PERFORCE change 169165 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Fri Oct 2 22:34:34 UTC 2009
http://perforce.freebsd.org/chv.cgi?CH=169165
Change 169165 by trasz at trasz_victim on 2009/10/02 22:34:12
IFC.
Affected files ...
.. //depot/projects/soc2009/trasz_limits/etc/rc.d/routing#5 integrate
.. //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#15 integrate
.. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#8 integrate
.. //depot/projects/soc2009/trasz_limits/sys/kern/uipc_socket.c#11 integrate
.. //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#8 integrate
.. //depot/projects/soc2009/trasz_limits/tools/regression/mmap/mmap.c#2 integrate
Differences ...
==== //depot/projects/soc2009/trasz_limits/etc/rc.d/routing#5 (text+ko) ====
@@ -2,7 +2,7 @@
#
# Configure routing and miscellaneous network tunables
#
-# $FreeBSD: src/etc/rc.d/routing,v 1.151 2009/10/02 02:28:59 hrs Exp $
+# $FreeBSD: src/etc/rc.d/routing,v 1.152 2009/10/02 20:19:53 hrs Exp $
#
# PROVIDE: routing
@@ -13,26 +13,80 @@
. /etc/network.subr
name="routing"
-start_cmd="routing_start"
+start_cmd="routing_start doall"
stop_cmd="routing_stop"
extra_commands="options static"
-static_cmd="static_start"
-options_cmd="options_start"
+static_cmd="routing_start static"
+options_cmd="routing_start options"
+
+afcheck()
+{
+ case $_af in
+ ""|inet|inet6|ipx|atm)
+ ;;
+ *)
+ err 1 "Unsupported address family: $_af."
+ ;;
+ esac
+}
routing_start()
{
- static_start "$@"
- options_start "$@"
+ local _cmd _af _a
+ _cmd=$1
+ _af=$2
+
+ afcheck
+
+ case $_af in
+ inet|inet6|ipx|atm)
+ setroutes $_cmd $_af
+ ;;
+ "")
+ for _a in inet inet6 ipx atm; do
+ afexists $_a && setroutes $_cmd $_a
+ done
+ ;;
+ esac
+ [ -n "${_ropts_initdone}" ] && echo '.'
}
routing_stop()
{
- local _af
+ local _af _a
+ _af=$1
+
+ afcheck
+
+ case $_af in
+ inet|inet6|ipx|atm)
+ eval static_${_af} delete
+ eval routing_stop_${_af}
+ ;;
+ "")
+ for _a in inet inet6 ipx atm; do
+ afexists $_a || continue
+ eval static_${_a} delete
+ eval routing_stop_${_a}
+ done
+ ;;
+ esac
+}
- static_stop "$@"
- for _af in inet inet6; do
- afexists ${_af} && eval routing_stop_${_af}
- done
+setroutes()
+{
+ case $1 in
+ static)
+ static_$2 add
+ ;;
+ options)
+ options_$2
+ ;;
+ doall)
+ static_$2 add
+ options_$2
+ ;;
+ esac
}
routing_stop_inet()
@@ -50,47 +104,16 @@
done
}
-static_start()
+routing_stop_atm()
{
- local _af
- _af=$1
-
- case ${_af} in
- inet|inet6|atm)
- do_static add ${_af}
- ;;
- "")
- do_static add inet inet6 atm
- ;;
- esac
+ return 0
}
-static_stop()
+routing_stop_ipx()
{
- local _af
- _af=$1
-
- case ${_af} in
- inet|inet6|atm)
- do_static delete ${_af}
- ;;
- "")
- do_static delete inet inet6 atm
- ;;
- esac
+ return 0
}
-do_static()
-{
- local _af _action
- _action=$1
-
- shift
- for _af in "$@"; do
- afexists ${_af} && eval static_${_af} ${_action}
- done
-}
-
static_inet()
{
local _action
@@ -233,6 +256,10 @@
fi
}
+static_ipx()
+{
+}
+
_ropts_initdone=
ropts_init()
{
@@ -242,16 +269,6 @@
fi
}
-options_start()
-{
- local _af
-
- for _af in inet inet6 ipx; do
- afexists ${_af} && eval options_${_af}
- done
- [ -n "${_ropts_initdone}" ] && echo '.'
