Revision tags: vendor/clang/clang-release_38-r261684, vendor/llvm/llvm-release_38-r261684, vendor/libc++/libc++-release_38-r261369, vendor/libc++/libc++-release_380-r262564, vendor/compiler-rt/compiler-rt-release_38-r261369, vendor/compiler-rt/compiler-rt-release_380-r262564, vendor/clang/clang-release_38-r261369, vendor/llvm/llvm-release_38-r261369, vendor/lldb/lldb-release_38-r260756, vendor/lldb/lldb-release_380-r262564, vendor/libc++/libc++-release_38-r260756, vendor/compiler-rt/compiler-rt-release_38-r260756, vendor/clang/clang-release_38-r260756, vendor/llvm/llvm-release_38-r260756, vendor/acpica/20160212, vendor/elftoolchain/elftoolchain-r3399, vendor/elftoolchain/elftoolchain-r3395, vendor/NetBSD/libedit/2016-01-30, vendor/openresolv/3.7.2, vendor/device-tree/ianc-afaecb70, vendor/openssl/1.0.1r, vendor/openssl/1.0.2f, vendor/lldb/lldb-release_38-r258968, vendor/lld/lld-release_38-r258968, vendor/lld/lld-release_380-r262564, vendor/libc++/libc++-release_38-r258968, vendor/compiler-rt/compiler-rt-release_38-r258968, vendor/clang/clang-release_38-r258968, vendor/llvm/llvm-release_38-r258968, vendor/alpine-hal/2.7, vendor/libc++/libc++-release_38-r258549, vendor/clang/clang-release_38-r258549, vendor/llvm/llvm-release_38-r258549, vendor/ntp/4.2.8p6, vendor/bind9/9.9.8-P3, vendor/openssh/7.1p2, vendor/lldb/lldb-release_38-r257836, vendor/libc++/libc++-release_38-r257836, vendor/clang/clang-release_38-r257836, vendor/llvm/llvm-release_38-r257836, vendor/mandoc/20160116, vendor/lldb/lldb-trunk-r257626, vendor/lld/lld-trunk-r257626, vendor/libc++/r257626, vendor/compiler-rt/compiler-rt-trunk-r257626, vendor/clang/clang-trunk-r257626, vendor/llvm/llvm-trunk-r257626, vendor/acpica/20160108, vendor/ntp/4.2.8p5, vendor/lldb/lldb-trunk-r256945, vendor/lld/lld-trunk-r256945, vendor/libc++/r256945, vendor/compiler-rt/compiler-rt-trunk-r256945, vendor/clang/clang-trunk-r256945, vendor/llvm/llvm-trunk-r256945, vendor/llvm-libunwind/libunwind-r256779, vendor/less/v481, vendor/lldb/lldb-trunk-r256633, vendor/llvm/llvm-trunk-r256633, vendor/lld/lld-trunk-r256633, vendor/libc++/r256633, vendor/compiler-rt/compiler-rt-trunk-r256633, vendor/clang/clang-trunk-r256633, vendor/clang/clang-release_371-r255217, vendor/llvm/llvm-release_371-r255217, vendor/NetBSD/bmake/20151220, vendor/acpica/20151218, vendor/bind9/9.9.8-P2, vendor/unbound/1.5.7, vendor/unbound/1.5.6, vendor/elftoolchain/elftoolchain-r3272, vendor/openbsm/1.2-ALPHA-4, vendor/NetBSD/bmake/20151201, vendor/openssl/0.9.8zh, vendor/openssl/1.0.1q, vendor/openssl/1.0.2e, vendor/acpica/20151124, vendor/xz/5.2.2, vendor/tzdata/tzdata2015g, vendor/libucl/20151027, vendor/openssl/1.0.2d, vendor/NetBSD/bmake/20151020, vendor/ntp/4.2.8p4, vendor/wpa/2.5, vendor/subversion/subversion-1.9.2, vendor/dma/0.10, vendor/elftoolchain/elftoolchain-r3250, vendor/unbound/1.5.5, vendor/bind9/9.9.8, vendor/acpica/20150930, vendor/netcat/5.8, vendor/llvm-libunwind/libunwind-r246528, vendor/file/5.25, vendor/unbound/1.5.4, zfs-0.6.5, vendor/libc++/libc++-release_370-r246257, vendor/compiler-rt/compiler-rt-release_370-r246257, vendor/lldb/lldb-release_370-r246257, vendor/clang/clang-release_370-r246257, vendor/llvm/llvm-release_370-r246257, vendor/lldb/lldb-trunk-r242221, vendor/file/5.24, vendor/openssh/7.1p1, vendor/openssh/7.0p1, vendor/acpica/20150818, vendor/pciids/pciids-20150815, vendor/tzdata/tzdata2015f, release/10.2.0, upstream/10.2.0, vendor/sqlite3/sqlite-3081101, vendor/subversion/subversion-1.8.14, vendor/serf/serf-1.3.8, vendor/apr/apr-1.5.2, vendor/clang/clang-trunk-r242221, vendor/llvm/llvm-trunk-r242221, vendor/bind9/9.9.7-P2, vendor/acpica/20150717, vendor/openssl/1.0.1p |
|
#
fcb5b3a4 |
| 09-Jul-2015 |
Konstantin Belousov <kib@FreeBSD.org> |
Cover a race between doselwakeup() and selfdfree(). If doselwakeup() loop finds the selfd entry and clears its sf_si pointer, which is handled by selfdfree() in parallel, NULL sf_si makes selfdfree(
Cover a race between doselwakeup() and selfdfree(). If doselwakeup() loop finds the selfd entry and clears its sf_si pointer, which is handled by selfdfree() in parallel, NULL sf_si makes selfdfree() free the memory. The result is the race and accesses to the freed memory.
