PERFORCE change 15361 for review
Robert Watson
rwatson at freebsd.org
Thu Aug 1 02:19:26 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15361
Change 15361 by rwatson at rwatson_paprika on 2002/07/31 19:18:47
Integ the TrustedBSD base branch from the main FreeBSD tree
to pick up recent changes, including many MAC commits.
Affected files ...
.. //depot/projects/trustedbsd/base/lib/libstand/nfs.c#4 integrate
.. //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#33 integrate
.. //depot/projects/trustedbsd/base/sbin/ipfw/ipfw2.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/exception.s#4 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/genassym.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/machdep.c#13 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/sys_machdep.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/trap.c#13 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/alpha/vm_machdep.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/include/proc.h#4 integrate
.. //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_signal.c#6 integrate
.. //depot/projects/trustedbsd/base/sys/boot/common/dev_net.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files#26 integrate
.. //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_eisa.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_pci.c#3 integrate
.. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.h#5 integrate
.. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs_mac.c#1 branch
.. //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.h#7 integrate
.. //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_acl.c#10 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_ktrace.c#8 integrate
.. //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#13 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_lookup.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#21 integrate
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/ahc_eisa/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/ahc_pci/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahd/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/aicasm/Makefile#1 branch
.. //depot/projects/trustedbsd/base/sys/modules/if_ppp/Makefile#3 integrate
.. //depot/projects/trustedbsd/base/sys/modules/if_tun/Makefile#3 integrate
.. //depot/projects/trustedbsd/base/sys/modules/procfs/Makefile#4 integrate
.. //depot/projects/trustedbsd/base/sys/modules/pseudofs/Makefile#2 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/tcp_input.c#15 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/tcp_output.c#8 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/tcp_subr.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/tcp_syncache.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/pccard/pccard_nbk.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/pci/if_vr.c#6 integrate
.. //depot/projects/trustedbsd/base/sys/pci/if_vrreg.h#2 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/sparc64/cache.c#8 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/sparc64/pmap.c#18 integrate
Differences ...
==== //depot/projects/trustedbsd/base/lib/libstand/nfs.c#4 (text+ko) ====
@@ -29,7 +29,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libstand/nfs.c,v 1.9 2002/07/07 23:01:36 jake Exp $");
+__FBSDID("$FreeBSD: src/lib/libstand/nfs.c,v 1.10 2002/07/31 20:17:06 jake Exp $");
#include <sys/param.h>
#include <sys/time.h>
@@ -387,10 +387,14 @@
{
struct iodesc *desc;
struct nfs_iodesc *currfd;
+ char buf[2 * NFS_FHSIZE + 3];
+ u_char *fh;
+ char *cp;
+ int i;
#ifndef NFS_NOSYMLINK
struct nfs_iodesc *newfd;
struct nfsv2_fattrs *fa;
- char *cp, *ncp;
+ char *ncp;
int c;
char namebuf[NFS_MAXPATHLEN + 1];
char linkbuf[NFS_MAXPATHLEN + 1];
@@ -422,6 +426,16 @@
return (error);
nfs_root_node.iodesc = desc;
+ fh = &nfs_root_node.fh[0];
+ buf[0] = 'X';
+ cp = &buf[1];
+ for (i = 0; i < NFS_FHSIZE; i++, cp += 2)
+ sprintf(cp, "%02x", fh[i]);
+ sprintf(cp, "X");
+ setenv("boot.nfsroot.server", inet_ntoa(rootip), 1);
+ setenv("boot.nfsroot.path", rootpath, 1);
+ setenv("boot.nfsroot.nfshandle", buf, 1);
+
#ifndef NFS_NOSYMLINK
/* Fake up attributes for the root dir. */
fa = &nfs_root_node.fa;
==== //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#33 (text+ko) ====
@@ -3,7 +3,7 @@
<corpauthor>The FreeBSD Project</corpauthor>
- <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.400 2002/07/31 16:13:59 bmah Exp $</pubdate>
+ <pubdate>$FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.401 2002/07/31 20:09:07 bmah Exp $</pubdate>
<copyright>
<year>2000</year>
@@ -1951,6 +1951,14 @@
url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32</ulink>.
&merged;</para>
+ <para>Multiple buffer overflows in
+ <application>OpenSSL</application> have been corrected, by way
+ of an upgrade to the base system version of
+ <application>OpenSSL</application>. More details can be found
+ in security advisory <ulink
+ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:33.openssl.asc">FreeBSD-SA-02:33</ulink>.
