Date: Thu, 1 Aug 2002 19:52:15 -0700 (PDT) From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 15427 for review Message-ID: <200208020252.g722qFWP006350@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15427 Change 15427 by rwatson@rwatson_paprika on 2002/08/01 19:51:41 Integ from main tree: pick up various MACisms. Affected files ... .. //depot/projects/trustedbsd/base/etc/mtree/BSD.include.dist#7 integrate .. //depot/projects/trustedbsd/base/lib/libc/locale/setlocale.c#4 integrate .. //depot/projects/trustedbsd/base/sys/boot/forth/loader.conf#9 integrate .. //depot/projects/trustedbsd/base/sys/compat/linux/linux_file.c#6 integrate .. //depot/projects/trustedbsd/base/sys/compat/linux/linux_getcwd.c#5 integrate .. //depot/projects/trustedbsd/base/sys/compat/linux/linux_misc.c#11 integrate .. //depot/projects/trustedbsd/base/sys/compat/linux/linux_stats.c#4 integrate .. //depot/projects/trustedbsd/base/sys/conf/files#27 integrate .. //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vnops.c#9 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_idle.c#6 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_intr.c#12 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_sig.c#17 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_synch.c#11 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_thread.c#2 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_bio.c#14 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#24 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#19 integrate .. //depot/projects/trustedbsd/base/sys/modules/linux/Makefile#6 integrate .. //depot/projects/trustedbsd/base/sys/net/if.c#12 integrate .. //depot/projects/trustedbsd/base/sys/net/if_gif.c#9 integrate .. //depot/projects/trustedbsd/base/sys/net/if_ppp.c#7 integrate .. //depot/projects/trustedbsd/base/sys/netinet/udp_usrreq.c#11 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/include/pmap.h#10 integrate .. //depot/projects/trustedbsd/base/sys/vm/vm_page.c#14 integrate Differences ... ==== //depot/projects/trustedbsd/base/etc/mtree/BSD.include.dist#7 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.55 2002/05/29 00:46:33 peter Exp $ +# $FreeBSD: src/etc/mtree/BSD.include.dist,v 1.56 2002/08/01 22:37:08 rwatson Exp $ # # Please see the file src/etc/mtree/README before making changes to this file. # @@ -126,6 +126,12 @@ security lomac .. + mac_biba + .. + mac_bsdextended + .. + mac_mls + .. .. sys .. ==== //depot/projects/trustedbsd/base/lib/libc/locale/setlocale.c#4 (text+ko) ==== @@ -39,7 +39,7 @@ static char sccsid[] = "@(#)setlocale.c 8.1 (Berkeley) 7/4/93"; #endif /* LIBC_SCCS and not lint */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/lib/libc/locale/setlocale.c,v 1.34 2002/03/22 21:52:18 obrien Exp $"); +__FBSDID("$FreeBSD: src/lib/libc/locale/setlocale.c,v 1.35 2002/08/02 01:04:49 ache Exp $"); #include <sys/types.h> #include <sys/stat.h> @@ -129,33 +129,29 @@ if (!env || !*env || strchr(env, '/')) env = "C"; - (void) strncpy(new_categories[category], env, ENCODING_LEN); - new_categories[category][ENCODING_LEN] = '\0'; + (void)strlcpy(new_categories[category], env, ENCODING_LEN + 1); if (category == LC_ALL) { for (i = 1; i < _LC_LAST; ++i) { if (!(env = getenv(categories[i])) || !