Commit Graph

118 Commits

Author SHA1 Message Date
ad 59d979c5f1 Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
2007-03-12 18:18:22 +00:00
ad c147748d84 - Make the proclist_lock a mutex. The write:read ratio is unfavourable,
and mutexes are cheaper use than RW locks.
- LOCK_ASSERT -> KASSERT in some places.
- Hold proclist_lock/kernel_lock longer in a couple of places.
2007-03-09 14:11:22 +00:00
christos 53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
thorpej 4f3d5a9cc0 TRUE -> true, FALSE -> false 2007-02-22 06:34:42 +00:00
ad 3363855a4a Remove spllowersoftclock() and CLKF_BASEPRI(), and always dispatch callouts
via a soft interrupt. In the near future, softclock will be run from process
context.
2007-02-16 02:53:43 +00:00
ad b07ec3fc38 Merge newlock2 to head. 2007-02-09 21:55:00 +00:00
yamt ccfd2c0df0 remove nqnfs. 2006-12-27 12:10:09 +00:00
yamt a575dafacc use KSI_INIT rather than memset. no functional changes. 2006-12-06 10:02:22 +00:00
yamt 1a7bc55dcc remove some __unused from function parameters. 2006-11-01 10:17:58 +00:00
elad a5d447aee5 Add an XXX to remind me why it's there when grepping. (securelevel ref) 2006-10-20 22:22:48 +00:00
christos 4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
christos 1a9beba1e6 PR/34612: Bucky Katz: SA returns from sleep do not set the signal flags
Patch applied, many thanks for the example!
2006-09-25 18:28:56 +00:00
elad 5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00
ad f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
kardel e804524e26 fix another t{s,v}tohz() fallout (invalid remaining time)
now passes regression/sys/kern/sleeping
2006-07-16 19:23:11 +00:00
kardel 97b1c42feb keep NetBSD boottime semantics:
- only set at boot
- only tracking delta of set-time operations
-> will keep boottime stable across ACPI sleeps
   uptime(1) will report the time since last boot
2006-07-14 22:44:28 +00:00
kardel d788cc37f6 report true clock resolution based on the frequency information
from the underlying counter in clock_getres(). For frequencies
above 1GHz report a resolution if 1 nsec.
2006-07-08 12:10:33 +00:00
kardel de4337ab21 merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
  time.tv_sec -> time_second
- struct timeval mono_time is gone
  mono_time.tv_sec -> time_uptime
- access to time via
	{get,}{micro,nano,bin}time()
	get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
  Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
  NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
2006-06-07 22:33:33 +00:00
yamt b5420599d2 timers_alloc: use PR_WAITOK. 2006-05-18 10:09:12 +00:00
elad 215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
christos cfcbe4640f - make settime take timespec.
- avoid wrapping of time in settime (from OpenBSD)
- pass struct proc down so that we can log a detailed message.
2005-12-05 00:16:33 +00:00
simonb d077ba210f Convert malloc/free of struct ptimers to pools.
Move the ptimer pool to kern_time.c to keep like pools together,
and it wasn't used in kern_proc.c
2005-11-26 05:26:33 +00:00
simonb a21c456e2e Call nanotime() directly, instead of doing the
microtime()/TIMEVAL_TO_TIMESPEC() dance.
2005-11-11 07:07:42 +00:00
cube 388b97e039 Implement a few changes needed to properly resolve PR#30924, as
discussed in the PR.

- introduce sys/timevar.h to hold kernel-specific stuff relevant to
  sys/time.h.  Ideally, timevar.h would contain all (or almost) of the
  #ifdef _KERNEL part of time.h, but that's a pretty big and tedious
  change to make.  For now, it will contain only the prototypes I
  introduced when working on COMPAT_NETBSD32.

- split copyinout_t into copyin_t and copyout_t, it makes prototypes more
  explicit about the meaning of a given argument.  Suggested by yamt@.

