Date: Mon, 6 Feb 2006 23:08:34 GMT From: Robert Watson <rwatson@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 91293 for review Message-ID: <200602062308.k16N8Yol011897@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=91293 Change 91293 by rwatson@rwatson_zoo on 2006/02/06 23:07:37 Integrate TrustedBSD base branch from FreeBSD CVS: - Loop back ibcs2 system call table audit identifiers. - Loop back audit pipe support. - Loop back audit UMA allocation for audit records. - kern_eaccess(). Affected files ... .. //depot/projects/trustedbsd/base/sys/alpha/linux/linux_machdep.c#14 integrate .. //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_misc.c#25 integrate .. //depot/projects/trustedbsd/base/sys/amd64/linux32/linux32_machdep.c#5 integrate .. //depot/projects/trustedbsd/base/sys/arm/at91/if_ate.c#2 integrate .. //depot/projects/trustedbsd/base/sys/compat/freebsd32/freebsd32_misc.c#17 integrate .. //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_misc.c#29 integrate .. //depot/projects/trustedbsd/base/sys/conf/files#95 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_misc.c#17 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_proto.h#10 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_syscall.h#9 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_sysent.c#11 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_xenix.c#10 integrate .. //depot/projects/trustedbsd/base/sys/i386/ibcs2/syscalls.master#9 integrate .. //depot/projects/trustedbsd/base/sys/i386/linux/linux_machdep.c#20 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_exec.c#56 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_exit.c#48 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_fork.c#51 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_kse.c#9 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_kthread.c#13 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#66 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit.c#2 integrate .. //depot/projects/trustedbsd/base/sys/security/audit/audit_pipe.c#1 branch .. //depot/projects/trustedbsd/base/sys/security/audit/audit_private.h#2 integrate .. //depot/projects/trustedbsd/base/sys/sys/imgact.h#12 integrate .. //depot/projects/trustedbsd/base/sys/sys/syscallsubr.h#14 integrate Differences ... ==== //depot/projects/trustedbsd/base/sys/alpha/linux/linux_machdep.c#14 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/alpha/linux/linux_machdep.c,v 1.36 2005/02/18 18:32:32 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/alpha/linux/linux_machdep.c,v 1.37 2006/02/06 22:06:52 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -81,7 +81,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_misc.c#25 (text+ko) ==== @@ -30,7 +30,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/alpha/osf1/osf1_misc.c,v 1.58 2005/09/28 07:03:01 rwatson Exp $"); +__FBSDID("$FreeBSD: src/sys/alpha/osf1/osf1_misc.c,v 1.59 2006/02/06 22:06:52 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -1246,7 +1246,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/amd64/linux32/linux32_machdep.c#5 (text+ko) ==== @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.10 2005/06/24 17:41:27 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/amd64/linux32/linux32_machdep.c,v 1.11 2006/02/06 22:06:53 jhb Exp $"); #include <sys/param.h> #include <sys/kernel.h> @@ -205,7 +205,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/arm/at91/if_ate.c#2 (text) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/arm/at91/if_ate.c,v 1.1 2006/02/04 23:32:13 imp Exp $"); +__FBSDID("$FreeBSD: src/sys/arm/at91/if_ate.c,v 1.2 2006/02/06 22:17:42 cognet Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -181,13 +181,13 @@ ate_get_mac(sc, eaddr); + sc->ifp = ifp = if_alloc(IFT_ETHER); if (mii_phy_probe(dev, &sc->miibus, ate_ifmedia_upd, ate_ifmedia_sts)) { device_printf(dev, "Cannot find my PHY.\n"); err = ENXIO; goto out; } - sc->ifp = ifp = if_alloc(IFT_ETHER); ifp->if_softc = sc; if_initname(ifp, device_get_name(dev), device_get_unit(dev)); ifp->if_mtu = ETHERMTU; @@ -611,6 +611,8 @@ BUS_DMASYNC_PREWRITE); continue; } + mb->m_len = sc->rx_descs[i].status & + ETH_LEN_MASK; /* * For the last buffer, set the wrap bit so * the controller restarts from the first @@ -817,7 +819,7 @@ /* * Enable some parts of the MAC that are needed always (like the * MII bus. This turns off the RE and TE bits, which will remain - * off until atestart() is called to turn them on. With RE and TE + * off until ateinit() is called to turn them on. With RE and TE * turned off, there's no DMA to worry about after this write. */ WR4(sc, ETH_CTL, ETH_CTL_MPE); ==== //depot/projects/trustedbsd/base/sys/compat/freebsd32/freebsd32_misc.c#17 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/freebsd32/freebsd32_misc.c,v 1.49 2006/01/20 16:22:06 