| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
Update kernel inclusions of capability.h to use capsicum.h instead; some
further refinement is required as some device drivers intended to be
portable over FreeBSD versions rely on __FreeBSD_version to decide whether
to include capability.h.
Sponsored by: Google, Inc.
Notes:
svn path=/stable/10/; revision=280258
|
| |
|
|
|
|
|
| |
Fix Clang -Wpointer-sign warnings.
Notes:
svn path=/stable/10/; revision=276813
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=255219
|
| |
|
|
|
|
|
| |
Approved by: cperciva (mentor)
Notes:
svn path=/head/; revision=247764
|
| |
|
|
|
|
|
|
|
|
|
| |
FreeBSD TCP-level socket options (only the first two are). Instead,
using a mapping function and fail unsupported options as we do for other
socket option levels.
MFC after: 2 weeks
Notes:
svn path=/head/; revision=245849
|
| |
|
|
|
|
|
|
|
|
|
|
| |
malloc(9) flags within sys.
Exceptions:
- sys/contrib not touched
- sys/mbuf.h edited manually
Notes:
svn path=/head/; revision=243882
|
| |
|
|
| |
Notes:
svn path=/head/; revision=230132
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226079
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226078
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226074
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226073
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226072
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226071
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226069
|
| |
|
|
| |
Notes:
svn path=/head/; revision=226068
|
| |
|
|
|
|
|
|
|
|
|
|
| |
exposed by the security fix in FreeBSD-SA-11:05.unix.
Approved by: so (cperciva)
Approved by: re (kib)
Security: Related to FreeBSD-SA-11:05.unix, but not actually
a security fix.
Notes:
svn path=/head/; revision=226023
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
patch modifies makesyscalls.sh to prefix all of the non-compatibility
calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel
entry points and all places in the code that use them. It also
fixes an additional name space collision between the kernel function
psignal and the libc function of the same name by renaming the kernel
psignal kern_psignal(). By introducing this change now we will ease future
MFCs that change syscalls.
Reviewed by: rwatson
Approved by: re (bz)
Notes:
svn path=/head/; revision=225617
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernel for FreeBSD 9.0:
Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *. With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.
Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.
In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.
Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.
Approved by: re (bz)
Submitted by: jonathan
Sponsored by: Google Inc
Notes:
svn path=/head/; revision=224778
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
I have not properly thought through the commit. After r220031 (linux
compat: improve and fix sendmsg/recvmsg compatibility) the basic
handling for SO_PASSCRED is not sufficient as it breaks recvmsg
functionality for SCM_CREDS messages because now we would need to handle
sockcred data in addition to cmsgcred. And that is not implemented yet.
Pointyhat to: avg
Notes:
svn path=/head/; revision=220186
|
| |
|
|
|
|
|
|
|
|
|
| |
This seems to have been a part of a bigger patch by dchagin that either
haven't been committed or committed partially.
Submitted by: dchagin, nox
MFC after: 2 weeks
Notes:
svn path=/head/; revision=220032
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- implement baseic stubs for capget, capset, prctl PR_GET_KEEPCAPS
and prctl PR_SET_KEEPCAPS.
- add SCM_CREDS support to sendmsg and recvmsg
- modify sendmsg to ignore control messages if not using UNIX
domain sockets
This should allow linux pulse audio daemon and client work on FreeBSD
and interoperate with native counter-parts modulo the differences in
pulseaudio versions.
PR: kern/149168
Submitted by: John Wehle <john@feith.com>
Reviewed by: netchild
MFC after: 2 weeks
Notes:
svn path=/head/; revision=220031
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
this matches the Linux behavior.
- Check if we have sufficient space allocated for socket structure, which
fixes a buffer overflow when wrong length is being passed into the
emulation layer. [1]
PR: kern/138860
Submitted by: Mateusz Guzik <mjguzik gmail com>
Reported by: Alexander Best [1]
MFC after: 2 weeks
Notes:
svn path=/head/; revision=203728
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
no matter whether we are compiled as module or if our default of the
net.inet6.ip6.v6only sysctl already matches what we would set.
This avoids unnecessary complications with modules, VIMAGES, INET6 and
the sysctl value, especially considering that most users will use
linux compat as a module.
Discussed with: kib, rwatson (weeks ago)
Reviewed by: rwatson
MFC after: 6 weeks
Notes:
svn path=/head/; revision=198467
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks. Minor cleanups are done in the process,
and comments updated to reflect these changes.
Reviewed by: bz
Approved by: re (vimage blanket)
Notes:
svn path=/head/; revision=196019
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
Notes:
svn path=/head/; revision=195699
|
| |
|
|
|
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193265
|
| |
|
|
|
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193264
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
a flags argument.
Do not preserve td_retval before kern_fcntl(F_SETFL) as it does not
changed.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193263
|
| |
|
|
|
|
|
|
|
|
| |
be used by linuxulator and linux_accept() itself.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193262
|
| |
|
|
|
|
|
|
|
|
| |
in addition to the type argument.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193168
|
| |
|
|
|
|
|
|
|
|
| |
introduced more syscalls which uses these flags.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193165
|
| |
|
|
|
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=193164
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Args argument is a pointer to the structure located in user space in
which the socketcall arguments are packed. The structure must be
copied to the kernel instead of direct dereferencing.
