cvs commit: src/usr.bin/fstat fstat.c

[Christian S.J. Peron]

csjp2005-11-05 23:38:08 UTC

  FreeBSD src repository

  Modified files:
usr.bin/fstatfstat.c 
  Log:
  Un-break processing of device major/minor values with fstat -n. We do
  this by accessing the cdev_priv element of the cdev structure. Looking
  forward we need a better way to handle this, as this structure shouldn't
  be frobbed by userspace.
  
  Submitted by:   Doug Steinwand
  PR: bin/88203
  MFC after:  1 week
  Discussed with: phk
  
  Revision  ChangesPath
  1.62  +5 -3  src/usr.bin/fstat/fstat.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/dev/aac aac.c

[Christian S.J. Peron]

csjp2005-11-08 16:28:19 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/dev/aac  aac.c 
  Log:
  MFC: Pickup I/O locks around aac_alloc_sync_fib().
  
  Revision   ChangesPath
  1.109.2.4  +6 -0  src/sys/dev/aac/aac.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_mib.c

[Christian S.J. Peron]

csjp2005-11-08 16:38:21 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/net  if_mib.c 
  Log:
  MFC Log:
Before we export network interface data through the ifmibdata structure,
OR the flags bits with the driver managed status flags.
  
  Revision  ChangesPath
  1.15.2.1  +1 -1  src/sys/net/if_mib.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_exit.c

[Christian S.J. Peron]

csjp2005-11-08 17:11:03 UTC

  FreeBSD src repository

  Modified files:
sys/kern kern_exit.c 
  Log:
  Giant clean up for exit(2)
  
  -Change unconditional aquisition of Giant to only pickup Giant if the vnode
   for the controlling tty resides on a non-mpsafe file system.
  -Pickup Giant around executable vnode reference counting operations only if
   the executable resides on a non-mpsafe file system.
  -If this process is being traced, pickup Giant for trace file reference count
   operations only if it resides on a non-mpsafe file system.
  
  Discussed with: jhb
  Tested by:  kris
  
  Revision  ChangesPath
  1.272 +7 -7  src/sys/kern/kern_exit.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_acl.c src/sys/sys acl.h kernel.h src/sys/ufs/ufs ufs_vnops.c

[Christian S.J. Peron]

csjp2005-11-12 20:55:59 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_acl.c 
sys/sys  acl.h kernel.h 
sys/ufs/ufs  ufs_vnops.c 
  Log:
  MFC  Log:
Convert the primary ACL allocator from malloc(9) to using a UMA zone 
instead.
Also introduce an aclinit function which will be used to create the UMA zone
for use by file systems at system start up.
  
  Revision   ChangesPath
  1.45.8.1   +13 -1 src/sys/kern/kern_acl.c
  1.28.2.1   +6 -7  src/sys/sys/acl.h
  1.126.2.1  +1 -0  src/sys/sys/kernel.h
  1.271.2.1  +19 -19src/sys/ufs/ufs/ufs_vnops.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/fstat fstat.c

[Christian S.J. Peron]

csjp2005-11-12 20:58:03 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
usr.bin/fstatfstat.c 
  Log:
  MFC  Log:
Un-break processing of device major/minor values with fstat -n. We do
this by accessing the cdev_priv element of the cdev structure. Looking
forward we need a better way to handle this, as this structure shouldn't
be frobbed by userspace.
  
  Revision  ChangesPath
  1.60.2.2  +5 -3  src/usr.bin/fstat/fstat.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/lockf lockf.c

[Christian S.J. Peron]

csjp2005-11-12 21:00:00 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
usr.bin/lockflockf.c 
  Log:
  Sync with head:
  
  -style(9) nits
  
  MFC Log:
Fix long standing race condition associated with how lockf uses open(2)
for mutual exclusion:
  
A brief description of the problem:
  
1) Proc A picks up non-blocking lock on file X
2) Proc B attempts to pickup lock, fails then waits
3) Proc C attempts to pickup lock, fails then waits
4) Proc A releases lock
5) Proc B acquires lock, release it to pickup a non-blocking version
6) Proc C acquires lock, release it to pickup a non-blocking version
7) Both process B and C race each other to pickup lock again
  
This occurs mainly because the processes do not keep the lock after they 
have
been waiting on it. They drop it, attempt to re-acquire it. (They use the 
wait
to notify when the lock has become available then race to pick it up). This
results in additional CPU utilization during the race, and can also result
in processes picking locks up out of order.
  
This change attempts to correct this problem by eliminating the test/acquire
race and having the operating system handle it.
  
  Revision  ChangesPath
  1.11.8.1  +93 -130   src/usr.bin/lockf/lockf.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/bin/cp cp.c extern.h utils.c src/bin/mv mv.c

[Christian S.J. Peron]

csjp2005-11-12 21:21:46 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
bin/cp   cp.c extern.h utils.c 
bin/mv   mv.c 
  Log:
  MFC Log:
Attempt to complete the userspace integration of POSIX.1e extended ACLs.
This includes adding support for ACLs into cp(1) and mv(1) userspace
utilities.
  
For mv(1), if _PC_ACL_EXTENDED is in effect for the source AND destination
operands, the destination file's ACLs shall reflect the source.
  
For cp(1), if _PC_ACL_EXTENDED is in effect for both source and destination
operands, and -p has been specified, the ACLs from the source shall be
preserved on the destination.
  
  Revision  ChangesPath
  1.51.2.1  +4 -1  src/bin/cp/cp.c
  1.19.8.1  +2 -0  src/bin/cp/extern.h
  1.45.2.1  +80 -0 src/bin/cp/utils.c
  1.45.2.1  +18 -1 src/bin/mv/mv.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_jail.c

[Christian S.J. Peron]

csjp2005-11-13 03:12:32 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_jail.c 
  Log:
  MFC revision 1.51
  Giant push down.
  
  Revision  ChangesPath
  1.50.2.1  +15 -16src/sys/kern/kern_jail.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_acl.c

[Christian S.J. Peron]

csjp2005-11-13 03:14:01 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_acl.c 
  Log:
  MFC revision 1.47
  Giant push down
  
  Revision  ChangesPath
  1.45.8.2  +45 -44src/sys/kern/kern_acl.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern syscalls.master vfs_syscalls.c

[Christian S.J. Peron]

csjp2005-11-21 01:12:38 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern syscalls.master vfs_syscalls.c 
  Log:
  MFC sycalls.master revision 1.199
  MFC vfs_syscalls.c revision 1.395
  
  - Push Giant down in for extended attributes
  - Mark extended attribute related system calls as being MP safe
  
  Revision   ChangesPath
  1.198.2.1  +13 -13src/sys/kern/syscalls.master
  1.392.2.3  +62 -29src/sys/kern/vfs_syscalls.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern init_sysent.c syscalls.c src/sys/sys syscall.h syscall.mk sysproto.h

[Christian S.J. Peron]

csjp2005-11-21 01:36:28 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern init_sysent.c syscalls.c 
sys/sys  syscall.h syscall.mk sysproto.h 
  Log:
  Regenerate "generated from" portions of various files after a:
  
  make sysent
  
  Revision   ChangesPath
  1.195.2.1  +14 -14src/sys/kern/init_sysent.c
  1.181.2.1  +1 -1  src/sys/kern/syscalls.c
  1.178.2.1  +1 -1  src/sys/sys/syscall.h
  1.133.2.1  +1 -1  src/sys/sys/syscall.mk
  1.177.2.1  +1 -1  src/sys/sys/sysproto.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac mac_process.c

[Christian S.J. Peron]

csjp2005-11-22 02:06:59 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/security/mac mac_process.c 
  Log:
  MFC revision 1.111
  MFC revision 1.110
  MFC revision 1.109
  
  - Lock the object while traversing the list of it's backing objects
  - Use the correct object while calculating offsets
  - Conditionally pickup Giant if debug.mpsafevfs == 0 or if the file
system is not marked as being MP safe.
  
  Revision   ChangesPath
  1.108.2.1  +13 -5 src/sys/security/mac/mac_process.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_mac.c

[Christian S.J. Peron]

csjp2005-11-22 02:12:09 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_mac.c 
  Log:
  MFC revision 1.119
  
  Giant push down
  
  Revision   ChangesPath
  1.117.2.1  +27 -34src/sys/kern/kern_mac.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: ports/net/ipex Makefile distinfo

[Christian S.J. Peron]

csjp2005-11-29 04:12:32 UTC

  FreeBSD ports repository (src committer)

  Modified files:
net/ipex Makefile distinfo 
  Log:
  Update 2.4.4 -> 3.0
  
  Approved by:lawrance
  
  Revision  ChangesPath
  1.14  +5 -1  ports/net/ipex/Makefile
  1.10  +3 -2  ports/net/ipex/distinfo
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/amd64/amd64 bpf_jit_machdep.c bpf_jit_machdep.h src/sys/conf files files.amd64 files.i386 options.amd64 options.i386 src/sys/i386/i386 bpf_jit_machdep.c bpf_jit_machdep.h src/s

[Christian S.J. Peron]

On Tue, Dec 06, 2005 at 02:58:12AM +, Jung-uk Kim wrote:
>   
>   Revision  ChangesPath
[..]
>   1.162 +54 -3 src/sys/net/bpf.c
>   1.1   +85 -0 src/sys/net/bpf_jitter.c (new)
>   1.1   +80 -0 src/sys/net/bpf_jitter.h (new)
[..]

BPFD_LOCK(d);
if (wfilter)
d->bd_wfilter = fcode;
else {
d->bd_rfilter = fcode;
#if BPF_JITTER
d->bd_bfilter = bpf_jitter(fcode, flen);
#endif

You are calling bpf_jitter() with a mutex held, and it looks like
bpf_jitter() will call malloc with M_WAITOK. Are you sure you want
to do this?


-- 
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_exit.c

[Christian S.J. Peron]

csjp2005-12-10 20:14:42 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_exit.c 
  Log:
  MFC revision 1.272
  Giant clean up for exit(2)
  
  Revision   ChangesPath
  1.263.2.5  +7 -7  src/sys/kern/kern_exit.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/netstat netstat.1

[Christian S.J. Peron]

csjp2005-12-18 19:38:43 UTC

  FreeBSD src repository

  Modified files:
usr.bin/netstat  netstat.1 
  Log:
  Provide some basic documentation explaining what the bpf(4) flags are
  supposed to mean. Also, add an external references for bpf now that we
  reference flags from that man page.
  
  Revision  ChangesPath
  1.56  +24 -0 src/usr.bin/netstat/netstat.1
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/kern vfs_syscalls.c

[Christian S.J. Peron]

On Tue, Dec 20, 2005 at 12:49:59AM +, Pawel Jakub Dawidek wrote:
> pjd 2005-12-20 00:49:59 UTC
> 
>   FreeBSD src repository
> 
>   Modified files:
> sys/kern vfs_syscalls.c 
>   Log:
>   Reduce Giant scope a bit, as fdrop() is believed to be MPSAFE.
>   The purpose of this change is consistency (not performance improvement:)),
>   as it was hard to tell if fdrop() is MPSAFE or not when I saw it sometimes
>   under the Giant and sometimes without it.
>   
>   Glanced at by:  ssouhlal, kan
>   
>   Revision  ChangesPath
>   1.396 +7 -9  src/sys/kern/vfs_syscalls.c

Did you check to make sure that all the fo_close() operations are MP safe? I
think we are safe in the common case, but we need to pay special attention
to edge cases like the ones in sys/opencrypto/cryptodev.c (cryptof_close()).
I am not sure that these operations are MP safe yet, in which case we might
run into problems without the Giant aquisition.

