From owner-p4-projects Wed Jul 31 19:20:48 2002 Delivered-To: p4-projects@freebsd.org Received: by hub.freebsd.org (Postfix, from userid 32767) id A5A5237B401; Wed, 31 Jul 2002 19:19:28 -0700 (PDT) Delivered-To: perforce@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2DDDE37B400 for ; Wed, 31 Jul 2002 19:19:27 -0700 (PDT) Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id C7DAC43E4A for ; Wed, 31 Jul 2002 19:19:26 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: from freefall.freebsd.org (perforce@localhost [127.0.0.1]) by freefall.freebsd.org (8.12.4/8.12.4) with ESMTP id g712JQJU098407 for ; Wed, 31 Jul 2002 19:19:26 -0700 (PDT) (envelope-from bb+lists.freebsd.perforce@cyrus.watson.org) Received: (from perforce@localhost) by freefall.freebsd.org (8.12.4/8.12.4/Submit) id g712JQGP098404 for perforce@freebsd.org; Wed, 31 Jul 2002 19:19:26 -0700 (PDT) Date: Wed, 31 Jul 2002 19:19:26 -0700 (PDT) Message-Id: <200208010219.g712JQGP098404@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: perforce set sender to bb+lists.freebsd.perforce@cyrus.watson.org using -f From: Robert Watson Subject: PERFORCE change 15361 for review To: Perforce Change Reviews Sender: owner-p4-projects@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG http://people.freebsd.org/~peter/p4db/chv.cgi?CH=15361 Change 15361 by rwatson@rwatson_paprika on 2002/07/31 19:18:47 Integ the TrustedBSD base branch from the main FreeBSD tree to pick up recent changes, including many MAC commits. Affected files ... .. //depot/projects/trustedbsd/base/lib/libstand/nfs.c#4 integrate .. //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#33 integrate .. //depot/projects/trustedbsd/base/sbin/ipfw/ipfw2.c#3 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/exception.s#4 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/genassym.c#7 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/machdep.c#13 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/sys_machdep.c#5 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/trap.c#13 integrate .. //depot/projects/trustedbsd/base/sys/alpha/alpha/vm_machdep.c#7 integrate .. //depot/projects/trustedbsd/base/sys/alpha/include/proc.h#4 integrate .. //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_signal.c#6 integrate .. //depot/projects/trustedbsd/base/sys/boot/common/dev_net.c#2 integrate .. //depot/projects/trustedbsd/base/sys/conf/files#26 integrate .. //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_eisa.c#3 integrate .. //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_pci.c#3 integrate .. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.c#5 integrate .. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.h#5 integrate .. //depot/projects/trustedbsd/base/sys/fs/procfs/procfs_mac.c#1 branch .. //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.h#7 integrate .. //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#11 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_acl.c#10 integrate .. //depot/projects/trustedbsd/base/sys/kern/kern_ktrace.c#8 integrate .. //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#4 integrate .. //depot/projects/trustedbsd/base/sys/kern/uipc_usrreq.c#13 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_lookup.c#7 integrate .. //depot/projects/trustedbsd/base/sys/kern/vfs_syscalls.c#21 integrate .