Refcount the selfd ownership. One reference is for the sf_link linkage, which is unconditionally dereferenced by selfdfree(). Another reference is for sf_threads, both selfdfree() and doselwakeup() race to deref it, the winner unlinks and than frees the selfd entry.
Reported by: Larry Rosenman <ler@lerctr.org> Tested by: Larry Rosenman <ler@lerctr.org>, pho Sponsored by: The FreeBSD Foundation MFC after: 2 weeks
show more ...
|
Revision tags: vendor/sendmail/8.15.2, vendor/tcpdump/4.7.4, vendor/clang/clang-trunk-r241361, vendor/llvm/llvm-trunk-r241361, vendor/lldb/lldb-r241361, vendor/openssh/6.9p1, vendor/openssh/6.8p1, vendor/ntp/4.2.8p3, vendor/clang/clang-trunk-r240225, vendor/llvm/llvm-trunk-r240225, vendor/acpica/20150619, vendor/libcxxrt/2015-06-18-e64e93fe5bba67a6d52cbe5a97f8770c054bfa65, vendor/acpica/20150616, vendor/tzdata/tzdata2015e, vendor/openssl/1.0.1o, vendor/openssl/0.9.8zg, vendor/openssl/1.0.1n, vendor/NetBSD/bmake/20150606, vendor/file/5.23, vendor/clang/clang-trunk-r239412, vendor/llvm/llvm-trunk-r239412, vendor/clang/clang-trunk-r238337, vendor/llvm/llvm-trunk-r238337, vendor/elftoolchain/elftoolchain-r3223, vendor/clang/clang-3.6.x, vendor/clang/clang-release_361-r237755, vendor/llvm/llvm-3.6.x, vendor/llvm/llvm-release_361-r237755, vendor/acpica/20150515, vendor/tzdata/tzdata2015d, vendor/tzdata/tzdata2015c, vendor/elftoolchain/elftoolchain-r3197, vendor/ficl/4.1.0, vendor/ficl/3.0.3, vendor/NetBSD/bmake/20150505, vendor/netcat/5.7, vendor/openresolv/3.7.0, vendor/sqlite3/sqlite-3080900, vendor/unbound/1.5.3, vendor/unbound/1.5.2, vendor/NetBSD/bmake/20150418 |
|
#
0538aafc |
| 18-Apr-2015 |
Konstantin Belousov <kib@FreeBSD.org> |
The lseek(2), mmap(2), truncate(2), ftruncate(2), pread(2), and pwrite(2) syscalls are wrapped to provide compatibility with pre-7.x kernels which required padding before the off_t parameter. The fc
The lseek(2), mmap(2), truncate(2), ftruncate(2), pread(2), and pwrite(2) syscalls are wrapped to provide compatibility with pre-7.x kernels which required padding before the off_t parameter. The fcntl(2) contains compatibility code to handle kernels before the struct flock was changed during the 8.x CURRENT development. The shims were reasonable to allow easier revert to the older kernel at that time.
Now, two or three major releases later, shims do not serve any purpose. Such old kernels cannot handle current libc, so revert the compatibility code.
Make padded syscalls support conditional under the COMPAT6 config option. For COMPAT32, the syscalls were under COMPAT6 already.
Remove WITHOUT_SYSCALL_COMPAT build option, which only purpose was to (partially) disable the removed shims.