-- 
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/netstat Makefile bpf.c main.c netstat.1 netstat.h

[Christian S.J. Peron]

csjp2005-12-27 23:34:13 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
usr.bin/netstat  Makefile main.c netstat.1 netstat.h 
  Added files:   (Branch: RELENG_6)
usr.bin/netstat  bpf.c 
  Log:
  MFC bpf stats functionality into netstat
  
  Revision  ChangesPath
  1.26.2.2  +1 -1  src/usr.bin/netstat/Makefile
  1.5.2.1   +124 -0src/usr.bin/netstat/bpf.c (new)
  1.72.2.5  +11 -2 src/usr.bin/netstat/main.c
  1.50.8.3  +24 -0 src/usr.bin/netstat/netstat.1
  1.41.2.4  +1 -0  src/usr.bin/netstat/netstat.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/lib/libutil login_class.3

[Christian S.J. Peron]

csjp2005-12-30 06:16:21 UTC

  FreeBSD src repository

  Modified files:
lib/libutil  login_class.3 
  Log:
  Document the LOGIN_SETMAC setusercontext(3) flag. While we are here, drop
  in an external reference to mac_set_proc(3).
  
  Revision  ChangesPath
  1.18  +5 -0  src/lib/libutil/login_class.3
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/mktemp mktemp.1

[Christian S.J. Peron]

csjp2005-12-30 20:10:21 UTC

  FreeBSD src repository

  Modified files:
usr.bin/mktemp   mktemp.1 
  Log:
  mkstemp(3) and friends use a combination of base 10 digits, along
  with upper and lower case letters from the English alphabet. Change
  the number of possible file names mktemp will return from 26**6
  to (10+26+26)**6 instead. This keeps things consistent with mkstemp(3)
  
  Revision  ChangesPath
  1.20  +1 -1  src/usr.bin/mktemp/mktemp.1
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_biba mac_biba.c

[Christian S.J. Peron]

csjp2005-12-31 05:06:59 UTC

  FreeBSD src repository

  Modified files:
sys/security/mac_biba mac_biba.c 
  Log:
  Introduce a new sysctl variable:
  
  security.mac.biba.interfaces_equal
  
  If non-zero, all network interfaces be created with the label:
  
  biba/equal(equal-equal)
  
  This is useful where programs which initialize network interfaces
  do not have any labeling support. This includes dhclient and ppp. A
  long term solution is to add labeling support into dhclient(8)
  and ppp(8), and remove this variable.
  
  It should be noted that this behavior is different then setting the:
  
  security.mac.biba.trust_all_interfaces
  
  sysctl variable, as this will create interfaces with a biba/high label.
  Lower integrity processes are not able to write to the interface in this
  event. The security.mac.biba.interfaces_equal will override
  trust_all_interfaces.
  
  The security.mac.biba.interfaces_equal variable will be set to zero
  or disabled by default.
  
  MFC after:  2 weeks
  
  Revision  ChangesPath
  1.91  +6 -1  src/sys/security/mac_biba/mac_biba.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_bsdextended mac_bsdextended.c

[Christian S.J. Peron]

csjp2006-01-15 01:02:20 UTC

  FreeBSD src repository

  Modified files:
sys/security/mac_bsdextended mac_bsdextended.c 
  Log:
  Fix potential overrun of static stack allocated array which stores
  the rules. If an array is N elements large, we can only access
  elements 0..(N-1).
  
  MFC after:  1 week
  Found with: Coverity Prevent(tm)
  
  Revision  ChangesPath
  1.27  +1 -1  src/sys/security/mac_bsdextended/mac_bsdextended.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern vfs_aio.c

[Christian S.J. Peron]

csjp2006-01-15 01:55:45 UTC

  FreeBSD src repository

  Modified files:
sys/kern vfs_aio.c 
  Log:
  Initialize ki to p->p_aioinfo after we know it's going to be referencing
  a valid kaioinfo structure. This avoids a potential NULL pointer dereference.
  
  Found with: Coverity Prevent(tm)
  MFC after:  2 weeks
  
  Revision  ChangesPath
  1.206 +2 -2  src/sys/kern/vfs_aio.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern vfs_mount.c

[Christian S.J. Peron]

csjp2006-01-15 20:14:11 UTC

  FreeBSD src repository

  Modified files:
sys/kern vfs_mount.c 
  Log:
  vfs_busy can only return something useful if MNTK_UNMOUNT has been set.
  Since we are using vfs_busy() on a freshly allocated mount structure, use
  (void) to show that we do not care about the return value.
  
  Found with: Coverity Prevent (tm)
  MFC after:  2 weeks
  
  Revision  ChangesPath
  1.214 +1 -1  src/sys/kern/vfs_mount.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/lib/libkvm kvm.c

[Christian S.J. Peron]

csjp2006-01-15 20:30:14 UTC

  FreeBSD src repository

  Modified files:
lib/libkvm   kvm.c 
  Log:
  Validate that the supplied file is not empty before trying mmap(2) it
  and access the pages associated with it.
  
  Submitted by:   Wojciech A. Koszek
  PR: bin/91411
  MFC after:  1 week
  
  Revision  ChangesPath
  1.28  +5 -0  src/lib/libkvm/kvm.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netsmb smb_subr.c

[Christian S.J. Peron]

csjp2006-01-16 17:03:21 UTC

  FreeBSD src repository

  Modified files:
sys/netsmb   smb_subr.c 
  Log:
  Although we check the return value of copyin(9) while determaining how
  long the string is in userspace, afterwards we call malloc(M_WAITOK),
  which could sleep for an unknown amount of time. Check the return
  value of copyin(9) just to be sure that nothing has changed during that
  time.
  
  Found with: Coverity Prevent (tm)
  MFC after:  1 week
  
  Revision  ChangesPath
  1.20  +6 -2  src/sys/netsmb/smb_subr.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netinet ip_fw2.c

[Christian S.J. Peron]

csjp2006-01-20 03:21:25 UTC

  FreeBSD src repository

  Modified files:
sys/netinet  ip_fw2.c 
  Log:
  Destroy the dynamic rule zone in the event that we fail to insert the
  initial default rule.
  
  MFC after:  1 week
  
  Revision  ChangesPath
  1.122 +1 -0  src/sys/netinet/ip_fw2.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netinet ip_fw2.c

[Christian S.J. Peron]

csjp2006-01-20 05:35:28 UTC

  FreeBSD src repository

  Modified files:
sys/netinet  ip_fw2.c 
  Log:
  - Change the return type for init_tables from void to int so we can propagate
errors from rn_inithead back to the ipfw initialization function.
  - Check return value of rn_inithead for failure, if table allocation has
failed for any reason, free up any tables we have created and return ENOMEM
  - In ipfw_init check the return value of init_tables and free up any mutexes 
or
UMA zones which may have been created.
  - Assert that the supplied table is not NULL before attempting to dereference.
  
  This fixes panics which were a result of invalid memory accesses due to failed
  table allocation. This is an issue mainly because the R_Zalloc function is a
  malloc(M_NOWAIT) wrapper, thus making it possible for allocations to fail.
  
  Found by:   Coverity Prevent (tm)
  Coverity ID:CID79
  MFC after:  1 week
  
  Revision  ChangesPath
  1.123 +25 -10src/sys/netinet/ip_fw2.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/lib/libkvm kvm.c

[Christian S.J. Peron]

csjp2006-01-24 04:05:48 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
lib/libkvm   kvm.c 
  Log:
  MFC revision 1.28
  date: 2006/01/15 20:30:13;  author: csjp;  state: Exp;  lines: +5 -0
  Validate that the supplied file is not empty before trying mmap(2) it
  and access the pages associated with it.
  
  Revision  ChangesPath
  1.27.2.1  +5 -0  src/lib/libkvm/kvm.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/lib/libutil login_class.3

[Christian S.J. Peron]

csjp2006-01-24 04:07:07 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
lib/libutil  login_class.3 
  Log:
  MFC revision 1.18
  date: 2005/12/30 06:16:20;  author: csjp;  state: Exp;  lines: +5 -0
  Document the LOGIN_SETMAC setusercontext(3) flag. While we are here, drop
  in an external reference to mac_set_proc(3).
  
  Revision  ChangesPath
  1.17.8.1  +5 -0  src/lib/libutil/login_class.3
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netsmb smb_subr.c

[Christian S.J. Peron]

csjp2006-01-24 04:08:48 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/netsmb   smb_subr.c 
  Log:
  MFC revision 1.20
  date: 2006/01/16 17:03:21;  author: csjp;  state: Exp;  lines: +6 -2
  Although we check the return value of copyin(9) while determaining how
  long the string is in userspace, afterwards we call malloc(M_WAITOK),
  which could sleep for an unknown amount of time. Check the return
  value of copyin(9) just to be sure that nothing has changed during that
  time.
  
  Revision  ChangesPath
  1.18.2.1  +6 -2  src/sys/netsmb/smb_subr.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_biba mac_biba.c

[Christian S.J. Peron]

csjp2006-01-24 04:10:26 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/security/mac_biba mac_biba.c 
  Log:
  MFC the security.mac.biba.interfaces_equal sysctl variable
  
  Revision  ChangesPath
  1.87.2.4  +6 -1  src/sys/security/mac_biba/mac_biba.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_bsdextended mac_bsdextended.c

[Christian S.J. Peron]

csjp2006-01-24 04:11:45 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/security/mac_bsdextended mac_bsdextended.c 
  Log:
  MFC revision 1.27
  date: 2006/01/15 01:02:20;  author: csjp;  state: Exp;  lines: +1 -1
  Fix potential overrun of static stack allocated array which stores
  the rules. If an array is N elements large, we can only access
  elements 0..(N-1).
  
  Revision  ChangesPath
  1.25.2.2  +1 -1  src/sys/security/mac_bsdextended/mac_bsdextended.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/mktemp mktemp.1

[Christian S.J. Peron]

csjp2006-01-24 04:13:02 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
usr.bin/mktemp   mktemp.1 
  Log:
  MFC revision 1.20
  date: 2005/12/30 20:10:21;  author: csjp;  state: Exp;  lines: +1 -1
  mkstemp(3) and friends use a combination of base 10 digits, along
  with upper and lower case letters from the English alphabet. Change
  the number of possible file names mktemp will return from 26**6
  to (10+26+26)**6 instead. This keeps things consistent with mkstemp(3)
  
  Revision  ChangesPath
  1.19.2.1  +1 -1  src/usr.bin/mktemp/mktemp.1
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern vfs_mount.c

[Christian S.J. Peron]

csjp2006-01-24 04:20:24 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern vfs_mount.c 
  Log:
  MFC revision 1.214
  date: 2006/01/15 20:14:11;  author: csjp;  state: Exp;  lines: +1 -1
  vfs_busy can only return something useful if MNTK_UNMOUNT has been set.
  Since we are using vfs_busy() on a freshly allocated mount structure, use
  (void) to show that we do not care about the return value.
  