*env) env = new_categories[LC_ALL]; - (void)strncpy(new_categories[i], env, ENCODING_LEN); - new_categories[i][ENCODING_LEN] = '\0'; + (void)strlcpy(new_categories[i], env, ENCODING_LEN + 1); } } - } else if (category != LC_ALL) { - (void)strncpy(new_categories[category], locale, ENCODING_LEN); - new_categories[category][ENCODING_LEN] = '\0'; - } else { + } else if (category != LC_ALL) + (void)strlcpy(new_categories[category], locale, ENCODING_LEN + 1); + else { if ((r = strchr(locale, '/')) == NULL) { - for (i = 1; i < _LC_LAST; ++i) { - (void)strncpy(new_categories[i], locale, ENCODING_LEN); - new_categories[i][ENCODING_LEN] = '\0'; - } + for (i = 1; i < _LC_LAST; ++i) + (void)strlcpy(new_categories[i], locale, ENCODING_LEN + 1); } else { for (i = 1; r[1] == '/'; ++r); if (!r[1]) return (NULL); /* Hmm, just slashes... */ do { + if (i == _LC_LAST) + return(NULL); /* Too many slashes... */ len = r - locale > ENCODING_LEN ? ENCODING_LEN : r - locale; - (void)strncpy(new_categories[i], locale, len); - new_categories[i][len] = '\0'; + (void)strlcpy(new_categories[i], locale, len + 1); i++; locale = r; while (*locale == '/') ==== //depot/projects/trustedbsd/base/sys/boot/forth/loader.conf#9 (text+ko) ==== @@ -6,7 +6,7 @@ # # All arguments must be in double quotes. # -# $FreeBSD: src/sys/boot/forth/loader.conf,v 1.61 2002/07/16 18:16:01 mp Exp $ +# $FreeBSD: src/sys/boot/forth/loader.conf,v 1.62 2002/08/01 22:03:19 rwatson Exp $ ############################################################## ### Basic configuration options ############################ @@ -278,6 +278,18 @@ # Override DSDT in BIOS by this file ############################################################## +### TrustedBSD MAC settings ################################## +############################################################## + +mac_biba_load="NO" # Biba MAC policy +mac_bsdextended_load="NO" # BSD/extended MAC policy +mac_ifoff="NO" # Interface silencing policy +mac_mls_load="NO" # MLS MAC policy +mac_none_load="NO" # Null MAC policy +mac_partition_load="NO" # Partition MAC policy +mac_seeotheruids_load="NO" # UID visbility MAC policy + +############################################################## ### Module loading syntax example ########################## ############################################################## ==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_file.c#6 (text+ko) ==== @@ -25,10 +25,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/compat/linux/linux_file.c,v 1.66 2002/07/09 19:25:43 robert Exp $ + * $FreeBSD: src/sys/compat/linux/linux_file.c,v 1.67 2002/08/01 22:23:02 rwatson Exp $ */ #include "opt_compat.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -38,6 +39,7 @@ #include <sys/file.h> #include <sys/filedesc.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mount.h> #include <sys/mutex.h> @@ -325,6 +327,13 @@ cookies = NULL; } +#ifdef MAC + /* + * Do directory search MAC check using non-cached credentials. + */ + if ((error = mac_check_vnode_readdir(td->td_proc->p_ucred, vp)) + goto out; +#endif /* MAC */ if ((error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, &ncookies, &cookies))) goto out; ==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_getcwd.c#5 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/compat/linux/linux_getcwd.c,v 1.5 2002/03/20 05:42:02 alfred Exp $ */ +/* $FreeBSD: src/sys/compat/linux/linux_getcwd.c,v 1.6 2002/08/01 22:23:02 rwatson Exp $ */ /* $OpenBSD: linux_getcwd.c,v 1.2 2001/05/16 12:50:21 ho Exp $ */ /* $NetBSD: vfs_getcwd.c,v 1.3.2.3 1999/07/11 10:24:09 sommerfeld Exp $ */ @@ -38,6 +38,7 @@ * POSSIBILITY OF SUCH DAMAGE. */ #include "opt_compat.