+ &merged;</para>
+
</sect2>
<sect2 id="userland">
==== //depot/projects/trustedbsd/base/sbin/ipfw/ipfw2.c#3 (text+ko) ====
@@ -17,7 +17,7 @@
*
* NEW command line interface for IP firewall facility
*
- * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.4 2002/07/13 15:57:23 luigi Exp $
+ * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.6 2002/07/31 22:42:08 luigi Exp $
*/
#include <sys/param.h>
@@ -996,7 +996,7 @@
printf(" iplen %u", cmd->arg1 );
break;
- case O_IPOPTS:
+ case O_IPOPT:
print_flags("ipoptions", cmd, f_ipopts);
break;
@@ -1569,9 +1569,7 @@
d = (u_int32_t *)&cmd->mask;
cmd->o.opcode = O_IP_DST_SET; /* default */
cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32) + (cmd->o.arg1+31)/32;
- fprintf(stderr,"-- set size %d cmdlen %d\n",
- cmd->o.arg1, cmd->o.len );
- for (i = 0; i < cmd->o.arg1/32 ; i++)
+ for (i = 0; i < (cmd->o.arg1+31)/32 ; i++)
d[i] = 0; /* clear masks */
av = p+1;
@@ -2170,7 +2168,7 @@
* various flags used to record that we entered some fields.
*/
int have_mac = 0; /* set if we have a MAC address */
- int have_state = 0; /* check-state or keep-state */
+ ipfw_insn *have_state = NULL; /* check-state or keep-state */
int i;
@@ -2219,7 +2217,7 @@
action->len = 1; /* default */
switch(i) {
case TOK_CHECKSTATE:
- have_state = 1;
+ have_state = action;
action->opcode = O_CHECK_STATE;
break;
@@ -2344,10 +2342,8 @@
cmd = next_cmd(cmd);
}
- if (have_state) {
- have_state = 0;
+ if (have_state) /* must be a check-state, we are done */
goto done;
- }
#define OR_START(target) \
if (ac && (*av[0] == '(' || *av[0] == '{')) { \
@@ -2610,13 +2606,13 @@
case TOK_IPOPTS:
NEED1("missing argument for ipoptions");
- fill_flags(cmd, O_IPOPTS, f_ipopts, *av);
+ fill_flags(cmd, O_IPOPT, f_ipopts, *av);
ac--; av++;
break;
case TOK_IPTOS:
NEED1("missing argument for iptos");
- fill_flags(cmd, O_IPOPTS, f_iptos, *av);
+ fill_flags(cmd, O_IPTOS, f_iptos, *av);
ac--; av++;
break;
@@ -2697,17 +2693,18 @@
case TOK_KEEPSTATE:
if (have_state)
- errx(EX_USAGE, "only one of check-state "
+ errx(EX_USAGE, "only one of keep-state "
"and limit is allowed");
- have_state = 1;
+ have_state = cmd;
fill_cmd(cmd, O_KEEP_STATE, 0, 0);
break;
case TOK_LIMIT:
NEED1("limit needs mask and # of connections");
if (have_state)
- errx(EX_USAGE, "only one of check-state "
+ errx(EX_USAGE, "only one of keep-state "
"and limit is allowed");
+ have_state = cmd;
{
ipfw_insn_limit *c = (ipfw_insn_limit *)cmd;
@@ -2730,7 +2727,6 @@
if (c->limit_mask == 0)
errx(EX_USAGE, "missing limit mask");
ac--; av++;
- have_state = 1;
}
break;
@@ -2756,23 +2752,36 @@
/*
* generate O_PROBE_STATE if necessary
*/
- if (have_state) {
+ if (have_state && have_state->opcode != O_CHECK_STATE) {
fill_cmd(dst, O_PROBE_STATE, 0, 0);
dst = next_cmd(dst);
}
/*
- * copy all commands but O_LOG
+ * copy all commands but O_LOG, O_KEEP_STATE, O_LIMIT
*/
for (src = (ipfw_insn *)cmdbuf; src != cmd; src += i) {
i = F_LEN(src);
- if (src->opcode != O_LOG) {
+ switch (src->opcode) {
+ case O_LOG:
+ case O_KEEP_STATE:
+ case O_LIMIT:
+ break;
+ default:
bcopy(src, dst, i * sizeof(u_int32_t));
dst += i;
}
}
/*
+ * put back the have_state command as last opcode
+ */
+ if (have_state) {
+ i = F_LEN(have_state);
+ bcopy(have_state, dst, i * sizeof(u_int32_t));
+ dst += i;
+ }
+ /*
* start action section
*/
rule->act_ofs = dst - rule->cmd;
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/exception.s#4 (text+ko) ====
@@ -24,7 +24,7 @@
* any improvements or extensions that they make and grant Carnegie the
* rights to redistribute these changes.
