1. 22 Jun, 2022 3 commits
  2. 20 Nov, 2017 1 commit
    • Pedro F. Giffuni's avatar
      sys: further adoption of SPDX licensing ID tags. · 51369649
      Pedro F. Giffuni authored
      Mainly focus on files that use BSD 3-Clause license.
      The Software Package Data Exchange (SPDX) group provides a specification
      to make it easier for automated tools to detect and summarize well known
      opensource licenses. We are gradually adopting the specification, noting
      that the tags are considered only advisory and do not, in any way,
      superceed or replace the license texts.
      Special thanks to Wind River for providing access to "The Duke of
      Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
      starting point.
  3. 28 Feb, 2017 1 commit
    • Warner Losh's avatar
      Renumber copyright clause 4 · fbbd9655
      Warner Losh authored
      Renumber cluase 4 to 3, per what everybody else did when BSD granted
      them permission to remove clause 3. My insistance on keeping the same
      numbering for legal reasons is too pedantic, so give up on that point.
      Submitted by:	Jan Schaumann <jschauma@stevens.edu>
      Pull Request:	https://github.com/freebsd/freebsd/pull/96
  4. 19 Oct, 2010 1 commit
  5. 19 Oct, 2008 1 commit
  6. 06 Jan, 2005 1 commit
  7. 07 Apr, 2004 1 commit
  8. 19 May, 2002 1 commit
  9. 21 Apr, 2002 1 commit
  10. 13 Apr, 2002 1 commit
  11. 04 Dec, 2001 1 commit
  12. 07 Oct, 2001 1 commit
    • Dag-Erling Smørgrav's avatar
      Dissociate ptrace from procfs. · 3da32491
      Dag-Erling Smørgrav authored
      Until now, the ptrace syscall was implemented as a wrapper that called
      various functions in procfs depending on which ptrace operation was
      requested.  Most of these functions were themselves wrappers around
      procfs_{read,write}_{,db,fp}regs(), with only some extra error checks,
      which weren't necessary in the ptrace case anyway.
      This commit moves procfs_rwmem() from procfs_mem.c into sys_process.c
      (renaming it to proc_rwmem() in the process), and implements ptrace()
      directly in terms of procfs_{read,write}_{,db,fp}regs() instead of
      having it fake up a struct uio and then call procfs_do{,db,fp}regs().
      It also moves the prototypes for procfs_{read,write}_{,db,fp}regs()
      and proc_rwmem() from proc.h to ptrace.h, and marks all procfs files
      except procfs_machdep.c as "optional procfs" instead of "standard".
  13. 03 Aug, 2001 1 commit
    • Robert Watson's avatar
      Prior to support for almost all ps activity via sysctl, ps used procfs, · f2e6be58
      Robert Watson authored
      and so special-casing was introduced to provide extra procfs privilege
      to the kmem group.  With the advent of non-setgid kmem ps, this code
      is no longer required, and in fact, can is potentially harmful as it
      allocates privilege to a gid that is increasingly less meaningful.
      Knowledge of specific gid's in kernel is also generally bad precedent,
      as the kernel security policy doesn't distinguish gid's specifically,
      only uid 0.
      This commit removes reference to kmem in procfs, both in terms of
      access control decisions, and the applying of gid kmem to the
      /proc/*/mem file, simplifying the associated code considerably.
      Processes are still permitted to access the mem file based on
      the debugging policy, so ps -e still works fine for normal
      processes and use.
      Reviewed by:	tmm
      Obtained from:	TrustedBSD Project
  14. 05 Jul, 2001 1 commit
    • Robert Watson's avatar
      o Replace calls to p_can(..., P_CAN_xxx) with calls to p_canxxx(). · a0f75161
      Robert Watson authored
        The p_can(...) construct was a premature (and, it turns out,
        awkward) abstraction.  The individual calls to p_canxxx() better
        reflect differences between the inter-process authorization checks,
        such as differing checks based on the type of signal.  This has
        a side effect of improving code readability.
      o Replace direct credential authorization checks in ktrace() with
        invocation of p_candebug(), while maintaining the special case
        check of KTR_ROOT.  This allows ktrace() to "play more nicely"
        with new mandatory access control schemes, as well as making its
        authorization checks consistent with other "debugging class"
      o Eliminate "privused" construct for p_can*() calls which allowed the
        caller to determine if privilege was required for successful
        evaluation of the access control check.  This primitive is currently
        unused, and as such, serves only to complicate the API.