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -51,6 +52,7 @@ #include <sys/mount.h> #include <sys/proc.h> #include <sys/uio.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/dirent.h> #include <ufs/ufs/dir.h> /* XXX only for DIRBLKSIZ */ @@ -200,7 +202,12 @@ eofflag = 0; - error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, 0, 0); +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, uvp); + if (error == 0) +#endif /* MAC */ + error = VOP_READDIR(uvp, &uio, td->td_ucred, &eofflag, + 0, 0); off = uio.uio_offset; ==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_misc.c#11 (text+ko) ==== @@ -25,10 +25,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/compat/linux/linux_misc.c,v 1.123 2002/06/14 07:24:01 rwatson Exp $ + * $FreeBSD: src/sys/compat/linux/linux_misc.c,v 1.124 2002/08/01 22:23:02 rwatson Exp $ */ #include "opt_compat.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -37,6 +38,7 @@ #include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/mman.h> #include <sys/mount.h> #include <sys/mutex.h> @@ -250,7 +252,7 @@ vp = NULL; /* - * XXX This code should make use of vn_open(), rather than doing + * XXX: This code should make use of vn_open(), rather than doing * all this stuff itself. */ NDINIT(&ni, LOOKUP, FOLLOW|LOCKLEAF, UIO_USERSPACE, args->library, td); @@ -306,6 +308,11 @@ * XXX: This should use vn_open() so that it is properly authorized, * and to reduce code redundancy all over the place here. */ +#ifdef MAC + error = mac_check_vnode_open(td->td_ucred, vp, FREAD); + if (error) + goto cleanup; +#endif error = VOP_OPEN(vp, FREAD, td->td_ucred, td); if (error) goto cleanup; ==== //depot/projects/trustedbsd/base/sys/compat/linux/linux_stats.c#4 (text+ko) ==== @@ -25,15 +25,18 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/compat/linux/linux_stats.c,v 1.41 2002/06/02 20:05:42 schweikh Exp $ + * $FreeBSD: src/sys/compat/linux/linux_stats.c,v 1.42 2002/08/01 22:23:02 rwatson Exp $ */ +#include "opt_mac.h" + #include <sys/param.h> #include <sys/conf.h> #include <sys/dirent.h> #include <sys/file.h> #include <sys/filedesc.h> #include <sys/proc.h> +#include <sys/mac.h> #include <sys/mount.h> #include <sys/namei.h> #include <sys/stat.h> @@ -247,6 +250,11 @@ mp = ndp->ni_vp->v_mount; bsd_statfs = &mp->mnt_stat; vrele(ndp->ni_vp); +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) + return (error); +#endif error = VFS_STATFS(mp, bsd_statfs, td); if (error) return error; @@ -282,6 +290,13 @@ if (error) return error; mp = ((struct vnode *)fp->f_data)->v_mount; +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) { + fdrop(fp, td); + return (error); + } +#endif bsd_statfs = &mp->mnt_stat; error = VFS_STATFS(mp, bsd_statfs, td); if (error) { @@ -344,6 +359,11 @@ if (vfinddev(dev, VCHR, &vp)) { if (vp->v_mount == NULL) return (EINVAL); +#ifdef MAC + error = mac_check_mount_stat(td->td_proc->p_ucred, mp); + if (error) + return (error); +#endif stat = &(vp->v_mount->mnt_stat); error = VFS_STATFS(vp->v_mount, stat, td); if (error) ==== //depot/projects/trustedbsd/base/sys/conf/files#27 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.679 2002/08/01 02:03:21 rwatson Exp $ +# $FreeBSD: src/sys/conf/files,v 