#
272461 |
|
02-Oct-2014 |
gjb |
Copy stable/10@r272459 to releng/10.1 as part of the 10.1-RELEASE process.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
262734 |
|
04-Mar-2014 |
glebius |
Merge r261590, r261592 from head: Remove identical vnet sysctl handlers, and handle CTLFLAG_VNET in the sysctl_root().
Note: SYSCTL_VNET_* macros can be removed as well. All is needed to virtualize a sysctl oid is set CTLFLAG_VNET on it. But for now keep macros in place to avoid large code churn.
|
#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation
|
#
254115 |
|
08-Aug-2013 |
scottl |
Add a helpful message that can help point to why a sysctl tree removal failed
Obtained from: Netflix MFC after: 3 days
|
#
247561 |
|
01-Mar-2013 |
marius |
- Use strdup(9) instead of reimplementing it. - Use __DECONST instead of strange casts. - Reduce code duplication and simplify name2oid().
PR: 176373 Submitted by: Christoph Mallon MFC after: 1 week
|
#
246696 |
|
11-Feb-2013 |
marius |
Update comments to reflect r246689.
|
#
246689 |
|
11-Feb-2013 |
marius |
Make SYSCTL_{LONG,QUAD,ULONG,UQUAD}(9) work as advertised and also handle constant values.
Reviewed by: kib MFC after: 3 days
|
#
233291 |
|
22-Mar-2012 |
alc |
Handle spurious page faults that may occur in no-fault sections of the kernel.
When access restrictions are added to a page table entry, we flush the corresponding virtual address mapping from the TLB. In contrast, when access restrictions are removed from a page table entry, we do not flush the virtual address mapping from the TLB. This is exactly as recommended in AMD's documentation. In effect, when access restrictions are removed from a page table entry, AMD's MMUs will transparently refresh a stale TLB entry. In short, this saves us from having to perform potentially costly TLB flushes. In contrast, Intel's MMUs are allowed to generate a spurious page fault based upon the stale TLB entry. Usually, such spurious page faults are handled by vm_fault() without incident. However, when we are executing no-fault sections of the kernel, we are not allowed to execute vm_fault(). This change introduces special-case handling for spurious page faults that occur in no-fault sections of the kernel.
In collaboration with: kib Tested by: gibbs (an earlier version)
I would also like to acknowledge Hiroki Sato's assistance in diagnosing this problem.
MFC after: 1 week
|
#
225617 |
|
16-Sep-2011 |
kmacy |
In order to maximize the re-usability of kernel code in user space this patch modifies makesyscalls.sh to prefix all of the non-compatibility calls (e.g. not linux_, freebsd32_) with sys_ and updates the kernel entry points and all places in the code that use them. It also fixes an additional name space collision between the kernel function psignal and the libc function of the same name by renaming the kernel psignal kern_psignal(). By introducing this change now we will ease future MFCs that change syscalls.
Reviewed by: rwatson Approved by: re (bz)
|
#
224159 |
|
17-Jul-2011 |
rwatson |
Define two new sysctl node flags: CTLFLAG_CAPRD and CTLFLAG_CAPRW, which may be jointly referenced via the mask CTLFLAG_CAPRW. Sysctls with these flags are available in Capsicum's capability mode; other sysctl nodes are not.
Flag several useful sysctls as available in capability mode, such as memory layout sysctls required by the run-time linker and malloc(3). Also expose access to randomness and available kernel features.
A few sysctls are enabled to support name->MIB conversion; these may leak information to capability mode by virtue of providing resolution on names not flagged for access in capability mode. This is, generally, not a huge problem, but might be something to resolve in the future. Flag these cases with XXX comments.
Submitted by: jonathan Sponsored by: Google, Inc.
|
#
221829 |
|
13-May-2011 |
mdf |
Use a name instead of a magic number for kern_yield(9) when the priority should not change. Fetch the td_user_pri under the thread lock. This is probably not necessary but a magic number also seems preferable to knowing the implementation details here.
Requested by: Jason Behmer < jason DOT behmer AT isilon DOT com >
|
#
219819 |
|
21-Mar-2011 |
jeff |
- Merge changes to the base system to support OFED. These include a wider arg2 for sysctl, updates to vlan code, IFT_INFINIBAND, and other miscellaneous small features.
|
#
218424 |
|
07-Feb-2011 |
mdf |
Based on discussions on the svn-src mailing list, rework r218195:
- entirely eliminate some calls to uio_yeild() as being unnecessary, such as in a sysctl handler.
- move should_yield() and maybe_yield() to kern_synch.c and move the prototypes from sys/uio.h to sys/proc.h
- add a slightly more generic kern_yield() that can replace the functionality of uio_yield().
- replace source uses of uio_yield() with the functional equivalent, or in some cases do not change the thread priority when switching.
- fix a logic inversion bug in vlrureclaim(), pointed out by bde@.
- instead of using the per-cpu last switched ticks, use a per thread variable for should_yield(). With PREEMPTION, the only reasonable use of this is to determine if a lock has been held a long time and relinquish it. Without PREEMPTION, this is essentially the same as the per-cpu variable.
|
#
217916 |
|
26-Jan-2011 |
mdf |
Explicitly wire the user buffer rather than doing it implicitly in sbuf_new_for_sysctl(9). This allows using an sbuf with a SYSCTL_OUT drain for extremely large amounts of data where the caller knows that appropriate references are held, and sleeping is not an issue.
Inspired by: rwatson
|
#
217915 |
|
26-Jan-2011 |
mdf |
Remove the CTLFLAG_NOLOCK as it seems to be both unused and unfunctional. Wiring the user buffer has only been done explicitly since r101422.
Mark the kern.disks sysctl as MPSAFE since it is and it seems to have been mis-using the NOLOCK flag.
Partially break the KPI (but not the KBI) for the sysctl_req 'lock' field since this member should be private and the "REQ_LOCKED" state seems meaningless now.
|
#
217616 |
|
19-Jan-2011 |
mdf |
Introduce signed and unsigned version of CTLTYPE_QUAD, renaming existing uses. Rename sysctl_handle_quad() to sysctl_handle_64().
|
#
217555 |
|
18-Jan-2011 |
mdf |
Specify a CTLTYPE_FOO so that a future sysctl(8) change does not need to rely on the format string.
|
#
216066 |
|
29-Nov-2010 |
mdf |
Fix uninitialized variable warning that shows on Tinderbox but not my setup. (??)
Submitted by: Michael Butler <imb at protected-networks dot net>
|
#
216060 |
|
29-Nov-2010 |
mdf |
Do not hold the sysctl lock across a call to the handler. This fixes a general LOR issue where the sysctl lock had no good place in the hierarchy. One specific instance is #284 on http://sources.zabbadoz.net/freebsd/lor.html .
Reviewed by: jhb MFC after: 1 month X-MFC-note: split oid_refcnt field for oid_running to preserve KBI
|
#
216059 |
|
29-Nov-2010 |
mdf |
Slightly modify the logic in sysctl_find_oid to reduce the indentation. There should be no functional change.
MFC after: 3 days
|
#
216058 |
|
29-Nov-2010 |
mdf |
Use the SYSCTL_CHILDREN macro in kern_sysctl.c to help de-obfuscate the code.
MFC after: 3 days
|
#
212750 |
|
16-Sep-2010 |
mdf |
Re-add r212370 now that the LOR in powerpc64 has been resolved:
Add a drain function for struct sysctl_req, and use it for a variety of handlers, some of which had to do awkward things to get a large enough SBUF_FIXEDLEN buffer.
Note that some sysctl handlers were explicitly outputting a trailing NUL byte. This behaviour was preserved, though it should not be necessary.
Reviewed by: phk (original patch)
|
#
212572 |
|
13-Sep-2010 |
mdf |
Revert r212370, as it causes a LOR on powerpc. powerpc does a few unexpected things in copyout(9) and so wiring the user buffer is not sufficient to perform a copyout(9) while holding a random mutex.
Requested by: nwhitehorn
|
#
212370 |
|
09-Sep-2010 |
mdf |
Add a drain function for struct sysctl_req, and use it for a variety of handlers, some of which had to do awkward things to get a large enough FIXEDLEN buffer.
Note that some sysctl handlers were explicitly outputting a trailing NUL byte. This behaviour was preserved, though it should not be necessary.
Reviewed by: phk
|
#
196176 |
|
13-Aug-2009 |
bz |
Make it possible to change the vnet sysctl variables on jails with their own virtual network stack. Jails only inheriting a network stack cannot change anything that cannot be changed from within a prison.