Reviewed by: jhb, imp (previous versions) Discussed with: peter Sponsored by: The FreeBSD Foundation MFC after: 1 week
show more ...
|
Revision tags: vendor/wpa/2.4, vendor/acpica/20150410, vendor/nvi/2.1.3, vendor/ntp/4.2.8p2, vendor/acpica/20150408, zfs-0.6.4, vendor/xz/5.2.1, vendor/bind9/9.9.7, vendor/elftoolchain/elftoolchain-r3179, vendor/lld/lld-trunk-r233088, vendor/tzdata/tzdata2015b, vendor/lua/5.3.0, vendor/openssl/0.9.8zf, vendor/openssl/1.0.1m, vendor/mandoc/1.13.3, vendor/tzdata/tzdata2015a, vendor/libucl/20150302, vendor/mandoc/20150302, vendor/device-tree/ian-c8c1b3a7, vendor/clang/clang-release_360-r230434, vendor/llvm/llvm-release_360-r230434, vendor/compiler-rt/compiler-rt-r230183, vendor/clang/clang-release_360-r229772, vendor/llvm/llvm-release_360-r229772 |
|
#
b7a39e9e |
| 17-Feb-2015 |
Mateusz Guzik <mjg@FreeBSD.org> |
filedesc: simplify fget_unlocked & friends
Introduce fget_fcntl which performs appropriate checks when needed. This removes a branch from fget_unlocked.
Introduce fget_mmap dealing with cap_rights_
filedesc: simplify fget_unlocked & friends
Introduce fget_fcntl which performs appropriate checks when needed. This removes a branch from fget_unlocked.
Introduce fget_mmap dealing with cap_rights_to_vmprot conversion. This removes a branch from _fget.
Modify fget_unlocked to pass sequence counter to interested callers so that they can perform their own checks and make sure the result was otained from stable & current state.
Reviewed by: silence on -hackers
show more ...
|
Revision tags: vendor/elftoolchain/elftoolchain-r3163, vendor/clang/clang-release_360-r229040, vendor/llvm/llvm-release_360-r229040, vendor/compiler-rt/compiler-rt-r228651, vendor/lldb/lldb-r228549, vendor/lldb/lldb-r225923, vendor/xz/5.2.0, vendor/ntp/4.2.8p1, vendor/acpica/20150204, vendor/libcxxrt/2014-12-31-1cb607e89f6135bbc10f3d3b6fba1f983e258dcc, vendor/clang/clang-release_360-r227651, vendor/llvm/llvm-release_360-r227651, vendor/clang/clang-release_360-r226102, vendor/llvm/llvm-release_360-r226102, vendor/openssl/0.9.8ze, vendor/openssl/1.0.1l, vendor/clang/clang-release_351-r225668, vendor/llvm/llvm-release_351-r225668, vendor/NetBSD/libedit/2014-01-07, vendor/openssl/0.9.8zd, vendor/openssl/1.0.1k, vendor/libc++/r224926, vendor/compiler-rt/compiler-rt-r224034, vendor/tcpdump/4.6.2, vendor/libpcap/1.6.2, vendor/openssh/6.7p1, vendor/file/5.22, vendor/unbound/1.5.1, vendor/unbound/1.5.0, vendor/elftoolchain/elftoolchain-r3136, vendor/libcxxrt/2014-12-06-00bc29eb6513624824a6d7db2ebc768a4216a604, vendor/mandoc/1.13.2, vendor/elftoolchain/elftoolchain-r3130, vendor/ntp/4.2.8, vendor/bind9/9.9.6-P1, vendor/sendmail/8.15.1, vendor/file/5.21, vendor/tnftp/20141104, vendor/tnftp/20141031, vendor/mandoc/20141201, vendor/libucl/20141129 |
|
#
50ae6690 |
| 28-Nov-2014 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Style changes: - Move two IOCTL related defines to the top of the C-file - Add more comments describing the recently added IOCTL small size and small align macros
|
Revision tags: vendor/lldb/lldb-r216948, vendor/clang/clang-release_350-r216957, vendor/llvm/llvm-release_350-r216957, vendor/sqlite3/sqlite-3080702, vendor/mandoc/1.13.1, vendor/tzdata/tzdata2014j |
|
#
186d9c34 |
| 13-Nov-2014 |
Dmitry Chagin <dchagin@FreeBSD.org> |
Add the ppoll() system call. Export kern_poll() needed by an upcoming Linuxulator change.
