PERFORCE change 15427 for review
Robert Watson
rwatson at freebsd.org
Fri Aug 2 02:52:15 GMT 2002
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15427
Change 15427 by rwatson at rwatson_paprika on 2002/08/01 19:51:41
Integ from main tree: pick up various MACisms.
Affected files ...
.. //depot/projects/trustedbsd/base/etc/mtree/BSD.include.dist#7 integrate
.. //depot/projects/trustedbsd/base/lib/libc/locale/setlocale.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/boot/forth/loader.conf#9 integrate
.. //depot/projects/trustedbsd/base/sys/compat/linux/linux_file.c#6 integrate
.. //depot/projects/trustedbsd/base/sys/compat/linux/linux_getcwd.c#5 integrate
.. //depot/projects/trustedbsd/base/sys/compat/linux/linux_misc.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/compat/linux/linux_stats.c#4 integrate
.. //depot/projects/trustedbsd/base/sys/conf/files#27 integrate
.. //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vnops.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_idle.c#6 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_intr.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_sig.c#17 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_synch.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/kern/kern_thread.c#2 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_bio.c#14 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#24 integrate
.. //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#19 integrate
.. //depot/projects/trustedbsd/base/sys/modules/linux/Makefile#6 integrate
.. //depot/projects/trustedbsd/base/sys/net/if.c#12 integrate
.. //depot/projects/trustedbsd/base/sys/net/if_gif.c#9 integrate
.. //depot/projects/trustedbsd/base/sys/net/if_ppp.c#7 integrate
.. //depot/projects/trustedbsd/base/sys/netinet/udp_usrreq.c#11 integrate
.. //depot/projects/trustedbsd/base/sys/sparc64/include/pmap.h#10 integrate
.. //depot/projects/trustedbsd/base/sys/vm/vm_page.c#14 integrate
Differences ...
==== //depot/projects/trustedbsd/base/etc/mtree/BSD.include.dist#7 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.55 2002/05/29 00:46:33 peter Exp $
+# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.56 2002/08/01 22:37:08 rwatson Exp $
#
# Please see the file src/etc/mtree/README before making changes to this file.
#
@@ -126,6 +126,12 @@
security
lomac
..
+ mac_biba
+ ..
+ mac_bsdextended
+ ..
+ mac_mls
+ ..
..
sys
..
==== //depot/projects/trustedbsd/base/lib/libc/locale/setlocale.c#4 (text+ko) ====
@@ -39,7 +39,7 @@
static char sccsid[] = "@(#)setlocale.c 8.1 (Berkeley) 7/4/93";
#endif /* LIBC_SCCS and not lint */
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/lib/libc/locale/setlocale.c,v 1.34 2002/03/22 21:52:18 obrien Exp $");
+__FBSDID("$FreeBSD: src/lib/libc/locale/setlocale.c,v 1.35 2002/08/02 01:04:49 ache Exp $");
#include <sys/types.h>
#include <sys/stat.h>
@@ -129,33 +129,29 @@
if (!env || !*env || strchr(env, '/'))
env = "C";
- (void) strncpy(new_categories[category], env, ENCODING_LEN);
- new_categories[category][ENCODING_LEN] = '\0';
+ (void)strlcpy(new_categories[category], env, ENCODING_LEN + 1);
if (category == LC_ALL) {
for (i = 1; i < _LC_LAST; ++i) {
if (!(env = getenv(categories[i])) || !*env)
env = new_categories[LC_ALL];
- (void)strncpy(new_categories[i], env, ENCODING_LEN);
- new_categories[i][ENCODING_LEN] = '\0';
+ (void)strlcpy(new_categories[i], env, ENCODING_LEN + 1);
}
}
- } else if (category != LC_ALL) {
- (void)strncpy(new_categories[category], locale, ENCODING_LEN);
- new_categories[category][ENCODING_LEN] = '\0';
- } else {
+ } else if (category != LC_ALL)
+ (void)strlcpy(new_categories[category], locale, ENCODING_LEN + 1);
+ else {
if ((r = strchr(locale, '/')) == NULL) {
- for (i = 1; i < _LC_LAST; ++i) {
- (void)strncpy(new_categories[i], locale, ENCODING_LEN);
- new_categories[i][ENCODING_LEN] = '\0';
- }
+ for (i = 1; i < _LC_LAST; ++i)
+ (void)strlcpy(new_categories[i], locale, ENCODING_LEN + 1);
} else {
for (i = 1; r[1] == '/'; ++r);
if (!r[1])
return (NULL); /* Hmm, just slashes... */
do {
+ if (i == _LC_LAST)
+ return(NULL); /* Too many slashes... */
len = r - locale > ENCODING_LEN ? ENCODING_LEN : r - locale;
- (void)strncpy(new_categories[i], locale, len);
- new_categories[i][len] = '\0';
+ (void)strlcpy(new_categories[i], locale, len + 1);
i++;
locale = r;
while (*locale == '/')
==== //depot/projects/trustedbsd/base/sys/boot/forth/loader.conf#9 (text+ko) ====