  Revision   ChangesPath
  1.196.2.5  +1 -1  src/sys/kern/vfs_mount.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netinet ip_fw2.c

[Christian S.J. Peron]

csjp2006-01-27 02:39:46 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/netinet  ip_fw2.c 
  Log:
  MFC revision 1.122
  date: 2006/01/20 03:21:25;  author: csjp;  state: Exp;  lines: +1 -0
  Destroy the dynamic rule zone in the event that we fail to insert the
  initial default rule.
  
  MFC revision 1.123
  date: 2006/01/20 05:35:27;  author: csjp;  state: Exp;  lines: +25 -10
  - Change the return type for init_tables from void to int so we can propagate
errors from rn_inithead back to the ipfw initialization function.
  - Check return value of rn_inithead for failure, if table allocation has
failed for any reason, free up any tables we have created and return ENOMEM
  - In ipfw_init check the return value of init_tables and free up any mutexes 
or
UMA zones which may have been created.
  - Assert that the supplied table is not NULL before attempting to dereference.
  
  This fixes panics which were a result of invalid memory accesses due to failed
  table allocation. This is an issue mainly because the R_Zalloc function is a
  malloc(M_NOWAIT) wrapper, thus making it possible for allocations to fail.
  
  Found by:   Coverity Prevent (tm)
  Coverity ID:CID79
  MFC after:  1 week
  
  Revision   ChangesPath
  1.106.2.9  +26 -10src/sys/netinet/ip_fw2.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/lib/libc/stdlib malloc.c

[Christian S.J. Peron]

Jason Evans wrote:


On Jan 26, 2006, at 6:51 PM, Andrey Chernov wrote:

I worry about my system performance. Could you please make all  
statistics
and debug code conditional, debending on some flags which could be  
set as

malloc options? Even in case this is a test period now, some people
perhaps don't want some tests. It is much easy to turn some tests  
off via
malloc options than to comment out manually corresponding malloc.c  
defines

after each cvsup.



Unfortunately, run-time checks for the debugging features are  
expensive, since the debugging code is scattered throughout  
malloc.c.  This pretty much mandates compile-time configuration, for  
performance reasons.


I can disable statistics and debugging, if there's a general  
consensus to do so.  How much performance difference is the debug/ 
stats code making for you?  I've only been disabling debug/stats for  
benchmarking purposes, so I don't have a good feel for how much it  
impacts overall system performance.



These malloc debugging/stats features have been invaluable. I vote to 
accept the performance hit in exchange for useful debugging/stats 
features in -CURRENT, and disable them in -STABLE/-RELEASE when they are 
ready.


--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/nfsserver nfs.h nfs_serv.c nfs_srvsock.c nfs_syscalls.c

[Christian S.J. Peron]

csjp2006-01-28 19:24:40 UTC

  FreeBSD src repository

  Modified files:
sys/nfsservernfs.h nfs_serv.c nfs_srvsock.c 
 nfs_syscalls.c 
  Log:
  Manage the ucred for the NFS server using the crget/crfree API defined in
  kern_prot.c. This API handles reference counting among many other things.
  Notably, if MAC is compiled into the kernel, it will properly initialize the
  MAC labels when the ucred is allocated.
  
  This work is in preparation for a new MAC entry point which will be 
responsible
  for properly initializing policy specific labels for the NFS server 
credential.
  Utilization of the crfree/crget APIs reduce the complexity associated with
  this label's management.
  
  Submitted by:   green (with changes) [1]
  Obtained from:  TrustedBSD Project
  Discussed with: rwatson, alfred
  
  [1] I moved the ucred allocation outside the scope of the NFS server lock to
  prevent M_WAIKOK allocations from occurring with non-sleep-able locks 
held.
  Additionally, to reduce complexity, the ucred persist as long as the NFS
  server descriptor.
  
  Revision  ChangesPath
  1.79  +1 -1  src/sys/nfsserver/nfs.h
  1.161 +24 -24src/sys/nfsserver/nfs_serv.c
  1.96  +14 -14src/sys/nfsserver/nfs_srvsock.c
  1.105 +8 -0  src/sys/nfsserver/nfs_syscalls.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern tty_pty.c

[Christian S.J. Peron]

csjp2006-01-31 17:17:45 UTC

  FreeBSD src repository

  Modified files:
sys/kern tty_pty.c 
  Log:
  Allow root in the host environment to open ptys within jailed environments.
  This logic change was introduced in revision 1.74:
  
  Correct an oversight in jail() that allowed processes in jail to access
  ptys in ways that might be unethical, especially towards processes not in
  jail, or in other jails.
  
  It should be fine to allow root in the host environment to do this. This
  allows for more effective monitoring of prisons from the host environment.
  
  Discussed with: rwatson
  MFC after:  1 week
  
  Revision  ChangesPath
  1.144 +1 -1  src/sys/kern/tty_pty.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern tty_pts.c

[Christian S.J. Peron]

csjp2006-01-31 22:19:37 UTC

  FreeBSD src repository

  Modified files:
sys/kern tty_pts.c 
  Log:
  Allow root to open prison pts devices too.
  
  Pointed out by: rwatson
  
  Revision  ChangesPath
  1.7   +1 -1  src/sys/kern/tty_pts.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net pfil.c pfil.h src/sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c ip_output.c src/sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c

[Christian S.J. Peron]

csjp2006-02-02 03:13:16 UTC

  FreeBSD src repository

  Modified files:
sys/net  pfil.c pfil.h 
sys/netinet  ip_fastfwd.c ip_fw2.c ip_input.c 
 ip_output.c 
sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c 
  Log:
  Somewhat re-factor the read/write locking mechanism associated with the packet
  filtering mechanisms to use the new rwlock(9) locking API:
  
  - Drop the variables stored in the phil_head structure which were specific to
conditions and the home rolled read/write locking mechanism.
  - Drop some includes which were used for condition variables
  - Drop the inline functions, and convert them to macros. Also, move these
macros into pfil.h
  - Move pfil list locking macros intp phil.h as well
  - Rename ph_busy_count to ph_nhooks. This variable will represent the number
of IN/OUT hooks registered with the pfil head structure
  - Define PFIL_HOOKED macro which evaluates to true if there are any
hooks to be ran by pfil_run_hooks
  - In the IP/IP6 stacks, change the ph_busy_count comparison to use the new
PFIL_HOOKED macro.
  - Drop optimization in pfil_run_hooks which checks to see if there are any
hooks to be ran, and returns if not. This check is already performed by the
IP stacks when they call:
  
  if (!PFIL_HOOKED(ph))
  goto skip_hooks;
  
  - Drop in assertion which makes sure that the number of hooks never drops
below 0 for good measure. This in theory should never happen, and if it
does than there are problems somewhere
  - Drop special logic around PFIL_WAITOK because rw_wlock(9) does not sleep
  - Drop variables which support home rolled read/write locking mechanism from
the IPFW firewall chain structure.
  - Swap out the read/write firewall chain lock internal to use the rwlock(9)
API instead of our home rolled version
  - Convert the inlined functions to macros
  
  Reviewed by:mlaier, andre, glebius
  Thanks to:  jhb for the new locking API
  
  Revision  ChangesPath
  1.14  +22 -100   src/sys/net/pfil.c
  1.14  +11 -11src/sys/net/pfil.h
  1.35  +2 -2  src/sys/netinet/ip_fastfwd.c
  1.125 +10 -45src/sys/netinet/ip_fw2.c
  1.314 +1 -1  src/sys/netinet/ip_input.c
  1.255 +1 -1  src/sys/netinet/ip_output.c
  1.31  +1 -1  src/sys/netinet6/ip6_forward.c
  1.86  +1 -1  src/sys/netinet6/ip6_input.c
  1.102 +1 -1  src/sys/netinet6/ip6_output.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/netinet ip_fw2.c src/sys/net if_bridge.c

[Christian S.J. Peron]

csjp2006-02-02 16:41:20 UTC

  FreeBSD src repository

  Modified files:
sys/netinet  ip_fw2.c 
sys/net  if_bridge.c 
  Log:
  Use PFIL_HOOKED macros in if_bridge and pass the right argument to
  rw_assert. This un-breaks the build.
  
  Submitted by:   Kostik Belousov
  Pointy hat to:  csjp
  
  Revision  ChangesPath
  1.53  +10 -10src/sys/net/if_bridge.c
  1.126 +1 -1  src/sys/netinet/ip_fw2.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/net pfil.c pfil.h src/sys/netinet ip_fastfwd.c ip_fw2.c ip_input.c ip_output.c src/sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c

[Christian S.J. Peron]

Michal Mertl wrote:

Christian S.J. Peron wrote: 
 


csjp2006-02-02 03:13:16 UTC

 FreeBSD src repository

 Modified files:
   sys/net  pfil.c pfil.h 
   sys/netinet  ip_fastfwd.c ip_fw2.c ip_input.c 
ip_output.c 
   sys/netinet6 ip6_forward.c ip6_input.c ip6_output.c 
 Log:


   



I think you broke if_bridge(4) and also debug kernel build. Patches for
both bugs are attached.


Michal
 




Index: if_bridge.c
===
RCS file: /home/fcvs/cvs/src/sys/net/if_bridge.c,v
retrieving revision 1.52
diff -u -r1.52 if_bridge.c
--- if_bridge.c 31 Jan 2006 21:21:28 -  1.52
+++ if_bridge.c 2 Feb 2006 12:30:37 -
@@ -1531,9 +1531,9 @@
return;
}

-   if (inet_pfil_hook.ph_busy_count >= 0
+   if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
-   || inet6_pfil_hook.ph_busy_count >= 0
+   || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
if (bridge_pfil(&m, sc->sc_ifp, ifp, PFIL_OUT) != 0)
@@ -1800,9 +1800,9 @@
}

/* run the packet filter */
-   if (inet_pfil_hook.ph_busy_count >= 0
+   if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
-   || inet6_pfil_hook.ph_busy_count >= 0
+   || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
BRIDGE_UNLOCK(sc);
@@ -1857,9 +1857,9 @@

BRIDGE_UNLOCK(sc);

-   if (inet_pfil_hook.ph_busy_count >= 0
+   if (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
-   || inet6_pfil_hook.ph_busy_count >= 0
+   || PFIL_HOOKED(&inet6_pfil_hook)
#endif
) {
if (bridge_pfil(&m, sc->sc_ifp, dst_if, PFIL_OUT) != 0)
@@ -2055,9 +2055,10 @@
}

/* Filter on the bridge interface before broadcasting */
-   if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
+   if (runfilt &&
+   (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
-   || inet6_pfil_hook.ph_busy_count >= 0
+   || PFIL_HOOKED(&inet6_pfil_hook)
#endif
)) {
if (bridge_pfil(&m, sc->sc_ifp, NULL, PFIL_OUT) != 0)
@@ -2102,9 +2103,10 @@
 * pointer so we do not redundantly filter on the bridge for
 * each interface we broadcast on.
 */
-   if (runfilt && (inet_pfil_hook.ph_busy_count >= 0
+   if (runfilt &&
+   (PFIL_HOOKED(&inet_pfil_hook)
#ifdef INET6
-   || inet6_pfil_hook.ph_busy_count >= 0
+   || PFIL_HOOKED(&inet6_pfil_hook)
#endif
)) {
if (bridge_pfil(&mc, NULL, dst_if, PFIL_OUT) != 0)
 




Index: ip_fw2.c
===
RCS file: /home/fcvs/cvs/src/sys/netinet/ip_fw2.c,v
retrieving revision 1.125
diff -u -r1.125 ip_fw2.c
--- ip_fw2.c2 Feb 2006 03:13:15 -   1.125
+++ ip_fw2.c2 Feb 2006 13:06:31 -
@@ -1,5 +1,5 @@
/*-
- * Copyright (c) 2002 Luigi Rizzo, Universita` di Pisa
+ * cOPYright (c) 2002 Luigi Rizzo, Universita` di Pisa
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
@@ -139,7 +139,7 @@
rw_init(&(_chain)->rwmtx, "IPFW static rules")
#define IPFW_LOCK_DESTROY(_chain)   rw_destroy(&(_chain)->rwmtx)
#define IPFW_WLOCK_ASSERT(_chain)   do {\
-   rw_assert(rw, RA_WLOCKED);  \
+   rw_assert(&(_chain)->rwmtx, RA_WLOCKED); \
NET_ASSERT_GIANT();         \
} while (0)

 

I must have missed the bridge stuff when I committed the PFIL_HOOKED 
macros, sorry for the inconvinience!