Approved by: kib (mentor)
MFC after: 1 week
Notes:
svn path=/head/; revision=192373
|
| |
|
|
|
|
|
|
| |
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=192284
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
SOCK_NONBLOCK flags, that allow to save fcntl() calls.
Implement a variation of the socket() syscall which takes a flags
in addition to the type argument.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=192206
|
| |
|
|
|
|
|
|
|
|
|
|
| |
type argument is specified.
Do not map type argument value as its Linux values are
identical to FreeBSD values.
Approved by: kib (mentor)
Notes:
svn path=/head/; revision=192205
|
| |
|
|
|
|
|
|
|
|
| |
Return immediately when the socket() failed.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=192204
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Temporarily use 0 for pid member as the FreeBSD does not cache remote
UNIX domain socket peer pid.
PR: kern/102956
Reviewed by: rwatson
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=192203
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
linux_setsockopt()/linux_getsockopt() for SO_RCVTIMEO,
SO_SNDTIMEO opts as l_timeval has MD members.
Remove bogus __packed attribute from l_timeval struct on __amd64__.
PR: kern/134276
Submitted by: Thomas Mueller <tmueller sysgo com>
Approved by: kib (mentor)
MFC after: 2 weeks
Notes:
svn path=/head/; revision=191989
|
| |
|
|
|
|
|
|
|
|
| |
PR: kern/134276
Submitted by: Thomas Mueller <tmueller sysgo com>
Approved by: kib (mentor)
MFC after: 2 weeks
Notes:
svn path=/head/; revision=191988
|
| |
|
|
|
|
|
|
|
| |
unsupported domain argument is specified.
Approved by: kib (mentor)
Notes:
svn path=/head/; revision=191875
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use the protocol family constants for the domain argument validation.
Return EAFNOSUPPORT in case when the incorrect domain argument
is specified.
Return EPROTONOSUPPORT instead of passing values that are not 0
to the BSD layer.
Suggested by: rwatson
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=191871
|
| |
|
|
|
|
|
|
|
|
| |
AF_LOCAL domain unlike FreeBSD which expects 0 in this case.
Approved by: kib (mentor)
MFC after: 1 month
Notes:
svn path=/head/; revision=191742
|
| |
|
|
|
|
|
|
|
|
|
| |
rearrange / replace / adjust several INIT_VNET_* initializer
macros, all of which currently resolve to whitespace.
Reviewed by: bz (an older version of the patch)
Approved by: julian (mentor)
Notes:
svn path=/head/; revision=191548
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.
For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.
Reviewed by: brooks, gnn, des, zec, imp
Sponsored by: The FreeBSD Foundation
Notes:
svn path=/head/; revision=185571
|
| |
|
|
|
|
|
|
|
|
|
| |
Change types used in the linux' struct msghdr and struct cmsghdr
definitions to the properly-sized architecture-specific types.
Move ancillary data handler from linux_sendit() to linux_sendmsg().
Submitted by: dchagin
Notes:
svn path=/head/; revision=185442
|
| |
|
|
|
|
|
| |
MFC after: 3 months
Notes:
svn path=/head/; revision=184205
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
from the vimage project, as per plan established at devsummit 08/08:
http://wiki.freebsd.org/Image/Notes200808DevSummit
Introduce INIT_VNET_*() initializer macros, VNET_FOREACH() iterator
macros, and CURVNET_SET() context setting macros, all currently
resolving to NOPs.
Prepare for virtualization of selected SYSCTL objects by introducing a
family of SYSCTL_V_*() macros, currently resolving to their global
counterparts, i.e. SYSCTL_V_INT() == SYSCTL_INT().
Move selected #defines from sys/sys/vimage.h to newly introduced header
files specific to virtualized subsystems (sys/net/vnet.h,
sys/netinet/vinet.h etc.).
All the changes are verified to have zero functional impact at this
point in time by doing MD5 comparision between pre- and post-change
object files(*).
(*) netipsec/keysock.c did not validate depending on compile time options.
Implemented by: julian, bz, brooks, zec
Reviewed by: julian, bz, brooks, kris, rwatson, ...
Approved by: julian (mentor)
Obtained from: //depot/projects/vimage-commit2/...
X-MFC after: never
Sponsored by: NLnet Foundation, The FreeBSD Foundation
Notes:
svn path=/head/; revision=183550
|
| |
|
|
|
|
|
|
| |
Submitted by: dchagin
MFC after: 1 week
Notes:
svn path=/head/; revision=182890
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
virtualization work done by Marko Zec (zec@).
This is the first in a series of commits over the course
of the next few weeks.
Mark all uses of global variables to be virtualized
with a V_ prefix.
Use macros to map them back to their global names for
now, so this is a NOP change only.
We hope to have caught at least 85-90% of what is needed
so we do not invalidate a lot of outstanding patches again.
Obtained from: //depot/projects/vimage-commit2/...
Reviewed by: brooks, des, ed, mav, julian,
jamie, kris, rwatson, zec, ...
(various people I forgot, different versions)
md5 (with a bit of help)
Sponsored by: NLnet Foundation, The FreeBSD Foundation
X-MFC after: never
V_Commit_Message_Reviewed_By: more people than the patch
Notes:
svn path=/head/; revision=181803
|