@@ -6,7 +6,7 @@
#
# All arguments must be in double quotes.
#
-# $FreeBSD: src/sys/boot/forth/loader.conf,v 1.61 2002/07/16 18:16:01 mp Exp $
+# $FreeBSD: src/sys/boot/forth/loader.conf,v 1.62 2002/08/01 22:03:19 rwatson Exp $
##############################################################
### Basic configuration options ############################
@@ -278,6 +278,18 @@
# Override DSDT in BIOS by this file
##############################################################
+### TrustedBSD MAC settings ##################################
+##############################################################
+
+mac_biba_load="NO" # Biba MAC policy
+mac_bsdextended_load="NO" # BSD/extended MAC policy
+mac_ifoff="NO" # Interface silencing policy
+mac_mls_load="NO" # MLS MAC policy
+mac_none_load="NO" # Null MAC policy
+mac_partition_load="NO" # Partition MAC policy
+mac_seeotheruids_load="NO" # UID visbility MAC policy
+
+##############################################################
### Module loading syntax example ##########################
##############################################################
==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_file.c#6 (text+ko) ====
@@ -25,10 +25,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/compat/linux/linux_file.c,v 1.66 2002/07/09 19:25:43 robert Exp $
+ * $FreeBSD: src/sys/compat/linux/linux_file.c,v 1.67 2002/08/01 22:23:02 rwatson Exp $
*/
#include "opt_compat.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -38,6 +39,7 @@
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mount.h>
#include <sys/mutex.h>
@@ -325,6 +327,13 @@
cookies = NULL;
}
+#ifdef MAC
+ /*
+ * Do directory search MAC check using non-cached credentials.
+ */
+ if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp))
+ goto out;
+#endif /* MAC */
if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies,
&cookies)))
goto out;
==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_getcwd.c#5 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/compat/linux/linux_getcwd.c,v 1.5 2002/03/20 05:42:02 alfred Exp $ */
+/* $FreeBSD: src/sys/compat/linux/linux_getcwd.c,v 1.6 2002/08/01 22:23:02 rwatson Exp $ */
/* $OpenBSD: linux_getcwd.c,v 1.2 2001/05/16 12:50:21 ho Exp $ */
/* $NetBSD: vfs_getcwd.c,v 1.3.2.3 1999/07/11 10:24:09 sommerfeld Exp $ */
@@ -38,6 +38,7 @@
* POSSIBILITY OF SUCH DAMAGE.
*/
#include "opt_compat.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -51,6 +52,7 @@
#include <sys/mount.h>
#include <sys/proc.h>
#include <sys/uio.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/dirent.h>
#include <ufs/ufs/dir.h> /* XXX only for DIRBLKSIZ */
@@ -200,7 +202,12 @@
eofflag = 0;
- error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, 0, 0);
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, uvp);
+ if (error == 0)
+#endif /* MAC */
+ error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag,
+ 0, 0);
off = uio.uio_offset;
==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_misc.c#11 (text+ko) ====
@@ -25,10 +25,11 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/compat/linux/linux_misc.c,v 1.123 2002/06/14 07:24:01 rwatson Exp $
+ * $FreeBSD: src/sys/compat/linux/linux_misc.c,v 1.124 2002/08/01 22:23:02 rwatson Exp $
*/
#include "opt_compat.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -37,6 +38,7 @@
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/mman.h>
#include <sys/mount.h>
#include <sys/mutex.h>
@@ -250,7 +252,7 @@
vp = NULL;
/*
- * XXX This code should make use of vn_open(), rather than doing
+ * XXX: This code should make use of vn_open(), rather than doing
* all this stuff itself.