-}
-
options_inet()
{
if checkyesno icmp_bmcastecho; then
@@ -322,6 +339,10 @@
fi
}
+options_atm()
+{
+}
+
options_ipx()
{
if checkyesno ipxgateway_enable; then
==== //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#15 (text+ko) ====
@@ -42,7 +42,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/init_main.c,v 1.305 2009/10/01 10:53:12 avg Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/init_main.c,v 1.306 2009/10/02 17:48:51 bz Exp $");
#include "opt_ddb.h"
#include "opt_init_path.h"
@@ -510,6 +510,11 @@
pmap_pinit0(vmspace_pmap(&vmspace0));
p->p_vmspace = &vmspace0;
vmspace0.vm_refcnt = 1;
+
+ /*
+ * proc0 is not expected to enter usermode, so there is no special
+ * handling for sv_minuser here, like is done for exec_new_vmspace().
+ */
vm_map_init(&vmspace0.vm_map, p->p_sysent->sv_minuser,
p->p_sysent->sv_maxuser);
vmspace0.vm_map.pmap = vmspace_pmap(&vmspace0);
==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#8 (text+ko) ====
@@ -25,7 +25,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.338 2009/09/09 10:52:36 kib Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.339 2009/10/02 17:48:51 bz Exp $");
#include "opt_hwpmc_hooks.h"
#include "opt_kdtrace.h"
@@ -122,6 +122,11 @@
SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW,
&ps_arg_cache_limit, 0, "");
+static int map_at_zero = 0;
+TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero);
+SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0,
+ "Permit processes to map an object at virtual address 0.");
+
static int
sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS)
{
@@ -1002,7 +1007,7 @@
int error;
struct proc *p = imgp->proc;
struct vmspace *vmspace = p->p_vmspace;
- vm_offset_t stack_addr;
+ vm_offset_t sv_minuser, stack_addr;
vm_map_t map;
u_long ssiz;
@@ -1018,13 +1023,17 @@
* not disrupted
*/
map = &vmspace->vm_map;
- if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser &&
+ if (map_at_zero)
+ sv_minuser = sv->sv_minuser;
+ else
+ sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE);
+ if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser &&
vm_map_max(map) == sv->sv_maxuser) {
shmexit(vmspace);
pmap_remove_pages(vmspace_pmap(vmspace));
vm_map_remove(map, vm_map_min(map), vm_map_max(map));
} else {
- error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser);
+ error = vmspace_exec(p, sv_minuser, sv->sv_maxuser);
if (error)
return (error);
vmspace = p->p_vmspace;
==== //depot/projects/soc2009/trasz_limits/sys/kern/uipc_socket.c#11 (text+ko) ====
@@ -95,7 +95,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/kern/uipc_socket.c,v 1.344 2009/09/15 22:23:45 andre Exp $");
+__FBSDID("$FreeBSD: src/sys/kern/uipc_socket.c,v 1.345 2009/10/02 21:31:15 rwatson Exp $");
#include "opt_inet.h"
#include "opt_inet6.h"
@@ -970,9 +970,6 @@
* must use a signed comparison of space and resid. On the other
* hand, a negative resid causes us to loop sending 0-length
* segments to the protocol.
- *
- * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM
- * type sockets since that's an error.
*/
if (resid < 0) {
error = EINVAL;
==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#8 (text+ko) ====
@@ -41,7 +41,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/vm/vm_mmap.c,v 1.235 2009/09/27 14:49:51 simon Exp $");
+__FBSDID("$FreeBSD: src/sys/vm/vm_mmap.c,v 1.236 2009/10/02 17:51:46 bz Exp $");
#include "opt_compat.h"
#include "opt_hwpmc_hooks.h"
@@ -97,14 +97,6 @@
"Maximum number of memory-mapped files per process");
/*
- * 'mmap_zero' determines whether or not MAP_FIXED mmap() requests for
- * virtual address zero are permitted.