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/ahc_eisa/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahc/ahc_pci/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/ahd/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/aic7xxx/aicasm/Makefile#1 branch .. //depot/projects/trustedbsd/base/sys/modules/if_ppp/Makefile#3 integrate .. //depot/projects/trustedbsd/base/sys/modules/if_tun/Makefile#3 integrate .. //depot/projects/trustedbsd/base/sys/modules/procfs/Makefile#4 integrate .. //depot/projects/trustedbsd/base/sys/modules/pseudofs/Makefile#2 integrate .. //depot/projects/trustedbsd/base/sys/netinet/tcp_input.c#15 integrate .. //depot/projects/trustedbsd/base/sys/netinet/tcp_output.c#8 integrate .. //depot/projects/trustedbsd/base/sys/netinet/tcp_subr.c#12 integrate .. //depot/projects/trustedbsd/base/sys/netinet/tcp_syncache.c#12 integrate .. //depot/projects/trustedbsd/base/sys/pccard/pccard_nbk.c#5 integrate .. //depot/projects/trustedbsd/base/sys/pci/if_vr.c#6 integrate .. //depot/projects/trustedbsd/base/sys/pci/if_vrreg.h#2 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/sparc64/cache.c#8 integrate .. //depot/projects/trustedbsd/base/sys/sparc64/sparc64/pmap.c#18 integrate Differences ... ==== //depot/projects/trustedbsd/base/lib/libstand/nfs.c#4 (text+ko) ==== @@ -29,7 +29,7 @@ */ #include -__FBSDID("$FreeBSD: src/lib/libstand/nfs.c,v 1.9 2002/07/07 23:01:36 jake Exp $"); +__FBSDID("$FreeBSD: src/lib/libstand/nfs.c,v 1.10 2002/07/31 20:17:06 jake Exp $"); #include #include @@ -387,10 +387,14 @@ { struct iodesc *desc; struct nfs_iodesc *currfd; + char buf[2 * NFS_FHSIZE + 3]; + u_char *fh; + char *cp; + int i; #ifndef NFS_NOSYMLINK struct nfs_iodesc *newfd; struct nfsv2_fattrs *fa; - char *cp, *ncp; + char *ncp; int c; char namebuf[NFS_MAXPATHLEN + 1]; char linkbuf[NFS_MAXPATHLEN + 1]; @@ -422,6 +426,16 @@ return (error); nfs_root_node.iodesc = desc; + fh = &nfs_root_node.fh[0]; + buf[0] = 'X'; + cp = &buf[1]; + for (i = 0; i < NFS_FHSIZE; i++, cp += 2) + sprintf(cp, "%02x", fh[i]); + sprintf(cp, "X"); + setenv("boot.nfsroot.server", inet_ntoa(rootip), 1); + setenv("boot.nfsroot.path", rootpath, 1); + setenv("boot.nfsroot.nfshandle", buf, 1); + #ifndef NFS_NOSYMLINK /* Fake up attributes for the root dir. */ fa = &nfs_root_node.fa; ==== //depot/projects/trustedbsd/base/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml#33 (text+ko) ==== @@ -3,7 +3,7 @@ The FreeBSD Project - $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.400 2002/07/31 16:13:59 bmah Exp $ + $FreeBSD: src/release/doc/en_US.ISO8859-1/relnotes/common/new.sgml,v 1.401 2002/07/31 20:09:07 bmah Exp $ 2000 @@ -1951,6 +1951,14 @@ url="ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:32.pppd.asc">FreeBSD-SA-02:32. &merged; + Multiple buffer overflows in + OpenSSL have been corrected, by way + of an upgrade to the base system version of + OpenSSL. More details can be found + in security