--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net pfil.h

[Christian S.J. Peron]

csjp2006-02-02 20:33:10 UTC

  FreeBSD src repository

  Modified files:
sys/net  pfil.h 
  Log:
  define lock.h before rwlock.h for DEBUG_LOCKS
  
  Revision  ChangesPath
  1.15  +1 -0  src/sys/net/pfil.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/netinet6 in6.c

[Christian S.J. Peron]

George V. Neville-Neil wrote:


gnn 2006-02-08 07:16:46 UTC

 FreeBSD src repository

 Modified files:
   sys/netinet6 in6.c 
 Log:

 Fix for an inappropriate bzero of the ICMPv6 stats.  The code was zero'ing the 
wrong structure member but setting the correct one.
 
 Submitted by:   James dot Juran at baesystems dot com

 Reviewed by:gnn
 MFC after:  1 week
 
 Revision  ChangesPath

 1.60  +1 -1  src/sys/netinet6/in6.c


 


I sure hope gnn reviewed it, especially if gnn committed it :)

--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/secure/usr.sbin/sshd Makefile

[Christian S.J. Peron]

csjp2006-02-12 07:19:46 UTC

  FreeBSD src repository

  Modified files:
secure/usr.sbin/sshd Makefile 
  Log:
  Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
  have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
  build conditionally.
  
  For users which do not care for audit support and do not want to compile
  it into their SSH servers, add the following to the /etc/make.conf:
  
  NO_AUDIT=true
  
  Discussed with: rwatson
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.46  +6 -0  src/secure/usr.sbin/sshd/Makefile
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/share/man/man5 make.conf.5

[Christian S.J. Peron]

csjp2006-02-12 17:06:14 UTC

  FreeBSD src repository

  Modified files:
share/man/man5   make.conf.5 
  Log:
  Document NO_AUDIT make variable.
  
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.130 +3 -0  src/share/man/man5/make.conf.5
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/share/man/man5 make.conf.5

[Christian S.J. Peron]

Christian Brueffer wrote:


On Sun, Feb 12, 2006 at 08:43:58PM +0100, Niclas Zeising wrote:
 


Christian S.J. Peron wrote:
   


csjp2006-02-12 17:06:14 UTC

FreeBSD src repository

Modified files:
  share/man/man5   make.conf.5 
Log:

Document NO_AUDIT make variable.

Obtained from:  TrustedBSD Project

Revision  ChangesPath
1.130 +3 -0  src/share/man/man5/make.conf.5
 

Shouldn't this (NO_AUDIT) be documented in src/share/examples/make.conf 
as well?


   



Yes, I've just merged the relevant change from p4.  Thanks for the
reminder.

- Christian

 


Thanks for looking after this

--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/kern vfs_syscalls.c

[Christian S.J. Peron]

Wayne Salamon wrote:


wsalamon2006-02-22 16:04:20 UTC

 FreeBSD src repository

 Modified files:
   sys/kern vfs_syscalls.c 
 Log:

 Add pathname and/or vnode argument auditing for the following system calls:
 quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo,
 link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf,
 readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown,
 lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync,
 rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl,
 extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link,
 extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link.
 
 In many cases the pathname and vnode auditing is done within namei lookup

 instead of directly in the system call.
 
 Audit the remaining arguments to these system calls:

 fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod,
 fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir,
 getdirentries.
 
 Revision  ChangesPath

 1.408 +129 -50   src/sys/kern/vfs_syscalls.c


 


Thanks!

--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_bridge.c

[Christian S.J. Peron]

csjp2006-03-03 05:58:18 UTC

  FreeBSD src repository

  Modified files:
sys/net  if_bridge.c 
  Log:
  Slightly re-worked bpf(4) code associated with bridging: if we have a
  destination interface as a member of our bridge or this is a unicast packet,
  push it through the bpf(4) machinery.
  
  For broadcast or multicast packets, don't bother with the bpf(4) because it 
will
  be re-injected into ether_input. We do this before we pass the packets through
  the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
  possibly modify it, making it very difficult to debug firewall issues on the
  bridge.
  
  Further, implemented IFF_MONITOR for bridge interfaces. This does much the 
same
  thing that it does for regular network interfaces: it pushes the packet to any
  bpf(4) peers and then returns. This bypasses all of the bridge machinery,
  saving mutex acquisitions, list traversals, and other operations performed by
  the bridging code.
  
  This change to the bridging code is useful in situations where individuals 
use a
  bridge to multiplex RX/TX signals from two interfaces, as is required by some
  network taps for de-multiplexing links and transmitting the RX/TX signals
  out through two separate interfaces. This behaviour is quite common for 
network
  taps monitoring links, especially for certain manufacturers.
  
  Reviewed by:thompsa
  MFC after:  1 month
  Sponsored by:   Seccuris Labs
  
  Revision  ChangesPath
  1.55  +26 -10src/sys/net/if_bridge.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_ethersubr.c

[Christian S.J. Peron]

csjp2006-03-03 17:21:09 UTC

  FreeBSD src repository

  Modified files:
sys/net  if_ethersubr.c 
  Log:
  Unbreak byte counters when network interfaces are in monitor mode by
  re-organizing the monitor return logic. We perform interface monitoring
  checks after we have determined if the CRC is still on the packet, if
  it is, m_adj() is called which will adjust the packet length. This
  ensures that we are not including CRC lengths in the byte counters for
  each packet.
  
  Discussed with: andre, glebius
  
  Revision  ChangesPath
  1.215 +8 -8  src/sys/net/if_ethersubr.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern vfs_vnops.c

[Christian S.J. Peron]

csjp2006-03-11 17:14:05 UTC

  FreeBSD src repository

  Modified files:
sys/kern vfs_vnops.c 
  Log:
  Make sure that we are adding a path token to the audit record in open(2).
  Do this by making sure we are using the AUDITVNODE1 mask in the namei flags.
  
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.238 +3 -2  src/sys/kern/vfs_vnops.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_descrip.c

[Christian S.J. Peron]

csjp2006-03-18 23:27:22 UTC

  FreeBSD src repository

  Modified files:
sys/kern kern_descrip.c 
  Log:
  Back out fd optimization introduced in revision 1.280 as it appears to be
  really breaking things. Simple "close(0); dup(fd)" does not return descriptor
  "0" in some cases. Further, this change also breaks some MAC interactions with
  mac_execve_will_transition().  Under certain circumstances, fdcheckstd() can
  be called in execve(2) causing an assertion that checks to make sure that
  stdin, stdout and stderr reside at indexes 0, 1 and 2 in the process fd table
  to fail, resulting in a kernel panic when INVARIANTS is on.
  
  This should also kill the "dup(2) regression on 6.x" show stopper item on the
  6.1-RELEASE TODO list.
  
  This is a RELENG_6 candidate.
  
  PR: kern/87208
  Silence from:   des
  MFC after:  1 week
  
  Revision  ChangesPath
  1.292 +2 -4  src/sys/kern/kern_descrip.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_descrip.c

[Christian S.J. Peron]

csjp2006-03-20 00:13:47 UTC

  FreeBSD src repository

  Modified files:
sys/kern kern_descrip.c 
  Log:
  Restore fd optimization with a few minor tweaks, to quote tegge:
  
  "fdinit() fails to initialize newfdp->fd_fd.fd_lastfile to -1.  This breaks
  fdcopy() which will incorrectly set newfdp->fd_freefile to 1 if no files are
  open and the last file descriptor marked as unused for fdp was 0.  This later
  causes descriptor 0 to be unavailable in newfdp when the optimization is
  enabled.
  
  When the last file descriptor previously marked as used is nonzero and marked
  as unused, fdunused() incorrectly sets fdp->fd_lastfile to fd - 1 due to
  fd_last_used() returning (size - 1).  This hides the problem that breaks the
  optimization."
  
  This allows us to keep the optimization, while un-breaking it.
  
  This is a RELENG_6 candidate.
  
  PR: kern/87208
  MFC after:  1 week
  Submitted by:   tegge
  
  Revision  ChangesPath
  1.293 +5 -2  src/sys/kern/kern_descrip.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_descrip.c

[Christian S.J. Peron]

csjp2006-03-23 04:07:01 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_descrip.c 
  Log:
  MFC descriptor fixes in hopes of killing the "dup(2) regression on 6.x" show
  stopper item on the 6.1-RELEASE TODO list.
  
  Approved by:re (scottl)
  
  Revision   ChangesPath
  1.279.2.6  +2 -1  src/sys/kern/kern_descrip.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern tty_pty.c

[Christian S.J. Peron]

csjp2006-03-30 16:46:56 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern tty_pty.c 
  Log:
  MFC 1.144 tty_pty.c
  
  Allow root to open jail PTYs from the host environment. This un-breaks using
  utilities like watch(8) (or other programs which use snp(4)) to monitor
  behavior within prisons from the host environment. This regression was
  introduced when we changed the ioctl(SNPSTTY) to use a file descriptor
  instead of a dev_t
  
  Approved by:re (hrs)
  
  Revision   ChangesPath
  1.137.2.2  +1 -1  src/sys/kern/tty_pty.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.sbin/syslogd syslogd.c

[Christian S.J. Peron]

csjp2006-03-30 21:04:52 UTC

  FreeBSD src repository

  Modified files:
usr.sbin/syslogd syslogd.c 
  Log:
  Currently, if writing out a log entry fails, we unlink that log entry from our
  internal list of logfiles. So if writev(2) fails for potentially transient
  errors like ENOSPC, syslogd requires a restart, even if the filesystem has
  purged.
  
  This change allows syslogd to ignore ENOSPC space errors, so that when the
  filesystem is cleaned up, syslogd will automatically start logging again
  without requiring the reset. This makes syslogd(8) a bit more reliable.
  
  MFC after:  1 week
  
  Revision  ChangesPath
  1.150 +12 -5 src/usr.sbin/syslogd/syslogd.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/usr.sbin/syslogd syslogd.c

[Christian S.J. Peron]

Robert Watson wrote:



On Fri, 31 Mar 2006, Peter Jeremy wrote:


On Thu, 2006-Mar-30 21:04:52 +, Christian S.J. Peron wrote:

 This change allows syslogd to ignore ENOSPC space errors, so that 
when the
 filesystem is cleaned up, syslogd will automatically start logging 
again
 without requiring the reset. This makes syslogd(8) a bit more 
reliable.