Differential Revision: https://reviews.freebsd.org/D1133 Reviewed by: kib, wblock MFC after: 1 month
|
Revision tags: release/10.1.0, upstream/10.1.0, vendor/acpica/20141107, vendor/compiler-rt/compiler-rt-r197381 |
|
#
0ecd606b |
| 04-Nov-2014 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Simplify logic a bit. Ensure data buffer is properly aligned, especially for platforms where unaligned access is not allowed. Make it possible to override the small buffer size.
A simple continuous
Simplify logic a bit. Ensure data buffer is properly aligned, especially for platforms where unaligned access is not allowed. Make it possible to override the small buffer size.
A simple continuous read string test using libusb showed a reduction in CPU usage from roughly 10% to less than 1% using a dual-core GHz CPU, when the malloc() operation was skipped for small buffers.
MFC after: 2 weeks
show more ...
|
#
5cbf44bf |
| 03-Nov-2014 |
Mateusz Guzik <mjg@FreeBSD.org> |
Provide an on-stack temporary buffer for small ioctl requests.
|
Revision tags: vendor/atf/atf-0.21, vendor/NetBSD/mtree/20141028, vendor/netcat/5.6 |
|
#
ffc5ce7b |
| 23-Oct-2014 |
Mateusz Guzik <mjg@FreeBSD.org> |
In selfdfree re-evaulate sf_si after takin the lock.
Otherwise we can race with doselwakeup.
This is a fixup to r273549
Reviewed by: jhb Reported by: everyone and their dog
|
#
73f2e5f7 |
| 23-Oct-2014 |
Mateusz Guzik <mjg@FreeBSD.org> |
Avoid taking the lock in selfdfree when not needed.
|
Revision tags: vendor/tzdata/tzdata2014i, vendor/xz/5.0.7, vendor/openssl/0.9.8zc, vendor/openssl/1.0.1j, vendor/byacc/20141006, vendor/byacc/20141005, vendor/NetBSD/tests/09.30.2014_20.45, vendor/acpica/20140926, vendor/apr-util/apr-util-1.5.4, vendor/openpam/OUROUPARIA, vendor/acpica/20140828, vendor/pjdfstest/abf03c3a47745d4521b0e4aa141317553ca48f91, vendor/NetBSD/libc-vis/20140908, vendor/device-tree/ianc-b78b6b80, vendor/tzdata/tzdata2014f, vendor/sqlite3/sqlite-3080500, vendor/serf/serf-1.3.7, vendor/subversion/subversion-1.8.10, vendor/resolver/9.5.0, vendor/openssl/0.9.8zb, vendor/openssl/1.0.1i, vendor/serf/serf-1.3.6, vendor/libucl/20140718, vendor/libucl/20140716, vendor/byacc/20140715, release/9.3.0, vendor/NetBSD/bmake/20140620, vendor/acpica/20140627, vendor/file/5.19 |
|
#
adf87ab0 |
| 22-Jun-2014 |
Mateusz Guzik <mjg@FreeBSD.org> |
fd: replace fd_nfiles with fd_lastfile where appropriate
fd_lastfile is guaranteed to be the biggest open fd, so when the intent is to iterate over active fds or lookup one, there is no point in loo
fd: replace fd_nfiles with fd_lastfile where appropriate
fd_lastfile is guaranteed to be the biggest open fd, so when the intent is to iterate over active fds or lookup one, there is no point in looking beyond that limit.
Few places are left unpatched for now.
MFC after: 1 week
show more ...
|
Revision tags: vendor/tzdata/tzdata2014e, zfs-0.6.3, vendor/openssl/0.9.8za, vendor/openssl/1.0.1h, vendor/apr/apr-1.5.1, vendor/subversion/subversion-1.8.9, vendor/serf/serf-1.3.5, vendor/byacc/20140422, vendor/libucl/20140514, vendor/sendmail/8.14.9, vendor/unbound/1.4.22, vendor/unbound/1.4.21, vendor/ldns/1.6.17, vendor/tzdata/tzdata2014c, vendor/clang/clang-release_34-r208032, vendor/llvm/llvm-release_34-r208032, vendor/acpica/20140424, vendor/byacc/20140409, vendor/libucl/0.4.0 |
|
#
4bc38a5a |
| 12-Apr-2014 |
Davide Italiano <davide@FreeBSD.org> |
Hide internal details of sbintime_t implementation wrapping INT64_MAX into SBT_MAX, to make it more robust in case internal type representation will change in the future. All the consumers were migra
Hide internal details of sbintime_t implementation wrapping INT64_MAX into SBT_MAX, to make it more robust in case internal type representation will change in the future. All the consumers were migrated to SBT_MAX and every new consumer (if any) should from now use this interface.