*/
NDINIT(&ni, LOOKUP, FOLLOW|LOCKLEAF, UIO_USERSPACE, args->library, td);
@@ -306,6 +308,11 @@
* XXX: This should use vn_open() so that it is properly authorized,
* and to reduce code redundancy all over the place here.
*/
+#ifdef MAC
+ error = mac_check_vnode_open(td->td_ucred, vp, FREAD);
+ if (error)
+ goto cleanup;
+#endif
error = VOP_OPEN(vp, FREAD, td->td_ucred, td);
if (error)
goto cleanup;
==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_stats.c#4 (text+ko) ====
@@ -25,15 +25,18 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/compat/linux/linux_stats.c,v 1.41 2002/06/02 20:05:42 schweikh Exp $
+ * $FreeBSD: src/sys/compat/linux/linux_stats.c,v 1.42 2002/08/01 22:23:02 rwatson Exp $
*/
+#include "opt_mac.h"
+
#include <sys/param.h>
#include <sys/conf.h>
#include <sys/dirent.h>
#include <sys/file.h>
#include <sys/filedesc.h>
#include <sys/proc.h>
+#include <sys/mac.h>
#include <sys/mount.h>
#include <sys/namei.h>
#include <sys/stat.h>
@@ -247,6 +250,11 @@
mp = ndp->ni_vp->v_mount;
bsd_statfs = &mp->mnt_stat;
vrele(ndp->ni_vp);
+#ifdef MAC
+ error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+ if (error)
+ return (error);
+#endif
error = VFS_STATFS(mp, bsd_statfs, td);
if (error)
return error;
@@ -282,6 +290,13 @@
if (error)
return error;
mp = ((struct vnode *)fp->f_data)->v_mount;
+#ifdef MAC
+ error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+ if (error) {
+ fdrop(fp, td);
+ return (error);
+ }
+#endif
bsd_statfs = &mp->mnt_stat;
error = VFS_STATFS(mp, bsd_statfs, td);
if (error) {
@@ -344,6 +359,11 @@
if (vfinddev(dev, VCHR, &vp)) {
if (vp->v_mount == NULL)
return (EINVAL);
+#ifdef MAC
+ error = mac_check_mount_stat(td->td_proc->p_ucred, mp);
+ if (error)
+ return (error);
+#endif
stat = &(vp->v_mount->mnt_stat);
error = VFS_STATFS(vp->v_mount, stat, td);
if (error)
==== //depot/projects/trustedbsd/base/sys/conf/files#27 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/sys/conf/files,v 1.679 2002/08/01 02:03:21 rwatson Exp $
+# $FreeBSD: src/sys/conf/files,v 1.680 2002/08/01 22:26:38 rwatson Exp $
#
# The long compile-with and dependency lines are required because of
# limitations in config: backslash-newline doesn't work in strings, and
@@ -1349,6 +1349,7 @@
posix4/ksched.c optional _kposix_priority_scheduling
posix4/p1003_1b.c standard
posix4/posix4_mib.c standard
+security/mac_none/mac_none.c optional mac_none
ufs/ffs/ffs_alloc.c optional ffs
ufs/ffs/ffs_balloc.c optional ffs
ufs/ffs/ffs_inode.c optional ffs
==== //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vnops.c#9 (text+ko) ====
@@ -31,7 +31,7 @@
* @(#)kernfs_vnops.c 8.15 (Berkeley) 5/21/95
* From: FreeBSD: src/sys/miscfs/kernfs/kernfs_vnops.c 1.43
*
- * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.42 2002/07/31 15:45:16 rwatson Exp $
+ * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.43 2002/08/01 22:27:57 rwatson Exp $
*/
/*
@@ -918,6 +918,7 @@
{ &vop_getattr_desc, (vop_t *) devfs_getattr },
{ &vop_islocked_desc, (vop_t *) vop_stdislocked },
{ &vop_lock_desc, (vop_t *) vop_stdlock },
+ { &vop_pathconf_desc, (vop_t *) devfs_pathconf },
{ &vop_print_desc, (vop_t *) devfs_print },
{ &vop_reclaim_desc, (vop_t *) devfs_reclaim },
#ifdef MAC