1.680 2002/08/01 22:26:38 rwatson Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -1349,6 +1349,7 @@ posix4/ksched.c optional _kposix_priority_scheduling posix4/p1003_1b.c standard posix4/posix4_mib.c standard +security/mac_none/mac_none.c optional mac_none ufs/ffs/ffs_alloc.c optional ffs ufs/ffs/ffs_balloc.c optional ffs ufs/ffs/ffs_inode.c optional ffs ==== //depot/projects/trustedbsd/base/sys/fs/devfs/devfs_vnops.c#9 (text+ko) ==== @@ -31,7 +31,7 @@ * @(#)kernfs_vnops.c 8.15 (Berkeley) 5/21/95 * From: FreeBSD: src/sys/miscfs/kernfs/kernfs_vnops.c 1.43 * - * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.42 2002/07/31 15:45:16 rwatson Exp $ + * $FreeBSD: src/sys/fs/devfs/devfs_vnops.c,v 1.43 2002/08/01 22:27:57 rwatson Exp $ */ /* @@ -918,6 +918,7 @@ { &vop_getattr_desc, (vop_t *) devfs_getattr }, { &vop_islocked_desc, (vop_t *) vop_stdislocked }, { &vop_lock_desc, (vop_t *) vop_stdlock }, + { &vop_pathconf_desc, (vop_t *) devfs_pathconf }, { &vop_print_desc, (vop_t *) devfs_print }, { &vop_reclaim_desc, (vop_t *) devfs_reclaim }, #ifdef MAC ==== //depot/projects/trustedbsd/base/sys/kern/kern_idle.c#6 (text+ko) ==== @@ -1,7 +1,7 @@ /*- * Copyright (c) 2000, All rights reserved. See /usr/src/COPYRIGHT * - * $FreeBSD: src/sys/kern/kern_idle.c,v 1.25 2002/07/17 19:18:45 julian Exp $ + * $FreeBSD: src/sys/kern/kern_idle.c,v 1.26 2002/08/01 18:45:10 julian Exp $ */ #include "opt_ktrace.h" @@ -63,7 +63,7 @@ p->p_flag |= P_NOLOAD; p->p_state = PRS_NORMAL; td = FIRST_THREAD_IN_PROC(p); - td->td_state = TDS_UNQUEUED; + td->td_state = TDS_UNQUEUED; td->td_kse->ke_flags |= KEF_IDLEKSE; #ifdef SMP } @@ -112,6 +112,7 @@ mtx_lock_spin(&sched_lock); p->p_stats->p_ru.ru_nvcsw++; + td->td_state = TDS_UNQUEUED; mi_switch(); mtx_unlock_spin(&sched_lock); } ==== //depot/projects/trustedbsd/base/sys/kern/kern_intr.c#12 (text+ko) ==== @@ -23,7 +23,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/kern_intr.c,v 1.76 2002/06/29 17:26:18 julian Exp $ + * $FreeBSD: src/sys/kern/kern_intr.c,v 1.77 2002/08/01 18:45:10 julian Exp $ * */ @@ -351,6 +351,7 @@ { struct int_entropy entropy; struct thread *td; + struct thread *ctd; struct proc *p; /* @@ -359,13 +360,14 @@ if ((ithread == NULL) || TAILQ_EMPTY(&ithread->it_handlers)) return (EINVAL); + ctd = curthread; /* * If any of the handlers for this ithread claim to be good * sources of entropy, then gather some. */ if (harvest.interrupt && ithread->it_flags & IT_ENTROPY) { entropy.vector = ithread->it_vector; - entropy.proc = curthread->td_proc;; + entropy.proc = ctd->td_proc;; random_harvest(&entropy, sizeof(entropy), 2, 0, RANDOM_INTERRUPT); } @@ -390,13 +392,12 @@ CTR2(KTR_INTR, "%s: setrunqueue %d", __func__, p->p_pid); setrunqueue(td); if (do_switch && - (curthread->td_critnest == 1)/* && - (curthread->td_state == TDS_RUNNING) XXXKSE*/) { -#if 0 /* not needed in KSE */ - if (curthread != PCPU_GET(idlethread)) - setrunqueue(curthread); -#endif - curthread->td_proc->p_stats->p_ru.ru_nivcsw++; + (ctd->td_critnest == 1) ) { + KASSERT((ctd->td_state == TDS_RUNNING), + ("ithread_schedule: Bad state for curthread.")); + ctd->td_proc->p_stats->p_ru.ru_nivcsw++; + if (ctd->td_kse->ke_flags & KEF_IDLEKSE) + ctd->td_state = TDS_UNQUEUED; mi_switch(); } else { curthread->td_kse->ke_flags |= KEF_NEEDRESCHED; ==== //depot/projects/trustedbsd/base/sys/kern/kern_sig.c#17 