#
857fcb57 |
| 14-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Disable various dev accesses for RESTRICTEDROOT environments
* Do not allow CAM (e.g. /dev/sg0 and so forth) to be accessed if RESTRICTEDROOT is active. Note that RESTRICTEDROOT is autom
kernel - Disable various dev accesses for RESTRICTEDROOT environments
* Do not allow CAM (e.g. /dev/sg0 and so forth) to be accessed if RESTRICTEDROOT is active. Note that RESTRICTEDROOT is automatically set for jails.
* Restrict writes to /dev/random and /dev/urandom
* Also restrict evdev, kbd, syscons, pci, console, devctl
show more ...
|
#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1 |
|
#
d9126105 |
| 15-Jul-2021 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Make kprintf / kputchar more robust
* kprintf() via kputchar() can deadlock due to kprintf()s made from Xinvltlb (which ignores critical sections). However, we still want to be able to
kernel - Make kprintf / kputchar more robust
* kprintf() via kputchar() can deadlock due to kprintf()s made from Xinvltlb (which ignores critical sections). However, we still want to be able to dump diagnostic information from Xinvltlb!
* Adjust sccnputc() to use a non-blocking syscons lock.
* Adjust kputchar() to not issue a wakeup() on the console support thread if called with mycpu->gd_intr_nesting_level != 0. To compensate, the support thread now checks at a minimum rate of once per second.
* Adjust kvcprintf() to always spin_trylock(), which means that lines will be lost if multiple cpu's compete for the console (but all lines will still wind up in the dmesg buffer). This needs to be done to allow kprintf()s from Xinvltlb (which ignore critical sections) to not deadlock the machine.
show more ...
|
Revision tags: v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2, v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
#
483114b6 |
| 13-Jan-2019 |
Sascha Wildner <saw@online.de> |
i386 removal, part 70/x: Remove some i386 specific bits in the kernel.
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1 |
|
#
6fd42cc5 |
| 15-Nov-2018 |
Imre Vadász <imre@vdsz.com> |
syscons - Increase static buffer size for ttyv0.
* This allows the console on the EFI framebuffer to fill the whole screen on "odd" resolutions. This only takes up slightly less than 12KB extra
syscons - Increase static buffer size for ttyv0.
* This allows the console on the EFI framebuffer to fill the whole screen on "odd" resolutions. This only takes up slightly less than 12KB extra space in the kernel binary size.
show more ...
|
#
4725869b |
| 04-Oct-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Refactor tty clist code
* Remove all the old cruft, completely rewrite the clist code to use a single linear buffer and a FIFO mechanism.
* The linear buffer just uses 16-bit elements in
kernel - Refactor tty clist code
* Remove all the old cruft, completely rewrite the clist code to use a single linear buffer and a FIFO mechanism.
* The linear buffer just uses 16-bit elements in order to record TTY_QUOTE along with the character.
* Fixes bug in last commit (lack of global locks around global clist caches) by removing the cache entirely.
show more ...
|
#
2efb75f3 |
| 04-Oct-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Refactor tty_token, fix SMP performance issues
* Remove most uses of tty_token in favor of per-tty tp->t_token. This is particularly important for removing bottlenecks related to PTYs,
kernel - Refactor tty_token, fix SMP performance issues
* Remove most uses of tty_token in favor of per-tty tp->t_token. This is particularly important for removing bottlenecks related to PTYs, which are used all over the place. tty_token remains in a few places managing overall registration and global list manipulation.
* tty structures are now required to be persistent. Implement a sepearate ttyinit() function. Continue to allow ttyregister() and ttyunregister() calls, but these no longer presume destruction of the structure.
* Refactor ttymalloc() to take a **tty pointer and interlock allocations. Allocations are intended to be one-time. ttymalloc() only requires the tty_token for initial allocations.
* Remove all critical section use that was combined with tty_token and tp->t_token. Leave only the tokens. The critical sections were hold-overs going all the way back to pre-SMP days.
* syscons now gets its own token, vga_token. The ISA VGA code and the framebuffer code also now use this token instead of tty_token.
* The keyboard subsystem now uses kbd_token instead of tty_token.
* A few remaining serial-like devices (snp, nmdm) also get their own tokens, as well as use the now required tp->t_token.
* Remove use of tty_token in the session management code. This fixes a niggling performance path since sessions almost universally go hand-in-hand with fork/exec/exit sequences. Instead we use the already-existing per-hash session token.
show more ...
|
Revision tags: v5.2.2 |
|
#
28f4018c |
| 04-Jun-2018 |
Sascha Wildner <saw@online.de> |
Resolve some kernel option / .Cd mismatches.