* $NetBSD: locore.s,v 1.47 1998/03/22 07:26:32 thorpej Exp $
- * $FreeBSD: src/sys/alpha/alpha/exception.s,v 1.15 2002/03/29 16:35:25 jake Exp $
+ * $FreeBSD: src/sys/alpha/alpha/exception.s,v 1.16 2002/07/31 19:37:02 jhb Exp $
*/
#include <machine/asm.h>
@@ -151,7 +151,7 @@
/* set the hae register if this process has specified a value */
ldq t1, TD_MD_FLAGS(s0)
- and t1, MDP_HAEUSED
+ and t1, MDTD_HAEUSED
beq t1, 3f
ldq a0, TD_MD_HAE(s0)
ldq pv, chipset + CHIPSET_WRITE_HAE
@@ -302,7 +302,7 @@
Lrestoreregs:
/* set the hae register if this process has specified a value */
ldq t1, TD_MD_FLAGS(s0)
- and t1, MDP_HAEUSED
+ and t1, MDTD_HAEUSED
beq t1, Lnohae
ldq a0, TD_MD_HAE(t0)
ldq pv, chipset + CHIPSET_WRITE_HAE
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/genassym.c#7 (text+ko) ====
@@ -34,7 +34,7 @@
* SUCH DAMAGE.
*
* from: @(#)genassym.c 5.11 (Berkeley) 5/10/91
- * $FreeBSD: src/sys/alpha/alpha/genassym.c,v 1.39 2002/07/12 18:34:21 jhb Exp $
+ * $FreeBSD: src/sys/alpha/alpha/genassym.c,v 1.40 2002/07/31 19:37:02 jhb Exp $
*/
#include <sys/param.h>
@@ -92,7 +92,7 @@
#ifdef SMP
ASSYM(TD_MD_KERNNEST, offsetof(struct thread, td_md.md_kernnest));
#endif
-ASSYM(MDP_HAEUSED, MDP_HAEUSED);
+ASSYM(MDTD_HAEUSED, MDTD_HAEUSED);
ASSYM(CHIPSET_WRITE_HAE, offsetof(struct alpha_chipset, write_hae));
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/machdep.c#13 (text+ko) ====
@@ -23,7 +23,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/alpha/alpha/machdep.c,v 1.179 2002/04/17 13:06:32 mux Exp $
+ * $FreeBSD: src/sys/alpha/alpha/machdep.c,v 1.180 2002/07/31 19:37:02 jhb Exp $
*/
/*-
* Copyright (c) 1998 The NetBSD Foundation, Inc.
@@ -1209,7 +1209,7 @@
/* save the floating-point state, if necessary, then copy it. */
alpha_fpstate_save(td, 1); /* XXX maybe write=0 */
- ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDP_FPUSED;
+ ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDTD_FPUSED;
bcopy(&td->td_pcb->pcb_fp, (struct fpreg *)ksi.si_sc.sc_fpregs,
sizeof(struct fpreg));
ksi.si_sc.sc_fp_control = td->td_pcb->pcb_fp_control;
@@ -1332,7 +1332,7 @@
#endif
/* save the floating-point state, if necessary, then copy it. */
alpha_fpstate_save(td, 1);
- sf.sf_uc.uc_mcontext.mc_ownedfp = td->td_md.md_flags & MDP_FPUSED;
+ sf.sf_uc.uc_mcontext.mc_ownedfp = td->td_md.md_flags & MDTD_FPUSED;
bcopy(&td->td_pcb->pcb_fp,
(struct fpreg *)sf.sf_uc.uc_mcontext.mc_fpregs,
sizeof(struct fpreg));
@@ -1606,7 +1606,7 @@
tfp->tf_regs[FRAME_T12] = tfp->tf_regs[FRAME_PC]; /* a.k.a. PV */
tfp->tf_regs[FRAME_FLAGS] = 0; /* full restore */
- td->td_md.md_flags &= ~MDP_FPUSED;
+ td->td_md.md_flags &= ~MDTD_FPUSED;
alpha_fpstate_drop(td);
}
@@ -1720,13 +1720,13 @@
int
ptrace_clear_single_step(struct thread *td)
{
- if (td->td_md.md_flags & MDP_STEP2) {
+ if (td->td_md.md_flags & MDTD_STEP2) {
ptrace_clear_bpt(td, &td->td_md.md_sstep[1]);
ptrace_clear_bpt(td, &td->td_md.md_sstep[0]);
- td->td_md.md_flags &= ~MDP_STEP2;
- } else if (td->td_md.md_flags & MDP_STEP1) {
+ td->td_md.md_flags &= ~MDTD_STEP2;
+ } else if (td->td_md.md_flags & MDTD_STEP1) {
ptrace_clear_bpt(td, &td->td_md.md_sstep[0]);
- td->td_md.md_flags &= ~MDP_STEP1;
+ td->td_md.md_flags &= ~MDTD_STEP1;
}
return 0;
}
@@ -1740,7 +1740,7 @@
vm_offset_t addr[2]; /* places to set breakpoints */
int count = 0; /* count of breakpoints */
- if (td->td_md.md_flags & (MDP_STEP1|MDP_STEP2))
