#
137cf3b6 |
| 15-Jan-2009 |
Konstantin Belousov <kib@FreeBSD.org> |
Lock the semaphore identifier lock during semaphore initialization to guarantee atomicity of the operation for other semaphore consumers. In particular, this should guard against access to the semaph
Lock the semaphore identifier lock during semaphore initialization to guarantee atomicity of the operation for other semaphore consumers. In particular, this should guard against access to the semaphore with not done or partially done MAC label assignment.
Reviewed by: rwatson MFC after: 1 month
show more ...
|
#
90a017ba |
| 14-Jan-2009 |
Konstantin Belousov <kib@FreeBSD.org> |
It seems that there are at least three issues with IPC_RMID operation on SysV semaphores.
The squeeze of the semaphore array in the kern_semctl() modifies sem_base for the semaphores with sem_ba
It seems that there are at least three issues with IPC_RMID operation on SysV semaphores.
The squeeze of the semaphore array in the kern_semctl() modifies sem_base for the semaphores with sem_base greater then sem_base of the removed semaphore, as well as the values of the semaphores, without locking their mutex. This can lead to (killable) hangs or unexpected behaviour of the processes performing any sem operations while other process does IPC_RMID.
The semexit_myhook() eventhandler unlocks SEMUNDO_LOCK() while accessing *suptr. This allows for IPC_RMID for the sem id to be performed in parallel with undo hook referenced by the current undo structure. This leads to the panic("semexit - semid not allocated") [1].
The semaphore creation is protected by Giant, while IPC_RMID is done while only semaphore mutex is held. This seems to result in invalid values for semtot, causing random ENOSPC error returns [2].
Redo the locking of the semaphores lifetime cycle. Delegate the sem_mtx to the sole purpose of protecting semget() and semctl(IPC_RMID). Introduce new sem_undo_mtx to protect SEM_UNDO handling. Remove the Giant remnants from the code. Note that mac_sysvsem_check_semget() and mac_sysvsem_create() are now called while sem_mtx is held, as well as mac_sysvsem_cleanup() [3].
When semaphore is removed, acquire semaphore locks for all semaphores with sem_base that is going to be changed by squeeze of the sema array. The lock order is not important there, because the region is protected by sem_mtx.
Organize both used and free sem_undo structures into the lists, protected by sem_undo_mtx. In semexit_myhook(), remove sem_undo structure that is being processed, from used list, without putting it onto the free to prevent modifications by other threads. This allows for sem_undo_lock to be dropped to acquire individial semaphore locks without violating lock order. Since IPC_RMID may no longer find this sem_undo, do tolerate references to unallocated semaphores in undo structure, and check sequential number to not undo unrelated semaphore with the same id.
While there, convert functions definitions to ANSI C and fix small style(9) glitches.
Reported by: Omer Faruk Sen <omerfsen gmail com> [1], pho [2] Reviewed by: rwatson [3] Tested by: pho MFC after: 1 month
show more ...
|
Revision tags: release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0 |
|
#
23c8064e |
| 19-Jun-2008 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
Renew semaphore's pointer after wakeup since during msleep sem_base may have been modified by destroying one of semaphores and semptr would not be valid in this case.
PR: kern/123731
|
Revision tags: release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
#
30d239bc |
| 24-Oct-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<objec
Merge first in a series of TrustedBSD MAC Framework KPI changes from Mac OS X Leopard--rationalize naming for entry points to the following general forms:
mac_<object>_<method/action> mac_<object>_check_<method/action>
The previous naming scheme was inconsistent and mostly reversed from the new scheme. Also, make object types more consistent and remove spaces from object types that contain multiple parts ("posix_sem" -> "posixsem") to make mechanical parsing easier. Introduce a new "netinet" object type for certain IPv4/IPv6-related methods. Also simplify, slightly, some entry point names.
All MAC policy modules will need to be recompiled, and modules not updates as part of this commit will need to be modified to conform to the new KPI.
