FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F10.1.0 2014-08-16T13:11:59Z 2014-08-16T13:11:59Z Bjoern A. Zeeb bz@FreeBSD.org 2014-08-16T13:11:59Z urn:sha1:8c34039f807c23e6600045623d6d867668bc2058 As constantly reported during kernel compilation, m_buflen is unsigned so can never be < 0. Remove the expression, which can never be true. 2014-01-17T10:58:59Z Andriy Gapon avg@FreeBSD.org 2014-01-17T10:58:59Z urn:sha1:b4aa45e3aa6e5357d0173e0e7417cdf7efe33640 2013-10-01T15:40:27Z Mark Johnston markj@FreeBSD.org 2013-10-01T15:40:27Z urn:sha1:92c6196caadbcb648cd757d5f4b4e0b6426097f9 Reviewed by: rwatson (mac provider) Approved by: re (glebius) MFC after: 1 week 2013-09-29T20:21:34Z Konstantin Belousov kib@FreeBSD.org 2013-09-29T20:21:34Z urn:sha1:f7fadf1f228f3742ed7d48512b40910826f83a46 the mac framework. It is needed when priv_check_cred(9) is called from the mac callback, e.g. in the mac_portacl(4). Reported by: az Reviewed by: rwatson Sponsored by: The FreeBSD Foundation MFC after: 1 week Approved by: re (gjb) 2013-09-05T00:09:56Z Pawel Jakub Dawidek pjd@FreeBSD.org 2013-09-05T00:09:56Z urn:sha1:7008be5bd7341259037f383434a72960413cfeb8 in the future in a backward compatible (API and ABI) way. The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough. The structure definition looks like this: struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; }; The initial CAP_RIGHTS_VERSION is 0. The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements. The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future. To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg. #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) We still support aliases that combine few rights, but the rights have to belong to the same array element, eg: #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) There is new API to manage the new cap_rights_t structure: cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg: cap_rights_t rights; cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT); There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg: #define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...); Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1: cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL); Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition. This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x. Sponsored by: The FreeBSD Foundation 2013-08-21T17:45:00Z Konstantin Belousov kib@FreeBSD.org 2013-08-21T17:45:00Z urn:sha1:940cb0e2bb228ca52f2d29c9c990be0634aec7e4 Add MAC framework entries for posix shm read and write. Do not allow implicit extension of the underlying memory segment past the limit set by ftruncate(2) by either of the syscalls. Read and write returns short i/o, lseek(2) fails with EINVAL when resulting offset does not fit into the limit. Discussed with: alc Tested by: pho Sponsored by: The FreeBSD Foundation 2013-06-04T17:23:09Z Alan Cox alc@FreeBSD.org 2013-06-04T17:23:09Z urn:sha1:a42159f0ee059e28fb6e766123a20df625005fb8 suffices in one place. Sponsored by: EMC / Isilon Storage Division 2013-03-09T02:32:23Z Attilio Rao attilio@FreeBSD.org 2013-03-09T02:32:23Z urn:sha1:89f6b8632cc94bca2738b4fcc26e1189ef4f5dde future further optimizations where the vm_object lock will be held in read mode most of the time the page cache resident pool of pages are accessed for reading purposes. The change is mostly mechanical but few notes are reported: * The KPI changes as follow: - VM_OBJECT_LOCK() -> VM_OBJECT_WLOCK() - VM_OBJECT_TRYLOCK() -> VM_OBJECT_TRYWLOCK() - VM_OBJECT_UNLOCK() -> VM_OBJECT_WUNLOCK() - VM_OBJECT_LOCK_ASSERT(MA_OWNED) -> VM_OBJECT_ASSERT_WLOCKED() (in order to avoid visibility of implementation details) - The read-mode operations are added: VM_OBJECT_RLOCK(), VM_OBJECT_TRYRLOCK(), VM_OBJECT_RUNLOCK(), VM_OBJECT_ASSERT_RLOCKED(), VM_OBJECT_ASSERT_LOCKED() * The vm/vm_pager.h namespace pollution avoidance (forcing requiring sys/mutex.h in consumers directly to cater its inlining functions using VM_OBJECT_LOCK()) imposes that all the vm/vm_pager.h consumers now must include also sys/rwlock.h. * zfs requires a quite convoluted fix to include FreeBSD rwlocks into the compat layer because the name clash between FreeBSD and solaris versions must be avoided. At this purpose zfs redefines the vm_object locking functions directly, isolating the FreeBSD components in specific compat stubs. The KPI results heavilly broken by this commit. Thirdy part ports must be updated accordingly (I can think off-hand of VirtualBox, for example). Sponsored by: EMC / Isilon storage division Reviewed by: jeff Reviewed by: pjd (ZFS specific review) Discussed with: alc Tested by: pho 2012-10-22T17:50:54Z Konstantin Belousov kib@FreeBSD.org 2012-10-22T17:50:54Z urn:sha1:5050aa86cff105784877fb886a7b1d25bca5813b In particular, do not lock Giant conditionally when calling into the filesystem module, remove the VFS_LOCK_GIANT() and related macros. Stop handling buffers belonging to non-mpsafe filesystems. The VFS_VERSION is bumped to indicate the interface change which does not result in the interface signatures changes. Conducted and reviewed by: attilio Tested by: pho 2012-04-08T11:01:49Z Robert Watson rwatson@FreeBSD.org 2012-04-08T11:01:49Z urn:sha1:b4ef8be22825539e023b5311c60b627fd6c00d4d policy configuration, avoid leaking resources following failed calls to get and set MAC labels by file descriptor. Reported by: Mateusz Guzik <mjguzik at gmail.com> + clang scan-build MFC after: 3 days