Requested by: bapt, jmg, Ryan Lortie (implictly) Reviewed by: mav, bde
show more ...
|
Revision tags: vendor/netcat/5.5, vendor/openssl/1.0.1g, vendor/tzdata/tzdata2014b, vendor/acpica/20140325, vendor/libucl/20140321, vendor/openssh/6.6p1 |
|
#
4a144410 |
| 16-Mar-2014 |
Robert Watson <rwatson@FreeBSD.org> |
Update kernel inclusions of capability.h to use capsicum.h instead; some further refinement is required as some device drivers intended to be portable over FreeBSD versions rely on __FreeBSD_version
Update kernel inclusions of capability.h to use capsicum.h instead; some further refinement is required as some device drivers intended to be portable over FreeBSD versions rely on __FreeBSD_version to decide whether to include capability.h.
MFC after: 3 weeks
show more ...
|
Revision tags: vendor/tzdata/tzdata2014a, vendor/libucl/20140302, vendor/xz-embedded/6a8a2364434763a033781f6b2a605ace9a021013, vendor/ncurses/5.9-20140222, vendor/ncurses/5.9-20110404, vendor/ncurses/5.9-20110404_stripped, vendor/device-tree/ianc-efa963ec, vendor/lldb/lldb-r202189, vendor/bind9/9.9.5, vendor/bind9/9.8.7, vendor/libucl/20140222, vendor/serf/serf-1.3.4, vendor/dma/20140213, vendor/subversion/subversion-1.8.8, vendor/lldb/lldb-r201577, vendor/acpica/20140214, vendor/atf/atf-0.20, vendor/atf/atf-0.19, vendor/mandoc/1.12.3, vendor/openssh/6.5p1, vendor/libc++/r197960, vendor/dtc/dtc-6a15eb23, vendor/sendmail/8.14.8, vendor/NetBSD/bmake/20140101, vendor/openssl/1.0.1f, release/10.0.0, upstream/10.0.0, vendor/elftoolchain/elftoolchain-r2974, vendor/acpica/20140114, vendor/byacc/20140101, vendor/clang/clang-release_34-r197956, vendor/llvm/llvm-release_34-r197956, vendor/clang/clang-release_34-r197841, vendor/llvm/llvm-release_34-r197841, vendor/tzdata/tzdata2013i, vendor/acpica/20131218, vendor/nvi/2.1.2-c80f493b0382d3c, vendor/ntp/4.2.6p5, vendor/lldb/lldb-r196322, vendor/lldb/lldb-r196259, vendor/apr-util/apr-util-1.5.3, vendor/subversion/subversion-1.8.5, vendor/NetBSD/mtree/20131121, vendor/atf/atf-0.18, vendor/netcat/5.4, vendor/atf/atf-0.17, vendor/acpica/20131115 |
|
#
ed5848c8 |
| 15-Nov-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had a very hard time to fully understand) with much more intuitive rights:
CAP_EVENT - when set on descriptor, the descriptor ca
Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had a very hard time to fully understand) with much more intuitive rights:
CAP_EVENT - when set on descriptor, the descriptor can be monitored with syscalls like select(2), poll(2), kevent(2).
CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2) syscall can be called on this kqueue to with the eventlist argument set to non-NULL value; in other words the given kqueue descriptor can be used to monitor other descriptors. CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2) syscall can be called on this kqueue to with the changelist argument set to non-NULL value; in other words it allows to modify events monitored with the given kqueue descriptor.
Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and CAP_KQUEUE_CHANGE.
Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.
Sponsored by: The FreeBSD Foundation MFC after: 3 days
show more ...
|
Revision tags: vendor/nvi/2.1.2-95773e17e2751, vendor/openssh/6.4p1, vendor/subversion/subversion-1.8.4, vendor/lldb/lldb-r194122, vendor/tzdata/tzdata2013h, vendor/byacc/20130925, vendor/acpica/20130927, vendor/NetBSD/mtree/20131016 |
|
#
cd4dd444 |
| 15-Oct-2013 |
Konstantin Belousov <kib@FreeBSD.org> |
By default, allow up to SSIZE_MAX i/o for non-devfs files.
Sponsored by: The FreeBSD Foundation Reminded by: Dmitry Sivachenko <trtrmitya@gmail.com> MFC after: 1 month X-MFC-note: stable/10 only
|
#
bf3e483b |
| 15-Oct-2013 |
Konstantin Belousov <kib@FreeBSD.org> |
Similar to debug.iosize_max_clamp sysctl, introduce devfs_iosize_max_clamp sysctl, which allows/disables SSIZE_MAX-sized i/o requests on the devfs files.
