| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
| |
Members of the syscall argument structures are padded to a word size. So,
for COMPAT_LINUX32 we should convert user supplied system call arguments
which is 32-bit in that case to the array of register_t.
Reported by: Oleg V. Nauman
MFC after: 1 week
Notes:
svn path=/head/; revision=313684
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
instead of their sys_*() counterparts in various compats. The svr4
is left untouched, because there's no point.
Reviewed by: ed@, kib@
MFC after: 2 weeks
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D9367
Notes:
svn path=/head/; revision=312988
|
| |
|
|
|
|
|
| |
Reviewed by: dchagin
Notes:
svn path=/head/; revision=311474
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Descriptor returned by accept(2) should inherits capabilities rights from
the listening socket.
PR: 201052
Reviewed by: emaste, jonathan
Discussed with: many
Differential Revision: https://reviews.freebsd.org/D7724
Notes:
svn path=/head/; revision=306174
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
[1] Remove unneeded sockaddr conversion before kern_recvit() call as the from
argument is used to record result (the source address of the received message) only.
[2] In Linux the type of msg_namelen member of struct msghdr is signed but native
msg_namelen has a unsigned type (socklen_t). So use the proper storage to fetch fromlen
from userspace and than check the user supplied value and return EINVAL if it is less
than 0 as a Linux do.
Reported by: Thomas Mueller <tmueller at sysgo dot com> [1]
Reviewed by: kib@
Approved by: re (gjb, kib)
MFC after: 3 days
Notes:
svn path=/head/; revision=302213
|
| |
|
|
|
|
|
|
|
|
|
| |
local and inet are identical, but for inet6 values differ.
PR: 155040
Reported by: Simon Walton
MFC after: 2 week
Notes:
svn path=/head/; revision=300431
|
| |
|
|
|
|
|
|
|
| |
PR: 135458
Reported by: Stefan Schmidt @ stadtbuch.de
MFC after: 1 week
Notes:
svn path=/head/; revision=300416
|
| |
|
|
|
|
|
|
|
| |
No functional change, only trivial cases are done in this sweep,
Discussed in: freebsd-current
Notes:
svn path=/head/; revision=298310
|
| |
|
|
|
|
|
| |
Pointed out by: ae@
Notes:
svn path=/head/; revision=297313
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=297310
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=297309
|
| |
|
|
|
|
|
|
|
|
|
| |
Also add mapping for several options from RFC 3493 and 3542.
Reviewed by: dchagin
Tested by: Joe Love <joe at getsomwhere dot net>
MFC after: 2 weeks
Notes:
svn path=/head/; revision=296557
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=296504
|
| |
|
|
|
|
|
|
|
| |
for UDP sockets.
MFC after: 1 week
Notes:
svn path=/head/; revision=296503
|
| |
|
|
|
|
|
| |
already freeing it.
Notes:
svn path=/head/; revision=294233
|
| |
|
|
|
|
|
|
|
| |
Note this fixes a Linuxulator regression introduced in r283490.
PR: 200662
Notes:
svn path=/head/; revision=284166
|
| |
|
|
| |
Notes:
svn path=/head/; revision=283497
|
| |
|
|
|
|
|
|
|
|
| |
remove unneeded check for failed M_WAITOK allocation.
Found by: Brainy Code Scanner
Reported by: Maxime Villard
Notes:
svn path=/head/; revision=283494
|
| |
|
|
|
|
|
| |
remove its emulation via fcntl call from Linuxulator.
Notes:
svn path=/head/; revision=283490
|
| |
|
|
| |
Notes:
svn path=/head/; revision=283488
|
| |
|
|
|
|
|
|
|
|
| |
header file.
Differential Revision: https://reviews.freebsd.org/D1087
Reviewed by: trasz
Notes:
svn path=/head/; revision=283437
|
| |
|
|
|
|
|
|
|
|
| |
kern_recvit() directly.
And check fromlen parameter before sockaddr copyin and conversion.
Differential Revision: https://reviews.freebsd.org/D1082
Notes:
svn path=/head/; revision=283433
|
| |
|
|
|
|
|
|
|
|
| |
Move M_FUTEX defines to the linux_common.ko.
Differential Revision: https://reviews.freebsd.org/D1077
Reviewed by: emaste
Notes:
svn path=/head/; revision=283427
|
| |
|
|
|
|
|
|
| |
Differential Revision: https://reviews.freebsd.org/D1067
Reviewed by: trasz
Notes:
svn path=/head/; revision=283415
|
| |
|
|
|
|
|
|
|
|
| |
socketcall system calls.