* There is no WATCHDOG option. kern_wdog.c is compiled into the kernel by default.
* SC_NO_PALETTE_LOADING was never a kernel option, so remove the
Resolve some kernel option / .Cd mismatches.
* There is no WATCHDOG option. kern_wdog.c is compiled into the kernel by default.
* SC_NO_PALETTE_LOADING was never a kernel option, so remove the associated #ifndefs.
* powernow(4) can't be compiled into the kernel
show more ...
|
#
fb3cf125 |
| 29-May-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add support for MosChip PCIe serial com, and console support
* Add support for the MosChip PCIe serial com (brand is typically 'StarTech' 'Natikve PCI Express RS232 serial adapter card wi
kernel - Add support for MosChip PCIe serial com, and console support
* Add support for the MosChip PCIe serial com (brand is typically 'StarTech' 'Natikve PCI Express RS232 serial adapter card with 16550 UART'.
* Add late console support. Console operation works the same way, set it up in /boot/loader.conf. Typically:
sio0.flags=0x00 sio4.flags=0x30 sio4.baud=115200 #set boot_serial="YES" <-- commented out, do not set this
Note that at the point a late-configured serial port wants to become the console, syscons is probably already the console, so you have to use flags 0x30 instead of 0x10 to force it to change the console.
* Note, you do not have to set boot_serial="YES", because it won't really help since the adapter isn't accessible to the boot loader or to the kernel until the PCIe device probes in the middle of the boot sequence.
* The kernel now retests for consoles at the end of its normal configuration sequence, which allows the now-available sioN devices from PCIe card(s) to become the console.
* Remove syscons sccnterm() code that tried to undo the syscons console designation. This code was never called in the past because the system console couldn't actually change once selected. But now it can, and the code completely blows up syscons for numerous reasons. Just leave the console designation intact from syscons's point of view (the main system will be vectored elsewhere so syscons will simply not receive new kernel console reads and writes).
* Add a siocntxwait() call before changing com parameters, since we are potentially changing the baud rate here.
* Change how the SIO driver assigns baud rates for the console to handle late-console configurations. Also, allow sio*.baud variables in loader.conf to override the default com rate.
* Add entries for com5 and com6 to /etc/remote, and default to a more reasonable baud rate of 115200.
show more ...
|
#
937ccd40 |
| 14-May-2018 |
Sascha Wildner <saw@online.de> |
kernel: Include <sys/ttydefaults.h> where appropriate.
This is in preparation for moving <sys/termios.h> to <termios.h>.
|
Revision tags: v5.2.1, v5.2.0, v5.3.0, v5.2.0rc |
|
#
0d4bab03 |
| 05-Mar-2018 |
zrj <rimvydas.jasinskas@gmail.com> |
syscons: Remove unused variable.
|
#
e3657467 |
| 04-Mar-2018 |
Imre Vadász <imre@vdsz.com> |
syscons - Fix NULL pointer access in 0d7c8a4d1cafae68239
|
#
0d7c8a4d |
| 04-Mar-2018 |
Imre Vadász <imre@vdsz.com> |
syscons - Wait for drm modesetting at appropriate places.
* This avoids races between userland using DRM, and the drm modesetting callbacks called by syscons.
* Always call the drm modesetting ca
syscons - Wait for drm modesetting at appropriate places.
* This avoids races between userland using DRM, and the drm modesetting callbacks called by syscons.
* Always call the drm modesetting callback, when we are switching from a virtual terminal that is in Graphics mode. Before that was skipped unless we were switching to a virtual terminal that is in Text mode. However with the framebuffer mmap-ing through syscons, it also makes sense to use virtual terminals in Graphics mode, without going through drm. So we have to make sure to restore the syscons framebuffer there as well.
show more ...
|
#
72da38a0 |
| 17-Feb-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix syscons's visual bell
* The visual bell code was completely broken.
* Refactor the callout, and use the new callout_init_lk facility to deal with races.
Reported-by: snurg
|
#
49ecae83 |
| 03-Feb-2018 |
zrj <rimvydas.jasinskas@gmail.com> |
kernel: Remove use of deprecated "%r" radix format.
|
#
8a5e307d |
| 13-Jan-2018 |
Imre Vadász <imre@vdsz.com> |
syscons - Skip drawing of the border, when switching to a graphics vty.
