#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1 |
|
#
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up correctly.
show more ...
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
#
3b964699 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass0.
* Adjust indentation, whitespace and typos.
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
#
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work differently in DFly so I punted on that. And the serial/tty in FreeBSD is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features from FreeBSD, particularly RWTUN, which we do not yet have. Currently non-critical, we can fix these as the related code gets used (if the related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
Revision tags: v4.0.4, v4.0.3 |
|
#
912e7e4e |
| 09-Jan-2015 |
Markus Pfeiffer <profmakx@dragonflybsd.org> |
usb4bsd: Sync with FreeBSD r276791 - revert broken 64bit DMA
* Revert a change that lead to an uninitialised value being used for the number of bits in a DMA address.
|
#
01698658 |
| 08-Jan-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Sync with FreeBSD r276791
|
#
06cb2463 |
| 08-Jan-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Sync with FreeBSD r276791
* update usb_transfer.{c,h} so uaudio can be ported and tested
|
Revision tags: v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
#
a72f2492 |
| 17-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: sync if_axe
|
#
e15d1b68 |
| 10-Jan-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - u4b - Implement doorbell
* Implement the doorbell properly.
* Use the doorbell to clear the previous transfer when reusing a transfer. This is a horribly inefficient hack but it's better
kernel - u4b - Implement doorbell
* Implement the doorbell properly.
* Use the doorbell to clear the previous transfer when reusing a transfer. This is a horribly inefficient hack but it's better than blowing up the controller
(This is in addition to the xfer freeing fifo hack)
* We also seem to need to ring the doorbell when queueing transfers. This should not be necessary.
* Enable ASP. This allows qTD bursts, making high speed busses more efficient.
* NOTE: There are still problems with umass. With some USB sticks, writing to the stick causes the cpu to stall for very long periods of time. It is shown as 'interrupt' overhead but insofar as I can tell it's actually the controller stalling the memory bus for reasons unknown.
This does not happen with e.g. a SATA SSD connected through a USB adapter.
show more ...
|
#
ccb00b06 |
| 08-Jan-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Hack fixes for EHCI issues in U4B
* These changes fix several issues with the U4B EHCI. Insertion and Removal events through hubs no longer crash the controller and/or the machine. And
kernel - Hack fixes for EHCI issues in U4B
* These changes fix several issues with the U4B EHCI. Insertion and Removal events through hubs no longer crash the controller and/or the machine. And heavy bulk traffic no longer crashes the controller or has weird failures. Probing works more reliably as well.
* The main problem is the U4B design for QH/TD descriptors. It allocates and frees them with the xfer. For the EHCI controller it rips out the QH's from the chain and doesn't do the right interactions with the controller to ensure that the controller is not still iterating through the chain.
It is possible for the controller to wind up iterating through a long chain of removed (finished or timed-out) QH's. If any of them are kfree()'d or free/reallocated/reused before their time, BOOM! The controller can chain right through into random memory and blow up.
* The first hack is to delay kfree()ing the xfer rollup buffer. I just threw in a 256-slot delay. I'm not even doing it right (it isn't time-based or doorbell-based). Note that linux uses the doorbell-based method, where the structures are left intact until the next doorbell interrupt.
* The second hack is to issue doorbells (EHCI_CMD_IAAD) after every new transfer is queued and after each transfer is removed. The doorbell is PARTICULARLY important after a removal, because the controller can wind up sitting on a removed QH indefinitely otherwise.
Removed chains can cause the controller to miss newly added chains, thus the doorbell is needed for that reason as well.
Also reorder the cpu flushes a little when coding the above.
* Add numerous new structural fields and assertions to ensure that the EHCI code doesn't try to remove requests from HW that were never queued to HW. The U4B API's are *VERY* loose in this regard so I added a double check.
* DragonFly: The ugen*.* devices need a dev d_open and d_close routine. Our default d_open/d_close is not the same as FreeBSD's.
* Fix a major bug in usb_open() where the 'cpd' structure can get lost if multiple open()'s occur on the same ugen device.
Allow multiple opens as long as the permissions are the same. This is really a hack to fix an issue where 'usbconfig list' opens ugen0.1 twice (i.e. has two open descriptors on the same device).
Also properly NULL-out dev->si_drv2 on (last) close.
* Replace two cv_signal/cv_wait calls with wakeup/lksleep, and place a timeout on the lksleep loop because the two places in question have a SMP race which the locks don't handle. Basically the callback is made BEFORE all the conditions potentially preventing an xfer from being flagged as completed are met, so the cv_signal() was waking up the waiter potentially before its time (and the lock is not held through the whole thing so it doesn't interlock the race).
* In usbd_req_get_desc() reload the req fresh on each loop.
* In usbd_req_get_desc() increase the timeout from 0.5 seconds to 1 second.
show more ...
|
#
8922de18 |
| 06-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Sync sys/bus/u4b/* with FreeBSD
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0, v3.4.3 |
|
#
57bed822 |
| 11-Aug-2013 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Synchronise with FreeBSD r254159
|
Revision tags: v3.4.2, v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2 |
|
#
5e41ab93 |
| 30-Oct-2012 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: sync with FreeBSD svn r242385
|
#
7fd4e1a1 |
| 04-May-2013 |
Sascha Wildner <saw@online.de> |
Use C99 __func__ instead of __FUNCTION__.
|
#
681e352e |
| 23-Feb-2013 |
Sascha Wildner <saw@online.de> |
Use NULL for pointers in a couple of places.
|
#
3398566c |
| 22-Nov-2012 |
Sascha Wildner <saw@online.de> |
kernel: Remove some NULL checks after kmalloc(..., M_WAITOK).
|
Revision tags: v3.2.1 |
|
#
3a76bbe8 |
| 10-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Fixes, fixes, fixes.
* Fix a panic when trying to free null pointer in usb_free_device.
* Fix a panic due to wrong assignment of locks.
* Fix kqueue handling.
* Add debug helpers.
Submi
usb4bsd: Fixes, fixes, fixes.
* Fix a panic when trying to free null pointer in usb_free_device.
* Fix a panic due to wrong assignment of locks.
* Fix kqueue handling.
* Add debug helpers.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|
Revision tags: v3.2.0, v3.3.0 |
|
#
63da4a34 |
| 01-Oct-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Cleanup pass.
* Adjust indentation, whitespace and typos.
* Uniformly use #if 0 to deactivate code instead of C comments.
|
#
722d05c3 |
| 26-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Perform the usual porting on the controller, storage and core code.
malloc -> kmalloc, printf -> kprintf, locking, and so forth.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
|
#
12bd3c8b |
| 25-Sep-2012 |
Sascha Wildner <saw@online.de> |
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
usb4bsd: Bring in FreeBSD's libusbhid, usbhidctl and USB kernel code.
In order to make it live peacefully along with our old USB code, name all directories with new USB code *u4b* instead of *usb*.
This is FreeBSD SVN r231881.
Submitted-by: Markus Pfeiffer <markus.pfeiffer@morphism.de>
show more ...
|