Reviewed by: rwatson, zec Approved by: re (kib)
|
#
196019 |
|
01-Aug-2009 |
rwatson |
Merge the remainder of kern_vimage.c and vimage.h into vnet.c and vnet.h, we now use jails (rather than vimages) as the abstraction for virtualization management, and what remained was specific to virtual network stacks. Minor cleanups are done in the process, and comments updated to reflect these changes.
Reviewed by: bz Approved by: re (vimage blanket)
|
#
195814 |
|
21-Jul-2009 |
bz |
sysctl_msec_to_ticks is used with both virtualized and non-vrtiualized sysctls so we cannot used one common function.
Add a macro to convert the arg1 in the virtualized case to vnet.h to not expose the maths to all over the code.
Add a wrapper for the single virtualized call, properly handling arg1 and call the default implementation from there.
Convert the two over places to use the new macro.
Reviewed by: rwatson Approved by: re (kib)
|
#
195699 |
|
14-Jul-2009 |
rwatson |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator (DPCPU), as suggested by Peter Wemm, and implement a new per-virtual network stack memory allocator. Modify vnet to use the allocator instead of monolithic global container structures (vinet, ...). This change solves many binary compatibility problems associated with VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also once per virtual network stack. Virtualized global variables are tagged at compile-time, placing the in a special linker set, which is loaded into a contiguous region of kernel memory. Virtualized global variables in the base kernel are linked as normal, but those in modules are copied and relocated to a reserved portion of the kernel's vnet region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the network stack instance is created, and are initialized statically from the reference copy. Run-time access occurs via an accessor macro, which converts from the current vnet and requested symbol to a per-vnet address. When "options VIMAGE" is not compiled into the kernel, normal global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global variables, restores support for non-global symbols and types, eliminates the need for many subsystem constructors, eliminates large per-subsystem structures that caused many binary compatibility issues both for monitoring applications (netstat) and kernel modules, removes the per-function INIT_VNET_*() macros throughout the stack, eliminates the need for vnet_symmap ksym(2) munging, and eliminates duplicate definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz Reviewed by: bz, zec Discussed with: gnn, jamie, jeff, jhb, julian, sam Suggested by: peter Approved by: re (kensmith)
|
#
194368 |
|
17-Jun-2009 |
bz |
Add explicit includes for jail.h to the files that need them and remove the "hidden" one from vimage.h.
|
#
194252 |
|
15-Jun-2009 |
jamie |
Get vnets from creds instead of threads where they're available, and from passed threads instead of curthread.
Reviewed by: zec, julian Approved by: bz (mentor)
|
#
193511 |
|
05-Jun-2009 |
rwatson |
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC and used in a large number of files, but also because an increasing number of incorrect uses of MAC calls were sneaking in due to copy-and-paste of MAC-aware code without the associated opt_mac.h include.
Discussed with: pjd
|
#
192160 |
|
15-May-2009 |
des |
Remove do-nothing code that was required to dirty the old buffer on Alpha.
Coverity ID: 838 Approved by: jhb, alc
|
#
192144 |
|
15-May-2009 |
kib |
Revert r192094. The revision caused problems for sysctl(3) consumers that expect that oldlen is filled with required buffer length even when supplied buffer is too short and returned error is ENOMEM.
Redo the fix for kern.proc.filedesc, by reverting the req->oldidx when remaining buffer space is too short for the current kinfo_file structure. Also, only ignore ENOMEM. We have to convert ENOMEM to no error condition to keep existing interface for the sysctl, though.
Reported by: ed, Florian Smeets <flo kasimir com> Tested by: pho
|
#
192125 |
|
14-May-2009 |
jhb |
- Use a separate sx lock to try to limit the number of concurrent userland sysctl requests to avoid wiring too much user memory. Only grab this lock if the user's old buffer is larger than a page as a tradeoff to allow more concurrency for common small requests. - Just use a shared lock on the sysctl tree for user sysctl requests now.
MFC after: 1 week
|
#
192094 |
|
14-May-2009 |
kib |
Do not advance req->oldidx when sysctl_old_user returning an error due to copyout failure or short buffer.
The later breaks the usermode iterators of the sysctl results that pack arbitrary number of variable-sized structures. Iterator expects that kernel filled exactly oldlen bytes, and tries to interpret half-filled or garbage structure at the end of the buffer. In particular, kinfo_getfile(3) segfaulted.
Reported and tested by: pho MFC after: 3 weeks
|
#
191688 |
|
30-Apr-2009 |
zec |
Permit buiding kernels with options VIMAGE, restricted to only a single active network stack instance. Turning on options VIMAGE at compile time yields the following changes relative to default kernel build:
1) V_ accessor macros for virtualized variables resolve to structure fields via base pointers, instead of being resolved as fields in global structs or plain global variables. As an example, V_ifnet becomes:
options VIMAGE: ((struct vnet_net *) vnet_net)->_ifnet default build: vnet_net_0._ifnet options VIMAGE_GLOBALS: ifnet
2) INIT_VNET_* macros will declare and set up base pointers to be used by V_ accessor macros, instead of resolving to whitespace:
INIT_VNET_NET(ifp->if_vnet); becomes
struct vnet_net *vnet_net = (ifp->if_vnet)->mod_data[VNET_MOD_NET];
3) Memory for vnet modules registered via vnet_mod_register() is now allocated at run time in sys/kern/kern_vimage.c, instead of per vnet module structs being declared as globals. If required, vnet modules can now request the framework to provide them with allocated bzeroed memory by filling in the vmi_size field in their vmi_modinfo structures.
4) structs socket, ifnet, inpcbinfo, tcpcb and syncache_head are extended to hold a pointer to the parent vnet. options VIMAGE builds will fill in those fields as required.
5) curvnet is introduced as a new global variable in options VIMAGE builds, always pointing to the default and only struct vnet.
6) struct sysctl_oid has been extended with additional two fields to store major and minor virtualization module identifiers, oid_v_subs and oid_v_mod. SYSCTL_V_* family of macros will fill in those fields accordingly, and store the offset in the appropriate vnet container struct in oid_arg1. In sysctl handlers dealing with virtualized sysctls, the SYSCTL_RESOLVE_V_ARG1() macro will compute the address of the target variable and make it available in arg1 variable for further processing.
Unused fields in structs vnet_inet, vnet_inet6 and vnet_ipfw have been deleted.
Reviewed by: bz, rwatson Approved by: julian (mentor)
|
#
189707 |
|
11-Mar-2009 |
jhb |
Add a new type of KTRACE record for sysctl(3) invocations. It uses the internal sysctl_sysctl_name() handler to map the MIB array to a string name and logs this name in the trace log. This can be useful to see exactly which sysctls a thread is invoking.
MFC after: 1 month
|
#
189631 |
|
10-Mar-2009 |
jhb |
- Remove a recently added comment from kernel_sysctlbyname() that isn't needed. - Move the release of the sysctl sx lock after the vsunlock() in userland_sysctl() to restore the original memlock behavior of minimizing the amount of memory wired to handle sysctl requests.
MFC after: 1 week
|
#
188232 |
|
06-Feb-2009 |
jhb |
Expand the scope of the sysctllock sx lock to protect the sysctl tree itself. Back in 1.1 of kern_sysctl.c the sysctl() routine wired the "old" userland buffer for most sysctls (everything except kern.vnode.*). I think to prevent issues with wiring too much memory it used a 'memlock' to serialize all sysctl(2) invocations, meaning that only one user buffer could be wired at a time. In 5.0 the 'memlock' was converted to an sx lock and renamed to 'sysctl lock'. However, it still only served the purpose of serializing sysctls to avoid wiring too much memory and didn't actually protect the sysctl tree as its name suggested. These changes expand the lock to actually protect the tree.
Later on in 5.0, sysctl was changed to not wire buffers for requests by default (sysctl_handle_opaque() will still wire buffers larger than a single page, however). As a result, user buffers are no longer wired as often. However, many sysctl handlers still wire user buffers, so it is still desirable to serialize userland sysctl requests. Kernel sysctl requests are allowed to run in parallel, however.