Sponsored by: SPARTA (original patches against Mac OS X) Obtained from: TrustedBSD Project, Apple Computer
show more ...
|
#
7aee5992 |
| 03-Jul-2007 |
Konstantin Belousov <kib@FreeBSD.org> |
Relock the sema_mtxp unconditionally after copyin() for SETALL case in kern_semctl. Otherwise, later mtx_unlock() can operate on unlocked mutex.
Submitted by: rdivacky MFC after: 3 days Approved by:
Relock the sema_mtxp unconditionally after copyin() for SETALL case in kern_semctl. Otherwise, later mtx_unlock() can operate on unlocked mutex.
Submitted by: rdivacky MFC after: 3 days Approved by: re (kensmith)
show more ...
|
#
caa89438 |
| 26-Mar-2007 |
Ed Maste <emaste@FreeBSD.org> |
Avoid manipulating semu_list outside of the scope of SEMUNDO_LOCK(). This would lead to an occasional hang with a cycle in semu_list.
X-Discussed-On: hackers@
|
#
873fbcd7 |
| 05-Mar-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Further system call comment cleanup:
- Remove also "MP SAFE" after prior "MPSAFE" pass. (suggested by bde) - Remove extra blank lines in some cases. - Add extra blank lines in some cases. - Remove n
Further system call comment cleanup:
- Remove also "MP SAFE" after prior "MPSAFE" pass. (suggested by bde) - Remove extra blank lines in some cases. - Add extra blank lines in some cases. - Remove no-op comments consisting solely of the function name, the word "syscall", or the system call name. - Add punctuation. - Re-wrap some comments.
show more ...
|
#
0c14ff0e |
| 04-Mar-2007 |
Robert Watson <rwatson@FreeBSD.org> |
Remove 'MPSAFE' annotations from the comments above most system calls: all system calls now enter without Giant held, and then in some cases, acquire Giant explicitly.
Remove a number of other MPSAF
Remove 'MPSAFE' annotations from the comments above most system calls: all system calls now enter without Giant held, and then in some cases, acquire Giant explicitly.
Remove a number of other MPSAFE annotations in the credential code and tweak one or two other adjacent comments.
show more ...
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
#
aed55708 |
| 22-Oct-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitio
Complete break-out of sys/sys/mac.h into sys/security/mac/mac_framework.h begun with a repo-copy of mac.h to mac_framework.h. sys/mac.h now contains the userspace and user<->kernel API and definitions, with all in-kernel interfaces moved to mac_framework.h, which is now included across most of the kernel instead.
This change is the first step in a larger cleanup and sweep of MAC Framework interfaces in the kernel, and will not be MFC'd.
Obtained from: TrustedBSD Project Sponsored by: SPARTA
show more ...
|
#
f50c4fd8 |
| 20-Sep-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Remove MAC_DEBUG + MPRINTF debugging from System V IPC. This no longer appears to be serving a useful purpose, as it was used during initial development of MAC support for System V IPC.
MFC after:
Remove MAC_DEBUG + MPRINTF debugging from System V IPC. This no longer appears to be serving a useful purpose, as it was used during initial development of MAC support for System V IPC.
MFC after: 1 month Obtained from: TrustedBSD Project Suggested by: Christopher dot Vance at SPARTA dot com
show more ...
|
#
3097d55a |
| 12-Jul-2006 |
Konstantin Belousov <kib@FreeBSD.org> |
Use proper format specifier for pointers in debug printfs (turned off by default).
Approved by: pjd (mentor) MFC after: 2 weeks
|
#
b1ee5b65 |
| 08-Jul-2006 |
John Baldwin <jhb@FreeBSD.org> |
Rework kern_semctl a bit to always assume the UIO_SYSSPACE case. This mostly consists of pushing a few copyin's and copyout's up into __semctl() as all the other callers were already doing the UIO_S
Rework kern_semctl a bit to always assume the UIO_SYSSPACE case. This mostly consists of pushing a few copyin's and copyout's up into __semctl() as all the other callers were already doing the UIO_SYSSPACE case. This also changes kern_semctl() to set the return value in a passed in pointer to a register_t rather than td->td_retval[0] directly so that callers can only set td->td_retval[0] if all the various copyout's succeed.