ambrisko Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/freebsd32/freebsd32_misc.c,v 1.50 2006/02/06 22:06:53 jhb Exp $"); #include "opt_compat.h" @@ -324,7 +324,6 @@ uap->argv, uap->envv); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/compat/svr4/svr4_misc.c#29 (text+ko) ==== @@ -33,7 +33,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_misc.c,v 1.83 2005/10/19 09:33:15 davidxu Exp $"); +__FBSDID("$FreeBSD: src/sys/compat/svr4/svr4_misc.c,v 1.84 2006/02/06 22:06:53 jhb Exp $"); #include "opt_mac.h" @@ -175,7 +175,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } @@ -195,7 +194,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/conf/files#95 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.1093 2006/02/03 00:36:19 mjacob Exp $ +# $FreeBSD: src/sys/conf/files,v 1.1095 2006/02/06 22:50:39 rwatson Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -1829,13 +1829,14 @@ posix4/p1003_1b.c standard posix4/posix4_mib.c standard rpc/rpcclnt.c optional nfsclient +security/audit/audit.c optional audit security/audit/audit_arg.c optional audit -security/audit/audit_syscalls.c standard -security/audit/audit_trigger.c optional audit -security/audit/audit.c optional audit security/audit/audit_bsm.c optional audit security/audit/audit_bsm_klib.c optional audit security/audit/audit_bsm_token.c optional audit +security/audit/audit_pipe.c optional audit +security/audit/audit_syscalls.c standard +security/audit/audit_trigger.c optional audit security/mac/mac_inet.c optional mac inet security/mac/mac_label.c optional mac security/mac/mac_net.c optional mac ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_misc.c#17 (text+ko) ==== @@ -47,7 +47,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/i386/ibcs2/ibcs2_misc.c,v 1.61 2005/07/07 19:29:42 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/i386/ibcs2/ibcs2_misc.c,v 1.62 2006/02/06 22:06:53 jhb Exp $"); /* * IBCS2 compatibility module. @@ -207,7 +207,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } @@ -227,7 +226,6 @@ free(path, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_proto.h#10 (text+ko) ==== @@ -2,7 +2,7 @@ * System call prototypes. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/i386/ibcs2/ibcs2_proto.h,v 1.22 2005/07/13 20:35:08 jhb Exp $ + * $FreeBSD: src/sys/i386/ibcs2/ibcs2_proto.h,v 1.23 2006/02/06 22:15:00 rwatson Exp $ * created from FreeBSD: src/sys/i386/ibcs2/syscalls.master,v 1.21 2005/07/13 20:32:42 jhb Exp */ ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_syscall.h#9 (text+ko) ==== @@ -2,7 +2,7 @@ * System call numbers. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/i386/ibcs2/ibcs2_syscall.h,v 1.19 2005/07/13 20:35:08 jhb Exp $ + * $FreeBSD: src/sys/i386/ibcs2/ibcs2_syscall.h,v 1.20 2006/02/06 22:15:00 rwatson Exp $ * created from FreeBSD: src/sys/i386/ibcs2/syscalls.master,v 1.21 2005/07/13 20:32:42 jhb Exp */ ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_sysent.c#11 (text+ko) ==== @@ -2,7 +2,7 @@ * System call switch table. * * DO NOT EDIT-- this file is automatically generated. - * $FreeBSD: src/sys/i386/ibcs2/ibcs2_sysent.c,v 1.24 2005/07/13 20:35:08 jhb Exp $ + * $FreeBSD: src/sys/i386/ibcs2/ibcs2_sysent.c,v 1.25 2006/02/06 22:15:00 rwatson Exp $ * created from FreeBSD: src/sys/i386/ibcs2/syscalls.master,v 1.21 2005/07/13 20:32:42 jhb Exp */ @@ -19,68 +19,68 @@ /* The casts are bogus but will do for now. */ struct sysent ibcs2_sysent[] = { { SYF_MPSAFE | 0, (sy_call_t *)nosys, AUE_NULL }, /* 0 = syscall */ - { SYF_MPSAFE | AS(sys_exit_args), (sy_call_t *)sys_exit, AUE_NULL }, /* 1 = exit */ - { SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_NULL }, /* 2 = fork */ + { SYF_MPSAFE | AS(sys_exit_args), (sy_call_t *)sys_exit, AUE_EXIT }, /* 1 = exit */ + { SYF_MPSAFE | 0, (sy_call_t *)fork, AUE_FORK }, /* 2 = fork */ { AS(ibcs2_read_args), (sy_call_t *)ibcs2_read, AUE_NULL }, /* 3 = ibcs2_read */ { SYF_MPSAFE | AS(write_args), (sy_call_t *)write, AUE_NULL }, /* 4 = write */ - { SYF_MPSAFE | AS(ibcs2_open_args), (sy_call_t *)ibcs2_open, AUE_NULL }, /* 5 = ibcs2_open */ - { SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_NULL }, /* 6 = close */ - { SYF_MPSAFE | AS(ibcs2_wait_args), (sy_call_t *)ibcs2_wait, AUE_NULL }, /* 7 = ibcs2_wait */ - { SYF_MPSAFE | AS(ibcs2_creat_args), (sy_call_t *)ibcs2_creat, AUE_NULL }, /* 8 = ibcs2_creat */ - { SYF_MPSAFE | AS(link_args), (sy_call_t *)link, AUE_NULL }, /* 9 = link */ - { SYF_MPSAFE | AS(ibcs2_unlink_args), (sy_call_t *)ibcs2_unlink, AUE_NULL }, /* 10 = ibcs2_unlink */ - { SYF_MPSAFE | AS(ibcs2_execv_args), (sy_call_t *)ibcs2_execv, AUE_NULL }, /* 11 = ibcs2_execv */ - { SYF_MPSAFE | AS(ibcs2_chdir_args), (sy_call_t *)ibcs2_chdir, AUE_NULL }, /* 12 = ibcs2_chdir */ + { SYF_MPSAFE | AS(ibcs2_open_args), (sy_call_t *)ibcs2_open, AUE_OPEN_RWTC }, /* 5 = ibcs2_open */ + { SYF_MPSAFE | AS(close_args), (sy_call_t *)close, AUE_CLOSE }, /* 6 = close */ + { SYF_MPSAFE | AS(ibcs2_wait_args), (sy_call_t *)ibcs2_wait, AUE_WAIT4 }, /* 7 = ibcs2_wait */ + { SYF_MPSAFE | AS(ibcs2_creat_args), (sy_call_t *)ibcs2_creat, AUE_CREAT }, /* 8 = ibcs2_creat */ + { SYF_MPSAFE | AS(link_args), (sy_call_t *)link, AUE_LINK }, /* 9 = link */ + { SYF_MPSAFE | AS(ibcs2_unlink_args), (sy_call_t *)ibcs2_unlink, AUE_UNLINK }, /* 10 = ibcs2_unlink */ + { SYF_MPSAFE | AS(ibcs2_execv_args), (sy_call_t *)ibcs2_execv, AUE_EXECVE }, /* 11 = ibcs2_execv */ + { SYF_MPSAFE | AS(ibcs2_chdir_args), (sy_call_t *)ibcs2_chdir, AUE_CHDIR }, /* 12 = ibcs2_chdir */ { SYF_MPSAFE | AS(ibcs2_time_args), (sy_call_t *)ibcs2_time, AUE_NULL }, /* 13 = ibcs2_time */ - { SYF_MPSAFE | AS(ibcs2_mknod_args), (sy_call_t *)ibcs2_mknod, AUE_NULL }, /* 14 = ibcs2_mknod */ - { SYF_MPSAFE | AS(ibcs2_chmod_args), (sy_call_t *)ibcs2_chmod, AUE_NULL }, /* 15 = ibcs2_chmod */ - { SYF_MPSAFE | AS(ibcs2_chown_args), (sy_call_t *)ibcs2_chown, AUE_NULL }, /* 16 = ibcs2_chown */ + { SYF_MPSAFE | AS(ibcs2_mknod_args), (sy_call_t *)ibcs2_mknod, AUE_MKNOD }, /* 14 = ibcs2_mknod */ + { SYF_MPSAFE | AS(ibcs2_chmod_args), (sy_call_t *)ibcs2_chmod, AUE_CHMOD }, /* 15 = ibcs2_chmod */ + { SYF_MPSAFE | AS(ibcs2_chown_args), (sy_call_t *)ibcs2_chown, AUE_CHOWN }, /* 16 = ibcs2_chown */ { SYF_MPSAFE | AS(obreak_args), (sy_call_t *)obreak, AUE_NULL }, /* 17 = obreak */ - { SYF_MPSAFE | AS(ibcs2_stat_args), (sy_call_t *)ibcs2_stat, AUE_NULL }, /* 18 = ibcs2_stat */ - { SYF_MPSAFE | AS(ibcs2_lseek_args), (sy_call_t *)ibcs2_lseek, AUE_NULL }, /* 19 = ibcs2_lseek */ + { SYF_MPSAFE | AS(ibcs2_stat_args), (sy_call_t *)ibcs2_stat, AUE_STAT }, /* 18 = ibcs2_stat */ + { SYF_MPSAFE | AS(ibcs2_lseek_args), (sy_call_t *)ibcs2_lseek, AUE_LSEEK }, /* 19 = ibcs2_lseek */ { SYF_MPSAFE | 0, (sy_call_t *)getpid, AUE_NULL }, /* 20 = getpid */ - { AS(ibcs2_mount_args), (sy_call_t *)ibcs2_mount, AUE_NULL }, /* 21 = ibcs2_mount */ - { AS(ibcs2_umount_args), (sy_call_t *)ibcs2_umount, AUE_NULL }, /* 22 = ibcs2_umount */ - { SYF_MPSAFE | AS(ibcs2_setuid_args), (sy_call_t *)ibcs2_setuid, AUE_NULL }, /* 23 = ibcs2_setuid */ - { SYF_MPSAFE | 0, (sy_call_t *)getuid, AUE_NULL }, /* 24 = getuid */ - { SYF_MPSAFE | AS(ibcs2_stime_args), (sy_call_t *)ibcs2_stime, AUE_NULL }, /* 25 = ibcs2_stime */ - { SYF_MPSAFE | AS(ptrace_args), (sy_call_t *)ptrace, AUE_NULL }, /* 26 = ptrace */ + { AS(ibcs2_mount_args), (sy_call_t *)ibcs2_mount, AUE_MOUNT }, /* 21 = ibcs2_mount */ + { AS(ibcs2_umount_args), (sy_call_t *)ibcs2_umount, AUE_UMOUNT }, /* 22 = ibcs2_umount */ + { SYF_MPSAFE | AS(ibcs2_setuid_args), (sy_call_t *)ibcs2_setuid, AUE_SETUID }, /* 23 = ibcs2_setuid */ + { SYF_MPSAFE | 0, (sy_call_t *)getuid, AUE_GETUID }, /* 24 = getuid */ + { SYF_MPSAFE | AS(ibcs2_stime_args), (sy_call_t *)ibcs2_stime, AUE_SETTIMEOFDAY }, /* 25 = ibcs2_stime */ + { SYF_MPSAFE | AS(ptrace_args), (sy_call_t *)ptrace, AUE_PTRACE }, /* 26 = ptrace */ { SYF_MPSAFE | AS(ibcs2_alarm_args), (sy_call_t *)ibcs2_alarm, AUE_NULL }, /* 27 = ibcs2_alarm */ - { SYF_MPSAFE | AS(ibcs2_fstat_args), (sy_call_t *)ibcs2_fstat, AUE_NULL }, /* 28 = ibcs2_fstat */ + { SYF_MPSAFE | AS(ibcs2_fstat_args), (sy_call_t *)ibcs2_fstat, AUE_FSTAT }, /* 28 = ibcs2_fstat */ { SYF_MPSAFE | 0, (sy_call_t *)ibcs2_pause, AUE_NULL }, /* 29 = ibcs2_pause */ { SYF_MPSAFE | AS(ibcs2_utime_args), (sy_call_t *)ibcs2_utime, AUE_NULL }, /* 30 = ibcs2_utime */ { SYF_MPSAFE | AS(ibcs2_stty_args), (sy_call_t *)ibcs2_stty, AUE_NULL }, /* 31 = ibcs2_stty */ { SYF_MPSAFE | AS(ibcs2_gtty_args), (sy_call_t *)ibcs2_gtty, AUE_NULL }, /* 32 = ibcs2_gtty */ - { SYF_MPSAFE | AS(ibcs2_access_args), (sy_call_t *)ibcs2_access, AUE_NULL }, /* 33 = ibcs2_access */ - { SYF_MPSAFE | AS(ibcs2_nice_args), (sy_call_t *)ibcs2_nice, AUE_NULL }, /* 34 = ibcs2_nice */ - { SYF_MPSAFE | AS(ibcs2_statfs_args), (sy_call_t *)ibcs2_statfs, AUE_NULL }, /* 35 = ibcs2_statfs */ + { SYF_MPSAFE | AS(ibcs2_access_args), (sy_call_t *)ibcs2_access, AUE_ACCESS }, /* 33 = ibcs2_access */ + { SYF_MPSAFE | AS(ibcs2_nice_args), (sy_call_t *)ibcs2_nice, AUE_NICE }, /* 34 = ibcs2_nice */ + { SYF_MPSAFE | AS(ibcs2_statfs_args), (sy_call_t *)ibcs2_statfs, AUE_STATFS }, /* 35 = ibcs2_statfs */ { SYF_MPSAFE | 0, (sy_call_t *)sync, AUE_NULL }, /* 36 = sync */ - { SYF_MPSAFE | AS(ibcs2_kill_args), (sy_call_t *)ibcs2_kill, AUE_NULL }, /* 37 = ibcs2_kill */ - { SYF_MPSAFE | AS(ibcs2_fstatfs_args), (sy_call_t *)ibcs2_fstatfs, AUE_NULL }, /* 38 = ibcs2_fstatfs */ + { SYF_MPSAFE | AS(ibcs2_kill_args), (sy_call_t *)ibcs2_kill, AUE_KILL }, /* 37 = ibcs2_kill */ + { SYF_MPSAFE | AS(ibcs2_fstatfs_args), (sy_call_t *)ibcs2_fstatfs, AUE_FSTATFS }, /* 38 = ibcs2_fstatfs */ { SYF_MPSAFE | AS(ibcs2_pgrpsys_args), (sy_call_t *)ibcs2_pgrpsys, AUE_NULL }, /* 39 = ibcs2_pgrpsys */ { SYF_MPSAFE | AS(ibcs2_xenix_args), (sy_call_t *)ibcs2_xenix, AUE_NULL }, /* 40 = ibcs2_xenix */ { SYF_MPSAFE | AS(dup_args), (sy_call_t *)dup, AUE_NULL }, /* 41 = dup */ - { SYF_MPSAFE | 0, (sy_call_t *)pipe, AUE_NULL }, /* 42 = pipe */ + { SYF_MPSAFE | 0, (sy_call_t *)pipe, AUE_PIPE }, /* 42 = pipe */ { SYF_MPSAFE | AS(ibcs2_times_args), (sy_call_t *)ibcs2_times, AUE_NULL }, /* 43 = ibcs2_times */ - { SYF_MPSAFE | AS(profil_args), (sy_call_t *)profil, AUE_NULL }, /* 44 = profil */ + { SYF_MPSAFE | AS(profil_args), (sy_call_t *)profil, AUE_PROFILE }, /* 44 = profil */ { SYF_MPSAFE | AS(ibcs2_plock_args), (sy_call_t *)ibcs2_plock, AUE_NULL }, /* 45 = ibcs2_plock */ - { SYF_MPSAFE | AS(ibcs2_setgid_args), (sy_call_t *)ibcs2_setgid, AUE_NULL }, /* 46 = ibcs2_setgid */ - { SYF_MPSAFE | 0, (sy_call_t *)getgid, AUE_NULL }, /* 47 = getgid */ + { SYF_MPSAFE | AS(ibcs2_setgid_args), (sy_call_t *)ibcs2_setgid, AUE_SETGID }, /* 46 = ibcs2_setgid */ + { SYF_MPSAFE | 0, (sy_call_t *)getgid, AUE_GETGID }, /* 47 = getgid */ { SYF_MPSAFE | AS(ibcs2_sigsys_args), (sy_call_t *)ibcs2_sigsys, AUE_NULL }, /* 48 = ibcs2_sigsys */ - { AS(ibcs2_msgsys_args), (sy_call_t *)ibcs2_msgsys, AUE_NULL }, /* 49 = ibcs2_msgsys */ + { AS(ibcs2_msgsys_args), (sy_call_t *)ibcs2_msgsys, AUE_MSGSYS }, /* 49 = ibcs2_msgsys */ { SYF_MPSAFE | AS(ibcs2_sysi86_args), (sy_call_t *)ibcs2_sysi86, AUE_NULL }, /* 50 = ibcs2_sysi86 */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 51 = ibcs2_acct */ - { AS(ibcs2_shmsys_args), (sy_call_t *)ibcs2_shmsys, AUE_NULL }, /* 52 = ibcs2_shmsys */ - { AS(ibcs2_semsys_args), (sy_call_t *)ibcs2_semsys, AUE_NULL }, /* 53 = ibcs2_semsys */ - { AS(ibcs2_ioctl_args), (sy_call_t *)ibcs2_ioctl, AUE_NULL }, /* 54 = ibcs2_ioctl */ + { AS(ibcs2_shmsys_args), (sy_call_t *)ibcs2_shmsys, AUE_SHMSYS }, /* 52 = ibcs2_shmsys */ + { AS(ibcs2_semsys_args), (sy_call_t *)ibcs2_semsys, AUE_SEMSYS }, /* 53 = ibcs2_semsys */ + { AS(ibcs2_ioctl_args), (sy_call_t *)ibcs2_ioctl, AUE_IOCTL }, /* 54 = ibcs2_ioctl */ { SYF_MPSAFE | AS(ibcs2_uadmin_args), (sy_call_t *)ibcs2_uadmin, AUE_NULL }, /* 55 = ibcs2_uadmin */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 56 = nosys */ { SYF_MPSAFE | AS(ibcs2_utssys_args), (sy_call_t *)ibcs2_utssys, AUE_NULL }, /* 57 = ibcs2_utssys */ - { SYF_MPSAFE | AS(fsync_args), (sy_call_t *)fsync, AUE_NULL }, /* 58 = fsync */ - { SYF_MPSAFE | AS(ibcs2_execve_args), (sy_call_t *)ibcs2_execve, AUE_NULL }, /* 59 = ibcs2_execve */ - { SYF_MPSAFE | AS(umask_args), (sy_call_t *)umask, AUE_NULL }, /* 60 = umask */ - { SYF_MPSAFE | AS(chroot_args), (sy_call_t *)chroot, AUE_NULL }, /* 61 = chroot */ - { SYF_MPSAFE | AS(ibcs2_fcntl_args), (sy_call_t *)ibcs2_fcntl, AUE_NULL }, /* 62 = ibcs2_fcntl */ + { SYF_MPSAFE | AS(fsync_args), (sy_call_t *)fsync, AUE_FSYNC }, /* 58 = fsync */ + { SYF_MPSAFE | AS(ibcs2_execve_args), (sy_call_t *)ibcs2_execve, AUE_EXECVE }, /* 59 = ibcs2_execve */ + { SYF_MPSAFE | AS(umask_args), (sy_call_t *)umask, AUE_UMASK }, /* 60 = umask */ + { SYF_MPSAFE | AS(chroot_args), (sy_call_t *)chroot, AUE_CHROOT }, /* 61 = chroot */ + { SYF_MPSAFE | AS(ibcs2_fcntl_args), (sy_call_t *)ibcs2_fcntl, AUE_FCNTL }, /* 62 = ibcs2_fcntl */ { SYF_MPSAFE | AS(ibcs2_ulimit_args), (sy_call_t *)ibcs2_ulimit, AUE_NULL }, /* 63 = ibcs2_ulimit */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 64 = reserved for unix/pc */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 65 = reserved for unix/pc */ @@ -97,20 +97,20 @@ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 76 = obsolete rfs_rdebug */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 77 = obsolete rfs_rfstop */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 78 = rfs_rfsys */ - { SYF_MPSAFE | AS(ibcs2_rmdir_args), (sy_call_t *)ibcs2_rmdir, AUE_NULL }, /* 79 = ibcs2_rmdir */ - { SYF_MPSAFE | AS(ibcs2_mkdir_args), (sy_call_t *)ibcs2_mkdir, AUE_NULL }, /* 80 = ibcs2_mkdir */ - { AS(ibcs2_getdents_args), (sy_call_t *)ibcs2_getdents, AUE_NULL }, /* 81 = ibcs2_getdents */ + { SYF_MPSAFE | AS(ibcs2_rmdir_args), (sy_call_t *)ibcs2_rmdir, AUE_RMDIR }, /* 79 = ibcs2_rmdir */ + { SYF_MPSAFE | AS(ibcs2_mkdir_args), (sy_call_t *)ibcs2_mkdir, AUE_MKDIR }, /* 80 = ibcs2_mkdir */ + { AS(ibcs2_getdents_args), (sy_call_t *)ibcs2_getdents, AUE_GETDIRENTRIES }, /* 81 = ibcs2_getdents */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 82 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 83 = nosys */ { SYF_MPSAFE | AS(ibcs2_sysfs_args), (sy_call_t *)ibcs2_sysfs, AUE_NULL }, /* 84 = ibcs2_sysfs */ - { SYF_MPSAFE | AS(ibcs2_getmsg_args), (sy_call_t *)ibcs2_getmsg, AUE_NULL }, /* 85 = ibcs2_getmsg */ - { SYF_MPSAFE | AS(ibcs2_putmsg_args), (sy_call_t *)ibcs2_putmsg, AUE_NULL }, /* 86 = ibcs2_putmsg */ - { AS(ibcs2_poll_args), (sy_call_t *)ibcs2_poll, AUE_NULL }, /* 87 = ibcs2_poll */ + { SYF_MPSAFE | AS(ibcs2_getmsg_args), (sy_call_t *)ibcs2_getmsg, AUE_GETMSG }, /* 85 = ibcs2_getmsg */ + { SYF_MPSAFE | AS(ibcs2_putmsg_args), (sy_call_t *)ibcs2_putmsg, AUE_PUTMSG }, /* 86 = ibcs2_putmsg */ + { AS(ibcs2_poll_args), (sy_call_t *)ibcs2_poll, AUE_POLL }, /* 87 = ibcs2_poll */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 88 = nosys */ { SYF_MPSAFE | AS(ibcs2_secure_args), (sy_call_t *)ibcs2_secure, AUE_NULL }, /* 89 = ibcs2_secure */ - { SYF_MPSAFE | AS(ibcs2_symlink_args), (sy_call_t *)ibcs2_symlink, AUE_NULL }, /* 90 = ibcs2_symlink */ - { SYF_MPSAFE | AS(ibcs2_lstat_args), (sy_call_t *)ibcs2_lstat, AUE_NULL }, /* 91 = ibcs2_lstat */ - { SYF_MPSAFE | AS(ibcs2_readlink_args), (sy_call_t *)ibcs2_readlink, AUE_NULL }, /* 92 = ibcs2_readlink */ + { SYF_MPSAFE | AS(ibcs2_symlink_args), (sy_call_t *)ibcs2_symlink, AUE_SYMLINK }, /* 90 = ibcs2_symlink */ + { SYF_MPSAFE | AS(ibcs2_lstat_args), (sy_call_t *)ibcs2_lstat, AUE_LSTAT }, /* 91 = ibcs2_lstat */ + { SYF_MPSAFE | AS(ibcs2_readlink_args), (sy_call_t *)ibcs2_readlink, AUE_READLINK }, /* 92 = ibcs2_readlink */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 93 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 94 = nosys */ { 0, (sy_call_t *)nosys, AUE_NULL }, /* 95 = nosys */ ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/ibcs2_xenix.c#10 (text+ko) ==== @@ -29,7 +29,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/i386/ibcs2/ibcs2_xenix.c,v 1.35 2005/07/07 19:28:55 jhb Exp $"); +__FBSDID("$FreeBSD: src/sys/i386/ibcs2/ibcs2_xenix.c,v 1.36 2006/02/06 22:00:52 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -216,7 +216,7 @@ bsd_flags |= X_OK; CHECKALTEXIST(td, uap->path, &path); - error = kern_access(td, path, UIO_SYSSPACE, bsd_flags); + error = kern_eaccess(td, path, UIO_SYSSPACE, bsd_flags); free(path, M_TEMP); return (error); } ==== //depot/projects/trustedbsd/base/sys/i386/ibcs2/syscalls.master#9 (text+ko) ==== @@ -1,10 +1,10 @@ - $FreeBSD: src/sys/i386/ibcs2/syscalls.master,v 1.21 2005/07/13 20:32:42 jhb Exp $ + $FreeBSD: src/sys/i386/ibcs2/syscalls.master,v 1.22 2006/02/06 22:14:50 rwatson Exp $ ; @(#)syscalls.master 8.1 (Berkeley) 7/19/93 ; System call name/number master file (or rather, slave, from IBCS2). ; Processed to created ibcs2_sysent.c, ibcs2_syscalls.c and ibcs2_syscall.h. -; Columns: number type nargs name alt{name,tag,rtyp}/comments +; Columns: number audit type nargs name alt{name,tag,rtyp}/comments ; number system call number, must be in order ; audit the audit event associated with the system call ; A value of AUE_NULL means no auditing, but it also means that @@ -36,45 +36,45 @@ ; #ifdef's, etc. may be included, and are copied to the output files. 0 AUE_NULL MNOPROTO { int nosys(void); } syscall nosys_args int -1 AUE_NULL MNOPROTO { void sys_exit(int rval); } exit \ +1 AUE_EXIT MNOPROTO { void sys_exit(int rval); } exit \ sys_exit_args void -2 AUE_NULL MNOPROTO { int fork(void); } +2 AUE_FORK MNOPROTO { int fork(void); } 3 AUE_NULL STD { int ibcs2_read(int fd, char *buf, \ u_int nbytes); } 4 AUE_NULL MNOPROTO { int write(int fd, char *buf, \ u_int nbytes); } -5 AUE_NULL MSTD { int ibcs2_open(char *path, int flags, \ +5 AUE_OPEN_RWTC MSTD { int ibcs2_open(char *path, int flags, \ int mode); } -6 AUE_NULL MNOPROTO { int close(int fd); } -7 AUE_NULL MSTD { int ibcs2_wait(int a1, int a2, int a3); } -8 AUE_NULL MSTD { int ibcs2_creat(char *path, int mode); } -9 AUE_NULL MNOPROTO { int link(char *path, char *link); } -10 AUE_NULL MSTD { int ibcs2_unlink(char *path); } -11 AUE_NULL MSTD { int ibcs2_execv(char *path, char **argp); } -12 AUE_NULL MSTD { int ibcs2_chdir(char *path); } +6 AUE_CLOSE MNOPROTO { int close(int fd); } +7 AUE_WAIT4 MSTD { int ibcs2_wait(int a1, int a2, int a3); } +8 AUE_CREAT MSTD { int ibcs2_creat(char *path, int mode); } +9 AUE_LINK MNOPROTO { int link(char *path, char *link); } +10 AUE_UNLINK MSTD { int ibcs2_unlink(char *path); } +11 AUE_EXECVE MSTD { int ibcs2_execv(char *path, char **argp); } +12 AUE_CHDIR MSTD { int ibcs2_chdir(char *path); } 13 AUE_NULL MSTD { int ibcs2_time(ibcs2_time_t *tp); } -14 AUE_NULL MSTD { int ibcs2_mknod(char* path, int mode, \ +14 AUE_MKNOD MSTD { int ibcs2_mknod(char* path, int mode, \ int dev); } -15 AUE_NULL MSTD { int ibcs2_chmod(char *path, int mode); } -16 AUE_NULL MSTD { int ibcs2_chown(char *path, int uid, \ +15 AUE_CHMOD MSTD { int ibcs2_chmod(char *path, int mode); } +16 AUE_CHOWN MSTD { int ibcs2_chown(char *path, int uid, \ int gid); } 17 AUE_NULL MNOPROTO { int obreak(caddr_t nsize); } -18 AUE_NULL MSTD { int ibcs2_stat(char* path, \ +18 AUE_STAT MSTD { int ibcs2_stat(char* path, \ struct ibcs2_stat *st); } -19 AUE_NULL MSTD { long ibcs2_lseek(int fd, long offset, \ +19 AUE_LSEEK MSTD { long ibcs2_lseek(int fd, long offset, \ int whence); } 20 AUE_NULL MNOPROTO { pid_t getpid(void); } -21 AUE_NULL STD { int ibcs2_mount(char *special, char *dir, \ +21 AUE_MOUNT