- Expose sysctl_lock()/sysctl_unlock() routines to exclusively lock the sysctl tree for a few places outside of kern_sysctl.c that manipulate the sysctl tree directly including the kernel linker and vfs_register(). - sysctl_register() and sysctl_unregister() require the caller to lock the sysctl lock using sysctl_lock() and sysctl_unlock(). The rest of the public sysctl API manage the locking internally. - Add a locked variant of sysctl_remove_oid() for internal use so that external uses of the API do not need to be aware of locking requirements. - The kernel linker no longer needs Giant when manipulating the sysctl tree. - Add a missing break to the loop in vfs_register() so that we stop looking at the sysctl MIB once we have changed it.
MFC after: 1 month
|
#
187864 |
|
28-Jan-2009 |
ed |
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant strings.
- kern.arandom, used by the stack protector. It is already protected by arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive test setup.
|
#
187656 |
|
23-Jan-2009 |
jhb |
Add a flag to tag individual sysctl leaf nodes as MPSAFE and thus not needing Giant.
Submitted by: csjp (an older version)
|
#
186664 |
|
31-Dec-2008 |
ed |
Don't clobber sysctl_root()'s error number.
When sysctl() is being called with a buffer that is too small, it will return ENOMEM. Unfortunately the changes I made the other day sets the error number to 0, because it just returns the error number of the copyout(). Revert this part of the change.
|
#
186570 |
|
29-Dec-2008 |
ed |
Fix compilation. Also move ogetkerninfo() to kern_xxx.c.
It seems I forgot to remove `int error' from a single piece of code. I'm also moving ogetkerninfo() to kern_xxx.c, because it belongs to the class of compat system information system calls, not the generic sysctl code.
|
#
186564 |
|
29-Dec-2008 |
ed |
Push down Giant inside sysctl. Also add some more assertions to the code.
In the existing code we didn't really enforce that callers hold Giant before calling userland_sysctl(), even though there is no guarantee it is safe. Fix this by just placing Giant locks around the call to the oid handler. This also means we only pick up Giant for a very short period of time. Maybe we should add MPSAFE flags to sysctl or phase it out all together.
I've also added SYSCTL_LOCK_ASSERT(). We have to make sure sysctl_root() and name2oid() are called with the sysctl lock held.
Reviewed by: Jille Timmermans <jille quis cx>
|
#
185987 |
|
12-Dec-2008 |
kib |
Uio_yield() already does DROP_GIANT/PICKUP_GIANT, no need to repeat this around the call.
Noted by: bde
|
#
185983 |
|
12-Dec-2008 |
kib |
The userland_sysctl() function retries sysctl_root() until returned error is not EAGAIN. Several sysctls that inspect another process use p_candebug() for checking access right for the curproc. p_candebug() returns EAGAIN for some reasons, in particular, for the process doing exec() now. If execing process tries to lock Giant, we get a livelock, because sysctl handlers are covered by Giant, and often do not sleep.
Break the livelock by dropping Giant and allowing other threads to execute in the EAGAIN loop.
Also, do not return EAGAIN from p_candebug() when process is executing, use more appropriate EBUSY error [1].
Reported and tested by: pho Suggested by: rwatson [1] Reviewed by: rwatson, des MFC after: 1 week
|
#
185348 |
|
26-Nov-2008 |
zec |
Merge more of currently non-functional (i.e. resolving to whitespace) macros from p4/vimage branch.
Do a better job at enclosing all instantiations of globals scheduled for virtualization in #ifdef VIMAGE_GLOBALS blocks.
De-virtualize and mark as const saorder_state_alive and saorder_state_any arrays from ipsec code, given that they are never updated at runtime, so virtualizing them would be pointless.
Reviewed by: bz, julian Approved by: julian (mentor) Obtained from: //depot/projects/vimage-commit2/... X-MFC after: never Sponsored by: NLnet Foundation, The FreeBSD Foundation
|
#
174113 |
|
30-Nov-2007 |
peter |
Add sysctl_rename_oid() to support device_set_unit() usage. Otherwise, when unit numbers are changed, the sysctl devinfo tree gets out of sync and duplicate trees are attempted to be attached with the original name.
|
#
172930 |
|
24-Oct-2007 |
rwatson |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
|
#
172038 |
|
02-Sep-2007 |
rwatson |
In userland_sysctl(), call useracc() with the actual newlen value to be used, rather than the one passed via 'req', which may not reflect a rewrite. This call to useracc() is redundant to validation performed by later copyin()/copyout() calls, so there isn't a security issue here, but this could technically lead to excessive validation of addresses if the length in newlen is shorter than req.newlen.
Approved by: re (kensmith) Reviewed by: jhb Submitted by: Constantine A. Murenin <cnst+freebsd@bugmail.mojo.ru> Sponsored by: Google Summer of Code 2007
|
#
170587 |
|
11-Jun-2007 |
rwatson |
Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in some cases, move to priv_check() if it was an operation on a thread and no other flags were present.
Eliminate caller-side jail exception checking (also now-unused); jail privilege exception code now goes solely in kern_jail.c.
We can't yet eliminate suser() due to some cases in the KAME code where a privilege check is performed and then used in many different deferred paths. Do, however, move those prototypes to priv.h.
Reviewed by: csjp Obtained from: TrustedBSD Project
|
#
170288 |
|
04-Jun-2007 |
dwmalone |
Add a function for exporting 64 bit types.
|
#
167232 |
|
05-Mar-2007 |
rwatson |
Further system call comment cleanup:
- Remove also "MP SAFE" after prior "MPSAFE" pass. (suggested by bde) - Remove extra blank lines in some cases. - Add extra blank lines in some cases. - Remove no-op comments consisting solely of the function name, the word "syscall", or the system call name. - Add punctuation. - Re-wrap some comments.
|
#
167211 |
|
04-Mar-2007 |
rwatson |
Remove 'MPSAFE' annotations from the comments above most system calls: all system calls now enter without Giant held, and then in some cases, acquire Giant explicitly.
Remove a number of other MPSAFE annotations in the credential code and tweak one or two other adjacent comments.
|
#
164033 |
|
06-Nov-2006 |
rwatson |
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking.
Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net>
|
#
163606 |
|
22-Oct-2006 |
rwatson |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
|
#
159655 |
|
16-Jun-2006 |
yar |
Kill an XXX remark that has been untrue since rev. 1.150 of this file.
|
#
155758 |
|
16-Feb-2006 |
andre |
Make sysctl_msec_to_ticks(SYSCTL_HANDLER_ARGS) generally available instead of being private to tcp_timer.c.
Sponsored by: TCP/IP Optimization Fundraise 2005 MFC after: 3 days
|
#
154792 |
|
24-Jan-2006 |
truckman |
Touch all the pages wired by sysctl_wire_old_buffer() to avoid PTE modified bit emulation traps on Alpha while holding locks in the sysctl handler.
A better solution would be to pass a hint to the Alpha pmap code to tell mark these pages as modified when they as they are being wired, but that appears to be more difficult to implement.
Suggested by: jhb MFC after: 3 days
|
#
148873 |
|
08-Aug-2005 |
csjp |
Drop in a WITNESS_WARN into SYSCTL_IN to make sure that we are not holding any non-sleep-able-locks locks when copyin is called. This gets executed un-conditionally since we have no function to wire the buffer in this direction.
Pointed out by: truckman MFC after: 1 week
|
#
148864 |
|
08-Aug-2005 |
csjp |
Check to see if we wired the user-supplied buffers in SYSCTL_OUT, if the buffer has not been wired and we are holding any non-sleep-able locks, drop a witness warning. If the buffer has not been wired, it is possible that the writing of the data can sleep, especially if the page is not in memory. This can result in a number of different locking issues, including dead locks.
MFC after: 1 week Discussed with: rwatson Reviewed by: jhb
|
#
141626 |
|
10-Feb-2005 |
phk |
Make another bunch of SYSCTL_NODEs static
|
#
141433 |
|
07-Feb-2005 |
phk |
Add a missing prefix to a struct field for consistency.
|
#
139483 |
|
31-Dec-2004 |
pjd |
Be consistent and always use form 'return (value);' instead of 'return value;'. We had (before this change) 84 lines where it was style(9)-clean and 15 lines where it was not.
|
#
136999 |
|
27-Oct-2004 |
rwatson |
Move the 'debug' sysctl tree under options SYSCTL_DEBUG. It generates an inordinate amount of synchronous console output that is fairly undesirable on slower serial console. It's easily hit by accident when frobbing other sysctls late at night.
|
#
136417 |
|
12-Oct-2004 |
phk |
Add missing zero flag arguments to calls to userland_sysctl()
|
#
136404 |
|
11-Oct-2004 |
peter |
Put on my peril sensitive sunglasses and add a flags field to the internal sysctl routines and state. Add some code to use it for signalling the need to downconvert a data structure to 32 bits on a 64 bit OS when requested by a 32 bit app.