==== //depot/projects/trustedbsd/base/sys/kern/kern_idle.c#6 (text+ko) ====
@@ -1,7 +1,7 @@
/*-
* Copyright (c) 2000, All rights reserved. See /usr/src/COPYRIGHT
*
- * $FreeBSD: src/sys/kern/kern_idle.c,v 1.25 2002/07/17 19:18:45 julian Exp $
+ * $FreeBSD: src/sys/kern/kern_idle.c,v 1.26 2002/08/01 18:45:10 julian Exp $
*/
#include "opt_ktrace.h"
@@ -63,7 +63,7 @@
p->p_flag |= P_NOLOAD;
p->p_state = PRS_NORMAL;
td = FIRST_THREAD_IN_PROC(p);
- td->td_state = TDS_UNQUEUED;
+ td->td_state = TDS_UNQUEUED;
td->td_kse->ke_flags |= KEF_IDLEKSE;
#ifdef SMP
}
@@ -112,6 +112,7 @@
mtx_lock_spin(&sched_lock);
p->p_stats->p_ru.ru_nvcsw++;
+ td->td_state = TDS_UNQUEUED;
mi_switch();
mtx_unlock_spin(&sched_lock);
}
==== //depot/projects/trustedbsd/base/sys/kern/kern_intr.c#12 (text+ko) ====
@@ -23,7 +23,7 @@
* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_intr.c,v 1.76 2002/06/29 17:26:18 julian Exp $
+ * $FreeBSD: src/sys/kern/kern_intr.c,v 1.77 2002/08/01 18:45:10 julian Exp $
*
*/
@@ -351,6 +351,7 @@
{
struct int_entropy entropy;
struct thread *td;
+ struct thread *ctd;
struct proc *p;
/*
@@ -359,13 +360,14 @@
if ((ithread == NULL) || TAILQ_EMPTY(&ithread->it_handlers))
return (EINVAL);
+ ctd = curthread;
/*
* If any of the handlers for this ithread claim to be good
* sources of entropy, then gather some.
*/
if (harvest.interrupt && ithread->it_flags & IT_ENTROPY) {
entropy.vector = ithread->it_vector;
- entropy.proc = curthread->td_proc;;
+ entropy.proc = ctd->td_proc;;
random_harvest(&entropy, sizeof(entropy), 2, 0,
RANDOM_INTERRUPT);
}
@@ -390,13 +392,12 @@
CTR2(KTR_INTR, "%s: setrunqueue %d", __func__, p->p_pid);
setrunqueue(td);
if (do_switch &&
- (curthread->td_critnest == 1)/* &&
- (curthread->td_state == TDS_RUNNING) XXXKSE*/) {
-#if 0 /* not needed in KSE */
- if (curthread != PCPU_GET(idlethread))
- setrunqueue(curthread);
-#endif
- curthread->td_proc->p_stats->p_ru.ru_nivcsw++;
+ (ctd->td_critnest == 1) ) {
+ KASSERT((ctd->td_state == TDS_RUNNING),
+ ("ithread_schedule: Bad state for curthread."));
+ ctd->td_proc->p_stats->p_ru.ru_nivcsw++;
+ if (ctd->td_kse->ke_flags & KEF_IDLEKSE)
+ ctd->td_state = TDS_UNQUEUED;
mi_switch();
} else {
curthread->td_kse->ke_flags |= KEF_NEEDRESCHED;
==== //depot/projects/trustedbsd/base/sys/kern/kern_sig.c#17 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)kern_sig.c 8.7 (Berkeley) 4/18/94
- * $FreeBSD: src/sys/kern/kern_sig.c,v 1.177 2002/07/30 21:13:48 julian Exp $
+ * $FreeBSD: src/sys/kern/kern_sig.c,v 1.178 2002/08/01 18:45:10 julian Exp $
*/
#include "opt_compat.h"
@@ -1364,7 +1364,7 @@
* The signal is not ignored or caught.
*/
mtx_lock_spin(&sched_lock);
- thread_unsuspend(p); /* Checks if should do it. */
+ thread_unsuspend(p);
mtx_unlock_spin(&sched_lock);
goto out;
}
@@ -1373,7 +1373,9 @@
/*
* Already stopped, don't need to stop again
* (If we did the shell could get confused).
+ * Just make sure the signal STOP bit set.
*/
+ p->p_flag |= P_STOPPED_SGNL;
SIGDELSET(p->p_siglist, sig);
goto out;
}
@@ -1383,10 +1385,8 @@
* If a thread is sleeping interruptibly, simulate a
* wakeup so that when it is continued it will be made
* runnable and can look at the signal. However, don't make
- * the process runnable, leave it stopped.
+ * the PROCESS runnable, leave it stopped.