My sole concern with this is that this means that syslogd will keep 
trying to write to the full filesystem - and the kernel will log the 
attempts to write to a full filesystem.  Whilst there's rate limiting 
in the kernel, this sort of feedback loop is undesirable.



What I'd like to see is an argument to syslogd to specify a maximum 
full level for the target file system.  Log data is valuable, but 
being able to write to /var/tmp/vi.recover is also important.  syslogd 
-l 90% could specify that sylogd should not write log records, perhaps 
other than an "out of space record" to a log file on a file system 
with >=90% capacity.  This prevents the kernel from spewing about 
being out of space also.  The accounting code does exactly this, for 
identical reasons.


Robert N M Watson


Although I agree this is a good idea, I think it would be more 
appropriate to place these kinds of checks in newsyslog(8) so that other 
programs logging can take advantage of this.


--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/usr.sbin/syslogd syslogd.c

[Christian S.J. Peron]

Robert Watson wrote:



On Fri, 31 Mar 2006, Christian S.J. Peron wrote:

Although I agree this is a good idea, I think it would be more 
appropriate to place these kinds of checks in newsyslog(8) so that 
other programs logging can take advantage of this.



The program generating the log message is presumably the one that has 
to decide not to generate it if space is low.  Log messages currently 
come from syslogd.  Are you actually suggesting that syslogd should 
read the newsylogd.conf file to find settings?


Robert N M Watson




No not necessarily,

Just that perhaps we should add a "This log file can only consume %X of 
the file system is resides on" and rotate the files possibly? I have not 
given it a great deal of thought as of yet. In any case, I am open to 
suggestions for this problem. I agree the feedback loop is not desirable.


I do know however that issues like mail spools temporarily filling up 
the file systems resulting in syslogd stop working is problematic.


--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/usr.sbin/syslogd syslogd.c

[Christian S.J. Peron]

Christian S.J. Peron wrote:


Robert Watson wrote:



On Fri, 31 Mar 2006, Christian S.J. Peron wrote:

Although I agree this is a good idea, I think it would be more 
appropriate to place these kinds of checks in newsyslog(8) so that 
other programs logging can take advantage of this.




The program generating the log message is presumably the one that has 
to decide not to generate it if space is low.  Log messages currently 
come from syslogd.  Are you actually suggesting that syslogd should 
read the newsylogd.conf file to find settings?


Robert N M Watson




No not necessarily,

Just that perhaps we should add a "This log file can only consume %X 
of the file system is resides on" and rotate the files possibly? I 
have not given it a great deal of thought as of yet. In any case, I am 
open to suggestions for this problem. I agree the feedback loop is not 
desirable.



Actually, forget what I just said here, as it's not always syslogd 
filling the filesystems up. I just realized that it doesn't actually 
solve our problems :)




--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/nfsserver nfs_srvsock.c src/sys/security/mac mac_vfs.c src/sys/sys mac.h mac_policy.h

[Christian S.J. Peron]

csjp2006-04-06 23:33:11 UTC

  FreeBSD src repository

  Modified files:
sys/nfsservernfs_srvsock.c 
sys/security/mac mac_vfs.c 
sys/sys  mac.h mac_policy.h 
  Log:
  Introduce a new MAC entry point for label initialization of the NFS daemon's
  credential: mac_associate_nfsd_label()
  
  This entry point can be utilized by various Mandatory Access Control policies
  so they can properly initialize the label of files which get created
  as a result of an NFS operation. This work will be useful for fixing kernel
  panics associated with accessing un-initialized or invalid vnode labels.
  
  The implementation of these entry points will come shortly.
  
  Obtained from:  TrustedBSD
  Requested by:   mdodd
  MFC after:  3 weeks
  
  Revision  ChangesPath
  1.99  +3 -0  src/sys/nfsserver/nfs_srvsock.c
  1.111 +7 -0  src/sys/security/mac/mac_vfs.c
  1.70  +1 -0  src/sys/sys/mac.h
  1.71  +1 -0  src/sys/sys/mac_policy.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_exit.c

[Christian S.J. Peron]

csjp2006-04-10 14:07:28 UTC

  FreeBSD src repository

  Modified files:
sys/kern kern_exit.c 
  Log:
  Kill the last Giant acquisition in the exit(2) code. This Giant acquisition
  doesn't appear to be protecting anything. Most of consumers funsetownlst(9)
  do not appear to be picking up Giant anywhere. This was originally a part
  of my Giant exit(2) clean up revision 1.272 but I thought it was a good idea
  to leave it out until we were able to analyze it better.
  
  Tested by:  kris
  MFC after:  3 weeks
  
  Revision  ChangesPath
  1.288 +0 -2  src/sys/kern/kern_exit.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/usr.sbin/syslogd syslogd.c

[Christian S.J. Peron]

Brooks Davis wrote:

On Fri, Mar 31, 2006 at 09:06:32AM +, Robert Watson wrote:
  

On Fri, 31 Mar 2006, Peter Jeremy wrote:



On Thu, 2006-Mar-30 21:04:52 +, Christian S.J. Peron wrote:
  
This change allows syslogd to ignore ENOSPC space errors, so that when 
the

filesystem is cleaned up, syslogd will automatically start logging again
without requiring the reset. This makes syslogd(8) a bit more reliable.

My sole concern with this is that this means that syslogd will keep trying 
to write to the full filesystem - and the kernel will log the attempts to 
write to a full filesystem.  Whilst there's rate limiting in the kernel, 
this sort of feedback loop is undesirable.
  
What I'd like to see is an argument to syslogd to specify a maximum full 
level for the target file system.  Log data is valuable, but being able to 
write to /var/tmp/vi.recover is also important.  syslogd -l 90% could 
specify that sylogd should not write log records, perhaps other than an 
"out of space record" to a log file on a file system with >=90% capacity.  
This prevents the kernel from spewing about being out of space also.  The 
accounting code does exactly this, for identical reasons.



Anyone working on an implementation of this?  I just had more machines
blow up due to out of control logs from a crashing process in an
infinite coredump loop so I'll take a shot at it if someone else isn't.

IMO, what's really important is to keep enough space that newsyslog can
do it's job.  I have plenty of log file that should compress at better
than 10:1 since they are all the same two lines over and over, but it
doesn't do any good when newsyslog can't compress the file and create a
new one.

-- Brooks

  
Yes, I am still interested in solving this problem. I am on the west 
coast for a couple more days. If it's causing problems, you can go ahead 
and back it out until we can figure out a better solution.


Cheers

--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net bpf.c

[Christian S.J. Peron]

csjp2006-05-07 03:21:43 UTC

  FreeBSD src repository

  Modified files:
sys/net  bpf.c 
  Log:
  Pickup locks for the BPF interface structure. It's quite possible that
  bpf(4) descriptors can be added and removed on this interface while we
  are processing stats.
  
  MFC after:  2 weeks
  
  Revision  ChangesPath
  1.164 +2 -0  src/sys/net/bpf.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net bpf.c

[Christian S.J. Peron]

csjp2006-05-17 00:07:42 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/net  bpf.c 
  Log:
  MFC revision 1.164
  
  Pickup locks for the BPF interface structure. It's quite possible that
  bpf(4) descriptors can be added and removed on this interface while we
  are processing stats.
  
  Revision   ChangesPath
  1.153.2.7  +2 -0  src/sys/net/bpf.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_ethersubr.c

[Christian S.J. Peron]

csjp2006-05-17 00:09:24 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/net  if_ethersubr.c 
  Log:
  MFC revision 1.215
  
  Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.
  
  RevisionChangesPath
  1.193.2.11  +8 -8  src/sys/net/if_ethersubr.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_bridge.c

[Christian S.J. Peron]

csjp2006-05-17 00:11:27 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/net  if_bridge.c 
  Log:
  MFC revision 1.55
  
  Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.
  
For broadcast or multicast packets, don't bother with the bpf(4) because it 
will
be re-injected into ether_input. We do this before we pass the packets 
through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet 
or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.
  
Further, implemented IFF_MONITOR for bridge interfaces. This does much the 
same
thing that it does for regular network interfaces: it pushes the packet to 
any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed 
by
the bridging code.
  
This change to the bridging code is useful in situations where individuals 
use a
bridge to multiplex RX/TX signals from two interfaces, as is required by 
some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for 
network
taps monitoring links, especially for certain manufacturers.
  
  Revision   ChangesPath
  1.11.2.29  +26 -10src/sys/net/if_bridge.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net if_bridge.c

[Christian S.J. Peron]

csjp2006-05-17 00:18:58 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/net  if_bridge.c 
  Log:
  MFC revision 1.56
  
  date: 2006/03/03 09:12:21;  author: thompsa;  state: Exp;  lines: +22 -7
  Since we are using random ethernet addresses for the bridge, it is possible
  that we might have address collisions, so make sure that this hardware address
  isn't already in use on another bridge.
  
  Revision   ChangesPath
  1.11.2.30  +22 -7 src/sys/net/if_bridge.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/share/man/man4 isp.4

[Christian S.J. Peron]

csjp2006-05-17 13:17:02 UTC

  FreeBSD src repository

  Modified files:
share/man/man4   isp.4 
  Log:
  Fix typo in device hint variable
  
  Revision  ChangesPath
  1.22  +1 -1  src/share/man/man4/isp.4
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_exit.c

[Christian S.J. Peron]

csjp2006-05-20 02:54:35 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern kern_exit.c 
  Log:
  MFC revision 1.288
  date: 2006/04/10 14:07:28;  author: csjp;  state: Exp;  lines: +0 -2
  Kill the last Giant acquisition in the exit(2) code. This Giant acquisition
  doesn't appear to be protecting anything. Most of consumers funsetownlst(9)
  do not appear to be picking up Giant anywhere. This was originally a part
  of my Giant exit(2) clean up revision 1.272 but I thought it was a good idea
  to leave it out until we were able to analyze it better.
  
  Revision   ChangesPath
  1.263.2.8  +0 -2  src/sys/kern/kern_exit.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/share/man/man4 isp.4

[Christian S.J. Peron]

csjp2006-05-20 16:03:12 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
share/man/man4   isp.4 
  Log:
  MFC typo fix
  
  Revision  ChangesPath
  1.20.2.2  +1 -1  src/share/man/man4/isp.4
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/etc hosts.allow

[Christian S.J. Peron]

csjp2006-06-01 14:14:58 UTC

  FreeBSD src repository

  Modified files:
etc  hosts.allow 
  Log:
  Since NIS is an RPC based service, add a note that when adjusting access
  controls in NIS, similar access controls should be considered for the
  rpcbind as well.
  
  Revision  ChangesPath
  1.22  +1 -0  src/etc/hosts.allow
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/audit audit_bsm_klib.c

[Christian S.J. Peron]

csjp2006-06-01 15:38:30 UTC

  FreeBSD src repository

  Modified files:
sys/security/audit   audit_bsm_klib.c 
  Log:
  Check to see if the rootdir is the same as the current working directory.
  If it is, and the pathname was relative, do not separate the componenets
  with a '/' character.
  