+ if (td->td_md.md_flags & (MDTD_STEP1|MDTD_STEP2))
panic("ptrace_single_step: step breakpoints not removed");
error = ptrace_read_int(td, pc, &ins.bits);
@@ -1793,9 +1793,9 @@
ptrace_clear_bpt(td, &td->td_md.md_sstep[0]);
return error;
}
- td->td_md.md_flags |= MDP_STEP2;
+ td->td_md.md_flags |= MDTD_STEP2;
} else
- td->td_md.md_flags |= MDP_STEP1;
+ td->td_md.md_flags |= MDTD_STEP1;
return 0;
}
@@ -2132,7 +2132,7 @@
SET_FEN(td);
}
- td->td_md.md_flags |= MDP_FPUSED;
+ td->td_md.md_flags |= MDTD_FPUSED;
intr_restore(s);
}
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/sys_machdep.c#5 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* from: @(#)sys_machdep.c 5.5 (Berkeley) 1/19/91
- * $FreeBSD: src/sys/alpha/alpha/sys_machdep.c,v 1.17 2002/04/01 21:30:29 jhb Exp $
+ * $FreeBSD: src/sys/alpha/alpha/sys_machdep.c,v 1.18 2002/07/31 19:37:02 jhb Exp $
*
*/
@@ -122,7 +122,7 @@
if (error)
return (error);
- td->td_md.md_flags |= MDP_HAEUSED;
+ td->td_md.md_flags |= MDTD_HAEUSED;
td->td_md.md_hae = ua.hae;
return (0);
@@ -169,8 +169,7 @@
{
int error;
unsigned long uac;
- struct proc *p;
- struct thread *td2;
+ struct proc *p, *pp;
error = copyin(args, &uac, sizeof(uac));
if (error)
@@ -178,13 +177,11 @@
p = td->td_proc;
PROC_LOCK(p);
- if (p->p_pptr) {
- PROC_LOCK(p->p_pptr);
- /* XXXKSE which threads? */
- td2 = FIRST_THREAD_IN_PROC(p->p_pptr);
- td2->td_md.md_flags &= ~MDP_UAC_MASK;
- td2->td_md.md_flags |= uac & MDP_UAC_MASK;
- PROC_UNLOCK(p->p_pptr);
+ pp = p->p_pptr;
+ if (pp != NULL) {
+ PROC_LOCK(pp);
+ pp->p_md.md_uac = uac & MDP_UAC_MASK;
+ PROC_UNLOCK(pp);
}
PROC_UNLOCK(p);
return 0;
@@ -193,20 +190,18 @@
static int
alpha_get_uac(struct thread *td, char *args)
{
- struct proc *p;
- struct thread *td2;
+ struct proc *p, *pp;
int error;
unsigned long uac;
p = td->td_proc;
error = ESRCH;
PROC_LOCK(p);
- if (p->p_pptr) {
- PROC_LOCK(p->p_pptr);
- /* XXXKSE which threads? */
- td2 = FIRST_THREAD_IN_PROC(p->p_pptr);
- uac = td2->td_md.md_flags & MDP_UAC_MASK;
- PROC_UNLOCK(p->p_pptr);
+ pp = p->p_pptr;
+ if (pp != NULL) {
+ PROC_LOCK(pp);
+ uac = p->p_md.md_uac;
+ PROC_UNLOCK(pp);
PROC_UNLOCK(p);
error = copyout(&uac, args, sizeof(uac));
} else
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/trap.c#13 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/alpha/alpha/trap.c,v 1.98 2002/07/13 04:36:30 mini Exp $ */
+/* $FreeBSD: src/sys/alpha/alpha/trap.c,v 1.99 2002/07/31 19:37:02 jhb Exp $ */
/* $NetBSD: trap.c,v 1.31 1998/03/26 02:21:46 thorpej Exp $ */
/*
@@ -407,7 +407,7 @@
/* FALLTHROUTH */
case ALPHA_IF_CODE_BPT:
case ALPHA_IF_CODE_BUGCHK:
- if (td->td_md.md_flags & (MDP_STEP1|MDP_STEP2)) {
+ if (td->td_md.md_flags & (MDTD_STEP1|MDTD_STEP2)) {
mtx_lock(&Giant);
ptrace_clear_single_step(td);
td->td_frame->tf_regs[FRAME_PC] -= 4;
@@ -1033,8 +1033,8 @@
*/
if (td) {
- uac = td->td_md.md_flags & MDP_UAC_MASK;
p = td->td_proc;
+ uac = p->p_md.md_uac;
} else {
uac = 0;
p = NULL;
==== //depot/projects/trustedbsd/base/sys/alpha/alpha/vm_machdep.c#7 (text+ko) ====
@@ -38,7 +38,7 @@
*
* from: @(#)vm_machdep.c 7.3 (Berkeley) 5/13/91
* Utah $Hdr: vm_machdep.c 1.16.1.1 89/06/23$
- * $FreeBSD: src/sys/alpha/alpha/vm_machdep.c,v 1.68 2002/06/29 17:26:11 julian Exp $
+ * $FreeBSD: src/sys/alpha/alpha/vm_machdep.c,v 1.69 2002/07/31 19:37:02 jhb Exp $
*/
/*
* Copyright (c) 1994, 1995, 1996 Carnegie-Mellon University.