Differential Revision: https://reviews.freebsd.org/D1065
Reviewed by: trasz
Notes:
svn path=/head/; revision=283413
|
| |
|
|
|
|
|
| |
MFC after: 1 week
Notes:
svn path=/head/; revision=276512
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have both kern_open() and kern_openat(); change the callers to use
kern_openat().
This removes one (sometimes two) levels of indirection and
consolidates arguments checks.
Reviewed by: mckusick
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
Notes:
svn path=/head/; revision=274476
|
| |
|
|
|
|
|
|
|
|
|
| |
further refinement is required as some device drivers intended to be
portable over FreeBSD versions rely on __FreeBSD_version to decide whether
to include capability.h.
MFC after: 3 weeks
Notes:
svn path=/head/; revision=263233
|
| |
|
|
|
|
|
|
|
|
| |
in implicitly via if.h -> if_var.h pollution.
Sponsored by: Netflix
Sponsored by: Nginx, Inc.
Notes:
svn path=/head/; revision=257179
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=255219
|
| |
|
|
|
|
|
| |
Approved by: cperciva (mentor)
Notes:
svn path=/head/; revision=247764
|
| |
|
|
|
|
|
|
|
|
|
| |
FreeBSD TCP-level socket options (only the first two are). Instead,
using a mapping function and fail unsupported options as we do for other
socket option levels.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=245849
|
| |
|
|
|
|
|
|
|
|
|
|
| |
malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched
- sys/mbuf.h edited manually
Notes:
svn path=/head/; revision=243882
|
| |
|
|
| |
Notes:
svn path=/head/; revision=230132
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226079
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226078
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226074
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226073
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226072
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226071
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226069
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226068
|
| |
|
|
|
|
|
|
|
|
|
|
| |
exposed by the security fix in FreeBSD-SA-11:05.unix.
Approved by: so (cperciva)
Approved by: re (kib)
Security: Related to FreeBSD-SA-11:05.unix, but not actually
a security fix.
Notes:
svn path=/head/; revision=226023
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel
entry points and all places in the code that use them. It also
fixes an additional name space collision between the kernel function
psignal and the libc function of the same name by renaming the kernel
psignal kern_psignal(). By introducing this change now we will ease future
MFCs that change syscalls.
Reviewed by: rwatson
Approved by: re (bz)
Notes:
svn path=/head/; revision=225617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *. With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.
Approved by: re (bz)
Submitted by: jonathan
Sponsored by: Google Inc
Notes:
svn path=/head/; revision=224778
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I have not properly thought through the commit. After r220031 (linux
compat: improve and fix sendmsg/recvmsg compatibility) the basic
handling for SO_PASSCRED is not sufficient as it breaks recvmsg
functionality for SCM_CREDS messages because now we would need to handle
sockcred data in addition to cmsgcred. And that is not implemented yet.
Pointyhat to: avg
Notes:
svn path=/head/; revision=220186
|
| |
|
|
|
|
|
|
|
|
|
| |
This seems to have been a part of a bigger patch by dchagin that either
haven't been committed or committed partially.
Submitted by: dchagin, nox
MFC after: 2 weeks
Notes:
svn path=/head/; revision=220032
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- implement baseic stubs for capget, capset, prctl PR_GET_KEEPCAPS
and prctl PR_SET_KEEPCAPS.
- add SCM_CREDS support to sendmsg and recvmsg
- modify sendmsg to ignore control messages if not using UNIX
domain sockets
This should allow linux pulse audio daemon and client work on FreeBSD
and interoperate with native counter-parts modulo the differences in
pulseaudio versions.
PR: kern/149168
Submitted by: John Wehle <john@feith.com>
Reviewed by: netchild
MFC after: 2 weeks
Notes:
svn path=/head/; revision=220031
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this matches the Linux behavior.
- Check if we have sufficient space allocated for socket structure, which
fixes a buffer overflow when wrong length is being passed into the
emulation layer. [1]
PR: kern/138860
Submitted by: Mateusz Guzik <mjguzik gmail com>
Reported by: Alexander Best [1]
MFC after: 2 weeks
Notes:
svn path=/head/; revision=203728
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
no matter whether we are compiled as module or if our default of the
net.inet6.ip6.v6only sysctl already matches what we would set.
This avoids unnecessary complications with modules, VIMAGES, INET6 and
the sysctl value, especially considering that most users will use
linux compat as a module.
Discussed with: kib, rwatson (weeks ago)
Reviewed by: rwatson
MFC after: 6 weeks
Notes:
svn path=/head/; revision=198467
|