STD { int ibcs2_mount(char *special, char *dir, \ int flags, int fstype, char *data, \ int len); } -22 AUE_NULL STD { int ibcs2_umount(char *name); } -23 AUE_NULL MSTD { int ibcs2_setuid(int uid); } -24 AUE_NULL MNOPROTO { uid_t getuid(void); } -25 AUE_NULL MSTD { int ibcs2_stime(long *timep); } -26 AUE_NULL MNOPROTO { int ptrace(int req, pid_t pid, \ +22 AUE_UMOUNT STD { int ibcs2_umount(char *name); } +23 AUE_SETUID MSTD { int ibcs2_setuid(int uid); } +24 AUE_GETUID MNOPROTO { uid_t getuid(void); } +25 AUE_SETTIMEOFDAY MSTD { int ibcs2_stime(long *timep); } +26 AUE_PTRACE MNOPROTO { int ptrace(int req, pid_t pid, \ caddr_t addr, int data); } 27 AUE_NULL MSTD { int ibcs2_alarm(unsigned sec); } -28 AUE_NULL MSTD { int ibcs2_fstat(int fd, \ +28 AUE_FSTAT MSTD { int ibcs2_fstat(int fd, \ struct ibcs2_stat *st); } 29 AUE_NULL MSTD { int ibcs2_pause(void); } 30 AUE_NULL MSTD { int ibcs2_utime(char *path, \ @@ -83,14 +83,14 @@ struct sgttyb *buf); } 32 AUE_NULL MSTD { int ibcs2_gtty(int fd, \ struct sgttyb *buf); } -33 AUE_NULL MSTD { int ibcs2_access(char *path, int flags); } -34 AUE_NULL MSTD { int ibcs2_nice(int incr); } -35 AUE_NULL MSTD { int ibcs2_statfs(char *path, \ +33 AUE_ACCESS MSTD { int ibcs2_access(char *path, int flags); } +34 AUE_NICE MSTD { int ibcs2_nice(int incr); } +35 AUE_STATFS MSTD { int ibcs2_statfs(char *path, \ struct ibcs2_statfs *buf, int len, \ int fstype); } 36 AUE_NULL MNOPROTO { int sync(void); } -37 AUE_NULL MSTD { int ibcs2_kill(int pid, int signo); } -38 AUE_NULL MSTD { int ibcs2_fstatfs(int fd, \ +37 AUE_KILL MSTD { int ibcs2_kill(int pid, int signo); } +38 AUE_FSTATFS MSTD { int ibcs2_fstatfs(int fd, \ struct ibcs2_statfs *buf, int len, \ int fstype); } 39 AUE_NULL MSTD { int ibcs2_pgrpsys(int type, caddr_t dummy, \ @@ -98,35 +98,35 @@ 40 AUE_NULL MSTD { int ibcs2_xenix(int a1, int a2, int a3, \ int a4, int a5); } 41 AUE_NULL MNOPROTO { int dup(u_int fd); } -42 AUE_NULL MNOPROTO { int pipe(void); } +42 AUE_PIPE MNOPROTO { int pipe(void); } 43 AUE_NULL MSTD { int ibcs2_times(struct tms *tp); } -44 AUE_NULL MNOPROTO { int profil(caddr_t samples, u_int size, \ +44 AUE_PROFILE MNOPROTO { int profil(caddr_t samples, u_int size, \ u_int offset, u_int scale); } 45 AUE_NULL MSTD { int ibcs2_plock(int cmd); } -46 AUE_NULL MSTD { int ibcs2_setgid(int gid); } -47 AUE_NULL MNOPROTO { gid_t getgid(void); } +46 AUE_SETGID MSTD { int ibcs2_setgid(int gid); } +47 AUE_GETGID MNOPROTO { gid_t getgid(void); } 48 AUE_NULL MSTD { int ibcs2_sigsys(int sig, ibcs2_sig_t fp); } -49 AUE_NULL STD { int ibcs2_msgsys(int which, int a2, \ +49 AUE_MSGSYS STD { int ibcs2_msgsys(int which, int a2, \ int a3, int a4, int a5, int a6); } 50 AUE_NULL MSTD { int ibcs2_sysi86(int cmd, int *arg); } 51 AUE_NULL UNIMPL ibcs2_acct -52 AUE_NULL STD { int ibcs2_shmsys(int which, int a2, \ +52 AUE_SHMSYS STD { int ibcs2_shmsys(int which, int a2, \ int a3, int a4); } -53 AUE_NULL STD { int ibcs2_semsys(int which, int a2, \ +53 AUE_SEMSYS STD { int ibcs2_semsys(int which, int a2, \ int a3, int a4, int a5); } -54 AUE_NULL STD { int ibcs2_ioctl(int fd, int cmd, \ +54 AUE_IOCTL STD { int ibcs2_ioctl(int fd, int cmd, \ caddr_t data); } 55 AUE_NULL MSTD { int ibcs2_uadmin(int cmd, int func, \ caddr_t data); } 56 AUE_NULL UNIMPL nosys 57 AUE_NULL MSTD { int ibcs2_utssys(int a1, int a2, \ int flag); } -58 AUE_NULL MNOPROTO { int fsync(int fd); } -59 AUE_NULL MSTD { int ibcs2_execve(char *path, char **argp, \ +58 AUE_FSYNC MNOPROTO { int fsync(int fd); } +59 AUE_EXECVE MSTD { int ibcs2_execve(char *path, char **argp, \ char **envp); } -60 AUE_NULL MNOPROTO { int umask(int newmask); } -61 AUE_NULL MNOPROTO { int chroot(char *path); } -62 AUE_NULL MSTD { int ibcs2_fcntl(int fd, int cmd, \ +60 AUE_UMASK MNOPROTO { int umask(int newmask); } +61 AUE_CHROOT MNOPROTO { int chroot(char *path); } +62 AUE_FCNTL MSTD { int ibcs2_fcntl(int fd, int cmd, \ char *arg); } 63 AUE_NULL MSTD { long ibcs2_ulimit(int cmd, int newlimit); } 64 AUE_NULL UNIMPL reserved for unix/pc @@ -144,30 +144,30 @@ 76 AUE_NULL OBSOL rfs_rdebug 77 AUE_NULL OBSOL rfs_rfstop 78 AUE_NULL UNIMPL rfs_rfsys -79 AUE_NULL MSTD { int ibcs2_rmdir(char *path); } -80 AUE_NULL MSTD { int ibcs2_mkdir(char *path, int mode); } -81 AUE_NULL STD { int ibcs2_getdents(int fd, char *buf, \ +79 AUE_RMDIR MSTD { int ibcs2_rmdir(char *path); } +80 AUE_MKDIR MSTD { int ibcs2_mkdir(char *path, int mode); } +81 AUE_GETDIRENTRIES STD { int ibcs2_getdents(int fd, char *buf, \ int nbytes); } 82 AUE_NULL UNIMPL nosys 83 AUE_NULL UNIMPL nosys 84 AUE_NULL MSTD { int ibcs2_sysfs(int cmd, caddr_t d1, \ char *buf); } -85 AUE_NULL MSTD { int ibcs2_getmsg(int fd, \ +85 AUE_GETMSG MSTD { int ibcs2_getmsg(int fd, \ struct ibcs2_stropts *ctl, \ struct ibcs2_stropts *dat, int *flags); } -86 AUE_NULL MSTD { int ibcs2_putmsg(int fd, \ +86 AUE_PUTMSG MSTD { int ibcs2_putmsg(int