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.3   +11 -3 src/sys/security/audit/audit_bsm_klib.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/dev/ath if_ath.c src/sys/dev/ipw if_ipw.c src/sys/dev/iwi if_iwi.c src/sys/dev/ral rt2560.c rt2661.c src/sys/dev/usb if_ural.c src/sys/dev/wi if_wi.c src/sys/net bpf.c bpf.h bpfdes

[Christian S.J. Peron]

csjp2006-06-02 19:59:33 UTC

  FreeBSD src repository

  Modified files:
sys/dev/ath  if_ath.c 
sys/dev/ipw  if_ipw.c 
sys/dev/iwi  if_iwi.c 
sys/dev/ral  rt2560.c rt2661.c 
sys/dev/usb  if_ural.c 
sys/dev/wi   if_wi.c 
sys/net  bpf.c bpf.h bpfdesc.h if_disc.c if_gif.c 
 if_gre.c if_loop.c if_sl.c if_stf.c 
 if_tun.c 
sys/net80211 ieee80211_input.c 
sys/netinet  ip_carp.c ip_gre.c 
  Log:
  Fix the following bpf(4) race condition which can result in a panic:
  
  (1) bpf peer attaches to interface netif0
  (2) Packet is received by netif0
  (3) ifp->if_bpf pointer is checked and handed off to bpf
  (4) bpf peer detaches from netif0 resulting in ifp->if_bpf being
  initialized to NULL.
  (5) ifp->if_bpf is dereferenced by bpf machinery
  (6) Kaboom
  
  This race condition likely explains the various different kernel panics
  reported around sending SIGINT to tcpdump or dhclient processes. But really
  this race can result in kernel panics anywhere you have frequent bpf attach
  and detach operations with high packet per second load.
  
  Summary of changes:
  
  - Remove the bpf interface's "driverp" member
  - When we attach bpf interfaces, we now set the ifp->if_bpf member to the
bpf interface structure. Once this is done, ifp->if_bpf should never be
NULL. [1]
  - Introduce bpf_peers_present function, an inline operation which will do
a lockless read bpf peer list associated with the interface. It should
be noted that the bpf code will pickup the bpf_interface lock before adding
or removing bpf peers. This should serialize the access to the bpf 
descriptor
list, removing the race.
  - Expose the bpf_if structure in bpf.h so that the bpf_peers_present function
can use it. This also removes the struct bpf_if; hack that was there.
  - Adjust all consumers of the raw if_bpf structure to use bpf_peers_present
  
  Now what happens is:
  
  (1) Packet is received by netif0
  (2) Check to see if bpf descriptor list is empty
  (3) Pickup the bpf interface lock
  (4) Hand packet off to process
  
  From the attach/detach side:
  
  (1) Pickup the bpf interface lock
  (2) Add/remove from bpf descriptor list
  
  Now that we are storing the bpf interface structure with the ifnet, there is
  is no need to walk the bpf interface list to locate the correct bpf interface.
  We now simply look up the interface, and initialize the pointer. This has a
  nice side effect of changing a bpf interface attach operation from O(N) (where
  N is the number of bpf interfaces), to O(1).
  
  [1] From now on, we can no longer check ifp->if_bpf to tell us whether or
  not we have any bpf peers that might be interested in receiving packets.
  
  In collaboration with:  sam@
  MFC after:  1 month
  
  Revision  ChangesPath
  1.145 +4 -3  src/sys/dev/ath/if_ath.c
  1.20  +2 -2  src/sys/dev/ipw/if_ipw.c
  1.37  +2 -2  src/sys/dev/iwi/if_iwi.c
  1.5   +7 -7  src/sys/dev/ral/rt2560.c
  1.6   +3 -3  src/sys/dev/ral/rt2661.c
  1.39  +3 -3  src/sys/dev/usb/if_ural.c
  1.196 +3 -3  src/sys/dev/wi/if_wi.c
  1.166 +24 -71src/sys/net/bpf.c
  1.41  +22 -4 src/sys/net/bpf.h
  1.34  +0 -13 src/sys/net/bpfdesc.h
  1.52  +1 -1  src/sys/net/if_disc.c
  1.60  +2 -4  src/sys/net/if_gif.c
  1.42  +1 -1  src/sys/net/if_gre.c
  1.109 +1 -1  src/sys/net/if_loop.c
  1.132 +4 -4  src/sys/net/if_sl.c
  1.54  +2 -2  src/sys/net/if_stf.c
  1.155 +1 -1  src/sys/net/if_tun.c
  1.91  +4 -4  src/sys/net80211/ieee80211_input.c
  1.40  +1 -1  src/sys/netinet/ip_carp.c
  1.24  +2 -2  src/sys/netinet/ip_gre.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/dev/ath if_ath.c src/sys/dev/awi awi.c src/sys/dev/gem if_gem.c src/sys/dev/ipw if_ipw.c src/sys/dev/iwi if_iwi.c src/sys/dev/lmc if_lmc.h src/sys/dev/ral rt2661.c sr

[Christian S.J. Peron]

Sam Leffler wrote:

sam 2006-06-02 23:14:40 UTC

  FreeBSD src repository

  Modified files:
sys/dev/ath  if_ath.c 
sys/dev/awi  awi.c 
sys/dev/gem  if_gem.c 
sys/dev/ipw  if_ipw.c 
sys/dev/iwi  if_iwi.c 
sys/dev/lmc  if_lmc.h 
sys/dev/ral  rt2661.c 
sys/dev/usb  if_ural.c 
sys/net  if_faith.c if_fwsubr.c 
sys/netgraph ng_iface.c 
  Log:

  add missed calls to bpf_peers_present
  
  Revision  ChangesPath

  1.146 +1 -1  src/sys/dev/ath/if_ath.c
  1.43  +2 -3  src/sys/dev/awi/awi.c
  1.38  +1 -2  src/sys/dev/gem/if_gem.c
  1.21  +1 -1  src/sys/dev/ipw/if_ipw.c
  1.38  +1 -1  src/sys/dev/iwi/if_iwi.c
  1.3   +1 -1  src/sys/dev/lmc/if_lmc.h
  1.7   +2 -2  src/sys/dev/ral/rt2661.c
  1.40  +2 -2  src/sys/dev/usb/if_ural.c
  1.40  +1 -1  src/sys/net/if_faith.c
  1.21  +2 -2  src/sys/net/if_fwsubr.c
  1.47  +1 -1  src/sys/netgraph/ng_iface.c


  

Thanks!

--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net bpf.h

[Christian S.J. Peron]

csjp2006-06-03 06:37:00 UTC

  FreeBSD src repository

  Modified files:
sys/net  bpf.h 
  Log:
  Make sure we don't try to dereference the the if_bpf pointer when bpf has
  not been compiled into the the kernel.
  
  Submitted by:   benno
  
  Revision  ChangesPath
  1.42  +5 -1  src/sys/net/bpf.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/dev/ath if_ath.c src/sys/dev/ipw if_ipw.c src/sys/dev/iwi if_iwi.c src/sys/dev/ral rt2560.c rt2661.c src/sys/dev/usb if_ural.c src/sys/dev/wi if_wi.c src/sys/net bpf.c

[Christian S.J. Peron]

Committed, thanks.

Benno Rice wrote:

Christian S.J. Peron wrote:

[snip]


  Log:
  Fix the following bpf(4) race condition which can result in a panic:


[snip]

This change causes panics in kernels that don't have device bpf present.
The attached patch fixes this.



Index: bpf.h
===
RCS file: /home/ncvs/src/sys/net/bpf.h,v
retrieving revision 1.41
diff -u -r1.41 bpf.h
--- bpf.h   2 Jun 2006 19:59:32 -   1.41
+++ bpf.h   3 Jun 2006 04:31:10 -
@@ -630,7 +630,11 @@
 bpf_peers_present(struct bpf_if *bpf)
 {
 
+#if defined(DEV_BPF) || defined(NETGRAPH_BPF)

return !LIST_EMPTY(&bpf->bif_dlist);
+#else
+   return (0);
+#endif
 }
 
 #define	BPF_TAP(_ifp,_pkt,_pktlen) do {				\
  



--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net bpf.h

[Christian S.J. Peron]

csjp2006-06-03 18:16:54 UTC

  FreeBSD src repository

  Modified files:
sys/net  bpf.h 
  Log:
  Temporarily include files so that our macro checks do something useful.
  
  Revision  ChangesPath
  1.43  +3 -0  src/sys/net/bpf.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/net bpf.h

[Christian S.J. Peron]

csjp2006-06-03 18:48:14 UTC

  FreeBSD src repository

  Modified files:
sys/net  bpf.h 
  Log:
  Back out previous two commits, this caused some problems in the namespace
  resulting in some build failures. Instead, to fix the problem of bpf not
  being present, check the pointer before dereferencing it.
  
  This is a temporary bandaid until we can decide on how we want to handle
  the bpf code not being present. This will be fixed shortly.
  
  Revision  ChangesPath
  1.44  +2 -7  src/sys/net/bpf.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/dev/ath if_ath.c src/sys/dev/ipw if_ipw.c src/sys/dev/iwi if_iwi.c src/sys/dev/ral rt2560.c rt2661.c src/sys/dev/usb if_ural.c src/sys/dev/wi if_wi.c src/sys/net bpf.c

[Christian S.J. Peron]

Can you try this patch:

http://people.freebsd.org/~csjp/no.bpf.1149425152.diff

and tell me how it works for you?


Benno Rice wrote:

Christian S.J. Peron wrote:

[snip]


  Log:
  Fix the following bpf(4) race condition which can result in a panic:


[snip]

This change causes panics in kernels that don't have device bpf present.
The attached patch fixes this.



Index: bpf.h
===
RCS file: /home/ncvs/src/sys/net/bpf.h,v
retrieving revision 1.41
diff -u -r1.41 bpf.h
--- bpf.h   2 Jun 2006 19:59:32 -   1.41
+++ bpf.h   3 Jun 2006 04:31:10 -
@@ -630,7 +630,11 @@
 bpf_peers_present(struct bpf_if *bpf)
 {
 
+#if defined(DEV_BPF) || defined(NETGRAPH_BPF)

return !LIST_EMPTY(&bpf->bif_dlist);
+#else
+   return (0);
+#endif
 }
 
 #define	BPF_TAP(_ifp,_pkt,_pktlen) do {				\
  



--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_mls mac_mls.c

[Christian S.J. Peron]

csjp2006-08-26 20:13:35 UTC

  FreeBSD src repository

  Modified files:
sys/security/mac_mls mac_mls.c 
  Log:
  Fix panic associated with file creation via RPC/NFS when the MLS policy
  is loaded. This problem stems from the fact that the policy is not properly
  initializing the mac label associated with the NFS daemon.
  
  Obtained from:  TrustedBSD Project
  Discussed with: rwatson
  
  Revision  ChangesPath
  1.76  +12 -0 src/sys/security/mac_mls/mac_mls.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/su Makefile su.c

[Christian S.J. Peron]

csjp2006-09-01 13:39:02 UTC

  FreeBSD src repository

  Modified files:
usr.bin/su   Makefile su.c 
  Log:
  Integrate audit_submit(3) bits into su. This means that records for
  successful and failed su attempts will be recorded using the AUE_su
  event type (login or lo class) if auditing is present in the system.
  Currently, the records will have a header, subject, text (with the
  actual diagnostics), a return and trailer token.
  
  See audit_submit(3) for more information.
  
