kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-onl

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-only.

int sy_call_t (void *);
int sy_call_t (struct sysmsg *sysmsg, const void *);

* System calls with 6 arguments or less no longer need to copy
the arguments from the trapframe to a holding structure. Instead,
we simply point into the trapframe.

The L1 cache footprint will be a bit smaller, but in simple tests
the results are not noticably faster... maybe 1ns or so
(roughly 1%).

show more ...

kernel/vinum: Fix panic when vinum was loaded twice.

Occurred when it was both compiled into the kernel and in loader.conf
at the same time.

Reported-by: CuteLarva (on IRC)

kernel: Add 'static' to some function definitions.

The declarations already have it, so no functional difference.

kernel - Improve physio performance

* See http://apollo.backplane.com/DFlyMisc/nvme_sys03.txt

* Hash the pbuf system. This chops down spin-lock collisions
at high transaction rates (>150K IOPS)

kernel - Improve physio performance

* See http://apollo.backplane.com/DFlyMisc/nvme_sys03.txt

* Hash the pbuf system. This chops down spin-lock collisions
at high transaction rates (>150K IOPS) by 1000x.

* Implement a pbuf with pre-allocated kernel memory that we
copy into, avoiding page table manipulations and thus
avoiding system-wide invltlb/invlpg IPIs.

* This increases NVMe IOPS tests with three cards from
150K-200K IOPS to 950K IOPS using physio (random read,
4K blocks, from urandom-filled partition, with many
process threads, from 3 NVMe cards in parallel).

* Further adjustments to the vkernel build.

show more ...

Remove some emacs variable settings.

kernel: Remove unneeded #include <sys/devicestat.h> in disk/RAID drivers.

kernel: Remove two more major numbers.

kernel: Use NULL for pointers.

vinum(4): Remove some casts to union and solve it in standard C.

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.

VINUM - Fix reinitialization bug

* If the vinum config is destroyed vinum_conf is zerod, which
unfortunately wipes out the pbuf counter.

Generally refactor the vinum_conf init code into its own

VINUM - Fix reinitialization bug

* If the vinum config is destroyed vinum_conf is zerod, which
unfortunately wipes out the pbuf counter.

Generally refactor the vinum_conf init code into its own procedure.

show more ...

DEVFS - Refactor vinum to operate with devfs

* vinum now accepts devtab labels and device paths (such as serial numbers)
in drive specifications. Note that devtab labels will be convreted to
de

DEVFS - Refactor vinum to operate with devfs

* vinum now accepts devtab labels and device paths (such as serial numbers)
in drive specifications. Note that devtab labels will be convreted to
device serial numbers in the on-disk configuration.

* vinum now creates and destroys its own devices via DEVFS.

* Fix some buf/bio issues related to recent buf/bio work. bio_done is
required for ad-hoc buffers such as the kind vinum uses, and also
required for any synchronous IO.

* Remove adhoc device associations. Instead store the device returned
by make_dev() in appropriate internal structures.

show more ...

DEVTAG - Add devtab suppor for disklabel, disklabel64, and fdisk

DEVFS - remove dev_ops_add(), dev_ops_get(), and get_dev()

DEVFS - Bring in Alex's GSOC kernel adjustments.

This is a rollup commit bringing in Alex Hornung's GSOC adjustments
to the main kernel codebase for DEVFS.

Submitted-by: Alex Hornung <ahornung@gmai

DEVFS - Bring in Alex's GSOC kernel adjustments.

This is a rollup commit bringing in Alex Hornung's GSOC adjustments
to the main kernel codebase for DEVFS.

Submitted-by: Alex Hornung <ahornung@gmail.com>

show more ...

suser_* to priv_* conversion

* The diskslice abstraction now stores offsets/sizes as 64 bit quantities.
(NOTE: DOS partition tables and standard disklabels can't handle 64 bit
sector numbers yet). For future pluggable diskl

* The diskslice abstraction now stores offsets/sizes as 64 bit quantities.
(NOTE: DOS partition tables and standard disklabels can't handle 64 bit
sector numbers yet). For future pluggable disklabel/partitioning schemes.

* The kernel panic / kernel core API is now 64 bits.

* The VN device now uses 64 bit sector numbers and can handle block devices
up to what is supported by the filesystem (typically 8TB). This change
was made primarily so we can test future disklabel / partition table
support.

* Pass 64 bit LBAs to various block devices and to the SCSI layer.

* Check for and assert 32 bit overflow conditions in various places, instead
of wrapping.

show more ...

re-add vinumsize, so that vinum volumes can be used to swap on

Change the kernel dev_t, representing a pointer to a specinfo structure,
to cdev_t. Change struct specinfo to struct cdev. The name 'cdev' was taken
from FreeBSD. Remove the dev_t shim for the ker

Change the kernel dev_t, representing a pointer to a specinfo structure,
to cdev_t. Change struct specinfo to struct cdev. The name 'cdev' was taken
from FreeBSD. Remove the dev_t shim for the kernel.

This commit generally removes the overloading of 'dev_t' between userland and
the kernel.

Also fix a bug in libkvm where a kernel dev_t (now cdev_t) was not being
properly converted to a userland dev_t.

show more ...

Rename malloc->kmalloc, free->kfree, and realloc->krealloc. Pass 2

Rename malloc->kmalloc, free->kfree, and realloc->krealloc. Pass 1

Rename functions to avoid conflicts with libc.

MASSIVE reorganization of the device operations vector. Change cdevsw
to dev_ops. dev_ops is a syslink-compatible operations vector structure
similar to the vop_ops structure used by vnodes.

Remov

MASSIVE reorganization of the device operations vector. Change cdevsw
to dev_ops. dev_ops is a syslink-compatible operations vector structure
similar to the vop_ops structure used by vnodes.

Remove a huge number of instances where a thread pointer is still being
passed as an argument to various device ops and other related routines.
The device OPEN and IOCTL calls now take a ucred instead of a thread pointer,
and the CLOSE call no longer takes a thread pointer.

show more ...

Use pbufs instead of ebufs.

Submitted-by: "Simon 'corecode' Schubert" <corecode@fs.ei.tum.de>