fd, \ struct ibcs2_stropts *ctl, \ struct ibcs2_stropts *dat, int flags); } -87 AUE_NULL STD { int ibcs2_poll(struct ibcs2_poll *fds, \ +87 AUE_POLL STD { int ibcs2_poll(struct ibcs2_poll *fds, \ long nfds, int timeout); } 88 AUE_NULL UNIMPL nosys 89 AUE_NULL MSTD { int ibcs2_secure(int cmd, int a1, int a2, \ int a3, int a4, int a5); } -90 AUE_NULL MSTD { int ibcs2_symlink(char *path, \ +90 AUE_SYMLINK MSTD { int ibcs2_symlink(char *path, \ char *link); } -91 AUE_NULL MSTD { int ibcs2_lstat(char *path, \ +91 AUE_LSTAT MSTD { int ibcs2_lstat(char *path, \ struct ibcs2_stat *st); } -92 AUE_NULL MSTD { int ibcs2_readlink(char *path, char *buf, \ +92 AUE_READLINK MSTD { int ibcs2_readlink(char *path, char *buf, \ int count); } 93 AUE_NULL UNIMPL nosys 94 AUE_NULL UNIMPL nosys ==== //depot/projects/trustedbsd/base/sys/i386/linux/linux_machdep.c#20 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/i386/linux/linux_machdep.c,v 1.49 2005/08/01 17:35:48 sobomax Exp $"); +__FBSDID("$FreeBSD: src/sys/i386/linux/linux_machdep.c,v 1.50 2006/02/06 22:06:53 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -122,7 +122,6 @@ free(newpath, M_TEMP); if (error == 0) error = kern_execve(td, &eargs, NULL); - exec_free_args(&eargs); return (error); } ==== //depot/projects/trustedbsd/base/sys/kern/kern_exec.c#56 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.288 2006/02/02 08:39:39 jeff Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.289 2006/02/06 22:06:54 jhb Exp $"); #include "opt_hwpmc_hooks.h" #include "opt_ktrace.h" @@ -86,6 +86,7 @@ static int sysctl_kern_stackprot(SYSCTL_HANDLER_ARGS); static int do_execve(struct thread *td, struct image_args *args, struct mac *mac_p); +static void exec_free_args(struct image_args *); /* XXX This should be vm_size_t. */ SYSCTL_PROC(_kern, KERN_PS_STRINGS, ps_strings, CTLTYPE_ULONG|CTLFLAG_RD, @@ -181,12 +182,8 @@ error = exec_copyin_args(&args, uap->fname, UIO_USERSPACE, uap->argv, uap->envv); - if (error == 0) error = kern_execve(td, &args, NULL); - - exec_free_args(&args); - return (error); } @@ -218,12 +215,8 @@ error = exec_copyin_args(&args, uap->fname, UIO_USERSPACE, uap->argv, uap->envv); - if (error == 0) error = kern_execve(td, &args, uap->mac_p); - - exec_free_args(&args); - return (error); #else return (ENOSYS); @@ -776,19 +769,6 @@ p->p_flag &= ~P_INEXEC; PROC_UNLOCK(p); - if (imgp->vmspace_destroyed) { - /* sorry, no more process anymore. exit gracefully */ -#ifdef MAC - mac_execve_exit(imgp); - if (interplabel != NULL) - mac_vnode_label_free(interplabel); -#endif - VFS_UNLOCK_GIANT(vfslocked); - exec_free_args(args); - exit1(td, W_EXITCODE(0, SIGABRT)); - /* NOT REACHED */ - error = 0; - } done2: #ifdef MAC mac_execve_exit(imgp); @@ -796,6 +776,13 @@ mac_vnode_label_free(interplabel); #endif VFS_UNLOCK_GIANT(vfslocked); + exec_free_args(args); + + if (error && imgp->vmspace_destroyed) { + /* sorry, no more process anymore. exit gracefully */ + exit1(td, W_EXITCODE(0, SIGABRT)); + /* NOT REACHED */ + } return (error); } @@ -1036,7 +1023,7 @@ return (0); } -void +static void exec_free_args(struct image_args *args) { ==== //depot/projects/trustedbsd/base/sys/kern/kern_exit.c#48 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_exit.c,v 1.280 2006/02/06 00:19:09 wsalamon Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_exit.c,v 1.281 2006/02/06 21:56:13 jhb Exp $"); #include "opt_compat.h" #include "opt_ktrace.h" @@ -508,12 +508,6 @@ psignal(p->p_pptr, p->p_sigparent); } PROC_UNLOCK(p->p_pptr); - - /* - * If this is a kthread, then wakeup anyone waiting for it to exit. - */ - if (p->p_flag & P_KTHREAD) - wakeup(p); PROC_UNLOCK(p); /* ==== //depot/projects/trustedbsd/base/sys/kern/kern_fork.c#51 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_fork.c,v 1.255 2006/02/06 00:28:50 wsalamon Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_fork.c,v 1.256 2006/02/06 21:54:47 jhb Exp $"); #include "opt_ktrace.h" #include "opt_mac.h" @@ -805,14 +805,11 @@ * Check if a kernel thread misbehaved and returned from its main * function. */ - PROC_LOCK(p); if (p->p_flag & P_KTHREAD) { - PROC_UNLOCK(p); printf("Kernel thread \"%s\" (pid %d) exited prematurely.