* When the target vty in a vty switch is in graphics mode, and we have a dumb framebuffer (sc->fbi != NULL), we definitely d
syscons - Skip drawing of the border, when switching to a graphics vty.
* When the target vty in a vty switch is in graphics mode, and we have a dumb framebuffer (sc->fbi != NULL), we definitely don't need to call sc_set_border().
show more ...
|
#
1ba5dede |
| 13-Jan-2018 |
Imre Vadász <imre@vdsz.com> |
syscons - Use COL and ROW #define constants.
|
Revision tags: v5.0.2 |
|
#
8f523d1c |
| 02-Dec-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
syscons: Unbreak compile w/o splash
|
#
1743eeb4 |
| 25-Nov-2017 |
Imre Vadász <imre@vdsz.com> |
syscons - Partly implement FBIO_BLANK ioctl, for display powersaving.
* Only implement the parts relevant for display powersaving when a KMS graphics driver is loaded. Adjust the existing V_DISPLA
syscons - Partly implement FBIO_BLANK ioctl, for display powersaving.
* Only implement the parts relevant for display powersaving when a KMS graphics driver is loaded. Adjust the existing V_DISPLAY_* constant definitions to match the corresponding definitions in FreeBSD.
show more ...
|
#
27332c1b |
| 24-Nov-2017 |
Imre Vadász <imre@vdsz.com> |
kernel - Get rid of old KDSETRAD keyboard ioctl, and some __i386__ kbd code.
* The KDSETREPEAT ioctl was implemented as a replacement more than 18 years ago in 1999 (FreeBSD svn r44628).
|
Revision tags: v5.0.1 |
|
#
bc7273cf |
| 18-Oct-2017 |
Imre Vadász <imre@vdsz.com> |
syscons - Add minimal fbio support for "scfb" xorg driver with sc->fbi fb.
* At the moment there is no support for safely handling the case where userspace has mapped the EFI framebuffer, and a dr
syscons - Add minimal fbio support for "scfb" xorg driver with sc->fbi fb.
* At the moment there is no support for safely handling the case where userspace has mapped the EFI framebuffer, and a drm graphics driver is loaded, that uses the same hardware as the EFI framebuffer. (Either loading the drm(4) driver should be prevented in this case, or the framebuffer should be forcibly unmapped from the userspace application).
show more ...
|
Revision tags: v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc |
|
#
481d12aa |
| 09-Jan-2017 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Incidental MPLOCK removal (non-performance)
* Remove the MPLOCK in a ton of places that don't need it or can be trivially tokenized or locked.
* Mostly non-performance adjustments, thoug
kernel - Incidental MPLOCK removal (non-performance)
* Remove the MPLOCK in a ton of places that don't need it or can be trivially tokenized or locked.
* Mostly non-performance adjustments, though the X server does use scmouse or sysmouse.
show more ...
|
#
43c88c9d |
| 03-Dec-2016 |
Imre Vadász <imre@vdsz.com> |
syscons - Set cons_unavail when blanking framebuffer screen from syscons.
* This makes us treat panics while the screen is blanked in KMS mode similar to panics while X is running. In both cases w
syscons - Set cons_unavail when blanking framebuffer screen from syscons.
* This makes us treat panics while the screen is blanked in KMS mode similar to panics while X is running. In both cases we have no possibility left to display the syscons console.
* This also sets the cons_unavail flag, when the KMS driver is unloaded and the framebuffer console becomes unusable, until a new framebuffer is registered for syscons (which will clear cons_unavail again).
show more ...
|
#
f8b03d86 |
| 17-Nov-2016 |
Imre Vadász <imre@vdsz.com> |
drm: Use fb_blank hooks from drm_fb_helper.c as a syscons screensaver.
* When the KMS framebuffer is registered in syscons, a screensaver is registered in syscons, which uses the fb_blank callback
drm: Use fb_blank hooks from drm_fb_helper.c as a syscons screensaver.
* When the KMS framebuffer is registered in syscons, a screensaver is registered in syscons, which uses the fb_blank callback (if provided by the drm driver) for turning the display off.
* The syscons screensaver can be used by e.g. running "vidcontrol -t 30" for a 30s "screensaver" timeout), or via the Shift-Pause shortcut (for instantly enabling the "screensaver").
show more ...
|
#
0510b0ee |
| 29-Nov-2016 |
Imre Vadász <imre@vdsz.com> |
syscons - Add need_unlock arg to sc_clean_up and sc_wait_scrn_saver_stop.
* This should fix issues with VT switching when the screen is blanked.
|