I tried to do this in a generic abi wrapper that intercepted the sysctl oid's, or looked up the format string etc, but it was a real can of worms that turned into a fragile mess before I even got it partially working.
With this, we can now run 'sysctl -a' on a 32 bit sysctl binary and have it not abort. Things like netstat, ps, etc have a long way to go.
This also fixes a bug in the kern.ps_strings and kern.usrstack hacks. These do matter very much because they are used by libc_r and other things.
|
#
132776 |
|
28-Jul-2004 |
kan |
Avoid casts as lvalues.
|
#
132653 |
|
26-Jul-2004 |
cperciva |
Rename suser_cred()'s PRISON_ROOT flag to SUSER_ALLOWJAIL. This is somewhat clearer, but more importantly allows for a consistent naming scheme for suser_cred flags.
The old name is still defined, but will be removed in a few days (unless I hear any complaints...)
Discussed with: rwatson, scottl Requested by: jhb
|
#
130327 |
|
11-Jun-2004 |
green |
Make sysctl_wire_old_buffer() respect ENOMEM from vslock() by marking the valid length as 0. This prevents vsunlock() from removing a system wire from memory that was not successfully wired (by us).
Submitted by: tegge
|
#
127911 |
|
05-Apr-2004 |
imp |
Remove advertising clause from University of California Regent's license, per letter dated July 22, 1999.
Approved by: core
|
#
127052 |
|
16-Mar-2004 |
truckman |
Rename the wiredlen member of struct sysctl_req to validlen and always set it to avoid the need for a bunch of code that tests whether or not the lock member is set to REQ_WIRED in order to determine which length member should be used.
Fix another bug in the oldlen return value code.
Fix a potential wired memory leak if a sysctl handler uses sysctl_wire_old_buffer() and returns an EAGAIN error to trigger a retry.
|
#
127050 |
|
15-Mar-2004 |
truckman |
Don't bother calling vslock() and vsunlock() if oldlen is zero.
If vslock() returns ENOMEM, sysctl_wire_old_buffer() should set wiredlen to zero and return zero (success) so that the handler will operate according to sysctl(3): The size of the buffer is given by the location specified by oldlenp before the call, and that location gives the amount of data copied after a successful call and after a call that returns with the error code ENOMEM. The handler will return an ENOMEM error because the zero length buffer will overflow.
|
#
127007 |
|
15-Mar-2004 |
truckman |
Revert to the original vslock() and vsunlock() API with the following exceptions: Retain the recently added vslock() error return.
The type of the len argument should be size_t, not u_int.
Suggested by: bde
|
#
126668 |
|
05-Mar-2004 |
truckman |
Undo the merger of mlock()/vslock and munlock()/vsunlock() and the introduction of kern_mlock() and kern_munlock() in src/sys/kern/kern_sysctl.c 1.150 src/sys/vm/vm_extern.h 1.69 src/sys/vm/vm_glue.c 1.190 src/sys/vm/vm_mmap.c 1.179 because different resource limits are appropriate for transient and "permanent" page wiring requests.
Retain the kern_mlock() and kern_munlock() API in the revived vslock() and vsunlock() functions.
Combine the best parts of each of the original sets of implementations with further code cleanup. Make the mclock() and vslock() implementations as similar as possible.
Retain the RLIMIT_MEMLOCK check in mlock(). Move the most strigent test, which can return EAGAIN, last so that requests that have no hope of ever being satisfied will not be retried unnecessarily.
Disable the test that can return EAGAIN in the vslock() implementation because it will cause the sysctl code to wedge.
Tested by: Cy Schubert <Cy.Schubert AT komquats.com>
|
#
126319 |
|
27-Feb-2004 |
des |
Add sysctl_move_oid() which reparents an existing OID.
|
#
126253 |
|
25-Feb-2004 |
truckman |
Split the mlock() kernel code into two parts, mlock(), which unpacks the syscall arguments and does the suser() permission check, and kern_mlock(), which does the resource limit checking and calls vm_map_wire(). Split munlock() in a similar way.
Enable the RLIMIT_MEMLOCK checking code in kern_mlock().
Replace calls to vslock() and vsunlock() in the sysctl code with calls to kern_mlock() and kern_munlock() so that the sysctl code will obey the wired memory limits.
Nuke the vslock() and vsunlock() implementations, which are no longer used.
Add a member to struct sysctl_req to track the amount of memory that is wired to handle the request.
Modify sysctl_wire_old_buffer() to return an error if its call to kern_mlock() fails. Only wire the minimum of the length specified in the sysctl request and the length specified in its argument list. It is recommended that sysctl handlers that use sysctl_wire_old_buffer() should specify reasonable estimates for the amount of data they want to return so that only the minimum amount of memory is wired no matter what length has been specified by the request.
Modify the callers of sysctl_wire_old_buffer() to look for the error return.
Modify sysctl_old_user to obey the wired buffer length and clean up its implementation.
Reviewed by: bms
|
#
126121 |
|
22-Feb-2004 |
pjd |
Reimplement sysctls handling by MAC framework. Now I believe it is done in the right way.
Removed some XXMAC cases, we now assume 'high' integrity level for all sysctls, except those with CTLFLAG_ANYBODY flag set. No more magic.
Reviewed by: rwatson Approved by: rwatson, scottl (mentor) Tested with: LINT (compilation), mac_biba(4) (functionality)
|
#
120813 |
|
05-Oct-2003 |
bms |
Bring back sysctl_wire_old_buffer(). Fix a bug in sysctl_handle_opaque() whereby the pointers would not get reset on a retried SYSCTL_OUT() call.
Noticed by: bde
|
#
120803 |
|
05-Oct-2003 |
bms |
Fix a security problem in sysctl() the long way round.
Use pre-emption detection to avoid the need for wiring a userland buffer when copying opaque data structures.
sysctl_wire_old_buffer() is now a no-op. Other consumers of this API should use pre-emption detection to notice update collisions.
vslock() and vsunlock() should no longer be called by any code and should be retired in subsequent commits.
Discussed with: pete, phk MFC after: 1 week
|
#
120798 |
|
05-Oct-2003 |
bms |
Fold the vslock() and vsunlock() calls in this file with #if 0's; they will go away in due course. Involuntary pre-emption means that we can't count on wiring of pages alone for consistency when performing a SYSCTL_OUT() bigger than PAGE_SIZE.
Discussed with: pete, phk
|
#
120781 |
|
05-Oct-2003 |
bms |
Remove magic numbers surrounding locking state in the sysctl module, and replace them with more meaningful defines.
|
#
116182 |
|
10-Jun-2003 |
obrien |
Use __FBSDID().
|
#
115391 |
|
29-May-2003 |
mux |
When loading a module that contains a sysctl which is already compiled in the kernel, the sysctl_register() call would fail, as expected. However, when unloading this module again, the kernel would then panic in sysctl_unregister(). Print a message error instead.
Submitted by: Nicolai Petri <nicolai@catpipe.net> Reviewed by: imp Approved by: re@ (jhb)
|
#
112107 |
|
11-Mar-2003 |
jhb |
Use a shorter and less redundant name for the sysctl tree lock.
|
#
111883 |
|
04-Mar-2003 |
jhb |
Replace calls to WITNESS_SLEEP() and witness_list() with equivalent calls to WITNESS_WARN().
|
#
111260 |
|
22-Feb-2003 |
rwatson |
Don't panic when enumerating SYSCTL_NODE() nodes without any children nodes.
Submitted by: green, Hiten Pandya <hiten@unixdaemons.com>
|
#
111119 |
|
19-Feb-2003 |
imp |
Back out M_* changes, per decision of the TRB.
Approved by: trb
|
#
109623 |
|
21-Jan-2003 |
alfred |
Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0. Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
#
109246 |
|
14-Jan-2003 |
dillon |
Introduce the ability to flag a sysctl for operation at secure level 2 or 3 in addition to secure level 1. The mask supports up to a secure level of 8 but only add defines through CTLFLAG_SECURE3 for now.
As per the missif in the log entry for 1.11 of ip_fw2.c which added the secure flag to the IPFW sysctl's in the first place, change the secure level requirement from 1 to 3 now that we have support for it.
Reviewed by: imp With Design Suggestions by: imp
|
#
109102 |
|
11-Jan-2003 |
mux |
Fix kernel build.