@@ -133,7 +133,8 @@
p1 = td1->td_proc;
td2->td_pcb = (struct pcb *)
(td2->td_kstack + KSTACK_PAGES * PAGE_SIZE) - 1;
- td2->td_md.md_flags = td1->td_md.md_flags & (MDP_FPUSED | MDP_UAC_MASK);
+ td2->td_md.md_flags = td1->td_md.md_flags & MDTD_FPUSED;
+ p2->p_md.md_uac = p1->p_md.md_uac;
/*
* Cache the physical address of the pcb, so we can
==== //depot/projects/trustedbsd/base/sys/alpha/include/proc.h#4 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/alpha/include/proc.h,v 1.14 2002/03/27 05:39:16 dillon Exp $ */
+/* $FreeBSD: src/sys/alpha/include/proc.h,v 1.15 2002/07/31 19:37:02 jhb Exp $ */
/* From: NetBSD: proc.h,v 1.3 1997/04/06 08:47:36 cgd Exp */
/*
@@ -40,6 +40,11 @@
u_int32_t contents;
};
+#define MDTD_FPUSED 0x0001 /* Process used the FPU */
+#define MDTD_STEP1 0x0002 /* Single step normal instruction */
+#define MDTD_STEP2 0x0004 /* Single step branch instruction */
+#define MDTD_HAEUSED 0x0008 /* Process used the HAE */
+
struct mdthread {
u_long md_flags;
struct pcb *md_pcbpaddr; /* phys addr of the pcb */
@@ -50,17 +55,14 @@
register_t md_savecrit; /* save PSL for critical section */
};
-#define MDP_FPUSED 0x0001 /* Process used the FPU */
-#define MDP_STEP1 0x0002 /* Single step normal instruction */
-#define MDP_STEP2 0x0004 /* Single step branch instruction */
-#define MDP_HAEUSED 0x0008 /* Process used the HAE */
-#define MDP_UAC_NOPRINT 0x0010 /* Don't print unaligned traps */
-#define MDP_UAC_NOFIX 0x0020 /* Don't fixup unaligned traps */
-#define MDP_UAC_SIGBUS 0x0040 /* Deliver SIGBUS upon
+#define MDP_UAC_NOPRINT 0x0010 /* Don't print unaligned traps */
+#define MDP_UAC_NOFIX 0x0020 /* Don't fixup unaligned traps */
+#define MDP_UAC_SIGBUS 0x0040 /* Deliver SIGBUS upon
unaligned access */
-#define MDP_UAC_MASK (MDP_UAC_NOPRINT | MDP_UAC_NOFIX | MDP_UAC_SIGBUS)
+#define MDP_UAC_MASK (MDP_UAC_NOPRINT | MDP_UAC_NOFIX | MDP_UAC_SIGBUS)
struct mdproc {
+ u_int md_uac; /* Unaligned Access Check flags. */
};
#endif /* !_MACHINE_PROC_H_ */
==== //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_signal.c#6 (text+ko) ====
@@ -30,7 +30,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/alpha/osf1/osf1_signal.c,v 1.18 2002/06/02 20:05:41 schweikh Exp $
+ * $FreeBSD: src/sys/alpha/osf1/osf1_signal.c,v 1.19 2002/07/31 19:37:03 jhb Exp $
*/
#include <sys/param.h>
@@ -631,7 +631,7 @@
/* save the floating-point state, if necessary, then copy it. */
alpha_fpstate_save(td, 1); /* XXX maybe write=0 */
- ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDP_FPUSED;
+ ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDTD_FPUSED;
bcopy(&td->td_pcb->pcb_fp, (struct fpreg *)ksi.si_sc.sc_fpregs,
sizeof(struct fpreg));
ksi.si_sc.sc_fp_control = td->td_pcb->pcb_fp_control;
==== //depot/projects/trustedbsd/base/sys/boot/common/dev_net.c#2 (text+ko) ====
@@ -1,5 +1,5 @@
/*
- * $FreeBSD: src/sys/boot/common/dev_net.c,v 1.10 2000/11/10 06:37:43 benno Exp $
+ * $FreeBSD: src/sys/boot/common/dev_net.c,v 1.11 2002/07/31 20:17:06 jake Exp $