      Approved by:	({procfs,linprocfs} changes) des
      Obtained from:	TrustedBSD Project
  15. 04 Jul, 2001 1 commit
    • Matthew Dillon's avatar
      With Alfred's permission, remove vm_mtx in favor of a fine-grained approach · 0cddd8f0
      Matthew Dillon authored
      (this commit is just the first stage).  Also add various GIANT_ macros to
      formalize the removal of Giant, making it easy to test in a more piecemeal
      fashion. These macros will allow us to test fine-grained locks to a degree
      before removing Giant, and also after, and to remove Giant in a piecemeal
      fashion via sysctl's on those subsystems which the authors believe can
      operate without Giant.
  16. 23 May, 2001 1 commit
    • Ruslan Ermilov's avatar
      - FDESC, FIFO, NULL, PORTAL, PROC, UMAP and UNION file · 99d300a1
      Ruslan Ermilov authored
        systems were repo-copied from sys/miscfs to sys/fs.
      - Renamed the following file systems and their modules:
        fdesc -> fdescfs, portal -> portalfs, union -> unionfs.
      - Renamed corresponding kernel options:
      - Install header files for the above file systems.
      - Removed bogus -I${.CURDIR}/../../sys CFLAGS from userland
  17. 19 May, 2001 1 commit
    • Alfred Perlstein's avatar
      Introduce a global lock for the vm subsystem (vm_mtx). · 23955314
      Alfred Perlstein authored
      vm_mtx does not recurse and is required for most low level
      vm operations.
      faults can not be taken without holding Giant.
      Memory subsystems can now call the base page allocators safely.
      Almost all atomic ops were removed as they are covered under the
      vm mutex.
      Alpha and ia64 now need to catch up to i386's trap handlers.
      FFS and NFS have been tested, other filesystems will need minor
      changes (grabbing the vm lock when twiddling page properties).
      Reviewed (partially) by: jake, jhb
  18. 01 May, 2001 1 commit
  19. 30 Aug, 2000 1 commit
    • Robert Watson's avatar
      o Centralize inter-process access control, introducing: · 387d2c03
      Robert Watson authored
          int p_can(p1, p2, operation, privused)
        which allows specification of subject process, object process,
        inter-process operation, and an optional call-by-reference privused
        flag, allowing the caller to determine if privilege was required
        for the call to succeed.  This allows jail, kern.ps_showallprocs and
        regular credential-based interaction checks to occur in one block of
        code.  Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL,
        and P_CAN_DEBUG.  p_can currently breaks out as a wrapper to a
        series of static function checks in kern_prot, which should not
        be invoked directly.
      o Commented out capabilities entries are included for some checks.
      o Update most inter-process authorization to make use of p_can() instead
        of manual checks, PRISON_CHECK(), P_TRESPASS(), and
      o Modify suser{,_xxx} to use const arguments, as it no longer modifies
        process flags due to the disabling of ASU.
      o Modify some checks/errors in procfs so that ENOENT is returned instead
        of ESRCH, further improving concealment of processes that should not
        be visible to other processes.  Also introduce new access checks to
        improve hiding of processes for procfs_lookup(), procfs_getattr(),
        procfs_readdir().  Correct a bug reported by bp concerning not
        handling the CREATE case in procfs_lookup().  Remove volatile flag in
        procfs that caused apparently spurious qualifier warnigns (approved by
      o Add comment noting that ktrace() has not been updated, as its access
        control checks are different from ptrace(), whereas they should
        probably be the same.  Further discussion should happen on this topic.
      Reviewed by:	bde, green, phk, freebsd-security, others
      Approved by:	bde
      Obtained from:	TrustedBSD Project
  20. 20 Dec, 1999 1 commit
  21. 11 Dec, 1999 1 commit
    • Peter Wemm's avatar
      Don't simulate a pseudo address-space beyond VM_MAXUSER_ADDRESS that · 99b30c79
      Peter Wemm authored
      maps onto the upages.  We used to use this extensively, particularly
      for ps and gdb.  Both of these have been "fixed".  ps gets the p_stats
      via eproc along with all the other stats, and gdb uses the regs, fpregs
      etc files.
      Once apon a time the UPAGES were mapped here, but that changed back
      in January '96.  This essentially kills my revisions 1.16 and 1.17.
      The 2-page "hole" above the stack can be reclaimed now.
  22. 08 Dec, 1999 1 commit
  23. 21 Nov, 1999 2 commits
    • Poul-Henning Kamp's avatar
      Introduce the new function · a9e0361b
      Poul-Henning Kamp authored
              p_trespass(struct proc *p1, struct proc *p2)
      which returns zero or an errno depending on the legality of p1 trespassing
      on p2.
      Replace kern_sig.c:CANSIGNAL() with call to p_trespass() and one
      extra signal related check.
      Replace procfs.h:CHECKIO() macros with calls to p_trespass().