Sponsored by: The FreeBSD Foundation Reminde
Similar to debug.iosize_max_clamp sysctl, introduce devfs_iosize_max_clamp sysctl, which allows/disables SSIZE_MAX-sized i/o requests on the devfs files.
Sponsored by: The FreeBSD Foundation Reminded by: Dmitry Sivachenko <trtrmitya@gmail.com> MFC after: 1 week
show more ...
|
Revision tags: vendor/dialog/1.2-20130923, vendor/tzdata/tzdata2013f, release/9.2.0, vendor/libcxxrt/2013-09-23-dafd555f547386c8c25f9afd07ea3693db13e52a, vendor/openssh/6.3p1, vendor/lldb/lldb-r188801, vendor/openpam/NUMMULARIA, vendor/NetBSD/bmake/20130904 |
|
#
8e076eff |
| 05-Sep-2013 |
Sean Bruno <sbruno@FreeBSD.org> |
Restore builds on architectures that don't support CAPABILITIES (mips).
|
#
7008be5b |
| 05-Sep-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use o
Change the cap_rights_t type from uint64_t to a structure that we can extend in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; };
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements.
The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
show more ...
|
Revision tags: vendor/NetBSD/libexecinfo/20130829, vendor/ldns-host/hg-20120826-233833, vendor/acpica/20130823, zfs-0.6.2, vendor/NetBSD/libexecinfo/20130822, vendor/ipfilter/5.1.2, vendor/ipfilter-sys/5-1-2, vendor/bind9/9.9.3-P2, vendor/nvi/2.1.1-4334a8297f, vendor/serf/serf-1.3.0, vendor/NetBSD/bmake/20130730, vendor/bind9/9.8.5-P2, vendor/apr-util/apr-util-1.5.2, vendor/apr/apr-1.4.8, vendor/subversion/subversion-1.8.1, vendor/misc-GNU/patch/2.5.9, vendor/acpica/20130725, vendor/bind9/9.8.5-P1, vendor/libc++/r185801, vendor/libcxxrt/2013-07-08-c61efa043b14378efbd69c9a2686d44ed46ae179, vendor/v4l/2.6.34.14 |
|
#
76665df9 |
| 29-Jun-2013 |
Peter Wemm <peter@FreeBSD.org> |
Help out gcc. clang understands.
sys_generic.c:1510: warning: 'precision' may be used uninitialized *** [sys_generic.o] Error code 1
|
#
237abf0c |
| 28-Jun-2013 |
Davide Italiano <davide@FreeBSD.org> |
- Trim an unused and bogus Makefile for mount_smbfs. - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng sw
- Trim an unused and bogus Makefile for mount_smbfs. - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng switch.
show more ...
|
Revision tags: vendor/hyperv/20130627, vendor/acpica/20130626, vendor/wpa/2.0, vendor/subversion/subversion-1.8.0, vendor/sqlite3/sqlite-3071700, vendor/subversion/subversion-1.8.0-rc3, vendor/serf/serf-1.2.1, vendor/apr-util/apr-util-1.4.1, vendor/apr/apr-1.4.6, vendor/dialog/1.2-20130523, vendor/clang/clang-release_33-r183502, vendor/llvm/llvm-release_33-r183502, vendor/NetBSD/bmake/20130604, release/8.4.0, vendor/byacc/20130304, vendor/tcpdump/4.4.0, vendor/libpcap/1.4.0, vendor/compiler-rt/compiler-rt-r182741, vendor/NetBSD/bmake/20130520, vendor/acpica/20130517, vendor/openssh/6.2p2, vendor/libregex/glibc-2.17, vendor/less/v458, vendor/tnftp/20130505, vendor/zlib/1.2.8, vendor/hyperv/20130502, vendor/flex/2.5.37, vendor/qcamain_open_hal/60390a9f9ac6a20db168fbbc01a4ad4e01c395ce, vendor/libc++/r180598, vendor/libcxxrt/2013-04-22-c812a07cd2f95c1403baf0bbe0366e7618d1d6d3, vendor/sendmail/8.14.7, vendor/tzdata/tzdata2013c, vendor/acpica/20130418, vendor/netcat/5.3, vendor/NetBSD/mtree/20130408, vendor/clang/clang-trunk-r178860, vendor/llvm/llvm-trunk-r178860, vendor/unbound/1.4.20, vendor/acpica/20130328, vendor/NetBSD/bmake/20130330, vendor/bind9/9.8.4-P2, zfs-0.6.1, vendor/openssh/6.2p1, vendor/libarchive/3.1.2, vendor/tzdata/tzdata2013b |
|
#
21a37a71 |
| 09-Mar-2013 |
Alexander Motin <mav@FreeBSD.org> |
Rework overflow checks of r247898 to not let too "intelligent" compiler to optimize it out.