* From: $NetBSD: dev_net.c,v 1.12 1997/12/10 20:38:37 gwr Exp $
*/
@@ -209,6 +209,7 @@
{
char buf[MAXHOSTNAMELEN];
char temp[FNAME_SIZE];
+ struct iodesc *d;
int i;
n_long smask;
@@ -284,6 +285,14 @@
bcopy(&temp[0], &rootpath[0], strlen(&rootpath[i])+1);
}
printf("net_open: server path: %s\n", rootpath);
+
+ d = socktodesc(sock);
+ sprintf(temp, "%6D", d->myea, ":");
+ setenv("boot.netif.ip", inet_ntoa(myip), 1);
+ setenv("boot.netif.netmask", intoa(netmask), 1);
+ setenv("boot.netif.gateway", inet_ntoa(gateip), 1);
+ setenv("boot.netif.hwaddr", temp, 1);
+
return (0);
}
==== //depot/projects/trustedbsd/base/sys/conf/files#26 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/sys/conf/files,v 1.678 2002/07/30 22:28:43 imp Exp $
+# $FreeBSD: src/sys/conf/files,v 1.679 2002/08/01 02:03:21 rwatson Exp $
#
# The long compile-with and dependency lines are required because of
# limitations in config: backslash-newline doesn't work in strings, and
@@ -730,6 +730,7 @@
fs/procfs/procfs_dbregs.c optional procfs
fs/procfs/procfs_fpregs.c optional procfs
fs/procfs/procfs_ioctl.c optional procfs
+fs/procfs/procfs_mac.c optional procfs
fs/procfs/procfs_map.c optional procfs
fs/procfs/procfs_mem.c optional procfs
fs/procfs/procfs_note.c optional procfs
==== //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_eisa.c#3 (text+ko) ====
@@ -28,7 +28,7 @@
*
* $Id$
*
- * $FreeBSD: src/sys/dev/aic7xxx/ahc_eisa.c,v 1.23 2002/04/24 16:58:51 gibbs Exp $
+ * $FreeBSD: src/sys/dev/aic7xxx/ahc_eisa.c,v 1.24 2002/08/01 01:36:30 scottl Exp $
*/
#include <dev/aic7xxx/aic7xxx_osm.h>
@@ -203,13 +203,13 @@
};
static driver_t ahc_eisa_driver = {
- "ahc",
+ "ahc_eisa",
ahc_eisa_device_methods,
sizeof(struct ahc_softc)
};
-static devclass_t ahc_devclass;
+static devclass_t ahc_eisa_devclass;
-DRIVER_MODULE(ahc, eisa, ahc_eisa_driver, ahc_devclass, 0, 0);
+DRIVER_MODULE(ahc_eisa, eisa, ahc_eisa_driver, ahc_eisa_devclass, 0, 0);
MODULE_DEPEND(ahc_eisa, ahc, 1, 1, 1);
MODULE_VERSION(ahc_eisa, 1);
==== //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_pci.c#3 (text+ko) ====
@@ -30,7 +30,7 @@
*
* $Id$
*
- * $FreeBSD: src/sys/dev/aic7xxx/ahc_pci.c,v 1.45 2002/04/24 16:58:51 gibbs Exp $
+ * $FreeBSD: src/sys/dev/aic7xxx/ahc_pci.c,v 1.46 2002/08/01 01:36:30 scottl Exp $
*/
#include <dev/aic7xxx/aic7xxx_osm.h>
@@ -50,15 +50,15 @@
};
static driver_t ahc_pci_driver = {
- "ahc",
+ "ahc_pci",
ahc_pci_device_methods,
sizeof(struct ahc_softc)
};
-static devclass_t ahc_devclass;
+static devclass_t ahc_pci_devclass;
-DRIVER_MODULE(ahc, pci, ahc_pci_driver, ahc_devclass, 0, 0);
-DRIVER_MODULE(ahc, cardbus, ahc_pci_driver, ahc_devclass, 0, 0);
+DRIVER_MODULE(ahc_pci, pci, ahc_pci_driver, ahc_pci_devclass, 0, 0);
+DRIVER_MODULE(ahc_pci, cardbus, ahc_pci_driver, ahc_pci_devclass, 0, 0);
MODULE_DEPEND(ahc_pci, ahc, 1, 1, 1);
MODULE_VERSION(ahc_pci, 1);
==== //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.c#5 (text+ko) ====
@@ -37,7 +37,7 @@
*
* @(#)procfs_vfsops.c 8.7 (Berkeley) 5/10/95
*