  Reviewed by:rwatson
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.41  +8 -0  src/usr.bin/su/Makefile
  1.80  +68 -6 src/usr.bin/su/su.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/nfsserver nfs.h nfs_serv.c nfs_srvsock.c nfs_syscalls.c

[Christian S.J. Peron]

csjp2006-09-02 21:54:08 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/nfsservernfs.h nfs_serv.c nfs_srvsock.c 
 nfs_syscalls.c 
  Log:
  MFC revision 1.79 nfs.h
  MFC revision 1.161 nfs_serv.c
  MFC revision 1.96 nfs_srvsock.c
  MFC revision 1.105 nfs_syscalls.c
  
  date: 2006/01/28 19:24:39;  author: csjp;  state: Exp;  lines: +1 -1
  Manage the ucred for the NFS server using the crget/crfree API defined in
  kern_prot.c. This API handles reference counting among many other things.
  Notably, if MAC is compiled into the kernel, it will properly initialize the
  MAC labels when the ucred is allocated.
  
  This work is in preparation for a new MAC entry point which will be 
responsible
  for properly initializing policy specific labels for the NFS server 
credential.
  Utilization of the crfree/crget APIs reduce the complexity associated with
  this label's management.
  
  Submitted by:   green (with changes) [1]
  Obtained from:  TrustedBSD Project
  Discussed with: rwatson, alfred
  
  [1] I moved the ucred allocation outside the scope of the NFS server lock to
  prevent M_WAIKOK allocations from occurring with non-sleep-able locks 
held.
  Additionally, to reduce complexity, the ucred persist as long as the NFS
  server descriptor.
  
  Revision   ChangesPath
  1.78.2.2   +1 -1  src/sys/nfsserver/nfs.h
  1.156.2.4  +24 -24src/sys/nfsserver/nfs_serv.c
  1.94.2.2   +11 -15src/sys/nfsserver/nfs_srvsock.c
  1.103.2.1  +8 -0  src/sys/nfsserver/nfs_syscalls.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/nfsserver nfs_srvsock.c src/sys/security/mac mac_vfs.c src/sys/sys mac.h mac_policy.h

[Christian S.J. Peron]

csjp2006-09-02 23:58:21 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/nfsservernfs_srvsock.c 
sys/security/mac mac_vfs.c 
sys/sys  mac.h mac_policy.h 
  Log:
  MFC revision 1.99 nfs_srvsock.c
  MFC revision 1.111 mac_vfs.c
  MFC revision 1.70 mac.h
  MFC revision 1.71 mac_policy.h
  
  MFC the mac_associate_nfsd_label entry point, only replace one of the
  mac_policy_ops stub elements to ensure that we dont break compatability
  with existing MAC modules.
  
  Revision   ChangesPath
  1.94.2.3   +6 -0  src/sys/nfsserver/nfs_srvsock.c
  1.108.2.3  +7 -0  src/sys/security/mac/mac_vfs.c
  1.67.2.3   +1 -0  src/sys/sys/mac.h
  1.66.2.4   +1 -1  src/sys/sys/mac_policy.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_biba mac_biba.c

[Christian S.J. Peron]

csjp2006-09-03 02:24:48 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/security/mac_biba mac_biba.c 
  Log:
  MFC revision 1.92
  
  This should take care of kernel panics that are a result on non
  initialized labels associated with the NFC credential.
  
  Revision  ChangesPath
  1.87.2.5  +12 -0 src/sys/security/mac_biba/mac_biba.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/mac_mls mac_mls.c

[Christian S.J. Peron]

csjp2006-09-03 02:26:48 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/security/mac_mls mac_mls.c 
  Log:
  MFC revision 1.76
  
  Axe kernel panic associated with un-initialized NFS credentials while the
  MLS mac policy is loaded.
  
  Revision  ChangesPath
  1.72.2.4  +12 -0 src/sys/security/mac_mls/mac_mls.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern vfs_cache.c

[Christian S.J. Peron]

csjp2006-09-05 03:23:02 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/kern vfs_cache.c 
  Log:
  MFC vfs_cache.c revision 1.106
  
  Axe Giant from vn_fullpath(9). The vnode -> pathname lookup should be
  filesystem agnostic. We are not touching any file system specific functions
  in this code path. Since we have a cache lock, there is really no need to
  keep Giant around here.
  
  This eliminates Giant acquisitions for any syscall which is auditing 
pathnames.
  
  Revision   ChangesPath
  1.103.2.2  +0 -4  src/sys/kern/vfs_cache.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/secure/usr.sbin/sshd Makefile

[Christian S.J. Peron]

csjp2006-09-05 23:51:32 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
secure/usr.sbin/sshd Makefile 
  Log:
  Hook audit into the OpenSSH build, this results in audit records being
  submitted for successful/failed logins, as well as having OpenSSH set
  the audit context for a user when they login.
  
  Reviewed by:rwatson
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.44.2.2  +6 -0  src/secure/usr.sbin/sshd/Makefile
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/usr.bin/login Makefile login.1 login.c login.h login_audit.c

[Christian S.J. Peron]

csjp2006-09-05 23:53:21 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
usr.bin/loginMakefile login.1 login.c login.h 
  Added files:   (Branch: RELENG_6)
usr.bin/loginlogin_audit.c 
  Log:
  MFC the audit modifications to login so audit context is properly set and
  the correct audit records are submitted.
  
  Reviewed by:rwatson
  Obtained from:  TrustedBSD Project
  
  Revision  ChangesPath
  1.48.2.2  +2 -2  src/usr.bin/login/Makefile
  1.28.2.2  +11 -0 src/usr.bin/login/login.1
  1.99.2.1  +16 -0 src/usr.bin/login/login.c
  1.4.14.1  +5 -1  src/usr.bin/login/login.h
  1.1.2.1   +204 -0src/usr.bin/login/login_audit.c (new)
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/amd64/amd64 machdep.c src/sys/i386/i386 machdep.c

[Christian S.J. Peron]

John Baldwin wrote:

jhb 2006-09-11 18:41:31 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/amd64/amd64  machdep.c 
sys/i386/i386machdep.c 
  Log:

  MFC: Sync sizes of physmap[], phys_avail[], and dump_avail[] and bump up
  the sizes to handle systems with very fragmented memory maps.
  
  Approved by:re (kensmith)
  
  Revision   ChangesPath

  1.638.2.9  +4 -4  src/sys/amd64/amd64/machdep.c
  1.616.2.8  +4 -4  src/sys/i386/i386/machdep.c


  
Thanks for this John, I know a lot of people that will be much happier 
being able to utilize all 64 gigs of their memory now!



--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/contrib/pf/net pf.c src/sys/modules/ipfw Makefile src/sys/modules/pf Makefile src/sys/netinet ip_fw2.c src/sys/security/mac mac_inet.c src/sys/security/mac_biba mac_biba.c src/sys/

[Christian S.J. Peron]

csjp2006-09-12 04:25:13 UTC

  FreeBSD src repository

  Modified files:
sys/contrib/pf/net   pf.c 
sys/modules/ipfw Makefile 
sys/modules/pf   Makefile 
sys/netinet  ip_fw2.c 
sys/security/mac mac_inet.c 
sys/security/mac_biba mac_biba.c 
sys/security/mac_lomac mac_lomac.c 
sys/security/mac_mls mac_mls.c 
sys/sys  mac.h mac_policy.h 
  Log:
  Introduce a new entry point, mac_create_mbuf_from_firewall. This entry point
  exists to allow the mandatory access control policy to properly initialize
  mbufs generated by the firewall. An example where this might happen is keep
  alive packets, or ICMP error packets in response to other packets.
  
  This takes care of kernel panics associated with un-initialize mbuf labels
  when the firewall generates packets.
  
  [1] I modified this patch from it's original version, the initial patch
  introduced a number of entry points which were programmatically
  equivalent. So I introduced only one. Instead, we should leverage
  mac_create_mbuf_netlayer() which is used for similar situations,
  an example being icmp_error()
  
  This will minimize the impact associated with the MFC
  
  Submitted by:   mlaier [1]
  MFC after:  1 week
  
  This is a RELENG_6 candidate
  
  Revision  ChangesPath
  1.41  +55 -0 src/sys/contrib/pf/net/pf.c
  1.25  +1 -1  src/sys/modules/ipfw/Makefile
  1.12  +1 -1  src/sys/modules/pf/Makefile
  1.146 +20 -5 src/sys/netinet/ip_fw2.c
  1.2   +10 -0 src/sys/security/mac/mac_inet.c
  1.94  +12 -0 src/sys/security/mac_biba/mac_biba.c
  1.40  +12 -0 src/sys/security/mac_lomac/mac_lomac.c
  1.77  +12 -0 src/sys/security/mac_mls/mac_mls.c
  1.71  +1 -0  src/sys/sys/mac.h
  1.75  +3 -0  src/sys/sys/mac_policy.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/kern tty.c

[Christian S.J. Peron]

Rev. 1.272 was my commit, I can't remember the context of the 
conversations around the Giant push down there, but it's quite possible 
that I jumped the gun and made a mistake, because I am not sure how much 
analysis of the TTY locking I did there.


Should we roll back that commit and Pickup Giant for the TTY sake?

Bruce Evans wrote:

On Mon, 11 Sep 2006, John Baldwin wrote:

I've told Martin numerous times that t_session is not locked by the 
proctree
lock and thus by default it is covered by Giant.  I think much of the 
session

stuff still belongs under Giant in fact.


I thought that the session stuff was already locked.  It has very
little to do with ttys.  However, apparently, only p_session is covered
by session locking, while t_session still needs tty (Giant) locking.
It seems unlikely that ttymodem() isn't still under Giant.  However,
Giant locking for references to t_session and even more important tty
things was removed in rev.1.272 of kern_exit.c:

% Index: kern_exit.c
% ===
% RCS file: /home/ncvs/src/sys/kern/kern_exit.c,v
% retrieving revision 1.271
% retrieving revision 1.272
% diff -u -r1.271 -r1.272
% --- kern_exit.c8 Nov 2005 09:09:26 -1.271
% +++ kern_exit.c8 Nov 2005 17:11:03 -1.272
% @@ -303,13 +303,13 @@
%  vm_map_max(&vm->vm_map));
%  }
% % -mtx_lock(&Giant);

Not long before 1.272, the Giant locking had been pushed down to here.

%  sx_xlock(&proctree_lock);

I don't know exactly what this covers.  SESS_LOCK() is not used until 
later.

According to proc.h:

p_session:  constant until freed (what locks the freeing?)
*p_session: mostly locked by SESS_LOCK(), except s_leader also 
requires

the proctree lock

%  if (SESS_LEADER(p)) {

SESS_LEADER() loads s_leader, so why isn't SESS_LOCK() before here?

%  struct session *sp;
% %  sp = p->p_session;
%  if (sp->s_ttyvp) {

This seems to need SESS_LOCK() but not proctree_lock.

% +locked = VFS_LOCK_GIANT(sp->s_ttyvp->v_mount);
%  /*
%   * Controlling process.
%   * Signal foreground pgrp,

s_ttyvp and t_session are referenced just after here.  1.272 is 
apparently

only correct for s_ttyvp (except the session locking was already wrong?).
The reference to t_session seems to be only read-only here -- I can't
see where it goes away on exit, but think it should -- but nothing
good can happen if it changes underneath.

Just after this there is a call to ttywait().  ttywait() certainly
needs Giant locking.  The call is preceded by a comment saying "XXX
tp should be locked.".  This comment was bogus -- tp was locked by
Giant when the comment was written.  Now the code is broken instead.

