Commit Graph

218 Commits

Author SHA1 Message Date
christos ff0507541f don't expose ksyms_lock 2008-10-23 20:41:13 +00:00
ad ee66516bfd PR kern/38814 ksyms needs locking
- Make ksyms MT safe.
- Fix deadlock from an operation like "modload foo.lkm < /dev/ksyms".
- Fix uninitialized structure members.
- Reduce memory footprint for loaded modules.
- Export ksyms structures for kernel grovellers like savecore.
- Some KNF.
2008-10-20 10:24:18 +00:00
martin ce099b4099 Remove clause 3 and 4 from TNF licenses 2008-04-28 20:22:51 +00:00
matt e48401e466 Add support for CTLTYPE_BOOL 2008-02-29 02:28:35 +00:00
ad c03e2ac7c3 sysctl_free: don't have the caller acquire sysctl_treelock, do it here. 2008-01-12 19:27:27 +00:00
ad 77e0b2120f Patch up sysctl locking:
- Lock processes, credentials, filehead etc correctly.
- Acquire a read hold on sysctl_treelock if only doing a query.
- Don't wire down the output buffer. It doesn't work correctly and the code
  regularly does long term sleeps with it held - it's not worth it.
- Don't hold locks other than sysctl_lock while doing copyout().
- Drop sysctl_lock while doing copyout / allocating memory in a few places.
- Don't take kernel_lock for sysctl.
- Fix a number of bugs spotted along the way
2008-01-07 16:12:52 +00:00
ad 4a780c9ae2 Merge vmlocking2 to head. 2008-01-02 11:48:20 +00:00
dsl 7e2790cf6f Convert all the system call entry points from:
int foo(struct lwp *l, void *v, register_t *retval)
to:
    int foo(struct lwp *l, const struct foo_args *uap, register_t *retval)
Fixup compat code to not write into 'uap' and (in some cases) to actually
pass a correctly formatted 'uap' structure with the right name to the
next routine.
A few 'compat' routines that just call standard ones have been deleted.
All the 'compat' code compiles (along with the kernels required to test
build it).
98% done by automated scripts.
2007-12-20 23:02:38 +00:00
ad 63c4506184 Changes to make ktrace LKM friendly and reduce ifdef KTRACE. Proposed
on tech-kern.
2007-08-15 12:07:23 +00:00
christos 53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
ad b07ec3fc38 Merge newlock2 to head. 2007-02-09 21:55:00 +00:00
elad 1e70d64818 Consistent usage of KAUTH_GENERIC_ISSUSER. 2007-01-04 16:55:29 +00:00
yamt 1a7bc55dcc remove some __unused from function parameters. 2006-11-01 10:17:58 +00:00
christos 4d595fd7b1 - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
2006-10-12 01:30:41 +00:00
chs 33c1fd1917 add support for O_DIRECT (I/O directly to application memory,
bypassing any kernel caching for file data).
2006-10-05 14:48:32 +00:00
manu 8a1037a46b Add a -t+S flag to ktrace for tracing activity related to sysctl. MIB
names will be displayed, with data readen and written as well.
2006-09-23 22:01:04 +00:00
elad 5f7169ccb1 First take at security model abstraction.
- Add a few scopes to the kernel: system, network, and machdep.

- Add a few more actions/sub-actions (requests), and start using them as
  opposed to the KAUTH_GENERIC_ISSUSER place-holders.

- Introduce a basic set of listeners that implement our "traditional"
  security model, called "bsd44". This is the default (and only) model we
  have at the moment.

- Update all relevant documentation.

- Add some code and docs to help folks who want to actually use this stuff:

  * There's a sample overlay model, sitting on-top of "bsd44", for
    fast experimenting with tweaking just a subset of an existing model.

    This is pretty cool because it's *really* straightforward to do stuff
    you had to use ugly hacks for until now...

  * And of course, documentation describing how to do the above for quick
    reference, including code samples.

All of these changes were tested for regressions using a Python-based
testsuite that will be (I hope) available soon via pkgsrc. Information
about the tests, and how to write new ones, can be found on:

	http://kauth.linbsd.org/kauthwiki

NOTE FOR DEVELOPERS: *PLEASE* don't add any code that does any of the
following:

  - Uses a KAUTH_GENERIC_ISSUSER kauth(9) request,
  - Checks 'securelevel' directly,
  - Checks a uid/gid directly.

(or if you feel you have to, contact me first)

This is still work in progress; It's far from being done, but now it'll
be a lot easier.

Relevant mailing list threads:

http://mail-index.netbsd.org/tech-security/2006/01/25/0011.html
http://mail-index.netbsd.org/tech-security/2006/03/24/0001.html
http://mail-index.netbsd.org/tech-security/2006/04/18/0000.html
http://mail-index.netbsd.org/tech-security/2006/05/15/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/01/0000.html
http://mail-index.netbsd.org/tech-security/2006/08/25/0000.html

Many thanks to YAMAMOTO Takashi, Matt Thomas, and Christos Zoulas for help
stablizing kauth(9).

Full credit for the regression tests, making sure these changes didn't break
anything, goes to Matt Fleming and Jaime Fournier.