- * $FreeBSD: src/sys/fs/procfs/procfs.c,v 1.5 2002/05/19 00:14:47 jhb Exp $
+ * $FreeBSD: src/sys/fs/procfs/procfs.c,v 1.6 2002/08/01 02:03:20 rwatson Exp $
*/
#include <sys/param.h>
@@ -153,6 +153,7 @@
dir = pfs_create_dir(root, "pid",
&procfs_attr, NULL, PFS_PROCDEP);
+ dir->pn_refreshlabel = &procfs_piddir_refreshlabel;
pfs_create_file(dir, "cmdline", &procfs_doproccmdline,
NULL, NULL, PFS_RD);
pfs_create_file(dir, "ctl", &procfs_doprocctl,
==== //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.h#5 (text+ko) ====
@@ -37,7 +37,7 @@
* @(#)procfs.h 8.9 (Berkeley) 5/14/95
*
* From:
- * $FreeBSD: src/sys/fs/procfs/procfs.h,v 1.43 2002/04/20 01:14:25 rwatson Exp $
+ * $FreeBSD: src/sys/fs/procfs/procfs.h,v 1.44 2002/08/01 02:03:20 rwatson Exp $
*/
#ifdef _KERNEL
@@ -61,6 +61,9 @@
/* Attributes */
int procfs_attr(PFS_ATTR_ARGS);
+/* MAC */
+int procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS);
+
/* Visibility */
int procfs_notsystem(PFS_VIS_ARGS);
int procfs_candebug(PFS_VIS_ARGS);
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.h#7 (text+ko) ====
@@ -25,7 +25,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/fs/pseudofs/pseudofs.h,v 1.19 2002/06/06 16:59:24 des Exp $
+ * $FreeBSD: src/sys/fs/pseudofs/pseudofs.h,v 1.20 2002/08/01 01:33:12 rwatson Exp $
*/
#ifndef _PSEUDOFS_H_INCLUDED
@@ -145,6 +145,15 @@
typedef int (*pfs_getextattr_t)(PFS_GETEXTATTR_ARGS);
/*
+ * Getlabel callback
+ */
+#define PFS_REFRESHLABEL_ARGS \
+ struct thread *td, struct proc *p, struct vnode *vp, \
+ struct pfs_node *pn, struct ucred *cred
+struct mac;
+typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS);
+
+/*
* Last-close callback
*/
#define PFS_CLOSE_ARGS \
@@ -185,6 +194,7 @@
pfs_attr_t pn_attr;
pfs_vis_t pn_vis;
pfs_getextattr_t pn_getextattr;
+ pfs_refreshlabel_t pn_refreshlabel;
void *pn_data;
int pn_flags;
==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#11 (text+ko) ====
@@ -25,9 +25,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/fs/pseudofs/pseudofs_vnops.c,v 1.29 2002/07/08 01:50:14 jeff Exp $
+ * $FreeBSD: src/sys/fs/pseudofs/pseudofs_vnops.c,v 1.30 2002/08/01 01:33:12 rwatson Exp $
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/kernel.h>
#include <sys/systm.h>
@@ -35,6 +37,7 @@
#include <sys/dirent.h>
#include <sys/fcntl.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/mutex.h>
#include <sys/namei.h>
@@ -729,6 +732,50 @@
return (pfs_vncache_free(va->a_vp));
}
+#ifdef MAC
+/*
+ * Refresh the vnode label as appropriate for the pseudo-file system.
+ */
+static int
+pfs_refreshlabel(struct vop_refreshlabel_args *va)
+{
+ struct vnode *vn = va->a_vp;
+ struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data;
+ struct pfs_node *pn = pvd->pvd_pn;
+ struct proc *proc = NULL;
+ int error;
+
+ PFS_TRACE((pd->pn_name));
+
+ if (pn->pn_refreshlabel == NULL) {
+ mac_update_vnode_from_mount(vn, vn->v_mount);
+ return (0);
+ }
+
+ /*
+ * This is necessary because either process' privileges may
+ * have changed since the last open() call.