* It may run a bit until it hits a thread_suspend_check().
- *
- * XXXKSE I don't understand this at all.
*/
mtx_lock_spin(&sched_lock);
FOREACH_THREAD_IN_PROC(p, td) {
@@ -1403,6 +1403,8 @@
/*
* XXXKSE What about threads that are waiting on mutexes?
* Shouldn't they abort too?
+ * No, hopefully mutexes are short lived.. They'll
+ * eventually hit thread_suspend_check().
*/
} else if (p->p_state == PRS_NORMAL) {
if (prop & SA_CONT) {
@@ -1419,6 +1421,7 @@
* cause the process to run.
*/
if (prop & SA_STOP) {
+ int should_signal = 1;
if (action != SIG_DFL)
goto runfast;
@@ -1430,8 +1433,22 @@
goto out;
SIGDELSET(p->p_siglist, sig);
p->p_xstat = sig;
- PROC_LOCK(p->p_pptr);
- if (!(p->p_pptr->p_procsig->ps_flag & PS_NOCLDSTOP))
+ PROC_LOCK(p->p_pptr); /* XXX un-needed? */
+#if 0
+ FOREACH_THREAD_IN_PROC(p, td) {
+ if (td->td_state == TDS_RUNNING) {
+ /*
+ * all other states must be in
+ * the kernel
+ */
+ should_signal = 0;
+ break;
+ }
+ }
+/* don't enable until the equivalent code is in thread_suspend_check() */
+#endif
+ if (!(p->p_pptr->p_procsig->ps_flag & PS_NOCLDSTOP) &&
+ should_signal)
psignal(p->p_pptr, SIGCHLD);
PROC_UNLOCK(p->p_pptr);
stop(p);
==== //depot/projects/trustedbsd/base/sys/kern/kern_synch.c#11 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)kern_synch.c 8.9 (Berkeley) 5/19/95
- * $FreeBSD: src/sys/kern/kern_synch.c,v 1.192 2002/07/30 10:12:11 tanimura Exp $
+ * $FreeBSD: src/sys/kern/kern_synch.c,v 1.193 2002/08/01 18:45:10 julian Exp $
*/
#include "opt_ddb.h"
@@ -807,6 +807,7 @@
mtx_assert(&sched_lock, MA_OWNED | MA_NOTRECURSED);
KASSERT((ke->ke_state == KES_THREAD), ("mi_switch: kse state?"));
+ KASSERT((td->td_state != TDS_RUNQ), ("mi_switch: called by old code"));
#ifdef INVARIANTS
if (td->td_state != TDS_MTX &&
td->td_state != TDS_RUNQ &&
@@ -866,7 +867,7 @@
#endif
/*
- * Pick a new current process and record its start time.
+ * Finish up stats for outgoing thread.
*/
cnt.v_swtch++;
PCPU_SET(switchtime, new_switchtime);
@@ -877,23 +878,33 @@
ke->ke_oncpu = NOCPU;
ke->ke_flags &= ~KEF_NEEDRESCHED;
/*
- * At the last moment: if this KSE is not on the run queue,
- * it needs to be freed correctly and the thread treated accordingly.
+ * At the last moment, if this thread is still marked RUNNING,
+ * then put it back on the run queue as it has not been suspended
+ * or stopped or any thing else similar.
*/
- if ((td->td_state == TDS_RUNNING) &&
- ((ke->ke_flags & KEF_IDLEKSE) == 0)) {
+ if (td->td_state == TDS_RUNNING) {
+ KASSERT(((ke->ke_flags & KEF_IDLEKSE) == 0),
+ ("Idle thread in mi_switch with wrong state"));
/* Put us back on the run queue (kse and all). */
setrunqueue(td);
- } else if ((td->td_flags & TDF_UNBOUND) &&
- (td->td_state != TDS_RUNQ)) { /* in case of old code */
+ } else if (td->td_flags & TDF_UNBOUND) {
/*
- * We will not be on the run queue.
- * Someone else can use the KSE if they need it.
+ * We will not be on the run queue. So we must be
+ * sleeping or similar. If it's available,
+ * someone else can use the KSE if they need it.
+ * XXXKSE KSE loaning will change this.
*/
td->td_kse = NULL;
kse_reassign(ke);
}
- cpu_switch();
+
+ cpu_switch(); /* SHAZAM!!*/
+
+ /*
+ * Start setting up stats etc. for the incoming thread.
