kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Clean up memory leaks and a stack buffer disclosure bug

* Clean up memory leaks, a stack buffer disclosure bug, and a
missing priv check in if_oce (which probably never attaches these
d

kernel - Clean up memory leaks and a stack buffer disclosure bug

* Clean up memory leaks, a stack buffer disclosure bug, and a
missing priv check in if_oce (which probably never attaches these
days). All in the network subsystem.

Reported-by: Ilja van Sprundel

show more ...

kernel - Rewrite the callout_*() API

* Rewrite the entire API from scratch and improve compatibility
with FreeBSD. This is not an attempt to achieve full API compatibility,
as FreeBSD's API has

kernel - Rewrite the callout_*() API

* Rewrite the entire API from scratch and improve compatibility
with FreeBSD. This is not an attempt to achieve full API compatibility,
as FreeBSD's API has unnecessary complexity that coders would frequently
make mistakes interpreting.

* Remove the IPI mechanisms in favor of fine-grained spin-locks instead.

* Add some robustness features in an attempt to track down corrupted
callwheel lists due to originating subsystems freeing structures out
from under an active callout.

* The code supports a full-blown type-stable/adhoc-reuse structural
separation between the front-end and the back-end, but this feature
is currently not operational and may be removed at some future point.
Instead we currently just embed the struct _callout inside the
struct callout.

* Replace callout_stop_sync() with callout_cancel().

* callout_drain() is now implemented as a synchronous cancel instead
of an asynchronous stop, which is closer to the FreeBSD API and
expected operation for ported code (usb stack in particular). We
will just have to fix any deadlocks which we come across.

* Retain our callout_terminate() function as the 'better' way to
stop using a callout, as it will not only cancel the callout but
also de-flag the structure so it can no longer be used.

show more ...

kernel/netif: Avoid empty if/else bodies.

kernel: Fix some -Wundef warnings in oce(4) and mps(4).

__FreeBSD_version is not defined in DragonFly, so make it clearer
which path we take.

netif: Configure mbuf clusters/jclusters limits

Default mbuf clusters limit work for most of the network device
drivers. The drivers modified by this commit:
- Use mbuf jclusters.
- Size of the rec

netif: Configure mbuf clusters/jclusters limits

Default mbuf clusters limit work for most of the network device
drivers. The drivers modified by this commit:
- Use mbuf jclusters.
- Size of the reception queues could be configured.
- Support multiple reception queues.

et(4) and mxge(4) are special; they use non-cluster mbuf for small
packets reception, so we adjust non-cluster mbuf limit manually in
these two drivers.

show more ...

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD

kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.

The main reason is that our having to use the MB_WAIT and MB_DONTWAIT
flags was a recurring issue when porting drivers from FreeBSD because
it tended to get forgotten and the code would compile anyway with the
wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags
for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK
and M_NOWAIT), it was just one big converting back and forth with some
sanitization in between.

This commit allows M_* again for the mbuf functions and keeps the
sanitizing as it was before: when M_WAITOK is among the passed flags,
objcache functions will be called with M_WAITOK and when it is absent,
they will be called with M_NOWAIT. All other flags are scrubbed by the
MB_OCFLAG() macro which does the same as the former MBTOM().

Approved-by: dillon

show more ...

kernel: Don't confuse kmalloc() and mbuf flags.

kernel: Use the new auto-created sysctl ctx/tree in various drivers.

Everywhere where we formerly rolled a hw.fooX.* per-device ctx/tree
ourselves.

This commit switches it to dev.foo.X.*

kernel: Use NULL for pointers in DRIVER_MODULE().

kernel: make pktinfo and cpuid native to ip_input()

In order to remove ether_input_pkt(), switch the prototype
of if_input() and adjust all callers. While there, consolidate
the style of the invoke

kernel: make pktinfo and cpuid native to ip_input()

In order to remove ether_input_pkt(), switch the prototype
of if_input() and adjust all callers. While there, consolidate
the style of the invoke.

Suggested and reviewed by: sephe

show more ...

oce: Don't clear M_PKTHDR when create mbuf chain

kernel/oce: Sync oce(4) driver with FreeBSD.

An update by Emulex. Most notably, it adds support for Skyhawk adapters.

The port to DragonFly wasn't tested on a Skyhawk but looks like it should
just

kernel/oce: Sync oce(4) driver with FreeBSD.

An update by Emulex. Most notably, it adds support for Skyhawk adapters.

The port to DragonFly wasn't tested on a Skyhawk but looks like it should
just work[tm].

Thanks to Mihai Carabas for testing it on a BladeEngine 3 to see that I
didn't break anything which previously worked.

Taken-from: FreeBSD

show more ...

kernel/oce: Fix wrong maxsegs argument for bus_dmamap_load_mbuf_segment().

Mindlessly introduced by me after it was tested by Mihai and led to a
panic.

I had misunderstood a comment by sephe. OCE_M

kernel/oce: Fix wrong maxsegs argument for bus_dmamap_load_mbuf_segment().

Mindlessly introduced by me after it was tested by Mihai and led to a
panic.

I had misunderstood a comment by sephe. OCE_MAX_TX_ELEMENTS is (as the
name implies) just for the tx path.

Reported-by: Mihai Carabas <mihai.carabas@gmail.com>

show more ...

kernel/netif: Bring in the oce(4) driver for Emulex OneConnect 10Gb NICs.

According to the manual page, it supports:

* Emulex BladeEngine 2
* Emulex BladeEngine 3
* Emulex Lancer

It seems to be in

kernel/netif: Bring in the oce(4) driver for Emulex OneConnect 10Gb NICs.

According to the manual page, it supports:

* Emulex BladeEngine 2
* Emulex BladeEngine 3
* Emulex Lancer

It seems to be in solid shape, but some features remain yet unported
(such as MSI-X support). Also, the module is named 'if_oce.ko' in
DragonFly (like it is with all other network drivers) instead of
'oce.ko' like in FreeBSD.

The driver was tested by Mihai Carabas with a BladeEngine 3 adapter.

Taken-from: FreeBSD
Additional-clue-by: sephe

show more ...