#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1 |
|
#
d56bec7a |
| 25-May-2021 |
Aaron LI <aly@aaronly.me> |
devfs: Change typedef 'cdevpriv_dtr_t' to 'd_priv_dtor_t'
The original 'cdevpriv_dtr_t' typedef was not able to be used in a function prototype like the other d_xxx_t typedef's, because it declared
devfs: Change typedef 'cdevpriv_dtr_t' to 'd_priv_dtor_t'
The original 'cdevpriv_dtr_t' typedef was not able to be used in a function prototype like the other d_xxx_t typedef's, because it declared a function *pointer* rather than a function. This makes it useless outside the cdevpriv implementation.
Change the typedef to declare a function and rename it to 'd_priv_dtor_t', which is more consistent with other dev_ops methods, although it's not a direct member in the dev_ops struct.
Obtained-from: FreeBSD (revision 291653) URL: https://reviews.freebsd.org/D4340
show more ...
|
Revision tags: v6.0.0, v6.0.0rc1, v6.1.0 |
|
#
5bd45597 |
| 20-Mar-2021 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix /dev/fd/N and clean up the old dup error-code-driven path
* When opening /dev/fd/N, replicate the file pointer for descriptors that represent vnodes instead of dup()ing. This ensures
kernel - Fix /dev/fd/N and clean up the old dup error-code-driven path
* When opening /dev/fd/N, replicate the file pointer for descriptors that represent vnodes instead of dup()ing. This ensures that the seek offset and other fp-related elements are not shared unexpectedly.
* Refactor the open() path to allow dev_dopen() to replace the struct file by passing a struct file ** instead of a struct file *. This removes old error-code-based hacks.
* This fixes the shared seek position that fexecve() was operating with due to its use of /dev/fd/N for scripts.
Reported-by: aly
show more ...
|
Revision tags: v5.8.3, v5.8.2, v5.8.1 |
|
#
d147c943 |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an
kernel: Remove <sys/mutex.h> from all files that don't need it (2/2).
98% of these were remains from porting from FreeBSD which could have been removed after converting to lockmgr(), etc.
Due to an issue in my checking earlier, not everything was cleaned up correctly.
show more ...
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
#
fcf6efef |
| 02-Mar-2019 |
Sascha Wildner <saw@online.de> |
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to crit_enter()/crit_exit(), almost 14 years ago. We can now remove a good chunk of them agai
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to crit_enter()/crit_exit(), almost 14 years ago. We can now remove a good chunk of them again for where crit_*() are no longer used.
I had to adjust some files that were relying on thread2.h or headers that it includes coming in via other headers that it was removed from.
show more ...
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc, v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2 |
|
#
15130067 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass1.
* Uniformly use #if 0 to deactivate code instead of C comments.
* Move MODULE macros after struct declarations.
|
#
3b964699 |
| 22-Jan-2016 |
zrj <rimvydas.jasinskas@gmail.com> |
usb4bsd: Cleanup pass0.
* Adjust indentation, whitespace and typos.
|
Revision tags: v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3, v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5 |
|
#
dd681da6 |
| 12-Mar-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Som
usb - Update bus/u4b
* Update bus/u4b from FreeBSD to commit 3121e258c76aa, 10 March 2015, with the following commit message:
Lock softc before clearing bits.
* Some bits not updated. Some changes around the MSI handling work differently in DFly so I punted on that. And the serial/tty in FreeBSD is a bit different, particular this 'pps' stuff.
* Numerous bits of code currently conditionalized out use ABI features from FreeBSD, particularly RWTUN, which we do not yet have. Currently non-critical, we can fix these as the related code gets used (if the related code gets used).
Reviewed-by: Markus Pfeiffer
show more ...
|
Revision tags: v4.0.4, v4.0.3 |
|
#
141a761f |
| 08-Jan-2015 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Sync with FreeBSD r276791
|
Revision tags: v4.0.2 |
|
#
112c575c |
| 28-Dec-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
u4b - implement usb_filter_write(), fix issues w/apcupsd
* Implement usb_filter_write() (poll, kqueue).
* This fixes a live loop in apcupsd when it is configured to talk to the UPS over a usb por
u4b - implement usb_filter_write(), fix issues w/apcupsd
* Implement usb_filter_write() (poll, kqueue).
* This fixes a live loop in apcupsd when it is configured to talk to the UPS over a usb port.
show more ...
|
Revision tags: v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0 |
|
#
d3fc961d |
| 14-Sep-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Fix race condition in usb_dev
The usb_filter_detach was racing the read fifo wakeup notification.
|
Revision tags: v3.8.2 |
|
#
3f28c275 |
| 29-Jul-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: set D_MPSAFE for usb devices (static)
|
#
7d2c8674 |
| 29-Jul-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: set D_MPSAFE for usb devices
|
Revision tags: v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2 |
|
#
223fe8f3 |
| 10-Mar-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Remove irritating kprintf
|
#
4bcecc80 |
| 10-Mar-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
usb4bsd - Fix poll/select/kqfilter issues with ums and usb_fifo*() API
* Fix handling of f->flag_isselect. It was being improperly cleared on event notification. It can only be cleared when the
usb4bsd - Fix poll/select/kqfilter issues with ums and usb_fifo*() API
* Fix handling of f->flag_isselect. It was being improperly cleared on event notification. It can only be cleared when the knote is removed.