+ * Similar code in fork_exit() is returned to by cpu_switch()
+ * in the case of a new thread/process.
+ */
td->td_kse->ke_oncpu = PCPU_GET(cpuid);
sched_lock.mtx_recurse = sched_nest;
sched_lock.mtx_lock = (uintptr_t)td;
==== //depot/projects/trustedbsd/base/sys/kern/kern_thread.c#2 (text+ko) ====
@@ -25,7 +25,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
* DAMAGE.
*
- * $FreeBSD: src/sys/kern/kern_thread.c,v 1.13 2002/07/25 03:21:35 julian Exp $
+ * $FreeBSD: src/sys/kern/kern_thread.c,v 1.14 2002/08/01 19:10:40 julian Exp $
*/
#include <sys/param.h>
@@ -213,7 +213,7 @@
}
/*
- * reap any zombie threads for this Processor.
+ * reap any zombie threads.
*/
void
thread_reap(void)
==== //depot/projects/trustedbsd/base/sys/kern/vfs_bio.c#14 (text+ko) ====
@@ -11,7 +11,7 @@
* 2. Absolutely no warranty of function or purpose is made by the author
* John S. Dyson.
*
- * $FreeBSD: src/sys/kern/vfs_bio.c,v 1.324 2002/07/30 20:41:10 alc Exp $
+ * $FreeBSD: src/sys/kern/vfs_bio.c,v 1.325 2002/08/01 17:57:42 alc Exp $
*/
/*
@@ -2944,7 +2944,7 @@
!(bp->b_ioflags & BIO_ERROR)) {
bp->b_flags |= B_CACHE;
}
-
+ vm_page_lock_queues();
for (i = 0; i < bp->b_npages; i++) {
int bogusflag = 0;
int resid;
@@ -3012,6 +3012,7 @@
foff = (foff + PAGE_SIZE) & ~(off_t)PAGE_MASK;
iosize -= resid;
}
+ vm_page_unlock_queues();
if (obj)
vm_object_pip_wakeupn(obj, 0);
}
@@ -3050,7 +3051,7 @@
vm_object_t obj;
obj = bp->b_object;
-
+ vm_page_lock_queues();
for (i = 0; i < bp->b_npages; i++) {
vm_page_t m = bp->b_pages[i];
@@ -3066,6 +3067,7 @@
vm_page_flag_clear(m, PG_ZERO);
vm_page_io_finish(m);
}
+ vm_page_unlock_queues();
vm_object_pip_wakeupn(obj, 0);
}
}
==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#24 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94
- * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.278 2002/08/01 17:47:56 rwatson Exp $
+ * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.279 2002/08/01 20:44:52 rwatson Exp $
*/
/* For 4.3 integer FS ID compatibility */
@@ -2865,6 +2865,14 @@
auio.uio_resid = SCARG(uap, count);
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error) {
+ VOP_UNLOCK(vp, 0, td);
+ fdrop(fp, td);
+ return (error);
+ }
+#endif
# if (BYTE_ORDER != LITTLE_ENDIAN)
if (vp->v_mount->mnt_maxsymlinklen <= 0) {
error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag,
@@ -3000,7 +3008,12 @@
/* vn_lock(vp, LK_SHARED | LK_RETRY, td); */
vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
loff = auio.uio_offset = fp->f_offset;
- error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL);
+#ifdef MAC
+ error = mac_check_vnode_readdir(td->td_ucred, vp);
+ if (error == 0)
+#endif
+ error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL,
+ NULL);
fp->f_offset = auio.uio_offset;
VOP_UNLOCK(vp, 0, td);
if (error) {
==== //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#19 (text+ko) ====
@@ -36,7 +36,7 @@
* SUCH DAMAGE.