Submitted by: bde
|
Revision tags: vendor/openssl/0.9.8y |
|
#
980c545d |
| 06-Mar-2013 |
Alexander Motin <mav@FreeBSD.org> |
Fix time math overflows and improve zero intervals handling in poll(), select(), nanosleep() and kevent() functions after calloutng changes.
Reported by: bde
|
#
cf5e4fe6 |
| 04-Mar-2013 |
Davide Italiano <davide@FreeBSD.org> |
MFcalloutng: Fix kern_select() and sys_poll() so that they can handle sub-tick precision for timeouts (in the same fashion it was done for nanosleep() in r247797).
Sponsored by: Google Summer of Cod
MFcalloutng: Fix kern_select() and sys_poll() so that they can handle sub-tick precision for timeouts (in the same fashion it was done for nanosleep() in r247797).
Sponsored by: Google Summer of Code 2012, iXsystems inc. Tested by: flo, marius, ian, markj, Fabian Keil
show more ...
|
Revision tags: vendor/libyaml/0.1.4 |
|
#
2609222a |
| 02-Mar-2013 |
Pawel Jakub Dawidek <pjd@FreeBSD.org> |
Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer d
Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor has set of its own capability rights.
- The cap_new(2) system call is left, but it is no longer documented and should not be used in new code.
- The new syscall cap_rights_limit(2) should be used instead of cap_new(2), which limits capability rights of the given descriptor without creating a new one.
- The cap_getrights(2) syscall is renamed to cap_rights_get(2).
- If CAP_IOCTL capability right is present we can further reduce allowed ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed ioctls can be retrived with cap_ioctls_get(2) syscall.
- If CAP_FCNTL capability right is present we can further reduce fcntls that can be used with the new cap_fcntls_limit(2) syscall and retrive them with cap_fcntls_get(2).
- To support ioctl and fcntl white-listing the filedesc structure was heavly modified.
- The audit subsystem, kdump and procstat tools were updated to recognize new syscalls.
- Capability rights were revised and eventhough I tried hard to provide backward API and ABI compatibility there are some incompatible changes that are described in detail below:
CAP_CREATE old behaviour: - Allow for openat(2)+O_CREAT. - Allow for linkat(2). - Allow for symlinkat(2). CAP_CREATE new behaviour: - Allow for openat(2)+O_CREAT.
Added CAP_LINKAT: - Allow for linkat(2). ABI: Reuses CAP_RMDIR bit. - Allow to be target for renameat(2).
Added CAP_SYMLINKAT: - Allow for symlinkat(2).
Removed CAP_DELETE. Old behaviour: - Allow for unlinkat(2) when removing non-directory object. - Allow to be source for renameat(2).
Removed CAP_RMDIR. Old behaviour: - Allow for unlinkat(2) when removing directory.
Added CAP_RENAMEAT: - Required for source directory for the renameat(2) syscall.
Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR): - Allow for unlinkat(2) on any object. - Required if target of renameat(2) exists and will be removed by this call.
Removed CAP_MAPEXEC.
CAP_MMAP old behaviour: - Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and PROT_WRITE. CAP_MMAP new behaviour: - Allow for mmap(2)+PROT_NONE.
Added CAP_MMAP_R: - Allow for mmap(PROT_READ). Added CAP_MMAP_W: - Allow for mmap(PROT_WRITE). Added CAP_MMAP_X: - Allow for mmap(PROT_EXEC). Added CAP_MMAP_RW: - Allow for mmap(PROT_READ | PROT_WRITE). Added CAP_MMAP_RX: - Allow for mmap(PROT_READ | PROT_EXEC). Added CAP_MMAP_WX: - Allow for mmap(PROT_WRITE | PROT_EXEC). Added CAP_MMAP_RWX: - Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).
Renamed CAP_MKDIR to CAP_MKDIRAT. Renamed CAP_MKFIFO to CAP_MKFIFOAT. Renamed CAP_MKNODE to CAP_MKNODEAT.
CAP_READ old behaviour: - Allow pread(2). - Disallow read(2), readv(2) (if there is no CAP_SEEK). CAP_READ new behaviour: - Allow read(2), readv(2). - Disallow pread(2) (CAP_SEEK was also required).