* Call f->methods->f_start_read() unconditionally in usb_filter_read(). Conditionalizing on f->queue_data will fail with devices (aka ums) which allocate the buffer independantly of starting the interrupt xfer.
* Call usb_fifo_wakeup() in mbuf re-queue cases to handle races when the read() code pulls an mbuf off the queue and then puts it back on.
* Fix bugs in UMS - Keep track of whether the interrupt transfer is running or not and do not re-submit or re-stop the transfer unconditionally.
show more ...
|
#
a6ea9830 |
| 09-Mar-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: usb_dev kqfilter
* implement a working kqfilter * integrate some FreeBSD patches
|
#
8544056d |
| 28-Feb-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: Implement kqfilter for usb_dev
|
Revision tags: v3.6.1 |
|
#
b74dd9e7 |
| 19-Feb-2014 |
Sascha Wildner <saw@online.de> |
kernel/usb4bsd: Use the standard __func__ for function names.
|
#
70ccf487 |
| 18-Feb-2014 |
Johannes Hofmann <johannes.hofmann@gmx.de> |
usb4bsd: make u4b compile with USB_DEBUG
|
#
b5427f7a |
| 19-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
kern/usb4bsd: update usb_dev.c kqfilter code
|
#
dd20b19f |
| 14-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: remove debug kprintfs
|
#
bda0a06b |
| 14-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
usb4bsd: remove merge artifact
|
#
ce486e08 |
| 14-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Apply patches to enable get/set_cdevpriv
|
#
ccb00b06 |
| 08-Jan-2014 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Hack fixes for EHCI issues in U4B
* These changes fix several issues with the U4B EHCI. Insertion and Removal events through hubs no longer crash the controller and/or the machine. And
kernel - Hack fixes for EHCI issues in U4B
* These changes fix several issues with the U4B EHCI. Insertion and Removal events through hubs no longer crash the controller and/or the machine. And heavy bulk traffic no longer crashes the controller or has weird failures. Probing works more reliably as well.
* The main problem is the U4B design for QH/TD descriptors. It allocates and frees them with the xfer. For the EHCI controller it rips out the QH's from the chain and doesn't do the right interactions with the controller to ensure that the controller is not still iterating through the chain.
It is possible for the controller to wind up iterating through a long chain of removed (finished or timed-out) QH's. If any of them are kfree()'d or free/reallocated/reused before their time, BOOM! The controller can chain right through into random memory and blow up.
* The first hack is to delay kfree()ing the xfer rollup buffer. I just threw in a 256-slot delay. I'm not even doing it right (it isn't time-based or doorbell-based). Note that linux uses the doorbell-based method, where the structures are left intact until the next doorbell interrupt.
* The second hack is to issue doorbells (EHCI_CMD_IAAD) after every new transfer is queued and after each transfer is removed. The doorbell is PARTICULARLY important after a removal, because the controller can wind up sitting on a removed QH indefinitely otherwise.
Removed chains can cause the controller to miss newly added chains, thus the doorbell is needed for that reason as well.
Also reorder the cpu flushes a little when coding the above.
* Add numerous new structural fields and assertions to ensure that the EHCI code doesn't try to remove requests from HW that were never queued to HW. The U4B API's are *VERY* loose in this regard so I added a double check.
* DragonFly: The ugen*.* devices need a dev d_open and d_close routine. Our default d_open/d_close is not the same as FreeBSD's.
* Fix a major bug in usb_open() where the 'cpd' structure can get lost if multiple open()'s occur on the same ugen device.
Allow multiple opens as long as the permissions are the same. This is really a hack to fix an issue where 'usbconfig list' opens ugen0.1 twice (i.e. has two open descriptors on the same device).
Also properly NULL-out dev->si_drv2 on (last) close.
* Replace two cv_signal/cv_wait calls with wakeup/lksleep, and place a timeout on the lksleep loop because the two places in question have a SMP race which the locks don't handle. Basically the callback is made BEFORE all the conditions potentially preventing an xfer from being flagged as completed are met, so the cv_signal() was waking up the waiter potentially before its time (and the lock is not held through the whole thing so it doesn't interlock the race).
* In usbd_req_get_desc() reload the req fresh on each loop.
* In usbd_req_get_desc() increase the timeout from 0.5 seconds to 1 second.
show more ...
|
#
2b93c392 |
| 07-Jan-2014 |
Markus Pfeiffer <markus.pfeiffer@morphism.de> |
Fix some spillage from the sync
|