- move copyinout_t definition in sys/time.h to systm.h as copyin_t and
  copyout_t

- make everything uses the new types and include the proper headers at
  the proper places.
2005-10-23 00:09:14 +00:00
chs 7c02feca68 avoid calling into the pool code while holding sched_lock
since both pool_get() and pool_put() can call wakeup().
instead, allocate the struct sadata_upcall before taking
sched_lock in mi_switch() and free it after releasing sched_lock.

clean up some modularity warts by adding a callback to
struct sadata_upcall for freeing sa_arg.
2005-10-02 17:51:27 +00:00
jmmv 2a3e5eeb7c Apply the NFS exports list rototill patch:
- Remove all NFS related stuff from file system specific code.
- Drop the vfs_checkexp hook and generalize it in the new nfs_check_export
  function, thus removing redundancy from all file systems.
- Move all NFS export-related stuff from kern/vfs_subr.c to the new
  file sys/nfs/nfs_export.c.  The former was becoming large and its code
  is always compiled, regardless of the build options.  Using the latter,
  the code is only compiled in when NFSSERVER is enabled.  While doing this,
  also make some functions in nfs_subs.c conditional to NFSSERVER.
- Add a new command in nfssvc(2), called NFSSVC_SETEXPORTSLIST, that takes a
  path and a set of export entries.  At the moment it can only clear the
  exports list or append entries, one by one, but it is done in a way that
  allows setting the whole set of entries atomically in the future (see the
  comment in mountd_set_exports_list or in doc/TODO).
- Change mountd(8) to use the nfssvc(2) system call instead of mount(2) so
  that it becomes file system agnostic.  In fact, all this whole thing was
  done to remove a 'XXX' block from this utility!
- Change the mount*, newfs and fsck* userland utilities to not deal with NFS
  exports initialization; done internally by the kernel when initializing
  the NFS support for each file system.
- Implement an interface for VFS (called VFS hooks) so that several kernel
  subsystems can run arbitrary code upon receipt of specific VFS events.
  At the moment, this only provides support for unmount and is used to
  destroy NFS exports lists from the file systems being unmounted, though it
  has room for extension.

Thanks go to yamt@, chs@, thorpej@, wrstuden@ and others for their comments
and advice in the development of this patch.
2005-09-23 12:10:31 +00:00
cube 2844b7b432 Split sys_timer_create, sys_timer_gettime and sys_timer_settime so they
can be easily used by netbsd32 code.

XXX Meanwhile, introduce a copyinout_t type that matches the prototype of
XXX copyin(9) and copyout(9).  Its logical place would be in systm.h, near
XXX the definition of copyin, but, well, see the comment.
2005-07-23 18:54:07 +00:00
cube 08fd92bac5 Split sys_getitimer and sys_setitimer to make it possible to share the
relevant code with the COMPAT_NETBSD32 version, and make the latter use
the new functions.

This fixes netbsd32_setitimer() which had drifted from the native syscall
and did not work properly anymore.
2005-07-11 19:50:42 +00:00
thorpej 73c9fbb0e6 Use ANSI function decls. Apply some static. 2005-06-23 23:15:12 +00:00
christos efb6943313 - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
2005-05-29 22:24:14 +00:00
mycroft b9c71ccc7a Copyright maintenance. 2005-03-02 11:05:34 +00:00
perry da8abec863 nuke trailing whitespace 2005-02-26 21:34:55 +00:00
mycroft 13495aa242 If sa_upcall() fails (which is always going to be due to resource exhaustion),
do not leak siginfo structures.

Note that in the cases of trap signals and timer events, losing this
information could be very bad; right now it will cause us to spin until the
process is SIGKILLed.

"Needs work."
2005-01-06 19:26:41 +00:00
atatat 612e86b46d Wrap TIMEVAL_TO_TIMESPEC and TIMESPEC_TO_TIMEVAL macros in
do { ... } while(/*CONSTCOND*/0)

so that they can be used unadorned in if/else blocks, etc.  This means
that you now *have* to put a ; at the end of the "call" to these
macros.
2004-11-14 03:30:08 +00:00
simonb 01837603b0 Fix "comments within comments" problem pointed out by Geoff Wing on
source-changes.
2004-04-27 05:25:33 +00:00
kleink 681b62c2ce POSIX-2001: Add restrict keywords to gettimeofday(2) and setitimer(2);
further deprecate struct timezone usage by changing `tzp' argument to
gettimeofday() to void *; align utimes(2) declaration by changing `times`
argument from struct timeval * to struct timeval[2].  From Murray
Armfield in PR standards/25331.