advisory FreeBSD-SA-02:33. + &merged; + ==== //depot/projects/trustedbsd/base/sbin/ipfw/ipfw2.c#3 (text+ko) ==== @@ -17,7 +17,7 @@ * * NEW command line interface for IP firewall facility * - * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.4 2002/07/13 15:57:23 luigi Exp $ + * $FreeBSD: src/sbin/ipfw/ipfw2.c,v 1.6 2002/07/31 22:42:08 luigi Exp $ */ #include @@ -996,7 +996,7 @@ printf(" iplen %u", cmd->arg1 ); break; - case O_IPOPTS: + case O_IPOPT: print_flags("ipoptions", cmd, f_ipopts); break; @@ -1569,9 +1569,7 @@ d = (u_int32_t *)&cmd->mask; cmd->o.opcode = O_IP_DST_SET; /* default */ cmd->o.len |= F_INSN_SIZE(ipfw_insn_u32) + (cmd->o.arg1+31)/32; - fprintf(stderr,"-- set size %d cmdlen %d\n", - cmd->o.arg1, cmd->o.len ); - for (i = 0; i < cmd->o.arg1/32 ; i++) + for (i = 0; i < (cmd->o.arg1+31)/32 ; i++) d[i] = 0; /* clear masks */ av = p+1; @@ -2170,7 +2168,7 @@ * various flags used to record that we entered some fields. */ int have_mac = 0; /* set if we have a MAC address */ - int have_state = 0; /* check-state or keep-state */ + ipfw_insn *have_state = NULL; /* check-state or keep-state */ int i; @@ -2219,7 +2217,7 @@ action->len = 1; /* default */ switch(i) { case TOK_CHECKSTATE: - have_state = 1; + have_state = action; action->opcode = O_CHECK_STATE; break; @@ -2344,10 +2342,8 @@ cmd = next_cmd(cmd); } - if (have_state) { - have_state = 0; + if (have_state) /* must be a check-state, we are done */ goto done; - } #define OR_START(target) \ if (ac && (*av[0] == '(' || *av[0] == '{')) { \ @@ -2610,13 +2606,13 @@ case TOK_IPOPTS: NEED1("missing argument for ipoptions"); - fill_flags(cmd, O_IPOPTS, f_ipopts, *av); + fill_flags(cmd, O_IPOPT, f_ipopts, *av); ac--; av++; break; case TOK_IPTOS: NEED1("missing argument for iptos"); - fill_flags(cmd, O_IPOPTS, f_iptos, *av); + fill_flags(cmd, O_IPTOS, f_iptos, *av); ac--; av++; break; @@ -2697,17 +2693,18 @@ case TOK_KEEPSTATE: if (have_state) - errx(EX_USAGE, "only one of check-state " + errx(EX_USAGE, "only one of keep-state " "and limit is allowed"); - have_state = 1; + have_state = cmd; fill_cmd(cmd, O_KEEP_STATE, 0, 0); break; case TOK_LIMIT: NEED1("limit needs mask and # of connections"); if (have_state) - errx(EX_USAGE, "only one of check-state " + errx(EX_USAGE, "only one of keep-state " "and limit is allowed"); + have_state = cmd; { ipfw_insn_limit *c = (ipfw_insn_limit *)cmd; @@ -2730,7 +2727,6 @@ if (c->limit_mask == 0) errx(EX_USAGE, "missing limit mask"); ac--; av++; - have_state = 1; } break; @@ -2756,23 +2752,36 @@ /* * generate O_PROBE_STATE if necessary */ - if (have_state) { + if (have_state && have_state->opcode != O_CHECK_STATE) { fill_cmd(dst, O_PROBE_STATE, 0, 0); dst = next_cmd(dst); } /* - * copy all commands but O_LOG + * copy all commands but O_LOG, O_KEEP_STATE, O_LIMIT */ for (src = (ipfw_insn *)cmdbuf; src != cmd; src += i) { i = F_LEN(src); - if (src->opcode != O_LOG) { + switch (src->opcode) { + case O_LOG: + case O_KEEP_STATE: + case O_LIMIT: + break; + default: bcopy(src, dst, i * sizeof(u_int32_t)); dst += i; } } /* + * put back the have_state command as last opcode + */ + if (have_state) { + i = F_LEN(have_state); + bcopy(have_state, dst, i * sizeof(u_int32_t)); + dst += i; + } + /* * start action section */ rule->act_ofs = dst - rule->cmd; ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/exception.s#4 (text+ko) ==== @@ -24,7 +24,7 @@ * any improvements or extensions that they make and grant Carnegie the * rights to redistribute these changes. * $NetBSD: locore.s,v 1.47 1998/03/22 07:26:32 thorpej Exp $ - * $FreeBSD: src/sys/alpha/alpha/exception.s,v 1.15 2002/03/29 16:35:25 jake Exp $ + * $FreeBSD: src/sys/alpha/alpha/exception.s,v 1.16 2002/07/31 19:37:02 jhb Exp $ */ #include @@ -151,7 +151,7 @@ /* set the hae register if this process has specified a value */ ldq t1, TD_MD_FLAGS(s0) - and t1, MDP_HAEUSED + and t1, MDTD_HAEUSED beq t1, 3f ldq a0, TD_MD_HAE(s0) ldq pv, chipset + CHIPSET_WRITE_HAE @@ -302,7 +302,7 @@ Lrestoreregs: /* set the hae register if this process has specified a value */ ldq t1, TD_MD_FLAGS(s0) - and t1, MDP_HAEUSED + and t1, MDTD_HAEUSED beq t1, Lnohae ldq a0, TD_MD_HAE(t0) ldq pv, chipset + CHIPSET_WRITE_HAE ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/genassym.c#7 (text+ko) ==== @@ -34,7 +34,7 @@ * SUCH DAMAGE. * * from: @(#)genassym.c 5.11 (Berkeley) 5/10/91 - * $FreeBSD: src/sys/alpha/alpha/genassym.c,v 1.39 2002/07/12 18:34:21 jhb Exp $ + * $FreeBSD: src/sys/alpha/alpha/genassym.c,v 1.40 2002/07/31 19:37:02 jhb Exp $ */ #include @@ -92,7 +92,7 @@ #ifdef SMP ASSYM(TD_MD_KERNNEST, offsetof(struct thread, td_md.md_kernnest)); #endif -ASSYM(MDP_HAEUSED, MDP_HAEUSED); +ASSYM(MDTD_HAEUSED, MDTD_HAEUSED); ASSYM(CHIPSET_WRITE_HAE, offsetof(struct alpha_chipset, write_hae)); ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/machdep.c#13 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/alpha/alpha/machdep.c,v 1.179 2002/04/17 13:06:32 mux Exp $ + * $FreeBSD: src/sys/alpha/alpha/machdep.c,v 1.180 2002/07/31 19:37:02 jhb Exp $ */ /*- * Copyright (c) 1998 The NetBSD Foundation, Inc. @@ -1209,7 +1209,7 @@ /* save the floating-point state, if necessary, then copy it. */ alpha_fpstate_save(td, 1); /* XXX maybe write=0 */ - ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDP_FPUSED; + ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDTD_FPUSED; bcopy(&td->td_pcb->pcb_fp, (struct fpreg *)ksi.si_sc.sc_fpregs, sizeof(struct fpreg)); ksi.si_sc.sc_fp_control = td->td_pcb->pcb_fp_control; @@ -1332,7 +1332,7 @@ #endif /* save the floating-point state, if necessary, then copy it. */ alpha_fpstate_save(td, 1); - sf.sf_uc.uc_mcontext.mc_ownedfp = td->td_md.md_flags & MDP_FPUSED; + sf.sf_uc.uc_mcontext.mc_ownedfp = td->td_md.md_flags & MDTD_FPUSED; bcopy(&td->td_pcb->pcb_fp, (struct fpreg *)sf.sf_uc.uc_mcontext.mc_fpregs, sizeof(struct fpreg)); @@ -1606,7 +1606,7 @@ tfp->tf_regs[FRAME_T12] = tfp->tf_regs[FRAME_PC]; /* a.k.a. PV */ tfp->tf_regs[FRAME_FLAGS] = 0; /* full restore */ - td->td_md.md_flags &= ~MDP_FPUSED; + td->td_md.md_flags &= ~MDTD_FPUSED; alpha_fpstate_drop(td); } @@ -1720,13 +1720,13 @@ int ptrace_clear_single_step(struct thread *td) { - if (td->td_md.md_flags & MDP_STEP2) { + if (td->td_md.md_flags & MDTD_STEP2) { ptrace_clear_bpt(td, &td->td_md.md_sstep[1]); ptrace_clear_bpt(td, &td->td_md.md_sstep[0]); - td->td_md.md_flags &= ~MDP_STEP2; - } else if (td->td_md.md_flags & MDP_STEP1) { + td->td_md.md_flags &= ~MDTD_STEP2; + } else if (td->td_md.md_flags & MDTD_STEP1) { ptrace_clear_bpt(td, &td->td_md.md_sstep[0]); - td->td_md.md_flags &= ~MDP_STEP1; + td->td_md.md_flags &= ~MDTD_STEP1; } return 0; } @@ -1740,7 +1740,7 @@ vm_offset_t addr[2]; /* places to set breakpoints */ int count = 0; /* count of breakpoints */ - if (td->td_md.md_flags & (MDP_STEP1|MDP_STEP2)) + if (td->td_md.md_flags & (MDTD_STEP1|MDTD_STEP2)) panic("ptrace_single_step: step breakpoints not removed"); error = ptrace_read_int(td, pc, &ins.bits); @@ -1793,9 +1793,9 @@ ptrace_clear_bpt(td, &td->td_md.md_sstep[0]); return error; } - td->td_md.md_flags |= MDP_STEP2; + td->td_md.md_flags |= MDTD_STEP2; } else - td->td_md.md_flags |= MDP_STEP1; + td->td_md.md_flags |= MDTD_STEP1; return 0; } @@ -2132,7 +2132,7 @@ SET_FEN(td); } - td->td_md.md_flags |= MDP_FPUSED; + td->td_md.md_flags |= MDTD_FPUSED; intr_restore(s); } ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/sys_machdep.c#5 (text+ko) ==== @@ -31,7 +31,7 @@ * SUCH DAMAGE. * * from: @(#)sys_machdep.c 5.5 (Berkeley) 1/19/91 - * $FreeBSD: src/sys/alpha/alpha/sys_machdep.c,v 1.17 2002/04/01 21:30:29 jhb Exp $ + * $FreeBSD: src/sys/alpha/alpha/sys_machdep.c,v 1.18 2002/07/31 19:37:02 jhb Exp $ * */ @@ -122,7 +122,7 @@ if (error) return (error); - td->td_md.md_flags |= MDP_HAEUSED; + td->td_md.md_flags |= MDTD_HAEUSED; td->td_md.md_hae = ua.hae; return (0); @@ -169,8 +169,7 @@ { int error; unsigned long uac; - struct proc *p; - struct thread *td2; + struct proc *p, *pp; error = copyin(args, &uac, sizeof(uac)); if (error) @@ -178,13 +177,11 @@ p = td->td_proc; PROC_LOCK(p); - if (p->p_pptr) { - PROC_LOCK(p->p_pptr); - /* XXXKSE which threads? */ - td2 = FIRST_THREAD_IN_PROC(p->p_pptr); - td2->td_md.md_flags &= ~MDP_UAC_MASK; - td2->td_md.md_flags |= uac & MDP_UAC_MASK; - PROC_UNLOCK(p->p_pptr); + pp = p->p_pptr; + if (pp != NULL) { + PROC_LOCK(pp); + pp->p_md.md_uac = uac & MDP_UAC_MASK; + PROC_UNLOCK(pp); } PROC_UNLOCK(p); return 0; @@ -193,20 +190,18 @@ static int alpha_get_uac(struct thread *td, char *args) { - struct proc *p; - struct thread *td2; + struct proc *p, *pp; int error; unsigned long uac; p = td->td_proc; error = ESRCH; PROC_LOCK(p); - if (p->p_pptr) { - PROC_LOCK(p->p_pptr); - /* XXXKSE which threads? */ - td2 = FIRST_THREAD_IN_PROC(p->p_pptr); - uac = td2->td_md.md_flags & MDP_UAC_MASK; - PROC_UNLOCK(p->p_pptr); + pp = p->p_pptr; + if (pp != NULL) { + PROC_LOCK(pp); + uac = p->p_md.md_uac; + PROC_UNLOCK(pp); PROC_UNLOCK(p); error = copyout(&uac, args, sizeof(uac)); } else ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/trap.c#13 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/alpha/alpha/trap.c,v 1.98 2002/07/13 04:36:30 mini Exp $ */ +/* $FreeBSD: src/sys/alpha/alpha/trap.c,v 1.99 2002/07/31 19:37:02 jhb Exp $ */ /* $NetBSD: trap.c,v 1.31 1998/03/26 02:21:46 thorpej Exp $ */ /* @@ -407,7 +407,7 @@ /* FALLTHROUTH */ case ALPHA_IF_CODE_BPT: case ALPHA_IF_CODE_BUGCHK: - if (td->td_md.md_flags & (MDP_STEP1|MDP_STEP2)) { + if (td->td_md.md_flags & (MDTD_STEP1|MDTD_STEP2)) { mtx_lock(&Giant); ptrace_clear_single_step(td); td->td_frame->tf_regs[FRAME_PC] -= 4; @@ -1033,8 +1033,8 @@ */ if (td) { - uac = td->td_md.md_flags & MDP_UAC_MASK; p = td->td_proc; + uac = p->p_md.md_uac; } else { uac = 0; p = NULL; ==== //depot/projects/trustedbsd/base/sys/alpha/alpha/vm_machdep.c#7 (text+ko) ==== @@ -38,7 +38,7 @@ * * from: @(#)vm_machdep.c 7.3 (Berkeley) 5/13/91 * Utah $Hdr: vm_machdep.c 1.16.1.1 89/06/23$ - * $FreeBSD: src/sys/alpha/alpha/vm_machdep.c,v 1.68 2002/06/29 17:26:11 julian Exp $ + * $FreeBSD: src/sys/alpha/alpha/vm_machdep.c,v 1.69 2002/07/31 19:37:02 jhb Exp $ */ /* * Copyright (c) 1994, 1995, 1996 Carnegie-Mellon University. @@ -133,7 +133,8 @@ p1 = td1->td_proc; td2->td_pcb = (struct pcb *) (td2->td_kstack + KSTACK_PAGES * PAGE_SIZE) - 1; - td2->td_md.md_flags = td1->td_md.md_flags & (MDP_FPUSED | MDP_UAC_MASK); + td2->td_md.md_flags = td1->td_md.md_flags & MDTD_FPUSED; + p2->p_md.md_uac = p1->p_md.md_uac; /* * Cache the physical address of the pcb, so we can ==== //depot/projects/trustedbsd/base/sys/alpha/include/proc.h#4 (text+ko) ==== @@ -1,4 +1,4 @@ -/* $FreeBSD: src/sys/alpha/include/proc.h,v 1.14 2002/03/27 05:39:16 dillon Exp $ */ +/* $FreeBSD: src/sys/alpha/include/proc.h,v 1.15 2002/07/31 19:37:02 jhb Exp $ */ /* From: NetBSD: proc.h,v 1.3 1997/04/06 08:47:36 cgd Exp */ /* @@ -40,6 +40,11 @@ u_int32_t contents; }; +#define MDTD_FPUSED 0x0001 /* Process used the FPU */ +#define MDTD_STEP1 0x0002 /* Single step normal instruction */ +#define MDTD_STEP2 0x0004 /* Single step branch instruction */ +#define MDTD_HAEUSED 0x0008 /* Process used the HAE */ + struct mdthread { u_long md_flags; struct pcb *md_pcbpaddr; /* phys addr of the pcb */ @@ -50,17 +55,14 @@ register_t md_savecrit; /* save PSL for critical section */ }; -#define MDP_FPUSED 0x0001 /* Process used the FPU */ -#define MDP_STEP1 0x0002 /* Single step normal instruction */ -#define MDP_STEP2 0x0004 /* Single step branch instruction */ -#define MDP_HAEUSED 0x0008 /* Process used the HAE */ -#define MDP_UAC_NOPRINT 0x0010 /* Don't print unaligned traps */ -#define MDP_UAC_NOFIX 0x0020 /* Don't fixup unaligned traps */ -#define MDP_UAC_SIGBUS 0x0040 /* Deliver SIGBUS upon +#define MDP_UAC_NOPRINT 0x0010 /* Don't print unaligned traps */ +#define MDP_UAC_NOFIX 0x0020 /* Don't fixup unaligned traps */ +#define MDP_UAC_SIGBUS 0x0040 /* Deliver SIGBUS upon unaligned access */ -#define MDP_UAC_MASK (MDP_UAC_NOPRINT | MDP_UAC_NOFIX | MDP_UAC_SIGBUS) +#define MDP_UAC_MASK (MDP_UAC_NOPRINT | MDP_UAC_NOFIX | MDP_UAC_SIGBUS) struct mdproc { + u_int md_uac; /* Unaligned Access Check flags. */ }; #endif /* !