Pointy hats to: dillon, Hiten Pandya <hiten@unixdaemons.com>
|
#
106025 |
|
27-Oct-2002 |
rwatson |
Implement mac_check_system_sysctl(), a MAC Framework entry point to permit MAC policies to augment the security protections on sysctl() operations. This is not really a wonderful entry point, as we only have access to the MIB of the target sysctl entry, rather than the more useful entry name, but this is sufficient for policies like Biba that wish to use their notions of privilege or integrity to prevent inappropriate sysctl modification. Affects MAC kernels only. Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c, we can't assert the SYSCTL subsystem lockin the MAC Framework.
Approved by: re Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
|
#
105999 |
|
26-Oct-2002 |
mux |
Fix a style nit.
|
#
105354 |
|
17-Oct-2002 |
robert |
Use strlcpy() instead of strncpy() to copy NUL terminated strings for safety and consistency.
|
#
104094 |
|
28-Sep-2002 |
phk |
Be consistent about "static" functions: if the function is marked static in its prototype, mark it static at the definition too.
Inspired by: FlexeLint warning #512
|
#
101650 |
|
10-Aug-2002 |
mux |
Introduce a new sysctl flag, CTLFLAG_SKIP, which will cause sysctl_sysctl_next() to skip this sysctl. The sysctl is still available, but doesn't appear in a "sysctl -a".
This is especially useful when you want to deprecate a sysctl, and add a warning into it to warn users that they are using an old interface. Without this flag, the warning would get echoed when running "sysctl -a" (which happens at boot).
|
#
101422 |
|
06-Aug-2002 |
truckman |
Don't automagically call vslock() from SYSCTL_OUT(). Instead, complain about calls to SYSCTL_OUT() made with locks held if the buffer has not been pre-wired. SYSCTL_OUT() should not be called while holding locks, but if this is not possible, the buffer should be wired by calling sysctl_wire_old_buffer() before grabbing any locks.
|
#
100833 |
|
28-Jul-2002 |
truckman |
Make a temporary copy of the output data in the generic sysctl handlers so that the data is less likely to be inconsistent if SYSCTL_OUT() blocks. If the data is large, wire the output buffer instead.
This is somewhat less than optimal, since the handler could skip the copy if it knew that the data was static.
If the data is dynamic, we are still not guaranteed to get a consistent copy since another processor could change the data while the copy is in progress because the data is not locked. This problem could be solved if the generic handlers had the ability to grab the proper lock before the copy and release it afterwards.
This may duplicate work done in other sysctl handlers in the kernel which also copy the data, possibly while a lock is held, before calling they call a generic handler to output the data. These handlers should probably call SYSCTL_OUT() directly.
|
#
100487 |
|
22-Jul-2002 |
truckman |
Provide a way for sysctl handlers to pre-wire their output buffer before they grab a lock so that they don't block in SYSCTL_OUT() with the lock being held.
|
#
100113 |
|
15-Jul-2002 |
markm |
Fix a bazillion lint and WARNS warnings. One major fix is the removal of semicolons from the end of macros:
#define FOO() bar(a,b,c);
becomes
#define FOO() bar(a,b,c)
Thus requiring the semicolon in the invocation of FOO. This is much cleaner syntax and more consistent with expectations when writing function-like things in source.
With both peril-sensitive sunglasses and flame-proof undies on, tighten up some types, and work around some warnings generated by this. There are some _horrible_ const/non-const issues in this code.
|
#
99012 |
|
29-Jun-2002 |
alfred |
more caddr_t removal.
|
#
93625 |
|
02-Apr-2002 |
rwatson |
Update comment regarding the locking of the sysctl tree.
Rename memlock to sysctllock, and MEMLOCK()/MEMUNLOCK() to SYSCTL_LOCK()/ SYSCTL_UNLOCK() and related changes to make the lock names make more sense.
Submitted by: Jonathan Mini <mini@haikugeek.com>
|
#
93616 |
|
02-Apr-2002 |
alfred |
Use sx locks instead of flags+tsleep locks.
Submitted by: Jonathan Mini <mini@haikugeek.com>
|
#
93593 |
|
01-Apr-2002 |
jhb |
Change the suser() API to take advantage of td_ucred as well as do a general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag.
Discussed on: smp@
|
#
92953 |
|
22-Mar-2002 |
rwatson |
In sysctl, req->td is believed always to be non-NULL, so there's no need to test req->td for NULL values and then do somewhat more bizarre things relating to securelevel special-casing and suser checks. Remove the testing and conditional security checks based on req->td!=NULL, and insert a KASSERT that td != NULL. Callers to sysctl must always specify the thread (be it kernel or otherwise) requesting the operation, or a number of current sysctls will fail due to assumptions that the thread exists.
Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Discussed with: bde
|
#
91406 |
|
27-Feb-2002 |
jhb |
Simple p_ucred -> td_ucred changes to start using the per-thread ucred reference.
|
#
88006 |
|
16-Dec-2001 |
luigi |
Add code to export and print the description associated to sysctl variables. Use the -d flag in sysctl(8) to see this information.
Possible extensions to sysctl: + report variables that do not have a description + given a name, report the oid it maps to.
Note to developers: have a look at your code, there are a number of variables which do not have a description.
Note to developers: do we want this in 4.5 ? It is a very small change and very useful for documentation purposes.
Suggested by: Orion Hodson
|
#
87024 |
|
28-Nov-2001 |
peter |
Dont print the sysctl node tree unless you're root.
Found by: jkb (Yahoo OS troublemaker)
|
#
86183 |
|
08-Nov-2001 |
rwatson |
o Replace reference to 'struct proc' with 'struct thread' in 'struct sysctl_req', which describes in-progress sysctl requests. This permits sysctl handlers to have access to the current thread, permitting work on implementing td->td_ucred, migration of suser() to using struct thread to derive the appropriate ucred, and allowing struct thread to be passed down to other code, such as network code where td is not currently available (and curproc is used).
o Note: netncp and netsmb are not updated to reflect this change, as they are not currently KSE-adapted.
Reviewed by: julian Obtained from: TrustedBSD Project
|
#
84832 |
|
12-Oct-2001 |
roam |
Remove the panic when trying to register a sysctl with an oid too high. This stops panics on unloading modules which define their own sysctl sets.
However, this also removes the protection against somebody actually defining a static sysctl with an oid in the range of the dynamic ones, which would break badly if there is already a dynamic sysctl with the requested oid.
Apparently, the algorithm for removing sysctl sets needs a bit more work. For the present, the panic I introduced only leads to Bad Things (tm).
Submitted by: many users of -current :( Pointy hat to: roam (myself) for not testing rev. 1.112 enough.
|
#
83968 |
|
26-Sep-2001 |
rwatson |
o Modify sysctl access control check to use securelevel_gt(), and clarify sysctl access control logic.
Obtained from: TrustedBSD Project
|
#
83366 |
|
12-Sep-2001 |
julian |
KSE Milestone 2 Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
#
82746 |
|
01-Sep-2001 |
dillon |
Giant Pushdown
clock_gettime() clock_settime() nanosleep() settimeofday() adjtime() getitimer() setitimer() __sysctl() ogetkerninfo() sigaction() osigaction() sigpending() osigpending() osigvec() osigblock() osigsetmask() sigsuspend() osigsuspend() osigstack() sigaltstack() kill() okillpg() trapsignal() nosys()
|
#
82494 |
|
29-Aug-2001 |
peter |
Fix the ogetkerninfo() syscall handling of sizes for KINFO_BSDI_SYSINFO. This supposedly fixes Netscape 3.0.4 (bsdi binary) on -current. (and is also applicable to RELENG_4)
PR: 25476 Submitted by: Philipp Mergenthaler <un1i@rz.uni-karlsruhe.de>
|
#
80339 |
|
25-Jul-2001 |
roam |
Make dynamic sysctl entries start at 0x100, not decimal 100 - there are static entries with oid's over 100, and defining enough dynamic entries causes an overlap.
Move the "magic" value 0x100 into <sys/sysctl.h> where it belongs.
PR: 29131 Submitted by: "Alexander N. Kabaev" <kabaev@mail.ru> Reviewed by: -arch, -audit MFC after: 2 weeks
|
#
80338 |
|
25-Jul-2001 |
roam |
Style(9): function names on a separate line, max line length 80 chars.