*
* @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94
- * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.156 2002/08/01 17:23:22 rwatson Exp $
+ * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.157 2002/08/01 18:29:30 rwatson Exp $
*/
#include "opt_mac.h"
@@ -793,7 +793,7 @@
return (error);
#endif
- return (VOP_POLL(((struct vnode *)fp->f_data), events, cred, td));
+ return (VOP_POLL(vp, events, cred, td));
}
/*
==== //depot/projects/trustedbsd/base/sys/modules/linux/Makefile#6 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/sys/modules/linux/Makefile,v 1.57 2002/05/19 01:27:14 marcel Exp $
+# $FreeBSD: src/sys/modules/linux/Makefile,v 1.58 2002/08/01 22:23:02 rwatson Exp $
MAINTAINER= emulation at FreeBSD.org
@@ -8,7 +8,8 @@
SRCS= linux_dummy.c linux_file.c linux_getcwd.c linux_ioctl.c linux_ipc.c \
linux_machdep.c linux_mib.c linux_misc.c linux_signal.c linux_socket.c \
linux_stats.c linux_sysctl.c linux_sysent.c linux_sysvec.c \
- linux_util.c opt_compat.h opt_linux.h opt_vmpage.h vnode_if.h
+ linux_util.c opt_compat.h opt_linux.h opt_mac.h opt_vmpage.h \
+ vnode_if.h
OBJS= linux_locore.o
.if ${MACHINE_ARCH} == "i386"
==== //depot/projects/trustedbsd/base/sys/net/if.c#12 (text+ko) ====
@@ -31,7 +31,7 @@
* SUCH DAMAGE.
*
* @(#)if.c 8.5 (Berkeley) 1/9/95
- * $FreeBSD: src/sys/net/if.c,v 1.143 2002/07/31 16:16:03 rwatson Exp $
+ * $FreeBSD: src/sys/net/if.c,v 1.144 2002/08/01 21:15:53 rwatson Exp $
*/
#include "opt_compat.h"
@@ -1250,6 +1250,12 @@
ifr->ifr_curcap = ifp->if_capenable;
break;
+#ifdef MAC
+ case SIOCGIFMAC:
+ error = mac_ioctl_ifnet_get(td->td_proc->p_ucred, ifr, ifp);
+ break;
+#endif
+
case SIOCGIFMETRIC:
ifr->ifr_metric = ifp->if_metric;
break;
@@ -1296,6 +1302,12 @@
(void) (*ifp->if_ioctl)(ifp, cmd, data);
break;
+#ifdef MAC
+ case SIOCSIFMAC:
+ error = mac_ioctl_ifnet_set(td->td_proc->p_ucred, ifr, ifp);
+ break;
+#endif
+
case SIOCSIFMETRIC:
error = suser(td);
if (error)
==== //depot/projects/trustedbsd/base/sys/net/if_gif.c#9 (text+ko) ====
@@ -1,4 +1,4 @@
-/* $FreeBSD: src/sys/net/if_gif.c,v 1.24 2002/05/25 20:17:04 brooks Exp $ */
+/* $FreeBSD: src/sys/net/if_gif.c,v 1.25 2002/08/01 21:00:05 rwatson Exp $ */
/* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */
/*
@@ -36,6 +36,7 @@
#include <sys/param.h>
#include <sys/systm.h>
#include <sys/kernel.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/socket.h>
@@ -340,6 +341,12 @@
int error = 0;
static int called = 0; /* XXX: MUTEX */
+#ifdef MAC
+ error = mac_check_ifnet_transmit(ifp, m);
+ if (error)
+ senderr(error);
+#endif
+
/*
* gif may cause infinite recursion calls when misconfigured.
* We'll prevent this by introducing upper limit.
@@ -429,7 +436,11 @@
}
m->m_pkthdr.rcvif = gifp;
-
+
+#ifdef MAC
+ mac_create_mbuf_from_ifnet(gifp, m);
+#endif
+
if (gifp->if_bpf) {
/*
* We need to prepend the address family as
==== //depot/projects/trustedbsd/base/sys/net/if_ppp.c#7 (text+ko) ====
@@ -69,7 +69,7 @@
* Paul Mackerras (paulus at cs.anu.edu.au).