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_sig.c 8.7 (Berkeley) 4/18/94 - * $FreeBSD: src/sys/kern/kern_sig.c,v 1.177 2002/07/30 21:13:48 julian Exp $ + * $FreeBSD: src/sys/kern/kern_sig.c,v 1.178 2002/08/01 18:45:10 julian Exp $ */ #include "opt_compat.h" @@ -1364,7 +1364,7 @@ * The signal is not ignored or caught. */ mtx_lock_spin(&sched_lock); - thread_unsuspend(p); /* Checks if should do it. */ + thread_unsuspend(p); mtx_unlock_spin(&sched_lock); goto out; } @@ -1373,7 +1373,9 @@ /* * Already stopped, don't need to stop again * (If we did the shell could get confused). + * Just make sure the signal STOP bit set. */ + p->p_flag |= P_STOPPED_SGNL; SIGDELSET(p->p_siglist, sig); goto out; } @@ -1383,10 +1385,8 @@ * If a thread is sleeping interruptibly, simulate a * wakeup so that when it is continued it will be made * runnable and can look at the signal. However, don't make - * the process runnable, leave it stopped. + * the PROCESS runnable, leave it stopped. * It may run a bit until it hits a thread_suspend_check(). - * - * XXXKSE I don't understand this at all. */ mtx_lock_spin(&sched_lock); FOREACH_THREAD_IN_PROC(p, td) { @@ -1403,6 +1403,8 @@ /* * XXXKSE What about threads that are waiting on mutexes? * Shouldn't they abort too? + * No, hopefully mutexes are short lived.. They'll + * eventually hit thread_suspend_check(). */ } else if (p->p_state == PRS_NORMAL) { if (prop & SA_CONT) { @@ -1419,6 +1421,7 @@ * cause the process to run. */ if (prop & SA_STOP) { + int should_signal = 1; if (action != SIG_DFL) goto runfast; @@ -1430,8 +1433,22 @@ goto out; SIGDELSET(p->p_siglist, sig); p->p_xstat = sig; - PROC_LOCK(p->p_pptr); - if (!(p->p_pptr->p_procsig->ps_flag & PS_NOCLDSTOP)) + PROC_LOCK(p->p_pptr); /* XXX un-needed? */ +#if 0 + FOREACH_THREAD_IN_PROC(p, td) { + if (td->td_state == TDS_RUNNING) { + /* + * all other states must be in + * the kernel + */ + should_signal = 0; + break; + } + } +/* don't enable until the equivalent code is in thread_suspend_check() */ +#endif + if (!(p->p_pptr->p_procsig->ps_flag & PS_NOCLDSTOP) && + should_signal) psignal(p->p_pptr, SIGCHLD); PROC_UNLOCK(p->p_pptr); stop(p); ==== //depot/projects/trustedbsd/base/sys/kern/kern_synch.c#11 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)kern_synch.c 8.9 (Berkeley) 5/19/95 - * $FreeBSD: src/sys/kern/kern_synch.c,v 1.192 2002/07/30 10:12:11 tanimura Exp $ + * $FreeBSD: src/sys/kern/kern_synch.c,v 1.193 2002/08/01 18:45:10 julian Exp $ */ #include "opt_ddb.h" @@ -807,6 +807,7 @@ mtx_assert(&sched_lock, MA_OWNED | MA_NOTRECURSED); KASSERT((ke->ke_state == KES_THREAD), ("mi_switch: kse state?")); + KASSERT((td->td_state != TDS_RUNQ), ("mi_switch: called by old code")); #ifdef INVARIANTS if (td->td_state != TDS_MTX && td->td_state != TDS_RUNQ && @@ -866,7 +867,7 @@ #endif /* - * Pick a new current process and record its start time. + * Finish up stats for outgoing thread. */ cnt.v_swtch++; PCPU_SET(switchtime, new_switchtime); @@ -877,23 +878,33 @@ ke->ke_oncpu = NOCPU; ke->ke_flags &= ~KEF_NEEDRESCHED; /* - * At the last moment: if this KSE is not on the run queue, - * it needs to be freed correctly and the thread treated accordingly. + * At the last moment, if this thread is still marked RUNNING, + * then put it back on the run queue as it has not been suspended + * or stopped or any thing else similar. */ - if ((td->td_state == TDS_RUNNING) && - ((ke->ke_flags & KEF_IDLEKSE) == 0)) { + if (td->td_state == TDS_RUNNING) { + KASSERT(((ke->ke_flags & KEF_IDLEKSE) == 0), + ("Idle thread in mi_switch with wrong state")); /* Put us back on the run queue (kse and all). */ setrunqueue(td); - } else if ((td->td_flags & TDF_UNBOUND) && - (td->td_state != TDS_RUNQ)) { /* in case of old code */ + } else if (td->td_flags & TDF_UNBOUND) { /* - * We will not be on the run queue. - * Someone else can use the KSE if they need it. + * We will not be on the run queue. So we must be + * sleeping or similar. If it's available, + * someone else can use the KSE if they need it. + * XXXKSE KSE loaning will change this. */ td->td_kse = NULL; kse_reassign(ke); } - cpu_switch(); + + cpu_switch(); /* SHAZAM!!*/ + + /* + * Start setting up stats etc. for the incoming thread. + * Similar code in fork_exit() is returned to by cpu_switch() + * in the case of a new thread/process. + */ td->td_kse->ke_oncpu = PCPU_GET(cpuid); sched_lock.mtx_recurse = sched_nest; sched_lock.mtx_lock = (uintptr_t)td; ==== //depot/projects/trustedbsd/base/sys/kern/kern_thread.c#2 (text+ko) ==== @@ -25,7 +25,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH * DAMAGE. * - * $FreeBSD: src/sys/kern/kern_thread.c,v 1.13 2002/07/25 03:21:35 julian Exp $ + * $FreeBSD: src/sys/kern/kern_thread.c,v 1.14 2002/08/01 19:10:40 julian Exp $ */ #include <sys/param.h> @@ -213,7 +213,7 @@ } /* - * reap any zombie threads for this Processor. + * reap any zombie threads. */ void thread_reap(void) ==== //depot/projects/trustedbsd/base/sys/kern/vfs_bio.c#14 (text+ko) ==== @@ -11,7 +11,7 @@ * 2. Absolutely no warranty of function or purpose is made by the author * John S. Dyson. * - * $FreeBSD: src/sys/kern/vfs_bio.c,v 1.324 2002/07/30 20:41:10 alc Exp $ + * $FreeBSD: src/sys/kern/vfs_bio.c,v 1.325 2002/08/01 17:57:42 alc Exp $ */ /* @@ -2944,7 +2944,7 @@ !(bp->b_ioflags & BIO_ERROR)) { bp->b_flags |= B_CACHE; } - + vm_page_lock_queues(); for (i = 0; i < bp->b_npages; i++) { int bogusflag = 0; int resid; @@ -3012,6 +3012,7 @@ foff = (foff + PAGE_SIZE) & ~(off_t)PAGE_MASK; iosize -= resid; } + vm_page_unlock_queues(); if (obj) vm_object_pip_wakeupn(obj, 0); } @@ -3050,7 +3051,7 @@ vm_object_t obj; obj = bp->b_object; - + vm_page_lock_queues(); for (i = 0; i < bp->b_npages; i++) { vm_page_t m = bp->b_pages[i]; @@ -3066,6 +3067,7 @@ vm_page_flag_clear(m, PG_ZERO); vm_page_io_finish(m); } + vm_page_unlock_queues(); vm_object_pip_wakeupn(obj, 0); } } ==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#24 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_syscalls.c 8.13 (Berkeley) 4/15/94 - * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.278 2002/08/01 17:47:56 rwatson Exp $ + * $FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.279 2002/08/01 20:44:52 rwatson Exp $ */ /* For 4.3 integer FS ID compatibility */ @@ -2865,6 +2865,14 @@ auio.uio_resid = SCARG(uap, count); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error) { + VOP_UNLOCK(vp, 0, td); + fdrop(fp, td); + return (error); + } +#endif # if (BYTE_ORDER != LITTLE_ENDIAN) if (vp->v_mount->mnt_maxsymlinklen <= 0) { error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, @@ -3000,7 +3008,12 @@ /* vn_lock(vp, LK_SHARED | LK_RETRY, td); */ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; - error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, NULL); +#ifdef