% @@ -355,6 +355,7 @@
%   * that the session once had a controlling terminal.
%   * (for logging and informational purposes)
%   */
% +VFS_UNLOCK_GIANT(locked);
%  }
%  SESS_LOCK(p->p_session);
%  sp->s_leader = NULL;
% @@ -363,7 +364,6 @@
%  fixjobc(p, p->p_pgrp, 0);
%  sx_xunlock(&proctree_lock);
%  (void)acct_process(td);
% -mtx_unlock(&Giant); %  #ifdef KTRACE
%  /*
%   * release trace file

Other references to t_session in kern:

kern_proc.c:
fill_kinfo_proc_only() deferences t_session after checking that it is not
NULL.  I think the necessary Giant locking is missing here.

tty.c:
Lots of references to t_session here.  None should cause problems 
directly,

since callers are required to provide Giant locking.  ttymodem() should
only be called from device driver interrupt handlers and these require
Giant locking for ordinary i/o too, so the problem is unlikely to be
at this level.

Bruce





--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/kern kern_exit.c

[Christian S.J. Peron]

csjp2006-09-13 15:47:53 UTC

  FreeBSD src repository

  Modified files:
sys/kern kern_exit.c 
  Log:
  Back out one of the Giant removals from revision 1.272. Giant was not here to
  protect the vnode, it was present to synchronize access to TTY session
  information between exit(2) and the TTY code. While we are here, note that
  Giant is required for TTY protection.
  
  Clue from:  bde
  Discussed with: jhb
  MFC after:  1 week
  
  Revision  ChangesPath
  1.290 +2 -2  src/sys/kern/kern_exit.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/kern kern_exit.c (DEVFS bug) ?

[Christian S.J. Peron]

Aye

This is one of the panics which plagued me. If I remember correctly, 
this particular race rears it's ugly head in situations where you are 
opening and revoking/closing TTY devices. I seem to recall that the the 
devfs<->tty interactions were suspect here. I've also seen this problem 
this RELENG_5.


As I mentioned, I think my recent commit to kern_exit.c (1.290) should 
conceptually take care of some races, but certainly will not fix all the 
problems associated with the TTY/DEVFS code.


Although, my knowledge around TTYs and the internal inner workings of 
DEVFS is quite limited in scope.


Martin Blapp wrote:


Hi all,

The kernel I've made with 'mtx_assert(&Giant, MA_OWNED);' in all tty 
functions

works fine. I'm not able to crash it yet, even under 24 hour load.

But I have also seen what appears to be strange interactions or races 
between devfs and the TTY code before the Giant push down here, which 
was causing me some problems. After some discussions with John and 
Bruce, it looks like the manipulation of t_session should be 
protected by Giant.


I Agree. This backout doesn't solve this panic here. I got this panic 
on FreeBSD 5.3 RELEASE and  5.4 RELEASE too. Exactly the same trace. 
And revision 1.272 never made it into RELENG_5.


#1  0xc066355e in boot (howto=260) at 
/usr/src/sys/kern/kern_shutdown.c:409
#2  0xc06638b5 in panic (fmt=0xc0891732 "%s") at 
/usr/src/sys/kern/kern_shutdown.c:565
#3  0xc085c6b6 in trap_fatal (frame=0xed6e4ab8, eva=4) at 
/usr/src/sys/i386/i386/trap.c:836
#4  0xc085c3bf in trap_pfault (frame=0xed6e4ab8, usermode=0, eva=4) at 
/usr/src/sys/i386/i386/trap.c:744

#5  0xc085bfb5 in trap (frame=
  {tf_fs = 8, tf_es = 40, tf_ds = -1063714776, tf_edi = 
-1064042304, tf_esi = 0, tf_ebp = -311538944, tf_isp = -311538972, tf_ebx
= -967615488, tf_edx = -1063651212, tf_ecx = -941099136, tf_eax = 0, 
tf_trapno = 12, tf_err = 0, tf_eip = -1066845359, tf_cs = 32,

tf_eflags = 66194, tf_esp = -967615488, tf_ss = 0})
at /usr/src/sys/i386/i386/trap.c:434
#6  0xc0848bea in calltrap () at /usr/src/sys/i386/i386/exception.s:139
#7  0xc0693b51 in ttymodem (tp=0xc6535c00, flag=-1063651212) at 
/usr/src/sys/kern/tty.c:1659
#8  0xc0698362 in ptcclose (dev=0x0, flags=3, fmt=8192, td=0xc7e7f780) 
at linedisc.h:136
#9  0xc0638a6f in giant_close (dev=0xcb3c1100, fflag=3, devtype=8192, 
td=0xc7e7f780) at /usr/src/sys/kern/kern_conf.c:266
#10 0xc06162bf in devfs_close (ap=0xed6e4b7c) at 
/usr/src/sys/fs/devfs/devfs_vnops.c:287

#11 0xc086dc1c in VOP_CLOSE_APV (vop=0x0, a=0xc099f874) at vnode_if.c:426
#12 0xc06c87e2 in vn_close (vp=0xc9cdf660, flags=3, file_cred=0x0, 
td=0xc7e7f780) at vnode_if.h:227
#13 0xc06c974a in vn_closefile (fp=0xc6fc5438, td=0xc7e7f780) at 
/usr/src/sys/kern/vfs_vnops.c:865
#14 0xc06162e7 in devfs_close_f (fp=0xc6fc5438, td=0xc7e7f780) at 
/usr/src/sys/fs/devfs/devfs_vnops.c:297
#15 0xc0642cdc in fdrop_locked (fp=0xc6fc5438, td=0xc7e7f780) at 
file.h:295
#16 0xc0642c29 in fdrop (fp=0xc6fc5438, td=0xc7e7f780) at 
/usr/src/sys/kern/kern_descrip.c:2122
#17 0xc06411c7 in closef (fp=0xc6fc5438, td=0xc7e7f780) at 
/usr/src/sys/kern/kern_descrip.c:1942
#18 0xc063e329 in close (td=0xc7e7f780, uap=0x0) at 
/usr/src/sys/kern/kern_descrip.c:1007


 Back out one of the Giant removals from revision 1.272. Giant was 
not here to

 protect the vnode, it was present to synchronize access to TTY session
 information between exit(2) and the TTY code. While we are here, 
note that

 Giant is required for TTY protection.

 Clue from:  bde
 Discussed with: jhb
 MFC after:  1 week

 Revision  ChangesPath
 1.290 +2 -2  src/sys/kern/kern_exit.c







--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/audit audit.c audit_private.h audit_syscalls.c audit_worker.c

[Christian S.J. Peron]

csjp2006-09-17 17:52:57 UTC

  FreeBSD src repository

  Modified files:
sys/security/audit   audit.c audit_private.h audit_syscalls.c 
 audit_worker.c 
  Log:
  Correct a slight regression which was introduced with the implementation of
  audit pipes. If the kernel record was not selected for the trail or the pipe,
  any user supplied record attached to it would be tossed away, resulting in
  otherwise selected events being lost.
  
  - Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
the audit worker that we are interested in the kernel record, with
the additional masks we can determine if either the pipe or trail is
interested in seeing the kernel or user record.
  
  - In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
done the preselection [1].
  
  Currently, there is work being done that allows the kernel to parse and
  preselect user supplied records, so in the future preselection could occur
  in either layer. But there is still a few details to work out here.
  
  [1] At some point we need to teach au_preselect(3) about the interests of
  all the individual audit pipes.
  
  This is a RELENG_6 candidate.
  
  Reviewed by:rwatson
  Obtained from:  TrustedBSD Project
  MFC after:  1 week
  
  Revision  ChangesPath
  1.20  +2 -2  src/sys/security/audit/audit.c
  1.11  +3 -0  src/sys/security/audit/audit_private.h
  1.6   +8 -0  src/sys/security/audit/audit_syscalls.c
  1.10  +7 -3  src/sys/security/audit/audit_worker.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/security/audit audit_bsm.c

[Christian S.J. Peron]

csjp2006-09-18 17:55:32 UTC

  FreeBSD src repository

  Modified files:
sys/security/audit   audit_bsm.c 
  Log:
  Make sure that lutimes(2) gets processed and converted into a BSM record.
  
  Submitted by:   rwatson
  MFC after:  1 day
  
  Revision  ChangesPath
  1.13  +1 -0  src/sys/security/audit/audit_bsm.c
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: cvs commit: src/sys/dev/bge if_bge.c

[Christian S.J. Peron]

Jung-uk Kim wrote:

jkim2006-09-18 22:18:22 UTC

  FreeBSD src repository

  Modified files:
sys/dev/bge  if_bge.c 
  Log:

  Do not strip VLAN tag in promiscuous mode.
  
  Revision  ChangesPath

  1.148 +28 -15src/sys/dev/bge/if_bge.c


  
I don't think this is right. An interface does not have to be in 
promiscuous mode in order to have BPF peers attached to it. If this is 
being done to ensure that vlan info is preserved for things like 
tcpdump, the correct fix is to use bpf_peers_present() instead.


This issue has been discussed between myself, jhb, and andre for a 
couple of days now. The correct fix is to teach bpf to look at the mbuf 
and re-construct and insert the vlan tags before passing it through 
bpf_filter (and on to any peers), assuming the hardware is handling 
stripping and inserting vlan tags. I have agreed to work on this, time 
permitting.


--
Christian S.J. Peron
[EMAIL PROTECTED]
FreeBSD Committer
FreeBSD Security Team

___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

cvs commit: src/sys/contrib/pf/net pf.c src/sys/modules/ipfw Makefile src/sys/modules/pf Makefile src/sys/netinet ip_fw2.c src/sys/security/mac mac_inet.c src/sys/security/mac_biba mac_biba.c src/sys/

[Christian S.J. Peron]

csjp2006-09-19 15:45:22 UTC

  FreeBSD src repository

  Modified files:(Branch: RELENG_6)
sys/contrib/pf/net   pf.c 
sys/modules/ipfw Makefile 
sys/modules/pf   Makefile 
sys/netinet  ip_fw2.c 
sys/security/mac mac_inet.c 
sys/security/mac_biba mac_biba.c 
sys/security/mac_lomac mac_lomac.c 
sys/security/mac_mls mac_mls.c 
sys/sys  mac.h mac_policy.h 
  Log:
  MFC the firewall labeling changes.
  
  This fixes kernel panics which occur when the firewall sends out a packet.
  This can happen for keep alives, or instances when the firewall is
  configured to return RST or ICMP unreach packets. These panics occured
  only if MLS, BIBA or LOMAC security policies were loaded.
  
  Approved by:re@ (kensmith)
  Submitted by:   mlaier (with changes)
  
  RevisionChangesPath
  1.34.2.4+56 -1 src/sys/contrib/pf/net/pf.c
  1.21.2.2+1 -1  src/sys/modules/ipfw/Makefile
  1.7.2.3 +1 -1  src/sys/modules/pf/Makefile
  1.106.2.19  +20 -5 src/sys/netinet/ip_fw2.c
  1.1.8.1 +10 -0 src/sys/security/mac/mac_inet.c
  1.87.2.6+12 -0 src/sys/security/mac_biba/mac_biba.c
  1.35.2.4+12 -0 src/sys/security/mac_lomac/mac_lomac.c
  1.72.2.5+12 -0 src/sys/security/mac_mls/mac_mls.c
  1.67.2.4+1 -0  src/sys/sys/mac.h
  1.66.2.5+2 -1  src/sys/sys/mac_policy.h
___
cvs-all@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/cvs-all
To unsubscribe, send any mail to "[EMAIL PROTECTED]"