In due curse, reflect these changes in futimes(2), lutimes(2), and
settimeofday(2).
2004-04-27 01:12:44 +00:00
cl ea5ec0212d add kernel part of concurrency support for SA on MP systems
- move per VP data into struct sadata_vp referenced from l->l_savp
  * VP id
  * lock on VP data
  * LWP on VP
  * recently blocked LWP on VP
  * queue of LWPs woken which ran on this VP before sleep
  * faultaddr
  * LWP cache for upcalls
  * upcall queue
- add current concurrency and requested concurrency variables
- make process exit run LWP on all VPs
- make signal delivery consider all VPs
- make timer events consider all VPs
- add sa_newsavp to allocate new sadata_vp structure
- add sa_increaseconcurrency to prepare new VP
- make sys_sa_setconcurrency request new VP or wakeup idle VP
- make sa_yield lower current concurrency
- set sa_cpu = VP id in upcalls
- maintain cached LWPs per VP
2004-03-14 01:08:47 +00:00
cl e7045955c7 kernel part of no-syscall upcall stack return: libpthread registers
an offset between ss_sp and struct sa_stackinfo_t (located in struct
__pthread_st) when calling sa_register.  The kernel increments the
sast_gen counter in struct sastack when an upcall stack is used.
libpthread increments the sasi_stackgen counter in struct
sa_stackinfo_t when an upcall stack is freed.  The kernel compares the
two counters to decide if a stack is free or in use.

- add struct sa_stackinfo_t with sasi_stackgen to count stack use in
  userland
- add sast_gen to struct sastack to count stack use in kernel
- add SA_FLAG_STACKINFO to enable the stackinfo_offset argument in the
  sa_register syscall
- add sa_stackinfo_offset to struct sadata for offset between ss_sp
  and struct sa_stackinfo_t
- add ssize_t stackinfo_offset argument to sa_register, initialize
  struct sadata's sa_stackinfo_offset from it if SA_FLAG_STACKINFO is
  set
- add sa_getstack, sa_getstack0, sa_stackused and sa_setstackfree
  functions to find/use/free upcall stacks and use these where
  appropriate
- don't record stack for upcall in sa_upcall0
- pass sau to sa_switchcall instead of l2 (l2 = curlwp in sa_switchcall)
- add sa_vp_blocker to struct sadata to pass recently blocked lwp to
  sa_switchcall
- delay finding a stack for blocked upcalls to sa_switchcall
- add sa_stacknext to struct sadata pointing to next most likely free
  upcall stack; also g/c sa_stackslist in struct sadata and sast_list
  in struct sastack
- add L_SA_WOKEN flag: LWP is on sa_woken queue
- add L_SA_RECYCLE flag: LWP should be recycled in sa_setwoken
- replace l_upcallstack with L_SA_WOKEN/L_SA_RECYCLE/L_SA_BLOCKING
  flags
- g/c now unused sast_blocker in struct sastack
- make sa_switchcall, sa_upcall0 and sa_upcall_getstate static in
  kern_sa.c
- call sa_upcall_userret only once in userret
- split sa_makeupcalls out of sa_upcall_userret and use to process
  the sa_upcalls queue
- on process exit: mark LWPs sleeping in saunblock interruptible; also
  there are no LWPs sleeping on l->l_upcallstack anymore; also clear
  sa_wokenq_head to prevent unblocked upcalls

additional changes:
- cleanup timerupcall sa_vp == curlwp check
- add check in sa_yield if we didn't block on our way here and we
  wouldn't any longer be the LWP on the VP
- invalidate sa_vp_ofaultaddr after resolving pagefault
2004-01-02 18:52:17 +00:00
christos d16297df4c PR/23613: Christian Biere: Bogus bounds check in nanosleep. 2003-12-02 01:34:30 +00:00
chs e07f0b9362 eliminate uvm_useracc() in favor of checking the return value of
copyin() or copyout().