As a result of these changes, kern_semctl() no longer does copyin/copyout (except for GETALL/SETALL) so simplify the locking to acquire the semakptr mutex before the MAC check and hold it all the way until the end of the big switch statement. The GETALL/SETALL cases have to temporarily drop it while they do copyin/malloc and copyout. Also, simplify the SETALL case to remove handling for a non-existent race condition.
show more ...
|
#
fe95c762 |
| 29-Jun-2006 |
John Baldwin <jhb@FreeBSD.org> |
Fix semctl(2) breakage from the previous commit. Previously __semctl() had a local 'semid' variable which was the array index and used uap->semid as the original IPC id. During the kern_semctl() co
Fix semctl(2) breakage from the previous commit. Previously __semctl() had a local 'semid' variable which was the array index and used uap->semid as the original IPC id. During the kern_semctl() conversion those two variables were collapsed into a single 'semid' variable breaking the places that needed the original IPC ID. To fix, add a new 'semidx' variable to hold the array index and leave 'semid' unmolested as the IPC id. While I'm here, explicitly document that the (undocumented, at least in semctl(2)) SEM_STAT command curiously expects an array index in the 'semid' parameter rather than an IPC id.
Submitted by: maxim
show more ...
|
#
49d409a1 |
| 27-Jun-2006 |
John Baldwin <jhb@FreeBSD.org> |
- Add a kern_semctl() helper function for __semctl(). It accepts a pointer to a copied-in copy of the 'union semun' and a uioseg to indicate which memory space the 'buf' pointer of the union poi
- Add a kern_semctl() helper function for __semctl(). It accepts a pointer to a copied-in copy of the 'union semun' and a uioseg to indicate which memory space the 'buf' pointer of the union points to. This is then used in linux_semctl() and svr4_sys_semctl() to eliminate use of the stackgap. - Mark linux_ipc() and svr4_sys_semsys() MPSAFE.
show more ...
|
#
b37ffd31 |
| 10-Jun-2006 |
Robert Watson <rwatson@FreeBSD.org> |
Move some functions and definitions from uipc_socket2.c to uipc_socket.c:
- Move sonewconn(), which creates new sockets for incoming connections on listen sockets, so that all socket allocate code
Move some functions and definitions from uipc_socket2.c to uipc_socket.c:
- Move sonewconn(), which creates new sockets for incoming connections on listen sockets, so that all socket allocate code is together in uipc_socket.c.
- Move 'maxsockets' and associated sysctls to uipc_socket.c with the socket allocation code.
- Move kern.ipc sysctl node to uipc_socket.c, add a SYSCTL_DECL() for it to sysctl.h and remove lots of scattered implementations in various IPC modules.
- Sort sodealloc() after soalloc() in uipc_socket.c for dependency order reasons. Statisticize soalloc() and sodealloc() as they are now required only in uipc_socket.c, and are internal to the socket implementation.
After this change, socket allocation and deallocation is entirely centralized in one file, and uipc_socket2.c consists entirely of socket buffer manipulation and default protocol switch functions.
MFC after: 1 month
show more ...
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0 |
|
#
3831e7d7 |
| 07-Jun-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Gratuitous renaming of four System V Semaphore MAC Framework entry points to convert _sema() to _sem() for consistency purposes with respect to the other semaphore-related entry points:
mac_init_sys
Gratuitous renaming of four System V Semaphore MAC Framework entry points to convert _sema() to _sem() for consistency purposes with respect to the other semaphore-related entry points:
mac_init_sysv_sema() -> mac_init_sysv_sem() mac_destroy_sysv_sem() -> mac_destroy_sysv_sem() mac_create_sysv_sema() -> mac_create_sysv_sem() mac_cleanup_sysv_sema() -> mac_cleanup_sysv_sem()
Congruent changes are made to the policy interface to support this.
Obtained from: TrustedBSD Project Sponsored by: SPAWAR, SPARTA
show more ...
|
Revision tags: release/5.4.0_cvs, release/5.4.0 |
|
#
8e37dd2b |
| 18-Apr-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Remove end-of-line tabs.
