
for now, leave a vnode on the syncer's queue, as suggested by him.
2005-07-26 08:06:29 +00:00
erh
fbd6fe6c7f Provide a sysctl (vfs.layerfs.debug) to control verbose output when
LAYERFS_DIAGNOSTIC is turned on.
2005-07-24 17:33:24 +00:00
yamt
b7bfe82866 update file timestamps for nfsd loaned-read and mmap.
PR/25279.  discussed on tech-kern@.
2005-07-23 12:18:41 +00:00
yamt
01f4919e33 genfs_putpages: don't bother to clean the vnode unless VONWORKLST. 2005-07-17 16:07:19 +00:00
yamt
8af42d8d3c ensure that vnodes with dirty pages are always on syncer's queue.
- genfs_putpages: wait for i/o completion of PG_RELEASED/PG_PAGEOUT pages by
  setting "wasclean" false when encountering them.
  suggested by Stephan Uphoff in PR/24596 (1).

- genfs_putpages: write protect pages when cleaning out, if
  we're going to take the vnode off the syncer's queue.
  uvm_fault: don't write-map pages unless its vnode is already on
  the syncer's queue.

  fix PR/24596 (3) but in the different way from the suggested fix.
  (to keep our current behaviour, ie. not to require explicit msync.
  discussed on tech-kern@.)

- genfs_putpages: don't mistakenly take a vnode off the queue
  by introducing a generation number in genfs_node.
  genfs_getpages: increment the generation number.
  suggested by Stephan Uphoff in PR/24596 (2).

- add some assertions.
2005-07-17 12:27:47 +00:00
yamt
2a6dc9d02d - introduce PGO_NOBLOCKALLOC and use it for ubc mapping
to prevent unnecessary block allocations in the case that
  page size > block size.

- ufs_balloc_range: use VM_PROT_WRITE+PGO_NOBLOCKALLOC rather than
  VM_PROT_READ.
2005-07-17 09:13:35 +00:00
yamt
e9e22b28eb genfs_getpages: don't forget to put the vnode onto the syncer's work queue
even in the case of PGO_LOCKED.
2005-07-16 03:54:08 +00:00
yamt
44d128fa8e - constify genfs_ops.
- use member designators.
2005-06-28 09:30:37 +00:00
ws
9d78e0cf36 PR-30566: Poll must not return <sys/errno.h> values.
Start with those places I can easily test.
2005-06-21 14:01:11 +00:00
christos
1979e6e175 rename delay. 2005-05-30 22:13:50 +00:00
christos
c107ef9edc - sprinkle const
- avoid shadowed variables.
2005-05-29 21:55:33 +00:00
chs
448875a34c kernfs does not support mmap(), remove code that pretends that it does. 2005-05-20 13:16:54 +00:00
christos
8f3566ce61 PR/29782: Martin Husemann: procfs can not unmount when some process has its
current directory in curproc. Fix from Pedro Martelletto:
We cannot call vgone() from procfs_inactive() if we are coming from
vclean(). that's what's probably causing the deadlock.
2005-04-02 06:15:09 +00:00
thorpej
e633e8b61b - Define a VFS_ATTACH() macro that places a reference to a vfsops structure
into the "vfsops" link set.
- Use VFS_ATTACH() where vfsops are declared for individual file systems.
- In vfsinit(), traverse the "vfsops" link set, rather than vfs_list_initial[].
2005-03-29 02:41:05 +00:00
christos
bb48399e9b Remove bogus len setting noted by J. Chapman Flack. 2005-03-01 04:39:59 +00:00
christos
1a63592a9b Give more space for cpu info and allocate it dynamically. 2005-02-27 22:29:50 +00:00
perry
477853c351 nuke trailing whitespace 2005-02-26 22:58:54 +00:00
chs
d67b9b2ff2 undo the part of rev. 1.93 that turned the past-EOF check into an assertion.
read() can't request pages past EOF, but mmap() can.  apparently I had
disengaged the brain when I said that was ok.
2005-02-16 15:25:33 +00:00
wrstuden
e384a44e9d Extend fsync_range(2) to support the FDISKSYNC flag, which requests
that the sync be propogated out through the disk drive caches.
2005-01-25 23:55:20 +00:00
drochner
7d0567768c -in the read-ahead code, avoid to issue read requests at/past EOF
-because noone should request reads past EOF, or writes past EOF which
 are not explicitely marked as file-extending (PGO_PASTEOF), turn
 a boundary check into a KASSERT
approved by Chuck Silvers
2005-01-25 09:50:31 +00:00
thorpej
1c95472d01 Add the system call and VFS infrastructure for file system extended
attributes.

From FreeBSD.
2005-01-02 16:08:28 +00:00
dbj
8962229d27 check for _KERNEL_OPT around opt include 2004-12-22 23:29:51 +00:00
christos
31c81b28f5 Cloning cleanup:
1. make fileops const
2. add 2 new negative errno's to `officially' support the cloning hack:
    - EDUPFD (used to overload ENODEV)
    - EMOVEFD (used to overload ENXIO)
3. Created an fdclone() function to encapsulate the operations needed for
   EMOVEFD, and made all cloners use it.
4. Centralize the local noop/badop fileops functions to:
   fnullop_fcntl, fnullop_poll, fnullop_kqfilter, fbadop_stat
2004-11-30 04:25:43 +00:00
atatat
e23f0e2a34 Pass the caller's proc* to soreceive() via auio.uio_procp so that
unp_externalize() is called properly.

Addresses PR kern/28194.
2004-11-12 04:15:29 +00:00
jdolecek
d5e68a44ca ptyfs moved from sys/miscfs/ to sys/fs/ 2004-11-11 18:57:21 +00:00
christos
0ecbe2ed07 Cosmetic; cleanup unused junk and fix comments. 2004-11-11 05:46:10 +00:00
christos
7fc8278a34 Add ptyfs. This is experimental. 2004-11-11 01:40:32 +00:00
skrll
89ce37fcdb Backout previous. 2004-10-27 06:55:53 +00:00
skrll
13d6d39771 Don't pass &proc0 in the UIO_SYSSPACE case it is not needed. 2004-10-27 06:51:06 +00:00
yamt
364ea008bb procfs_readdir:
- return correct cookie when buffer size is small.
- simplify logic.
2004-10-04 08:40:18 +00:00
yamt
ef763f0a42 procfs_readdir: remove a redundant assignment. 2004-10-04 08:37:06 +00:00
enami
d3482ced60 Backout previous; seeing many busy page on the pageq is normal. 2004-10-04 00:28:30 +00:00
enami
b6d06fab27 So that not to leave pages busy unnecessarily, bound to specified region
when building cluster if we aren't pagedaemon and clean entire cluster
if we are pagedaemon.
2004-10-03 08:14:25 +00:00
enami
a55995c148 Count obj pages freed by pagedaemon. 2004-10-03 07:59:02 +00:00
yamt
d79c3679ea procfs_getattr: correct size of /proc/self. 2004-10-02 04:28:57 +00:00
yamt
269a1761b2 procfs_readdir:
- fix a locking problem, using proclist_foreach_call.  PR/27098.
- correct snprintf size argument.
2004-10-01 16:32:16 +00:00
yamt
3cca1d9e20 procfs_readdir: fix an offset handling bug after addition of /proc/self. 2004-10-01 14:09:55 +00:00
yamt
f8f70a5eb4 procfs_readdir: use a list macro. 2004-10-01 14:09:14 +00:00