      Only show command lines to process which can trespass on the target
    • Poul-Henning Kamp's avatar
      s/p_cred->pc_ucred/p_ucred/g · da654d90
      Poul-Henning Kamp authored
  24. 09 Nov, 1999 1 commit
  25. 08 Nov, 1999 1 commit
    • Sean Eric Fagan's avatar
      Explain why Warner is right, and I am wrong, in the removing of the · 75bd4436
      Sean Eric Fagan authored
      file object.  Also explain some possible directions to re-implement it --
      I'm not sure it should be, given the minimal application use.  (Other
      than having the debugger automatically access the symbols for a process,
      the main use I'd found was with some minor accounting ability, but _that_
      depends on it being in the filesystem space; an ioctl access method would
      be useless in that case.)
      This is a code-less change; only a comment has been added.
  26. 29 Oct, 1999 1 commit
    • Poul-Henning Kamp's avatar
      useracc() the prequel: · 923502ff
      Poul-Henning Kamp authored
      Merge the contents (less some trivial bordering the silly comments)
      of <vm/vm_prot.h> and <vm/vm_inherit.h> into <vm/vm.h>.  This puts
      the #defines for the vm_inherit_t and vm_prot_t types next to their
      This paves the road for the commit to follow shortly: change
      useracc() to use VM_PROT_{READ|WRITE} rather than B_{READ|WRITE}
      as argument.
  27. 28 Aug, 1999 1 commit
  28. 27 Apr, 1999 2 commits
    • Poul-Henning Kamp's avatar
    • Poul-Henning Kamp's avatar
      Suser() simplification: · f711d546
      Poul-Henning Kamp authored
        Add new function: suser(struct proc *), prototyped in <sys/proc.h>.
        s/suser_xxx(\([a-zA-Z0-9_]*\)->p_ucred, \&\1->p_acflag)/suser(\1)/
      The remaining suser_xxx() calls will be scrutinized and dealt with
      There may be some unneeded #include <sys/cred.h>, but they are left
      as an exercise for Bruce.
      More changes to the suser() API will come along with the "jail" code.
  29. 28 Oct, 1998 1 commit
  30. 15 Jul, 1998 1 commit
  31. 07 Jun, 1998 1 commit
    • Doug Rabson's avatar
      This commit fixes various 64bit portability problems required for · ecbb00a2
      Doug Rabson authored
      FreeBSD/alpha.  The most significant item is to change the command
      argument to ioctl functions from int to u_long.  This change brings us
      inline with various other BSD versions.  Driver writers may like to
      use (__FreeBSD_version == 300003) to detect this change.
      The prototype FreeBSD/alpha machdep will follow in a couple of days
  32. 19 May, 1998 1 commit
  33. 17 Apr, 1998 1 commit
  34. 06 Feb, 1998 1 commit
  35. 04 Feb, 1998 1 commit
  36. 22 Jan, 1998 1 commit
    • John Dyson's avatar
      VM level code cleanups. · 2d8acc0f
      John Dyson authored
      1)	Start using TSM.
      	Struct procs continue to point to upages structure, after being freed.
      	Struct vmspace continues to point to pte object and kva space for kstack.
      	u_map is now superfluous.
      2)	vm_map's don't need to be reference counted.  They always exist either
      	in the kernel or in a vmspace.  The vmspaces are managed by reference
      3)	Remove the "wired" vm_map nonsense.
      4)	No need to keep a cache of kernel stack kva's.
      5)	Get rid of strange looking ++var, and change to var++.
      6)	Change more data structures to use our "zone" allocator.  Added
      	struct proc, struct vmspace and struct vnode.  This saves a significant
      	amount of kva space and physical memory.  Additionally, this enables
      	TSM for the zone managed memory.
      7)	Keep ioopt disabled for now.
      8)	Remove the now bogus "single use" map concept.
      9)	Use generation counts or id's for data structures residing in TSM, where
      	it allows us to avoid unneeded restart overhead during traversals, where
      	blocking might occur.
      10)	Account better for memory deficits, so the pageout daemon will be able
      	to make enough memory available (experimental.)
      11)	Fix some vnode locking problems. (From Tor, I think.)
      12)	Add a check in ufs_lookup, to avoid lots of unneeded calls to bcmp.
      13)	Significantly shrink, cleanup, and make slightly faster the vm_fault.c
      	code.  Use generation counts, get rid of unneded collpase operations,
      	and clean up the cluster code.
      14)	Make vm_zone more suitable for TSM.
      This commit is partially as a result of discussions and contributions from
      other people, including DG, Tor Egge, PHK, and probably others that I
      have forgotten to attribute (so let me know, if I forgot.)
      This is not the infamous, final cleanup of the vnode stuff, but a necessary
      step.  Vnode mgmt should be correct, but things might still change, and
      there is still some missing stuff (like ioopt, and physical backing of
      non-merged cache files, debugging of layering concepts.)