Reviewed by: -arch, -audit MFC after: 2 weeks
|
#
78620 |
|
22-Jun-2001 |
mjacob |
int -> size_t fix
|
#
78161 |
|
13-Jun-2001 |
peter |
With this commit, I hereby pronounce gensetdefs past its use-by date.
Replace the a.out emulation of 'struct linker_set' with something a little more flexible. <sys/linker_set.h> now provides macros for accessing elements and completely hides the implementation.
The linker_set.h macros have been on the back burner in various forms since 1998 and has ideas and code from Mike Smith (SET_FOREACH()), John Polstra (ELF clue) and myself (cleaned up API and the conversion of the rest of the kernel to use it).
The macros declare a strongly typed set. They return elements with the type that you declare the set with, rather than a generic void *.
For ELF, we use the magic ld symbols (__start_<setname> and __stop_<setname>). Thanks to Richard Henderson <rth@redhat.com> for the trick about how to force ld to provide them for kld's.
For a.out, we use the old linker_set struct.
NOTE: the item lists are no longer null terminated. This is why the code impact is high in certain areas.
The runtime linker has a new method to find the linker set boundaries depending on which backend format is in use.
linker sets are still module/kld unfriendly and should never be used for anything that may be modular one day.
Reviewed by: eivind
|
#
77646 |
|
03-Jun-2001 |
dd |
When tring to find out if this is a request for a write in kernel_sysctl and userland_sysctl, check for whether new is NULL, not whether newlen is 0. This allows one to set a string sysctl to "".
|
#
76834 |
|
19-May-2001 |
jlemon |
Add convenience function kernel_sysctlbyname() for kernel consumers, so they don't have to roll their own sysctlbyname function.
|
#
73971 |
|
07-Mar-2001 |
tmm |
Make the SYSCTL_OUT handlers sysctl_old_user() and sysctl_old_kernel() more robust. They would correctly return ENOMEM for the first time when the buffer was exhausted, but subsequent calls in this case could cause writes ouside of the buffer bounds.
Approved by: rwatson
|
#
71999 |
|
04-Feb-2001 |
phk |
Mechanical change to use <sys/queue.h> macro API instead of fondling implementation details.
Created with: sed(1) Reviewed by: md5(1)
|
#
71800 |
|
29-Jan-2001 |
peter |
Remove unused variable 'int n;'
|
#
71510 |
|
24-Jan-2001 |
mckusick |
Never reuse AUTO_OID values.
Approved by: Alfred Perlstein <bright@wintelcom.net>
|
#
70679 |
|
05-Jan-2001 |
jhb |
- For dynamic sysctl's added at runtime, don't assume that the name passed to the SYSCTL_ADD_FOO() macros is a constant that should be turned into a string via the pre-processor. Instead, require it to be an explicit string so that names can be generated on the fly. - Make some of the char * arguments to sysctl_add_oid() const to quiet warnings.
|
#
69781 |
|
08-Dec-2000 |
dwmalone |
Convert more malloc+bzero to malloc+M_ZERO.
Submitted by: josh@zipperup.org Submitted by: Robert Drehmel <robd@gmx.net>
|
#
63978 |
|
28-Jul-2000 |
peter |
Fix some style nits. Fix(?) some compile warnings regarding const handling.
|
#
63212 |
|
15-Jul-2000 |
abial |
These patches implement dynamic sysctls. It's possible now to add and remove sysctl oids at will during runtime - they don't rely on linker sets. Also, the node oids can be referenced by more than one kernel user, which means that it's possible to create partially overlapping trees.
Add sysctl contexts to help programmers manage multiple dynamic oids in convenient way.
Please see the manpages for detailed discussion, and example module for typical use.
This work is based on ideas and code snippets coming from many people, among them: Arun Sharma, Jonathan Lemon, Doug Rabson, Brian Feldman, Kelly Yancey, Poul-Henning Kamp and others. I'd like to specially thank Brian Feldman for detailed review and style fixes.
PR: kern/16928 Reviewed by: dfr, green, phk
|
#
62573 |
|
04-Jul-2000 |
phk |
Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.
Pointed out by: bde
|
#
62454 |
|
03-Jul-2000 |
phk |
Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our sources:
-sysctl_vm_zone SYSCTL_HANDLER_ARGS +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
|
#
60938 |
|
26-May-2000 |
jake |
Back out the previous change to the queue(3) interface. It was not discussed and should probably not happen.
Requested by: msmith and others
|
#
60833 |
|
23-May-2000 |
jake |
Change the way that the queue(3) structures are declared; don't assume that the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk Reviewed by: phk Approved by: mdodd
|
#
59368 |
|
18-Apr-2000 |
phk |
Remove unneeded <sys/buf.h> includes.
Due to some interesting cpp tricks in lockmgr, the LINT kernel shrinks by 924 bytes.
|
#
57975 |
|
13-Mar-2000 |
phk |
Remove unused 3rd argument from vsunlock() which abused B_WRITE.
|
#
53977 |
|
01-Dec-1999 |
green |
Separate some common sysctl code into sysctl_find_oid() and calling thereof. Also, make the errno returns _correct_, and add a new one which is more appropriate.
|
#
52644 |
|
30-Oct-1999 |
phk |
Change useracc() and kernacc() to use VM_PROT_{READ|WRITE|EXECUTE} for the "rw" argument, rather than hijacking B_{READ|WRITE}.
Fix two bugs (physio & cam) resulting by the confusion caused by this.
Submitted by: Tor.Egge@fast.no Reviewed by: alc, ken (partly)
|
#
50477 |
|
27-Aug-1999 |
peter |
$Id$ -> $FreeBSD$
|
#
48274 |
|
27-Jun-1999 |
peter |
Minor tweaks to make sure (new) prerequisites for <sys/buf.h> (mostly splbio()/splx()) are #included in time.
|
#
46155 |
|
28-Apr-1999 |
phk |
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname.
Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
|
#
46112 |
|
27-Apr-1999 |
phk |
Suser() simplification:
1: s/suser/suser_xxx/
2: Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
3: s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
The remaining suser_xxx() calls will be scrutinized and dealt with later.
There may be some unneeded #include <sys/cred.h>, but they are left as an exercise for Bruce.
More changes to the suser() API will come along with the "jail" code.
|
#
45140 |
|
30-Mar-1999 |
phk |
Purging lint from the Bruce filter.
|
#
44972 |
|
23-Mar-1999 |
phk |
Fix some nasty hangs if garbage were passed.
Noticed by: Emmanuel DELOGET <pixel@DotCom.FR> Remembered by: msmith
|
#
44078 |
|
16-Feb-1999 |
dfr |
* Change sysctl from using linker_set to construct its tree using SLISTs. This makes it possible to change the sysctl tree at runtime.
* Change KLD to find and register any sysctl nodes contained in the loaded file and to unregister them when the file is unloaded.
Reviewed by: Archie Cobbs <archie@whistle.com>, Peter Wemm <peter@netplex.com.au> (well they looked at it anyway)
|
#
42467 |
|
10-Jan-1999 |
phk |
Back out last change to sysctl.
It was nay'ed before committing on the grounds that this is not the way to do it, and has been decided as such several times in the past.
There is not point in loading gobs of ascii into the kernel when the only use of that ascii is presentation to the user.
Next thing we'd be adding all section 4 man pages to the loaded kernel as well.
The argument about KLD's is bogus, klds can store a file in /usr/share/doc/sysctl/dev/foo/thisvar.txt with a description and sysctl or other facilities can pick it up there.
Proper documentation will take several K worth of text for many sysctl variables, we don't want that in the kernel under any circumstances.
I will welcome any well thought out attempt at improving the situation wrt. sysctl documentation, but this wasn't it.
|
#
42466 |
|
10-Jan-1999 |
des |
Add kernel support for sysctl descriptions. The NO_SYSCTL_DESCRIPTIONS option disables them if they're not wanted; in that case, sysctl_sysctl_descr will always return an empty string.
Apporved by: jkh
|
#
42095 |
|
27-Dec-1998 |
dfr |
Fix some 64bit truncation problems which crept into SYSCTL_LONG() with the last cleanup. Since the oid_arg2 field of struct sysctl_oid is not wide enough to hold a long, the SYSCTL_LONG() macro has been modified to only support exporting long variables by pointer instead of by value.