MFC after: 3 days
|
#
b53d6ac5 |
| 19-Mar-2005 |
Sam Leffler <sam@FreeBSD.org> |
check copyin return value
Noticed by: Coverity Prevent analysis tool
|
#
84f85aed |
| 12-Feb-2005 |
Christian S.J. Peron <csjp@FreeBSD.org> |
Add much needed descriptions for a number of the IPC related sysctl OIDs. This information will be very useful for people who are tuning applications which have a dependence on IPC mechanisms.
The f
Add much needed descriptions for a number of the IPC related sysctl OIDs. This information will be very useful for people who are tuning applications which have a dependence on IPC mechanisms.
The following OIDs were documented:
Message queues: kern.ipc.msgmax kern.ipc.msgmni kern.ipc.msgmnb kern.ipc.msgtlq kern.ipc.msgssz kern.ipc.msgseg
Semaphores: kern.ipc.semmap kern.ipc.semmni kern.ipc.semmns kern.ipc.semmnu kern.ipc.semmsl kern.ipc.semopm kern.ipc.semume kern.ipc.semusz kern.ipc.semvmx kern.ipc.semaem
Shared memory: kern.ipc.shmmax kern.ipc.shmmin kern.ipc.shmmni kern.ipc.shmseg kern.ipc.shmall kern.ipc.shm_use_phys kern.ipc.shm_allow_removed kern.ipc.shmsegs
These new descriptions can be viewed using sysctl -d
PR: kern/65219 Submitted by: Dan Nelson <dnelson at allantgroup dot com> (modified) No objections: developers@ Descriptions reviewed by: gnn MFC after: 1 week
show more ...
|
#
a6009aa7 |
| 22-Jan-2005 |
Robert Watson <rwatson@FreeBSD.org> |
Invoke label initialization, creation, cleanup, and tear-down MAC Framework entry points for System V IPC semaphores.
Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained
Invoke label initialization, creation, cleanup, and tear-down MAC Framework entry points for System V IPC semaphores.
Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research
show more ...
|
Revision tags: release/4.11.0_cvs, release/4.11.0 |
|
#
9454b2d8 |
| 07-Jan-2005 |
Warner Losh <imp@FreeBSD.org> |
/* -> /*- for copyright notices, minor format tweaks as necessary
|
#
53d0031d |
| 13-Nov-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Correct two incorrectly merged changes introduced in sysv_sem.c:1.71: return EINVAL rather than setting error, and don't free sops unconditionally. The first change was merged accidentally as part o
Correct two incorrectly merged changes introduced in sysv_sem.c:1.71: return EINVAL rather than setting error, and don't free sops unconditionally. The first change was merged accidentally as part of the larger set of changes to introduce MAC labels and access control, and potentially lead to continued processing of a request even after it was determined to be invalid. The second change was due to changes in the semaphore code since the original work was performed.
Pointed out by: truckman
show more ...
|
#
921d05b9 |
| 12-Nov-2004 |
Robert Watson <rwatson@FreeBSD.org> |
Second of several commits to allow kernel System V IPC data structures to be modified and extended without breaking the user space ABI:
Use _kernel variants on _ds structures for System V sempahores
Second of several commits to allow kernel System V IPC data structures to be modified and extended without breaking the user space ABI:
Use _kernel variants on _ds structures for System V sempahores, message queues, and shared memory. When interfacing with userspace, export only the _ds subsets of the _kernel data structures. A lot of search and replace.
Define the message structure in the _KERNEL portion of msg.h so that it can be used by other kernel consumers, but not exposed to user space.
Submitted by: Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net> Obtained from: TrustedBSD Project Sponsored by: DARPA, SPAWAR, McAfee Research
show more ...
|
Revision tags: release/5.3.0_cvs, release/5.3.0 |
|
#
77409fe1 |
| 30-May-2004 |
Poul-Henning Kamp <phk@FreeBSD.org> |
Add missing #include <sys/module.h>
|
Revision tags: release/4.10.0_cvs, release/4.10.0 |
|
#
018e32c1 |
| 17-Mar-2004 |
Colin Percival <cperciva@FreeBSD.org> |
Adjust the number of processes waiting on a semaphore properly if we're woken up in the middle of sleeping.
PR: misc/64347 Reviewed by: tjr MFC after: 7 days
|