\n", p->p_comm, p->p_pid); kthread_exit(0); } - PROC_UNLOCK(p); mtx_assert(&Giant, MA_NOTOWNED); } ==== //depot/projects/trustedbsd/base/sys/kern/kern_kse.c#9 (text+ko) ==== @@ -27,7 +27,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_kse.c,v 1.220 2005/11/03 04:49:16 davidxu Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_kse.c,v 1.221 2006/02/06 22:06:54 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -266,7 +266,6 @@ args.argv, args.envp); if (error == 0) error = kern_execve(td, &iargs, NULL); - exec_free_args(&iargs); if (error == 0) { PROC_LOCK(p); SIGSETOR(td->td_siglist, args.sigpend); ==== //depot/projects/trustedbsd/base/sys/kern/kern_kthread.c#13 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_kthread.c,v 1.34 2005/01/06 23:35:39 imp Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_kthread.c,v 1.35 2006/02/06 21:56:13 jhb Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -129,11 +129,23 @@ td = curthread; p = td->td_proc; + + /* + * Reparent curthread from proc0 to init so that the zombie + * is harvested. + */ sx_xlock(&proctree_lock); PROC_LOCK(p); proc_reparent(p, initproc); PROC_UNLOCK(p); sx_xunlock(&proctree_lock); + + /* + * Wakeup anyone waiting for us to exit. + */ + wakeup(p); + + /* Buh-bye! */ exit1(td, W_EXITCODE(ecode, 0)); } ==== //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#66 (text+ko) ==== @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.404 2006/02/06 10:15:27 jeff Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/vfs_syscalls.c,v 1.405 2006/02/06 22:00:52 jhb Exp $"); #include "opt_compat.h" #include "opt_mac.h" @@ -1915,18 +1915,24 @@ int flags; } */ *uap; { + + return (kern_eaccess(td, uap->path, UIO_USERSPACE, uap->flags)); +} + +int +kern_eaccess(struct thread *td, char *path, enum uio_seg pathseg, int flags) +{ struct nameidata nd; struct vnode *vp; int vfslocked; int error; - NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, UIO_USERSPACE, - uap->path, td); + NDINIT(&nd, LOOKUP, FOLLOW | LOCKLEAF | MPSAFE, pathseg, path, td); if ((error = namei(&nd)) != 0) return (error); vp = nd.ni_vp; vfslocked = NDHASGIANT(&nd); - error = vn_access(vp, uap->flags, td->td_ucred, td); + error = vn_access(vp, flags, td->td_ucred, td); NDFREE(&nd, NDF_ONLY_PNBUF); vput(vp); VFS_UNLOCK_GIANT(vfslocked); ==== //depot/projects/trustedbsd/base/sys/security/audit/audit.c#2 (text) ==== @@ -1,5 +1,6 @@ /* * Copyright (c) 1999-2005 Apple Computer, Inc. + * Copyright (c) 2006 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -26,7 +27,7 @@ * IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE * POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/security/audit/audit.c,v 1.3 2006/02/05 21:06:09 rwatson Exp $ + * $FreeBSD: src/sys/security/audit/audit.c,v 1.5 2006/02/06 22:50:39 rwatson Exp $ */ #include <sys/param.h> @@ -56,14 +57,17 @@ #include <sys/unistd.h> #include <sys/vnode.h> +#include <bsm/audit.h> +#include <bsm/audit_kevents.h> + #include <netinet/in.h> #include <netinet/in_pcb.h> -#include <bsm/audit.h> -#include <bsm/audit_kevents.h> #include <security/audit/audit.h> #include <security/audit/audit_private.h> +#include <vm/uma.h> + /* * The AUDIT_EXCESSIVELY_VERBOSE define enables a number of * gratuitously noisy printf's to the console. Due to the @@ -77,8 +81,8 @@ #define AUDIT_PRINTF(X) #endif +static uma_zone_t audit_record_zone; static MALLOC_DEFINE(M_AUDITPROC, "audit_proc", "Audit process storage"); -static MALLOC_DEFINE(M_AUDITREC, "audit_rec", "Audit event records"); MALLOC_DEFINE(M_AUDITDATA, "audit_data", "Audit data storage"); MALLOC_DEFINE(M_AUDITPATH, "audit_path", "Audit path storage"); MALLOC_DEFINE(M_AUDITTEXT, "audit_text", "Audit text storage"); @@ -193,25 +197,58 @@ static int audit_file_rotate_wait; /* - * Perform a deep free of an audit record (core record and referenced objects) + * Construct an audit record for the passed thread. */ +static int +audit_record_ctor(void *mem, int size, void *arg, int flags) +{ + struct kaudit_record *ar; + struct thread *td; + + KASSERT(sizeof(*ar) == size, ("audit_record_ctor: wrong size")); + + td = arg; + ar = mem; + bzero(ar, sizeof(*ar)); + ar->k_ar.ar_magic = AUDIT_RECORD_MAGIC; + nanotime(&ar->k_ar.ar_starttime); + + /* + * Export the subject credential. + * + * XXXAUDIT: td_ucred access is OK without proc lock, but some other + * fields here may require the proc lock. + */ + cru2x(td->td_ucred, &ar->k_ar.ar_subj_cred); + ar->k_ar.ar_subj_ruid = td->td_ucred->cr_ruid; + ar->k_ar.ar_subj_rgid = td->td_ucred->cr_rgid; + ar->k_ar.ar_subj_egid = td->td_ucred->cr_groups[0]; + ar->k_ar.ar_subj_auid = td->td_proc->p_au->ai_auid; + ar->k_ar.ar_subj_asid = td->td_proc->p_au->ai_asid; + ar->k_ar.ar_subj_pid = td->td_proc->p_pid; + ar->k_ar.ar_subj_amask = td->td_proc->p_au->ai_mask; + ar->k_ar.ar_subj_term = td->td_proc->p_au->ai_termid; + bcopy(td->td_proc->p_comm, ar->k_ar.ar_subj_comm, MAXCOMLEN); + + return (0); +} + static void -audit_record_free(struct kaudit_record *ar) +audit_record_dtor(void *mem, int size, void *arg) { + struct kaudit_record *ar; + + KASSERT(sizeof(*ar) == size, ("audit_record_dtor: wrong size")); - if (ar->k_ar.ar_arg_upath1 != NULL) { + ar = mem; + if (ar->k_ar.ar_arg_upath1 != NULL) free(ar->k_ar.ar_arg_upath1, M_AUDITPATH); - } - if (ar->k_ar.ar_arg_upath2 != NULL) { + if (ar->k_ar.ar_arg_upath2 != NULL) free(ar->k_ar.ar_arg_upath2, M_AUDITPATH); - } - if (ar->k_ar.ar_arg_text != NULL) { >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200602062308.k16N8Yol011897>