Happy birthday Randi! :)
2006-09-08 20:58:56 +00:00
christos 72c936995b delete unreachable code 2006-09-02 06:33:11 +00:00
christos 35ca6c8b5b Fix all the -D*DEBUG* code that it was rotting away and did not even compile.
Mostly from Arnaud Lacombe, many thanks!
2006-08-17 17:11:27 +00:00
elad 5446ee0ef6 ugh.. more stuff that's overdue and should not be in 4.0: remove the
sysctl(9) flags CTLFLAG_READONLY[12]. luckily they're not documented
so it's only half regression.

only two knobs used them; proc.curproc.corename (check added in the
existing handler; its CTLFLAG_ANYWRITE, yay) and net.inet.ip.forwsrcrt,
that got its own handler now too.
2006-07-30 17:38:19 +00:00
ad f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
christos 67894004ec Don't allocate > 2K on the stack. 2006-06-12 01:25:05 +00:00
elad 215bd95ba4 integrate kauth. 2006-05-14 21:15:11 +00:00
elad 7ee081e4bd Move securelevel-specific stuff to its own file. 2006-04-17 03:39:39 +00:00
dsl c89fb86a25 Bail out of sysctl_create() if we fail to malloc() own.
free(own) when we bail out if any later malloc() calls fail.
Fixes coverty CID 2310
2006-04-02 09:07:57 +00:00
dsl 49b6576d34 Predicate all the tests against existing children with a single 'if (node)'.
Simplify the test that ensures a CTLFLAG_ANYNUMBER child is an only child.
Will stop the coverty CID 1082 report.
2006-04-02 08:04:05 +00:00
chris caebf8211b Move check for rnode being NULL to before it's first use.
Fixes Coverity CID 2434
2006-03-17 01:52:08 +00:00
drochner 94c70b92a9 Check the "oldlen" argument to sysctl(2) before passing it
to vslock(9). This prevents a local DOS.
(The checks against system and user limits for wired
memory should be centralized in UVM; for now prefer a less
invasive fix which can be pulled pulled up into releases.)
2006-03-15 16:12:07 +00:00
yamt e6844c675a sysctl_lookup: use "d" rather than "rnode->sysctl_data" after
"d = rnode->sysctl_data".
2006-03-05 00:32:43 +00:00
drochner b18cf5c358 update comments for const sysctl args 2006-02-24 19:26:50 +00:00
yamt 467e5f4980 KNF. convert
if () {
        }
        /*
         * some
         * comments
         */
        else {
        }

to
        if () {
        } else {
                /*
                 * some
                 * comments
                 */
        }
2005-11-27 12:07:24 +00:00
yamt c14bdacc17 MALLOC/FREE -> malloc/free where appropriate. 2005-10-29 12:26:37 +00:00
yamt ebfab35576 old_sysctl: fix null dereference when oldlenp == NULL. 2005-08-21 13:14:54 +00:00
yamt f37bf52fce sysctl_create: remove an unused variable. 2005-08-07 04:54:07 +00:00
peter cea97248d3 Fix an off-by-one in checking the return value of strlcpy(9).
Reviewed by atatat.
2005-07-23 23:34:52 +00:00
atatat df13e3579e Change the rest of the sysctl subsystem to use const consistently.
The __UNCONST macro is now used only where necessary and the RW macros
are gone.  Most of the changes here are consumers of the
sysctl_createv(9) interface that now takes a pair of const pointers
which used not to be.
2005-06-20 02:49:18 +00:00
atatat 420d91208b Properly fix the constipated lossage wrt -Wcast-qual and the sysctl
code.  I know it's not the prettiest code, but it seems to work rather
well in spite of itself.
2005-06-09 02:19:59 +00:00
scw 50d7457a5f Thou shalt not allocate PAGE_SIZE automatic variables on the kernel stack. 2005-06-08 07:25:12 +00:00
christos efb6943313 - add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
2005-05-29 22:24:14 +00:00
perry da8abec863 nuke trailing whitespace 2005-02-26 21:34:55 +00:00
heas 57cef74601 Expose sysctl_root node to kernel sources. It will be used by FreeBSD sysctl
emulation.
2005-02-20 19:43:46 +00:00
elric e6e79dacef The API for ksyms_getval_from_kernel changed. 2005-02-16 00:30:28 +00:00
cube 8a0e3b4be1 In sysctl_destroyv, the newly created dnode structure must have its
version set to the correct value to prevent later failure of
sysctl_cvt_in.
2004-05-12 12:21:39 +00:00
atatat 778eadaf46 Add a printf() to the other case in sysctl_createv() where a node did
not get attached for what should be an extremely unusual case.
2004-05-06 07:06:46 +00:00
matt d1fcd75db0 Define link_sets start/stop as ptype * const [] since they are in a
readonly section.
2004-05-01 07:16:55 +00:00
atatat 3f800573aa Be consistent about using sysc_init_field() 2004-04-25 05:54:38 +00:00
atatat 990f278f7a Remove dynamic sysctl node version 0 from the tree. It seemed okay at
first, but quickly showed its shortcomings.  The version 1 node we're
now using should be good for a while.
2004-04-25 05:47:52 +00:00
atatat 275e2ae7f3 First caller to set a description on a node sets it. This allows one
setup function to set the description, even if the node has been
instantiated elsewhere.  Or not, depending on the other that the setup
functions are called.
2004-04-06 18:52:35 +00:00
atatat f06d00c1a8 Add the standard "is this tree writeable" check to sysctl_describe()
and a comment to sysctl_destroy() about why the check is slightly
different there.
2004-04-01 04:50:06 +00:00
atatat d97889de23 Fix sysctl_createv() so that rnode and cnode can refer to the same
pointer.  Fix sysctl_create() so that nodes cannot be added to an
alias node.
2004-03-27 04:26:23 +00:00