_MACHINE_PROC_H_ */ ==== //depot/projects/trustedbsd/base/sys/alpha/osf1/osf1_signal.c#6 (text+ko) ==== @@ -30,7 +30,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/alpha/osf1/osf1_signal.c,v 1.18 2002/06/02 20:05:41 schweikh Exp $ + * $FreeBSD: src/sys/alpha/osf1/osf1_signal.c,v 1.19 2002/07/31 19:37:03 jhb Exp $ */ #include @@ -631,7 +631,7 @@ /* save the floating-point state, if necessary, then copy it. */ alpha_fpstate_save(td, 1); /* XXX maybe write=0 */ - ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDP_FPUSED; + ksi.si_sc.sc_ownedfp = td->td_md.md_flags & MDTD_FPUSED; bcopy(&td->td_pcb->pcb_fp, (struct fpreg *)ksi.si_sc.sc_fpregs, sizeof(struct fpreg)); ksi.si_sc.sc_fp_control = td->td_pcb->pcb_fp_control; ==== //depot/projects/trustedbsd/base/sys/boot/common/dev_net.c#2 (text+ko) ==== @@ -1,5 +1,5 @@ /* - * $FreeBSD: src/sys/boot/common/dev_net.c,v 1.10 2000/11/10 06:37:43 benno Exp $ + * $FreeBSD: src/sys/boot/common/dev_net.c,v 1.11 2002/07/31 20:17:06 jake Exp $ * From: $NetBSD: dev_net.c,v 1.12 1997/12/10 20:38:37 gwr Exp $ */ @@ -209,6 +209,7 @@ { char buf[MAXHOSTNAMELEN]; char temp[FNAME_SIZE]; + struct iodesc *d; int i; n_long smask; @@ -284,6 +285,14 @@ bcopy(&temp[0], &rootpath[0], strlen(&rootpath[i])+1); } printf("net_open: server path: %s\n", rootpath); + + d = socktodesc(sock); + sprintf(temp, "%6D", d->myea, ":"); + setenv("boot.netif.ip", inet_ntoa(myip), 1); + setenv("boot.netif.netmask", intoa(netmask), 1); + setenv("boot.netif.gateway", inet_ntoa(gateip), 1); + setenv("boot.netif.hwaddr", temp, 1); + return (0); } ==== //depot/projects/trustedbsd/base/sys/conf/files#26 (text+ko) ==== @@ -1,4 +1,4 @@ -# $FreeBSD: src/sys/conf/files,v 1.678 2002/07/30 22:28:43 imp Exp $ +# $FreeBSD: src/sys/conf/files,v 1.679 2002/08/01 02:03:21 rwatson Exp $ # # The long compile-with and dependency lines are required because of # limitations in config: backslash-newline doesn't work in strings, and @@ -730,6 +730,7 @@ fs/procfs/procfs_dbregs.c optional procfs fs/procfs/procfs_fpregs.c optional procfs fs/procfs/procfs_ioctl.c optional procfs +fs/procfs/procfs_mac.c optional procfs fs/procfs/procfs_map.c optional procfs fs/procfs/procfs_mem.c optional procfs fs/procfs/procfs_note.c optional procfs ==== //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_eisa.c#3 (text+ko) ==== @@ -28,7 +28,7 @@ * * $Id$ * - * $FreeBSD: src/sys/dev/aic7xxx/ahc_eisa.c,v 1.23 2002/04/24 16:58:51 gibbs Exp $ + * $FreeBSD: src/sys/dev/aic7xxx/ahc_eisa.c,v 1.24 2002/08/01 01:36:30 scottl Exp $ */ #include @@ -203,13 +203,13 @@ }; static driver_t ahc_eisa_driver = { - "ahc", + "ahc_eisa", ahc_eisa_device_methods, sizeof(struct ahc_softc) }; -static devclass_t ahc_devclass; +static devclass_t ahc_eisa_devclass; -DRIVER_MODULE(ahc, eisa, ahc_eisa_driver, ahc_devclass, 0, 0); +DRIVER_MODULE(ahc_eisa, eisa, ahc_eisa_driver, ahc_eisa_devclass, 0, 0); MODULE_DEPEND(ahc_eisa, ahc, 1, 1, 1); MODULE_VERSION(ahc_eisa, 1); ==== //depot/projects/trustedbsd/base/sys/dev/aic7xxx/ahc_pci.c#3 (text+ko) ==== @@ -30,7 +30,7 @@ * * $Id$ * - * $FreeBSD: src/sys/dev/aic7xxx/ahc_pci.c,v 1.45 2002/04/24 16:58:51 gibbs Exp $ + * $FreeBSD: src/sys/dev/aic7xxx/ahc_pci.c,v 1.46 2002/08/01 01:36:30 scottl Exp $ */ #include @@ -50,15 +50,15 @@ }; static driver_t ahc_pci_driver = { - "ahc", + "ahc_pci", ahc_pci_device_methods, sizeof(struct ahc_softc) }; -static devclass_t ahc_devclass; +static devclass_t ahc_pci_devclass; -DRIVER_MODULE(ahc, pci, ahc_pci_driver, ahc_devclass, 0, 0); -DRIVER_MODULE(ahc, cardbus, ahc_pci_driver, ahc_devclass, 