MAC + error = mac_check_vnode_readdir(td->td_ucred, vp); + if (error == 0) +#endif + error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, + NULL); fp->f_offset = auio.uio_offset; VOP_UNLOCK(vp, 0, td); if (error) { ==== //depot/projects/trustedbsd/base/sys/kern/vfs_vnops.c#19 (text+ko) ==== @@ -36,7 +36,7 @@ * SUCH DAMAGE. * * @(#)vfs_vnops.c 8.2 (Berkeley) 1/21/94 - * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.156 2002/08/01 17:23:22 rwatson Exp $ + * $FreeBSD: src/sys/kern/vfs_vnops.c,v 1.157 2002/08/01 18:29:30 rwatson Exp $ */ #include "opt_mac.h" @@ -793,7 +793,7 @@ return (error); #endif - return (VOP_POLL(((struct vnode *)fp->f_data), events, cred, td)); + return (VOP_POLL(vp, events, cred, td)); } /* ==== //depot/projects/trustedbsd/base/sys/modules/linux/Makefile#6 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/modules/linux/Makefile,v 1.57 2002/05/19 01:27:14 marcel Exp $ +# $FreeBSD: src/sys/modules/linux/Makefile,v 1.58 2002/08/01 22:23:02 rwatson Exp $ MAINTAINER= emulation@FreeBSD.org @@ -8,7 +8,8 @@ SRCS= linux_dummy.c linux_file.c linux_getcwd.c linux_ioctl.c linux_ipc.c \ linux_machdep.c linux_mib.c linux_misc.c linux_signal.c linux_socket.c \ linux_stats.c linux_sysctl.c linux_sysent.c linux_sysvec.c \ - linux_util.c opt_compat.h opt_linux.h opt_vmpage.h vnode_if.h + linux_util.c opt_compat.h opt_linux.h opt_mac.h opt_vmpage.h \ + vnode_if.h OBJS= linux_locore.o .if ${MACHINE_ARCH} == "i386" ==== //depot/projects/trustedbsd/base/sys/net/if.c#12 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * @(#)if.c 8.5 (Berkeley) 1/9/95 - * $FreeBSD: src/sys/net/if.c,v 1.143 2002/07/31 16:16:03 rwatson Exp $ + * $FreeBSD: src/sys/net/if.c,v 1.144 2002/08/01 21:15:53 rwatson Exp $ */ #include "opt_compat.h" @@ -1250,6 +1250,12 @@ ifr->ifr_curcap = ifp->if_capenable; break; +#ifdef MAC + case SIOCGIFMAC: + error = mac_ioctl_ifnet_get(td->td_proc->p_ucred, ifr, ifp); + break; +#endif + case SIOCGIFMETRIC: ifr->ifr_metric = ifp->if_metric; break; @@ -1296,6 +1302,12 @@ (void) (*ifp->if_ioctl)(ifp, cmd, data); break; +#ifdef MAC + case SIOCSIFMAC: + error = mac_ioctl_ifnet_set(td->td_proc->p_ucred, ifr, ifp); + break; +#endif + case SIOCSIFMETRIC: error = suser(td); if (error) ==== //depot/projects/trustedbsd/base/sys/net/if_gif.c#9 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/net/if_gif.c,v 1.24 2002/05/25 20:17:04 brooks Exp $ */ +/* $FreeBSD: src/sys/net/if_gif.c,v 1.25 2002/08/01 21:00:05 rwatson Exp $ */ /* $KAME: if_gif.c,v 1.87 2001/10/19 08:50:27 itojun Exp $ */ /* @@ -36,6 +36,7 @@ #include <sys/param.h> #include <sys/systm.h> #include <sys/kernel.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/socket.h> @@ -340,6 +341,12 @@ int error = 0; static int called = 0; /* XXX: MUTEX */ +#ifdef MAC + error = mac_check_ifnet_transmit(ifp, m); + if (error) + senderr(error); +#endif + /* * gif may cause infinite recursion calls when misconfigured. * We'll prevent this by introducing upper limit. @@ -429,7 +436,11 @@ } m->m_pkthdr.rcvif = gifp; - + +#ifdef MAC + mac_create_mbuf_from_ifnet(gifp, m); +#endif + if (gifp->if_bpf) { /* * We need to prepend the address family as ==== //depot/projects/trustedbsd/base/sys/net/if_ppp.c#7 (text+ko) ==== @@ -69,7 +69,7 @@ * Paul Mackerras (paulus@cs.anu.edu.au). */ -/* $FreeBSD: src/sys/net/if_ppp.c,v 1.79 2002/04/04 21:03:28 jhb Exp $ */ +/* $FreeBSD: src/sys/net/if_ppp.c,v 1.80 2002/08/01 21:13:47 rwatson Exp $ */ /* from if_sl.c,v 1.11 84/10/04 12:54:47 rick Exp */ /* from NetBSD: if_ppp.c,v 1.15.2.2 1994/07/28 05:17:58 cgd Exp */ @@ -77,6 +77,7 @@ #include "opt_inet.h" #include "opt_ipx.h" +#include "opt_mac.h" #include "opt_ppp.h" #ifdef INET @@ -93,6 +94,7 @@ #include <sys/sockio.h> #include <sys/kernel.h> #include <sys/time.