+ */
+ if (!pfs_visible(curthread, pn, pvd->pvd_pid))
+ PFS_RETURN (EIO);
+
+ /* XXX duplicate bits of pfs_visible() */
+ if (pvd->pvd_pid != NO_PID) {
+ if ((proc = pfind(pvd->pvd_pid)) == NULL)
+ PFS_RETURN (EIO);
+ _PHOLD(proc);
+ PROC_UNLOCK(proc);
+ }
+
+ error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred);
+
+ if (proc != NULL)
+ PRELE(proc);
+
+ PFS_RETURN (error);
+}
+#endif
+
/*
* Set attributes
*/
@@ -821,6 +868,9 @@
{ &vop_readdir_desc, (vop_t *)pfs_readdir },
{ &vop_readlink_desc, (vop_t *)pfs_readlink },
{ &vop_reclaim_desc, (vop_t *)pfs_reclaim },
+#ifdef MAC
+ { &vop_refreshlabel_desc, (vop_t *)pfs_refreshlabel },
+#endif
{ &vop_remove_desc, (vop_t *)vop_eopnotsupp },
{ &vop_rename_desc, (vop_t *)vop_eopnotsupp },
{ &vop_rmdir_desc, (vop_t *)vop_eopnotsupp },
==== //depot/projects/trustedbsd/base/sys/kern/kern_acl.c#10 (text+ko) ====
@@ -25,17 +25,20 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_acl.c,v 1.31 2002/07/22 03:57:07 rwatson Exp $
+ * $FreeBSD: src/sys/kern/kern_acl.c,v 1.32 2002/08/01 01:04:16 rwatson Exp $
*/
/*
* Developed by the TrustedBSD Project.
* Support for POSIX.1e access control lists.
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/sysproto.h>
#include <sys/kernel.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/vnode.h>
#include <sys/lock.h>
@@ -582,7 +585,15 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+#ifdef MAC
+ error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernacl);
+ if (error != 0)
+ goto out;
+#endif
error = VOP_SETACL(vp, type, &inkernacl, td->td_ucred, td);
+#ifdef MAC
+out:
+#endif
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return(error);
@@ -600,7 +611,15 @@
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+#ifdef MAC
+ error = mac_check_vnode_getacl(td->td_ucred, vp, type);
+ if (error != 0)
+ goto out;
+#endif
error = VOP_GETACL(vp, type, &inkernelacl, td->td_ucred, td);
+#ifdef MAC
+out:
+#endif
VOP_UNLOCK(vp, 0, td);
if (error == 0)
error = copyout(&inkernelacl, aclp, sizeof(struct acl));
@@ -621,7 +640,15 @@
return (error);
VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
- error = VOP_SETACL(vp, type, NULL, td->td_ucred, td);
+#ifdef MAC
+ error = mac_check_vnode_deleteacl(td->td_ucred, vp, type);
+ if (error)
+ goto out;
+#endif
+ error = VOP_SETACL(vp, type, 0, td->td_ucred, td);
+#ifdef MAC
+out:
+#endif
VOP_UNLOCK(vp, 0, td);
vn_finished_write(mp);
return (error);
==== //depot/projects/trustedbsd/base/sys/kern/kern_ktrace.c#8 (text+ko) ====
@@ -31,10 +31,11 @@
* SUCH DAMAGE.
*
* @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93
- * $FreeBSD: src/sys/kern/kern_ktrace.c,v 1.68 2002/06/29 01:50:24 alfred Exp $
+ * $FreeBSD: src/sys/kern/kern_ktrace.c,v 1.69 2002/08/01 01:07:03 rwatson Exp $
*/
#include "opt_ktrace.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -44,6 +45,7 @@
#include <sys/kthread.h>
#include <sys/lock.h>
#include <sys/mutex.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/namei.h>
#include <sys/proc.h>
@@ -766,7 +768,11 @@
vn_start_write(vp, &mp, V_WAIT);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
- error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
+#ifdef MAC
+ error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE);
+ if (error == 0)
+#endif
+ error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred);
if (error == 0 && uio != NULL) {
(void)VOP_LEASE(vp, td, cred, LEASE_WRITE);
error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, cred);
==== //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#4 (text+ko) ====
@@ -31,19 +31,22 @@
* SUCH DAMAGE.
*
* @(#)tty_tty.c 8.2 (Berkeley) 9/23/93
- * $FreeBSD: src/sys/kern/tty_tty.c,v 1.39 2002/03/19 21:24:06 alfred Exp $
+ * $FreeBSD: src/sys/kern/tty_tty.c,v 1.40 2002/08/01 01:09:54 rwatson Exp $
*/
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list