- */
-static int mmap_zero;
-SYSCTL_INT(_security_bsd, OID_AUTO, mmap_zero, CTLFLAG_RW, &mmap_zero, 0,
- "Processes may map an object at virtual address zero");
-
-/*
* Set the maximum number of vm_map_entry structures per process. Roughly
* speaking vm_map_entry structures are tiny, so allowing them to eat 1/100
* of our KVM malloc space still results in generous limits. We want a
@@ -277,13 +269,6 @@
if (addr & PAGE_MASK)
return (EINVAL);
- /*
- * Mapping to address zero is only permitted if
- * mmap_zero is enabled.
- */
- if (addr == 0 && !mmap_zero)
- return (EINVAL);
-
/* Address range must be all in user VM space. */
if (addr < vm_map_min(&vms->vm_map) ||
addr + size > vm_map_max(&vms->vm_map))
==== //depot/projects/soc2009/trasz_limits/tools/regression/mmap/mmap.c#2 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/tools/regression/mmap/mmap.c,v 1.1 2009/09/27 21:03:33 bz Exp $
+ * $FreeBSD: src/tools/regression/mmap/mmap.c,v 1.2 2009/10/02 17:53:48 bz Exp $
*/
#include <sys/param.h>
@@ -36,7 +36,7 @@
const struct tests {
void *addr;
- int ok[2]; /* Depending on security.bsd.mmap_zero {0, !=0}. */
+ int ok[2]; /* Depending on security.bsd.map_at_zero {0, !=0}. */
} tests[] = {
{ (void *)0, { 0, 1 } }, /* Test sysctl. */
{ (void *)1, { 0, 0 } },
@@ -54,37 +54,37 @@
{
void *p;
size_t len;
- int i, error, mib[3], mmap_zero;
+ int i, error, mib[3], map_at_zero;
error = 0;
- /* Get the current sysctl value of security.bsd.mmap_zero. */
+ /* Get the current sysctl value of security.bsd.map_at_zero. */
len = sizeof(mib) / sizeof(*mib);
- if (sysctlnametomib("security.bsd.mmap_zero", mib, &len) == -1)
- err(1, "sysctlnametomib(security.bsd.mmap_zero)");
+ if (sysctlnametomib("security.bsd.map_at_zero", mib, &len) == -1)
+ err(1, "sysctlnametomib(security.bsd.map_at_zero)");
- len = sizeof(mmap_zero);
- if (sysctl(mib, 3, &mmap_zero, &len, NULL, 0) == -1)
- err(1, "sysctl(security.bsd.mmap_zero)");
+ len = sizeof(map_at_zero);
+ if (sysctl(mib, 3, &map_at_zero, &len, NULL, 0) == -1)
+ err(1, "sysctl(security.bsd.map_at_zero)");
/* Normalize to 0 or 1 for array access. */
- mmap_zero = !!mmap_zero;
+ map_at_zero = !!map_at_zero;
for (i=0; i < (sizeof(tests) / sizeof(*tests)); i++) {
p = mmap((void *)tests[i].addr, PAGE_SIZE,
PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_FIXED,
-1, 0);
if (p == MAP_FAILED) {
- if (tests[i].ok[mmap_zero] != 0)
+ if (tests[i].ok[map_at_zero] != 0)
error++;
warnx("%s: mmap(%p, ...) failed.",
- (tests[i].ok[mmap_zero] == 0) ? "OK " : "ERR",
+ (tests[i].ok[map_at_zero] == 0) ? "OK " : "ERR",
tests[i].addr);
} else {
- if (tests[i].ok[mmap_zero] != 1)
+ if (tests[i].ok[map_at_zero] != 1)
error++;
warnx("%s: mmap(%p, ...) succeeded: p=%p",
- (tests[i].ok[mmap_zero] == 1) ? "OK " : "ERR",
+ (tests[i].ok[map_at_zero] == 1) ? "OK " : "ERR",
tests[i].addr, p);
}
}
More information about the p4-projects
mailing list