FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=releng%2F5.3 2004-07-10T21:47:53Z 2004-07-10T21:47:53Z Marcel Moolenaar marcel@FreeBSD.org 2004-07-10T21:47:53Z urn:sha1:32240d082c1c4a67407e39dee68e3e83b5ff2c51 o Call kdb_enter() instead of Debugger(). 2004-06-24T03:34:46Z Robert Watson rwatson@FreeBSD.org 2004-06-24T03:34:46Z urn:sha1:2220907b6ece3ccf47b7696ff8b5d2d4b35be066 network interfaces. This global mutex will protect all ifnet labels. Acquire the mutex across various MAC activities on interfaces, such as security checks, propagating interface labels to mbufs generated from the interface, retrieving and setting the interface label. Introduce mpo_copy_ifnet_label MAC policy entry point to copy the value of an interface label from one label to another. Use this to avoid performing a label externalize while holding mac_ifnet_mtx; copy the label to a temporary ifnet label and then externalize that. Implement mpo_copy_ifnet_label for various MAC policies that implement interface labeling using generic label copying routines. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research 2004-06-16T09:47:26Z Poul-Henning Kamp phk@FreeBSD.org 2004-06-16T09:47:26Z urn:sha1:89c9c53da05197f657dfe8e0bdda6941a2e9a0d4 Bump __FreeBSD_version accordingly. 2004-05-03T21:38:42Z Robert Watson rwatson@FreeBSD.org 2004-05-03T21:38:42Z urn:sha1:5cee69e8d2c78b865dfa52896f4c808801ed368d 2004-05-03T21:38:23Z Robert Watson rwatson@FreeBSD.org 2004-05-03T21:38:23Z urn:sha1:6fe7c20e6e52ad3e4d5151e687478ccc9d73441f test the label pointer for NULL before testing the label slot for permitted values. When loading mac_test dynamically with conditional mbuf labels, the label pointer may be NULL if the mbuf was instantiated while labels were not required on mbufs by any policy. Obtained from: TrustedBSD Project Sponsored by: DARPA, McAfee Research 2004-02-22T12:31:44Z Pawel Jakub Dawidek pjd@FreeBSD.org 2004-02-22T12:31:44Z urn:sha1:63dba32b76bdbc5438c5121c7209f7a8f6774b28 Now I believe it is done in the right way. Removed some XXMAC cases, we now assume 'high' integrity level for all sysctls, except those with CTLFLAG_ANYBODY flag set. No more magic. Reviewed by: rwatson Approved by: rwatson, scottl (mentor) Tested with: LINT (compilation), mac_biba(4) (functionality) 2004-02-22T00:33:12Z Robert Watson rwatson@FreeBSD.org 2004-02-22T00:33:12Z urn:sha1:f6a4109212fd8fbabc731f07b2dd5c7e07fbec33 to use the "year1-year3" format, as opposed to "year1, year2, year3". This seems to make lawyers more happy, but also prevents the lines from getting excessively long as the years start to add up. Suggested by: imp 2004-02-01T05:56:51Z Robert Watson rwatson@FreeBSD.org 2004-02-01T05:56:51Z urn:sha1:4795b82c13263497e9c085f1b7dd2114fa66f9de would allocate two 'struct pipe's from the pipe zone, and malloc a mutex. - Create a new "struct pipepair" object holding the two 'struct pipe' instances, struct mutex, and struct label reference. Pipe structures now have a back-pointer to the pipe pair, and a 'pipe_present' flag to indicate whether the half has been closed. - Perform mutex init/destroy in zone init/destroy, avoiding reallocating the mutex for each pipe. Perform most pipe structure setup in zone constructor. - VM memory mappings for pageable buffers are still done outside of the UMA zone. - Change MAC API to speak 'struct pipepair' instead of 'struct pipe', update many policies. MAC labels are also handled outside of the UMA zone for now. Label-only policy modules don't have to be recompiled, but if a module is recompiled, its pipe entry points will need to be updated. If a module actually reached into the pipe structures (unlikely), that would also need to be modified. These changes substantially simplify failure handling in the pipe code as there are many fewer possible failure modes. On half-close, pipes no longer free the 'struct pipe' for the closed half until a full-close takes place. However, VM mapped buffers are still released on half-close. Some code refactoring is now possible to clean up some of the back references, etc; this patch attempts not to change the structure of most of the pipe implementation, only allocation/free code paths, so as to avoid introducing bugs (hopefully). This cuts about 8%-9% off the cost of sequential pipe allocation and free in system call tests on UP and SMP in my micro-benchmarks. May or may not make a difference in macro-benchmarks, but doing less work is good. Reviewed by: juli, tjr Testing help: dwhite, fenestro, scottl, et al 2003-12-17T14:55:11Z Robert Watson rwatson@FreeBSD.org 2003-12-17T14:55:11Z urn:sha1:2d92ec985899529837a43f559d8ed6e0da7854fe wait, rather than the socket label. This avoids reaching up to the socket layer during connection close, which requires locking changes. To do this, introduce MAC Framework entry point mac_create_mbuf_from_inpcb(), which is called from tcp_twrespond() instead of calling mac_create_mbuf_from_socket() or mac_create_mbuf_netlayer(). Introduce MAC Policy entry point mpo_create_mbuf_from_inpcb(), and implementations for various policies, which generally just copy label data from the inpcb to the mbuf. Assert the inpcb lock in the entry point since we require consistency for the inpcb label reference. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories 2003-12-10T18:48:05Z Robert Watson rwatson@FreeBSD.org 2003-12-10T18:48:05Z urn:sha1:7b9ed9a7938dabb3f9043d87c57bd5aeec0ca542 only turned up when running mac_test side by side with a transitioning policy such as SEBSD. Make the NULL testing match mac_test_execve_will_transition(), which already tested the vnode label pointer for NULL. Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories