#
b272101a |
| 30-Oct-2023 |
Aaron LI <aly@aaronly.me> |
Various minor whitespace cleanups
Accumulated along the way.
|
#
fb1dde20 |
| 10-Nov-2023 |
Aaron LI <aly@aaronly.me> |
kernel: No need to handle mbuf allocation failures if use M_WAITOK
|
#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2 |
|
#
80d831e1 |
| 25-Jul-2020 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Refactor in-kernel system call API to remove bcopy()
* Change the in-kernel system call prototype to take the system call arguments as a separate pointer, and make the contents read-onl
kernel - Refactor in-kernel system call API to remove bcopy()
* Change the in-kernel system call prototype to take the system call arguments as a separate pointer, and make the contents read-only.
int sy_call_t (void *); int sy_call_t (struct sysmsg *sysmsg, const void *);
* System calls with 6 arguments or less no longer need to copy the arguments from the trapframe to a holding structure. Instead, we simply point into the trapframe.
The L1 cache footprint will be a bit smaller, but in simple tests the results are not noticably faster... maybe 1ns or so (roughly 1%).
show more ...
|
Revision tags: v5.8.1, v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2, v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1 |
|
#
35949930 |
| 20-Apr-2018 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - per-thread fd cache, p_fd lock bypass
* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's in a held state (avoiding the need to fhold()/fdrop() the ref count), and bypasse
kernel - per-thread fd cache, p_fd lock bypass
* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's in a held state (avoiding the need to fhold()/fdrop() the ref count), and bypasses the p_fd spinlock. This allows the file pointer structure to generally be shared across cpu caches.
* Can cache up to four descriptors in each thread, LRU. This is the common case. Highly threaded programs tend to focus work on a distinct file descriptors in each thread.
* One file descriptor can be cached in up to four threads. This is a significant limitation, though relatively uncommon. On a cache miss the code drops into the normal shared p_fd spinlock lookup.
show more ...
|
Revision tags: v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0 |
|
#
d314b0e9 |
| 11-Oct-2017 |
Sascha Wildner <saw@online.de> |
kernel: Simplify various redundant conditions.
Found-by: cppcheck
One was reported by dcb in <https://bugs.dragonflybsd.org/issues/3078>.
|
Revision tags: v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc |
|
#
54ba75e6 |
| 13-Feb-2017 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
libkern: Make inet_ntoa MPSAFE by passing string buffer to it.
|
Revision tags: v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc |
|
#
b2244ed9 |
| 15-Sep-2015 |
Sepherosa Ziehau <sephe@dragonflybsd.org> |
kernel: Use fhold() instead of increasing f_count manually
|
Revision tags: v4.2.4 |
|
#
6ec8f7f2 |
| 08-Aug-2015 |
Sascha Wildner <saw@online.de> |
Remove remaining OSI protocol support.
These were just leftovers.
|
Revision tags: v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc |
|
#
cabfc9f6 |
| 23-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Major mtx lock cleanup
* Integrate the ident into the mtx structure, remove the ident parameter from all locking calls.
* Rename some of the functions, shortening them.
* Add a few new
kernel - Major mtx lock cleanup
* Integrate the ident into the mtx structure, remove the ident parameter from all locking calls.
* Rename some of the functions, shortening them.
* Add a few new functions which hammer2 will use.
show more ...
|
Revision tags: v4.0.5 |
|
#
d66b88f3 |
| 16-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Refactor kern_mutex (mtx* functions)
* Refactor kern_mutex in order to support asynchronous lock requests, which hammer2 is going to need. kern_mutex already supports abortable locks.
kernel - Refactor kern_mutex (mtx* functions)
* Refactor kern_mutex in order to support asynchronous lock requests, which hammer2 is going to need. kern_mutex already supports abortable locks.
* Add callback fields to the mtx_link structure.
* Use the mtx_link structure for shared locks in addition to exclusive locks, allowing asynchronous callbacks for shared locks and exclusive locks.
* Make the locking flags more deterministic.
* Redo the typedefs to be more like hammer2. Typedef the structures rather than pointers so the typedef names can be used for structural embedding.
show more ...
|
Revision tags: v4.0.4 |
|
#
b5523eac |
| 19-Feb-2015 |
Sascha Wildner <saw@online.de> |
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.
The main reason is that our having to use the MB_WAIT and MB_DONTWAIT flags was a recurring issue when porting drivers from FreeBSD
kernel: Move us to using M_NOWAIT and M_WAITOK for mbuf functions.
The main reason is that our having to use the MB_WAIT and MB_DONTWAIT flags was a recurring issue when porting drivers from FreeBSD because it tended to get forgotten and the code would compile anyway with the wrong constants. And since MB_WAIT and MB_DONTWAIT ended up as ocflags for an objcache_get() or objcache_reclaimlist call (which use M_WAITOK and M_NOWAIT), it was just one big converting back and forth with some sanitization in between.
This commit allows M_* again for the mbuf functions and keeps the sanitizing as it was before: when M_WAITOK is among the passed flags, objcache functions will be called with M_WAITOK and when it is absent, they will be called with M_NOWAIT. All other flags are scrubbed by the MB_OCFLAG() macro which does the same as the former MBTOM().
Approved-by: dillon
show more ...
|
Revision tags: v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2 |
|
#
0037b005 |
| 18-Jul-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - turn off auto-socket sizing
* Turn off automatic socket sizing for NFS sockets. Otherwise the socket buffer might be reduced to the point where the mbuf interface refuses to queue w/EM
kernel - turn off auto-socket sizing
* Turn off automatic socket sizing for NFS sockets. Otherwise the socket buffer might be reduced to the point where the mbuf interface refuses to queue w/EMSGSIZE.
TODO: We need a better fix.
show more ...
|
#
d33df46a |
| 29-Jun-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix nfs server-side shutdown race
* Fix issues where slp->ns_so is being accessed during or after the socket has been zapped. The zap code actually closes the fp and destroys the socke
kernel - Fix nfs server-side shutdown race
* Fix issues where slp->ns_so is being accessed during or after the socket has been zapped. The zap code actually closes the fp and destroys the socket so this race results in a use-after-free and can cause a panic on the NFS server.
* Zapping now shuts the socket down but does not close/destroy it. The socket will be destroyed when the last ref on slp (aka nfssvc_sock) is dropped.
* Re-check SLP_VALID in a few more places after potentially blocking. Other situations that might block are handled by the change in the zap code.
show more ...
|
Revision tags: v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1 |
|
#
0fdb7d01 |
| 15-Jan-2014 |
Sascha Wildner <saw@online.de> |
Remove a bunch of unnecessary semicolons.
|
Revision tags: v3.6.0, v3.7.1, v3.6.0rc, v3.7.0 |
|
#
cec73927 |
| 05-Sep-2013 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Change time_second to time_uptime for all expiration calculations
* Vet the entire kernel and change use cases for expiration calculations using time_second to use time_uptime instead.
*
kernel - Change time_second to time_uptime for all expiration calculations
* Vet the entire kernel and change use cases for expiration calculations using time_second to use time_uptime instead.
* Protects these expiration calculations from step changes in the wall time, particularly needed for route table entries.
* Probably requires further variable type adjustments but the use of time_uptime instead if time_second is highly unlikely to ever overrun any demotions to int still present.
show more ...
|
Revision tags: v3.4.3 |
|
#
adddfd62 |
| 05-Jul-2013 |
Sascha Wildner <saw@online.de> |
kernel: Remove some #include duplicates in vfs/ and vm/
|
#
dc71b7ab |
| 31-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadl
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadler.com>
show more ...
|
Revision tags: v3.4.2 |
|
#
2702099d |
| 06-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Remove advertising clause from all that isn't contrib or userland bin.
By: Eitan Adler <lists@eitanadler.com>
|
Revision tags: v3.4.0, v3.4.1, v3.4.0rc, v3.5.0 |
|
#
1d0de3d3 |
| 08-Jan-2013 |
Sascha Wildner <saw@online.de> |
kernel/vfs: Remove some unused variables.
|
Revision tags: v3.2.2 |
|
#
9072066a |
| 08-Dec-2012 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Adjust NFS server for new allocvnode() code
* Adjust the NFS server to check for LWP_MP_VNLRU garbage collection requests and act on them.
This prevents excessive allocation of vnodes
kernel - Adjust NFS server for new allocvnode() code
* Adjust the NFS server to check for LWP_MP_VNLRU garbage collection requests and act on them.
This prevents excessive allocation of vnodes by the nfsd's.
show more ...
|
Revision tags: v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
4090d6ff |
| 03-Jan-2012 |
Sascha Wildner <saw@online.de> |
kernel: Use NULL for pointers.
|
#
28558454 |
| 09-Dec-2011 |
Sascha Wildner <saw@online.de> |
kernel/nfs: Fix a bug due to missing braces.
The lwkt_reltoken() was added in c6b43e93a6cf0a70bde32cd141057a0df9860e13 but it was forgotten to put braces around the if's body (now having lwkt_reltok
kernel/nfs: Fix a bug due to missing braces.
The lwkt_reltoken() was added in c6b43e93a6cf0a70bde32cd141057a0df9860e13 but it was forgotten to put braces around the if's body (now having lwkt_reltoken() and the return()).
show more ...
|
#
884717e1 |
| 06-Dec-2011 |
Sascha Wildner <saw@online.de> |
kernel: Replace all usage of MALLOC()/FREE() with kmalloc()/kfree().
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|