*/
-/* $FreeBSD: src/sys/net/if_ppp.c,v 1.79 2002/04/04 21:03:28 jhb Exp $ */
+/* $FreeBSD: src/sys/net/if_ppp.c,v 1.80 2002/08/01 21:13:47 rwatson Exp $ */
/* from if_sl.c,v 1.11 84/10/04 12:54:47 rick Exp */
/* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */
@@ -77,6 +77,7 @@
#include "opt_inet.h"
#include "opt_ipx.h"
+#include "opt_mac.h"
#include "opt_ppp.h"
#ifdef INET
@@ -93,6 +94,7 @@
#include <sys/sockio.h>
#include <sys/kernel.h>
#include <sys/time.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/module.h>
@@ -714,6 +716,12 @@
int len;
struct mbuf *m;
+#ifdef MAC
+ error = mac_check_ifnet_transmit(ifp, m0);
+ if (error)
+ goto bad;
+#endif
+
if (sc->sc_devp == NULL || (ifp->if_flags & IFF_RUNNING) == 0
|| ((ifp->if_flags & IFF_UP) == 0 && dst->sa_family != AF_UNSPEC)) {
error = ENETDOWN; /* sort of */
@@ -1104,6 +1112,9 @@
splx(s);
if (m == NULL)
break;
+#ifdef MAC
+ mac_create_mbuf_from_ifnet(&sc->sc_if, m);
+#endif
ppp_inproc(sc, m);
}
}
@@ -1383,6 +1394,9 @@
goto bad; /* lose if big headers and no clusters */
}
}
+#ifdef MAC
+ mac_create_mbuf_from_mbuf(m, mp);
+#endif
cp = mtod(mp, u_char *);
cp[0] = adrs;
cp[1] = ctrl;
@@ -1435,6 +1449,9 @@
if (ilen <= MHLEN && M_IS_CLUSTER(m)) {
MGETHDR(mp, M_DONTWAIT, MT_DATA);
if (mp != NULL) {
+#ifdef MAC
+ mac_create_mbuf_from_mbuf(m, mp);
+#endif
m_copydata(m, 0, ilen, mtod(mp, caddr_t));
m_freem(m);
m = mp;
==== //depot/projects/trustedbsd/base/sys/netinet/udp_usrreq.c#11 (text+ko) ====
@@ -31,11 +31,12 @@
* SUCH DAMAGE.
*
* @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95
- * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.118 2002/07/28 19:59:31 truckman Exp $
+ * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.119 2002/08/01 21:37:34 rwatson Exp $
*/
#include "opt_ipsec.h"
#include "opt_inet6.h"
+#include "opt_mac.h"
#include <sys/param.h>
#include <sys/systm.h>
@@ -43,6 +44,7 @@
#include <sys/jail.h>
#include <sys/kernel.h>
#include <sys/lock.h>
+#include <sys/mac.h>
#include <sys/malloc.h>
#include <sys/mbuf.h>
#include <sys/proc.h>
@@ -166,6 +168,9 @@
int len;
struct ip save_ip;
struct sockaddr *append_sa;
+#ifdef MAC
+ int error;
+#endif
udpstat.udps_ipackets++;
@@ -303,18 +308,29 @@
if (last != NULL) {
struct mbuf *n;
+ int policyfail;
+ policyfail = 0;
#ifdef IPSEC
/* check AH/ESP integrity. */
- if (ipsec4_in_reject_so(m, last->inp_socket))
+ if (ipsec4_in_reject_so(m, last->inp_socket)) {
ipsecstat.in_polvio++;
+ policyfail = 1;
/* do not inject data to pcb */
- else
+ }
#endif /*IPSEC*/
- if ((n = m_copy(m, 0, M_COPYALL)) != NULL)
- udp_append(last, ip, n,
+#ifdef MAC
+ if (mac_check_socket_receive(last->inp_socket,
+ m) != 0)
+ policyfail = 1;
+#endif
+ if (!policyfail) {
+ if ((n = m_copy(m, 0, M_COPYALL))
+ != NULL)
+ udp_append(last, ip, n,
iphlen +
sizeof(struct udphdr));
+ }
INP_UNLOCK(last);
}
last = inp;
@@ -389,6 +405,11 @@
goto bad;
}
#endif /*IPSEC*/
+#ifdef MAC
+ error = mac_check_socket_receive(inp->inp_socket, m);
+ if (error)
+ goto bad;
+#endif
/*
* Construct sockaddr format source address.
@@ -718,6 +739,10 @@
struct sockaddr_in *sin;
int s = 0, error = 0;
+#ifdef MAC
+ mac_create_mbuf_from_socket(inp->inp_socket, m);
+#endif
+
if (control)
m_freem(control); /* XXX */
==== //depot/projects/trustedbsd/base/sys/sparc64/include/pmap.h#10 (text+ko) ====
@@ -37,7 +37,7 @@
* from: hp300: @(#)pmap.h 7.2 (Berkeley) 12/16/90
>>> TRUNCATED FOR MAIL (1000 lines) <<<
To Unsubscribe: send mail to majordomo at trustedbsd.org
with "unsubscribe trustedbsd-cvs" in the body of the message
More information about the trustedbsd-cvs
mailing list