uvm_useracc() tells us whether the mapping permissions allow access to
the desired part of an address space, and many callers assume that
this is the same as knowing whether an attempt to access that part of
the address space will succeed.  however, access to user space can
fail for reasons other than insufficient permission, most notably that
paging in any non-resident data can fail due to i/o errors.  most of
the callers of uvm_useracc() make the above incorrect assumption.  the
rest are all misguided optimizations, which optimize for the case
where an operation will fail.  we'd rather optimize for operations
succeeding, in which case we should just attempt the access and handle
failures due to insufficient permissions the same way we handle i/o
errors.  since there appear to be no good uses of uvm_useracc(), we'll
just remove it.
2003-11-13 03:09:28 +00:00
cl 350dd95eff Cleanup signal delivery for SA processes:
General idea:  only consider the LWP on the VP for signal delivery, all
other LWPs are either asleep or running from waking up until repossessing
the VP.

- in kern_sig.c:kpsignal2: handle all states the LWP on the VP can be in
- in kern_sig.c:proc_stop: only try to stop the LWP on the VP.  All other
  LWPs will suspend in sa_vp_repossess() until the VP-LWP donates the VP.
  Restore original behaviour (before SA-specific hacks were added) for
  non-SA processes.
- in kern_sig.c:proc_unstop: only return the LWP on the VP
- handle sa_yield as case 0 in sa_switch instead of clearing L_SA, add an
  L_SA_YIELD flag
- replace sa_idle by L_SA_IDLE flag since it was either NULL or == sa_vp

Also don't output itimerfire overrun warning if the process is already
exiting.
Also g/c sa_woken because it's not used.
Also g/c some #if 0 code.
2003-11-02 16:26:10 +00:00
thorpej 68723a995b * Shuffle some data structures so, and add a flags word to ksiginfo_t.
Right now the only flag is used to indicate if a ksiginfo_t is a
  result of a trap.  Add a predicate macro to test for this flag.
* Add initialization macros for ksiginfo_t's.
* Add accssor macro for ksi_trap.  Expands to 0 if the ksiginfo_t was
  not the result of a trap.  This matches the sigcontext trapcode semantics.
* In kpsendsig(), use KSI_TRAP_P() to select the lwp that gets the signal.
  Inspired by Matthias Drochner's fix to kpsendsig(), but correctly handles
  the case of non-trap-generated signals that have a > 0 si_code.

This patch fixes a signal delivery problem with threaded programs noted by
Matthias Drochner on tech-kern.

As discussed on tech-kern.  Reviewed and OK's by Christos.
2003-10-08 00:28:40 +00:00
christos 24045725fc set the sigval in the setitimer case. 2003-09-14 06:56:22 +00:00
christos 35a41eaf06 enable SI_TIMER notification. 2003-09-13 22:39:18 +00:00
cl f8a1f76075 fix timerupcall breakage after SA_SIGINFO changes:
- sa_upcall only stores a pointer to the `arg'
2003-09-09 15:16:30 +00:00
christos 1dc335c017 SA_SIGINFO changes. 2003-09-06 22:03:09 +00:00
agc aad01611e7 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
2003-08-07 16:26:28 +00:00
fvdl 4bd1a8dcf8 Changes from Stephan Uphoff to patch problems with LWPs blocking when they
shouldn't, and MP.
2003-07-17 18:16:58 +00:00
nathanw a86930707b Expand the test in itimerfire() to only wake up an idle SA LWP if the
process isn't stopped.
2003-05-28 22:27:57 +00:00
dyoung 9d9a86120a Make ppsratecheck conform with its man page, which says, "If maxpps
is set to 0, the function will always return 0 (no packets/events
are permitted)." Before this patch, ppsratecheck returned 1 once
a second when maxpps was 0.
2003-05-19 03:23:37 +00:00