CAP_WRITE old behaviour: - Allow pwrite(2). - Disallow write(2), writev(2) (if there is no CAP_SEEK). CAP_WRITE new behaviour: - Allow write(2), writev(2). - Disallow pwrite(2) (CAP_SEEK was also required).
Added convinient defines:
#define CAP_PREAD (CAP_SEEK | CAP_READ) #define CAP_PWRITE (CAP_SEEK | CAP_WRITE) #define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ) #define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE) #define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL) #define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W) #define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X) #define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X) #define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X) #define CAP_RECV CAP_READ #define CAP_SEND CAP_WRITE
#define CAP_SOCK_CLIENT \ (CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \ CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN) #define CAP_SOCK_SERVER \ (CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \ CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \ CAP_SETSOCKOPT | CAP_SHUTDOWN)
Added defines for backward API compatibility:
#define CAP_MAPEXEC CAP_MMAP_X #define CAP_DELETE CAP_UNLINKAT #define CAP_MKDIR CAP_MKDIRAT #define CAP_RMDIR CAP_UNLINKAT #define CAP_MKFIFO CAP_MKFIFOAT #define CAP_MKNOD CAP_MKNODAT #define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER)
Sponsored by: The FreeBSD Foundation Reviewed by: Christoph Mallon <christoph.mallon@gmx.de> Many aspects discussed with: rwatson, benl, jonathan ABI compatibility discussed with: kib
show more ...
|
Revision tags: vendor/expat/2.1.0, vendor/NetBSD/unvis/20130221, vendor/NetBSD/vis/20130221, vendor/NetBSD/libc-vis/20130221, vendor/acpica/20130214, vendor/ldns/1.6.16, vendor/openssl/1.0.1e, vendor/libc++/r174563, zfs-0.6.0-rc14, vendor/NetBSD/bmake/20130123, vendor/libcxxrt/2013-01-21-c4b68a5c1836b9027fe8784fec25b7a2e6e6aa60, vendor/compiler-rt/compiler-rt-r172839, vendor/acpica/20130117, vendor/libcxxrt/2013-01-11-b9db3a010143160624f123763025ab544b69bd9a, vendor/one-true-awk/20121220, vendor/acpica/20121220, vendor/sendmail/8.14.6 |
|
#
ad9789f6 |
| 23-Dec-2012 |
Konstantin Belousov <kib@FreeBSD.org> |
Do not force a writer to the devfs file to drain the buffer writes.
Requested and tested by: Ian Lepore <freebsd@damnhippie.dyndns.org> MFC after: 2 weeks
|
Revision tags: vendor/clang/clang-release_32-r170710, vendor/llvm/llvm-release_32-r170710, vendor/xz/5.0.4, vendor/NetBSD/mknod/20122112, vendor/NetBSD/mtree/20122112, zfs-0.6.0-rc13, vendor/bind9/9.6-ESV-R8, vendor/openbsm/1.2-ALPHA-3, vendor/NetBSD/libc-vis/20121214a, vendor/NetBSD/libc-vis/20121214, vendor/bind9/9.8.4-P1, vendor/bind9/9.8.4, vendor/less/v456, vendor/clang/clang-release_32-r168974, vendor/llvm/llvm-release_32-r168974, vendor/openbsm/1.2-ALPHA-2, release/9.1.0, vendor/libc++/r168853, vendor/NetBSD/bmake/20121111, vendor/acpica/20121114, zfs-0.6.0-rc12, vendor/tzdata/tzdata2012j, vendor/libc++/r167493, vendor/tzdata/tzdata2012i, vendor/less/v453, vendor/pciids/pciids-20121024, vendor/tzdata/tzdata2012h, vendor/NetBSD/bmake/20121010, vendor/netcat/5.2, vendor/libc++/r165949, vendor/tzdata/tzdata2012g, vendor/dialog/1.1-20120706, vendor/acpica/20121018 |
|
#
2e564269 |
| 18-Oct-2012 |
Attilio Rao <attilio@FreeBSD.org> |
Disconnect non-MPSAFE SMBFS from the build in preparation for dropping GIANT from VFS. In addition, disconnect also netsmb, which is a base requirement for SMBFS.
In the while SMBFS regular users ca
Disconnect non-MPSAFE SMBFS from the build in preparation for dropping GIANT from VFS. In addition, disconnect also netsmb, which is a base requirement for SMBFS.
In the while SMBFS regular users can use FUSE interface and smbnetfs port to work with their SMBFS partitions.
Also, there are ongoing efforts by vendor to support in-kernel smbfs, so there are good chances that it will get relinked once properly locked.
This is not targeted for MFC.
show more ...
|