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/module.h> @@ -714,6 +716,12 @@ int len; struct mbuf *m; +#ifdef MAC + error = mac_check_ifnet_transmit(ifp, m0); + if (error) + goto bad; +#endif + if (sc->sc_devp == NULL || (ifp->if_flags & IFF_RUNNING) == 0 || ((ifp->if_flags & IFF_UP) == 0 && dst->sa_family != AF_UNSPEC)) { error = ENETDOWN; /* sort of */ @@ -1104,6 +1112,9 @@ splx(s); if (m == NULL) break; +#ifdef MAC + mac_create_mbuf_from_ifnet(&sc->sc_if, m); +#endif ppp_inproc(sc, m); } } @@ -1383,6 +1394,9 @@ goto bad; /* lose if big headers and no clusters */ } } +#ifdef MAC + mac_create_mbuf_from_mbuf(m, mp); +#endif cp = mtod(mp, u_char *); cp[0] = adrs; cp[1] = ctrl; @@ -1435,6 +1449,9 @@ if (ilen <= MHLEN && M_IS_CLUSTER(m)) { MGETHDR(mp, M_DONTWAIT, MT_DATA); if (mp != NULL) { +#ifdef MAC + mac_create_mbuf_from_mbuf(m, mp); +#endif m_copydata(m, 0, ilen, mtod(mp, caddr_t)); m_freem(m); m = mp; ==== //depot/projects/trustedbsd/base/sys/netinet/udp_usrreq.c#11 (text+ko) ==== @@ -31,11 +31,12 @@ * SUCH DAMAGE. * * @(#)udp_usrreq.c 8.6 (Berkeley) 5/23/95 - * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.118 2002/07/28 19:59:31 truckman Exp $ + * $FreeBSD: src/sys/netinet/udp_usrreq.c,v 1.119 2002/08/01 21:37:34 rwatson Exp $ */ #include "opt_ipsec.h" #include "opt_inet6.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -43,6 +44,7 @@ #include <sys/jail.h> #include <sys/kernel.h> #include <sys/lock.h> +#include <sys/mac.h> #include <sys/malloc.h> #include <sys/mbuf.h> #include <sys/proc.h> @@ -166,6 +168,9 @@ int len; struct ip save_ip; struct sockaddr *append_sa; +#ifdef MAC + int error; +#endif udpstat.udps_ipackets++; @@ -303,18 +308,29 @@ if (last != NULL) { struct mbuf *n; + int policyfail; + policyfail = 0; #ifdef IPSEC /* check AH/ESP integrity. */ - if (ipsec4_in_reject_so(m, last->inp_socket)) + if (ipsec4_in_reject_so(m, last->inp_socket)) { ipsecstat.in_polvio++; + policyfail = 1; /* do not inject data to pcb */ - else + } #endif /*IPSEC*/ - if ((n = m_copy(m, 0, M_COPYALL)) != NULL) - udp_append(last, ip, n, +#ifdef MAC + if (mac_check_socket_receive(last->inp_socket, + m) != 0) + policyfail = 1; +#endif + if (!policyfail) { + if ((n = m_copy(m, 0, M_COPYALL)) + != NULL) + udp_append(last, ip, n, iphlen + sizeof(struct udphdr)); + } INP_UNLOCK(last); } last = inp; @@ -389,6 +405,11 @@ goto bad; } #endif /*IPSEC*/ +#ifdef MAC + error = mac_check_socket_receive(inp->inp_socket, m); + if (error) + goto bad; +#endif /* * Construct sockaddr format source address. @@ -718,6 +739,10 @@ struct sockaddr_in *sin; int s = 0, error = 0; +#ifdef MAC + mac_create_mbuf_from_socket(inp->inp_socket, m); +#endif + if (control) m_freem(control); /* XXX */ ==== //depot/projects/trustedbsd/base/sys/sparc64/include/pmap.h#10 (text+ko) ==== @@ -37,7 +37,7 @@ * from: hp300: @(#)pmap.h 7.2 (Berkeley) 12/16/90 >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200208020252.g722qFWP006350>