Reviewed by: bde
|
#
41728 |
|
13-Dec-1998 |
truckman |
Add a generic flag, CTLFLAG_SECURE, which can be used to mark a sysctl variable unwriteable when securelevel > 0. Reviewed by: jdp, eivind
|
#
41514 |
|
04-Dec-1998 |
archie |
Examine all occurrences of sprintf(), strcat(), and str[n]cpy() for possible buffer overflow problems. Replaced most sprintf()'s with snprintf(); for others cases, added terminating NUL bytes where appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for maintainability's sake. Any instance where it wasn't "immediately obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au> Reviewed by: Matthew Dillon <dillon@apollo.backplane.com> Reviewed by: Mike Spengler <mks@networkcs.com>
|
#
40435 |
|
16-Oct-1998 |
peter |
*gulp*. Jordan specifically OK'ed this..
This is the bulk of the support for doing kld modules. Two linker_sets were replaced by SYSINIT()'s. VFS's and exec handlers are self registered. kld is now a superset of lkm. I have converted most of them, they will follow as a seperate commit as samples. This all still works as a static a.out kernel using LKM's.
|
#
38869 |
|
05-Sep-1998 |
bde |
Ignore the statically configured vfs type numbers and assign vfs type numbers in vfs attach order (modulo incomplete reuse of old numbers after vfs LKMs are unloaded). This requires reinitializing the sysctl tree (or at least the vfs subtree) for vfs's that support sysctls (currently only nfs). sysctl_order() already handled reinitialization reasonably except it checked for annulled self references in the wrong place.
Fixed sysctls for vfs LKMs.
|
#
38864 |
|
05-Sep-1998 |
bde |
Fixed bogotification of pseudocode for syscall args by rev.1.53 of syscalls.master.
|
#
38517 |
|
24-Aug-1998 |
dfr |
Change various syscalls to use size_t arguments instead of u_int.
Add some overflow checks to read/write (from bde).
Change all modifications to vm_page::flags, vm_page::busy, vm_object::flags and vm_object::paging_in_progress to use operations which are not interruptable.
Reviewed by: Bruce Evans <bde@zeta.org.au>
|
#
31778 |
|
16-Dec-1997 |
eivind |
Make COMPAT_43 and COMPAT_SUNOS new-style options.
|
#
30994 |
|
06-Nov-1997 |
phk |
Move the "retval" (3rd) parameter from all syscall functions and put it in struct proc instead.
This fixes a boatload of compiler warning, and removes a lot of cruft from the sources.
I have not removed the /*ARGSUSED*/, they will require some looking at.
libkvm, ps and other userland struct proc frobbing programs will need recompiled.
|
#
30354 |
|
12-Oct-1997 |
phk |
Last major round (Unless Bruce thinks of somthing :-) of malloc changes.
Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them.
A couple of finer points by: bde
|
#
30309 |
|
11-Oct-1997 |
phk |
Distribute and statizice a lot of the malloc M_* types.
Substantial input from: bde
|
#
24744 |
|
09-Apr-1997 |
bde |
Include <sys/buf.h> instead of <sys/vnode.h>. kern_sysctl.c no longer has anything to do with vnodes and never had anything to do with buffers, but it needs the definitions of B_READ and B_WRITE for use with the bogus useracc() interface and was getting them bogusly due to excessive cleanups in rev.1.49.
|
#
22975 |
|
22-Feb-1997 |
peter |
Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are not ready for it yet.
|
#
21673 |
|
14-Jan-1997 |
jkh |
Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long.
Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
|
#
20506 |
|
15-Dec-1996 |
bde |
Fixed garbage being returned for constant int values, e.g., for KERN_SAVED_IDS.
Should be in 2.2.
Reviewed by: phk Found by: NIST-PCTS
|
#
18025 |
|
03-Sep-1996 |
bde |
Fixed bogus casts (const on the wrong `*' in `**') in a qsort-comparision function.
|
#
17971 |
|
31-Aug-1996 |
bde |
Don't depend in the kernel on the gcc feature of doing arithmetic on pointers of type `void *'. Warn about this in future.
|
#
16282 |
|
10-Jun-1996 |
nate |
Implemented 'kern_sysctl', which differs from 'userland_sysctl' in that it assumes all of the data exists in the kernel. Also, fix sysctl_new-kernel (unused until now) which had reversed operands to bcopy().
Reviewed by: phk
Poul writes: ... actually the lock/sleep/wakeup cruft shouldn't be needed in the kernel version I think, but just leave it there for now.
|
#
16159 |
|
06-Jun-1996 |
phk |
If handler function returns EAGAIN, restart operation.
|
#
15241 |
|
13-Apr-1996 |
phk |
Fix a longstanding bug and a buglet of no significance. Now net.ipx works.
Noticed by: John Hay -- John.Hay@csir.co.za
|
#
15103 |
|
07-Apr-1996 |
phk |
Move the "mib" variables out to their own file.
|
#
14499 |
|
11-Mar-1996 |
hsu |
From Lite2: rename fs to vfs. Reviewed by: davidg & bde
|
#
13155 |
|
01-Jan-1996 |
peter |
Fix the reversed source and dest args to bcopy() in the kernel space sysctl handler (ouch!)
Add a "const" qualifier to the source of the copyin() and copyout() functions - the other const warning in kern_sysctl.c was silenced when copyout was declared as having a const source.. (which it is)
|
#
12910 |
|
17-Dec-1995 |
phk |
Add an obscure feature, needed for debugging.
|
#
12819 |
|
14-Dec-1995 |
phk |
A Major staticize sweep. Generates a couple of warnings that I'll deal with later. A number of unused vars removed. A number of unused procs removed or #ifdefed.
|
#
12662 |
|
07-Dec-1995 |
dg |
Untangled the vm.h include file spaghetti.
|
#
12650 |
|
06-Dec-1995 |
phk |
A couple of minor tweaks to the sysctl stuff.
|
#
12645 |
|
05-Dec-1995 |
bde |
Include <vm/vm.h> or <vm/vm_page.h> explicitly to avoid breaking when vnode_if.h doesn't include vm stuff.
|
#
12623 |
|
04-Dec-1995 |
phk |
A major sweep over the sysctl stuff.
Move a lot of variables home to their own code (In good time before xmas :-)
Introduce the string descrition of format.
Add a couple more functions to poke into these marvels, while I try to decide what the correct interface should look like.
Next is adding vars on the fly, and sysctl looking at them too.
Removed a tine bit of defunct and #ifdefed notused code in swapgeneric.
|
#
12429 |
|
20-Nov-1995 |
phk |
Mega commit for sysctl. Convert the remaining sysctl stuff to the new way of doing things. the devconf stuff is the reason for the large number of files. Cleaned up some compiler warnings while I were there.
|
#
12340 |
|
16-Nov-1995 |
phk |
All net.* sysctl converted now.
|
#
12297 |
|
14-Nov-1995 |
phk |
Do what is generally belived to be the right thing, though it may not be :-)
|
#
12289 |
|
14-Nov-1995 |
phk |
Final part of this bunch of sysctl commits: cleanup.
|
#
12288 |
|
14-Nov-1995 |
phk |
Get rid of the last debug sysctl variables of the old style.
|
#
12287 |
|
14-Nov-1995 |
phk |
Get rid of hostnamelen variable.
|
#
12286 |
|
14-Nov-1995 |
phk |
Move all the VM sysctl stuff home where it belongs.
|
#
12285 |
|
14-Nov-1995 |
phk |
A couple of nitpicks.
|
#
12284 |
|
14-Nov-1995 |
phk |
Convert dumpdev & securelevel.
|
#
12282 |
|
14-Nov-1995 |
phk |
KERN_MAXFILESPERPROC, KERN_MAXFILES went to another file.
|
#
12280 |
|
14-Nov-1995 |
phk |
Get rid of domainnamelen.
|
#
12279 |
|
14-Nov-1995 |
phk |
Move KERN_NTP to a more suitable file.
|
#
12278 |
|
14-Nov-1995 |
phk |
Move the process-table stuff to a more suitable file. Remove filetable stuff from kern_sysctl.c
|
#
12260 |
|
13-Nov-1995 |
phk |
Try to make my new scheme work more along the lines of the manual. There are still some gray areas here and there.
|
#
12243 |
|
12-Nov-1995 |
phk |
The entire sysctl callback to read/write version. I havn't tested this as much as I'd like to, but the malloc stunt I tried for an interim for sure does worse. Now we can read and write from any kind of address-space, not only user and kernel, using callbacks. This may be over-generalization for now, but it's actually simpler.
|
#
12221 |
|
12-Nov-1995 |
bde |
Included <sys/sysproto.h> to get central declarations for syscall args structs and prototypes for syscalls.
Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that.
|
#
12197 |
|
10-Nov-1995 |
bde |
Fixed type of sysctl_order_cmp(). KNFized sysctl_order_cmp(). Staticized definition of kern_sysctl() to match its declaration.
|
#
12194 |
|
10-Nov-1995 |
phk |
Fix a minor buglet.
|
#
12187 |
|
10-Nov-1995 |
phk |
convert more sysctl variables.
|
#
12171 |
|
09-Nov-1995 |
phk |
Make the old compat functions use the sysctl front door, rather than crashing through the walls. This should save Peters blood pressure and netscapes uname call.
|
#
12152 |
|
08-Nov-1995 |
phk |
Fix some of the sysctl broke, and add a lot more to it.
|
#
12131 |
|
06-Nov-1995 |
phk |
On working the new sysctl vars a bit I realized that I needed more generality. This is here now. We can now access (the new) sysctl variables from the kernel too and using functions to handle access is more sane now. I will now attack sysctl variables in the rest of the kernel and get them all converted to newspeak.
|
#
11865 |
|
28-Oct-1995 |
phk |
Sorry, the last commit screwed up for me, this is the right one (I hope!) Please refer to the previous commit message about sysctl variables.
|
#
11863 |
|
28-Oct-1995 |
phk |
Rewamp the way we make sysctl variables to be easier to cope with.
The goal is to make them "user-friendly" :-)
In the end this will allow a SNMP style "getnext" function, sysctl editing in the boot-editor and/or debugger, LKMs can define sysctl vars when they get loaded, and remove them when unloaded and other interesting uses for dynamic sysctl variables.
|
#
9816 |
|
31-Jul-1995 |
mpp |
Fix the sysctl string routines to return as much of the string as possible and return ENOMEM if the entire string cannot be returned. This brings the routines in line with how the man page says they work, and how the calling routines are expecting them to work. This allows the dummy uname() routine in libc to obtain the version string, since the kernel version string is longer than that normally returned by the uname() routine. This is 3/4 of the fix for PR# 462.
Reviewed by: Bruce Evans
|
#
9747 |
|
28-Jul-1995 |
dg |
Fixed panic in fill_eproc() caused by inadequate checking for NULL pointers.
|
#
9455 |
|
09-Jul-1995 |
peter |
This implements enough of the BSDI extensions to the net-2 ogetkerninfo() syscall to allow applications linked against their libc's uname() to work. Netscape 1.1N being a prime example, which prints: "uname() failed. cant tell what system we're running on". This change is a little ugly, but that's mainly because of the "interesting" semantics of the BSDI extension. Since ogetkerninfo() is only enabled by COMPAT_43, Netscape will only be affected on kernels with that option (eg: "GENERIC") Reviewed by: davidg
|
#
8876 |
|
30-May-1995 |
rgrimes |
Remove trailing whitespace.
|
#
8481 |
|
12-May-1995 |
wollman |
The death of `options NODUMP'. Now the dump area can be dynamically configured (and unconfigured) on the fly. A sysctl(3) MIB variable is provided to inspect and modify the dump device setting.
|
#
7090 |
|
16-Mar-1995 |
bde |
Add and move declarations to fix all of the warnings from `gcc -Wimplicit' (except in netccitt, netiso and netns) and most of the warnings from `gcc -Wnested-externs'. Fix all the bugs found. There were no serious ones.
|
#
6577 |
|
20-Feb-1995 |
guido |
Implement maxprocperuid and maxfilesperproc. They are tunable via sysctl(8). The initial value of maxprocperuid is maxproc-1, that of maxfilesperproc is maxfiles (untill maxfile will disappear)
Now it is at least possible to prohibit one user opening maxfiles
-Guido
Submitted by: Obtained from:
|
#
5260 |
|
28-Dec-1994 |
dg |
Fixed multiple bugs that cause null pointers to be followed or FREEed data to be accessed if a process blocks when it is being run down.
|
#
5150 |
|
18-Dec-1994 |
guido |
Fix bug in sysctl_string so that when a string has a length that is to short, it gets filled uop to its length. This matches the getdomainname and gethostname manual pages. (getbootfile also uses this function and I think it should have the same behaviour)
This also fixes a bug with keyinit where the seed was not saved in /etc/skeykeys. So S/Key should be fully functional again.
Reviewed by: Submitted by: Obtained from:
|
#
4467 |
|
14-Nov-1994 |
bde |
Move declarations of public functions to <sys/sysctl.h>.
Make some private data static.
Comment about MAXPATHLEN bytes of bloat for the kernel name.
|
#
3640 |
|
16-Oct-1994 |
wollman |
kern_clock.c: define dk_names[][]. kern_sysctl.c: call dev_sysctl for hw.devconf mib subtree kern_devconf.c: sysctl-accessible device-configuration and -management interface
|
#
3396 |
|
06-Oct-1994 |
dg |
Use tsleep() rather than sleep so that 'ps' is more informative about the wait.
|
#
3308 |
|
02-Oct-1994 |
phk |
All of this is cosmetic. prototypes, #includes, printfs and so on. Makes GCC a lot more silent.
|
#
3038 |
|
23-Sep-1994 |
wollman |
Add MIB variable kern.bootfile (R/W) giving the name of the booted kernel. Kernel variable is kernelname[].
|
#
2946 |
|
21-Sep-1994 |
wollman |
Implemented loadable VFS modules, and made most existing filesystems loadable. (NFS is a notable exception.)
|
#
2903 |
|
19-Sep-1994 |
ache |
sysctl incorrectly check name[2] instead of name[1]
|
#
2858 |
|
18-Sep-1994 |
wollman |
Redo Kernel NTP PLL support, kernel side.
This code is mostly taken from the 1.1 port (which was in turn taken from Dave Mills's kern.tar.Z example). A few significant differences:
1) ntp_gettime() is now a MIB variable rather than a system call. A few fiddles are done in libc to make it behave the same.
2) mono_time does not participate in the PLL adjustments.
3) A new interface has been defined (in <machine/clock.h>) for doing possibly machine-dependent things around the time of the clock update. This is used in Pentium kernels to disable interrupts, set `time', and reset the CPU cycle counter as quickly as possible to avoid jitter in microtime(). Measurements show an apparent resolution of a bit more than 8.14usec, which is reasonable given system-call overhead.
|
#
2817 |
|
15-Sep-1994 |
ache |
KERN_ADJKERNTZ removed from here to cpu_sysctl MACHDEP section
|
#
2771 |
|
14-Sep-1994 |
ache |
KERN_ADJKERNTZ added in preparation of resettodr() implementation
|
#
2631 |
|
09-Sep-1994 |
wollman |
Define new MIB variable, hw.floatingpoint, which is true if FP hardware is present, and false if an emulator is being used.
|
#
2112 |
|
18-Aug-1994 |
wollman |
Fix up some sloppy coding practices:
- Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above.
NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
|
#
2004 |
|
10-Aug-1994 |
wollman |
Make it easier for programs to figure out what revision of FreeBSD they are running under. Here's how to bootstrap (order is important):
1) Re-compile gcc (just the driver is all you need). 2) Re-compile libc. 3) Re-compile your kernel. Reboot. 4) cd /usr/src/include; make install
You can now detect the compilation environment with the following code:
#if !defined(__FreeBSD__) #define __FreeBSD_version 199401 #elif __FreeBSD__ == 1 #define __FreeBSD_version 199405 #else #include <osreldate.h> #endif
You can determine the run-time environment by calling the new C library function getosreldate(), or by examining the MIB variable kern.osreldate.
For the time being, the release date is defined as 199409, which we have already established as our target.
|
#
1995 |
|
10-Aug-1994 |
wollman |
Change default security level to -1, so that users don't get bitten by upcoming makefile change.
|
#
1952 |
|
08-Aug-1994 |
wollman |
Run-time configuration of VFS update interval. Old UPDATE_INTERVAL configuration option is no longer supported.
|
#
1925 |
|
07-Aug-1994 |
wollman |
Define a sysctl MIB variable for the YP domain name.
|
#
1817 |
|
02-Aug-1994 |
dg |
Added $Id$
|
#
1549 |
|
25-May-1994 |
rgrimes |
The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.
Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
|
#
1542 |
|
24-May-1994 |
rgrimes |
This commit was generated by cvs2svn to compensate for changes in r1541, which included commits to RCS files with non-trunk default branches.
|
#
1541 |
|
24-May-1994 |
rgrimes |
BSD 4.4 Lite Kernel Sources
|