0, 0); +DRIVER_MODULE(ahc_pci, pci, ahc_pci_driver, ahc_pci_devclass, 0, 0); +DRIVER_MODULE(ahc_pci, cardbus, ahc_pci_driver, ahc_pci_devclass, 0, 0); MODULE_DEPEND(ahc_pci, ahc, 1, 1, 1); MODULE_VERSION(ahc_pci, 1); ==== //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.c#5 (text+ko) ==== @@ -37,7 +37,7 @@ * * @(#)procfs_vfsops.c 8.7 (Berkeley) 5/10/95 * - * $FreeBSD: src/sys/fs/procfs/procfs.c,v 1.5 2002/05/19 00:14:47 jhb Exp $ + * $FreeBSD: src/sys/fs/procfs/procfs.c,v 1.6 2002/08/01 02:03:20 rwatson Exp $ */ #include @@ -153,6 +153,7 @@ dir = pfs_create_dir(root, "pid", &procfs_attr, NULL, PFS_PROCDEP); + dir->pn_refreshlabel = &procfs_piddir_refreshlabel; pfs_create_file(dir, "cmdline", &procfs_doproccmdline, NULL, NULL, PFS_RD); pfs_create_file(dir, "ctl", &procfs_doprocctl, ==== //depot/projects/trustedbsd/base/sys/fs/procfs/procfs.h#5 (text+ko) ==== @@ -37,7 +37,7 @@ * @(#)procfs.h 8.9 (Berkeley) 5/14/95 * * From: - * $FreeBSD: src/sys/fs/procfs/procfs.h,v 1.43 2002/04/20 01:14:25 rwatson Exp $ + * $FreeBSD: src/sys/fs/procfs/procfs.h,v 1.44 2002/08/01 02:03:20 rwatson Exp $ */ #ifdef _KERNEL @@ -61,6 +61,9 @@ /* Attributes */ int procfs_attr(PFS_ATTR_ARGS); +/* MAC */ +int procfs_piddir_refreshlabel(PFS_REFRESHLABEL_ARGS); + /* Visibility */ int procfs_notsystem(PFS_VIS_ARGS); int procfs_candebug(PFS_VIS_ARGS); ==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs.h#7 (text+ko) ==== @@ -25,7 +25,7 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/fs/pseudofs/pseudofs.h,v 1.19 2002/06/06 16:59:24 des Exp $ + * $FreeBSD: src/sys/fs/pseudofs/pseudofs.h,v 1.20 2002/08/01 01:33:12 rwatson Exp $ */ #ifndef _PSEUDOFS_H_INCLUDED @@ -145,6 +145,15 @@ typedef int (*pfs_getextattr_t)(PFS_GETEXTATTR_ARGS); /* + * Getlabel callback + */ +#define PFS_REFRESHLABEL_ARGS \ + struct thread *td, struct proc *p, struct vnode *vp, \ + struct pfs_node *pn, struct ucred *cred +struct mac; +typedef int (*pfs_refreshlabel_t)(PFS_REFRESHLABEL_ARGS); + +/* * Last-close callback */ #define PFS_CLOSE_ARGS \ @@ -185,6 +194,7 @@ pfs_attr_t pn_attr; pfs_vis_t pn_vis; pfs_getextattr_t pn_getextattr; + pfs_refreshlabel_t pn_refreshlabel; void *pn_data; int pn_flags; ==== //depot/projects/trustedbsd/base/sys/fs/pseudofs/pseudofs_vnops.c#11 (text+ko) ==== @@ -25,9 +25,11 @@ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * - * $FreeBSD: src/sys/fs/pseudofs/pseudofs_vnops.c,v 1.29 2002/07/08 01:50:14 jeff Exp $ + * $FreeBSD: src/sys/fs/pseudofs/pseudofs_vnops.c,v 1.30 2002/08/01 01:33:12 rwatson Exp $ */ +#include "opt_mac.h" + #include #include #include @@ -35,6 +37,7 @@ #include #include #include +#include #include #include #include @@ -729,6 +732,50 @@ return (pfs_vncache_free(va->a_vp)); } +#ifdef MAC +/* + * Refresh the vnode label as appropriate for the pseudo-file system. + */ +static int +pfs_refreshlabel(struct vop_refreshlabel_args *va) +{ + struct vnode *vn = va->a_vp; + struct pfs_vdata *pvd = (struct pfs_vdata *)vn->v_data; + struct pfs_node *pn = pvd->pvd_pn; + struct proc *proc = NULL; + int error; + + PFS_TRACE((pd->pn_name)); + + if (pn->pn_refreshlabel == NULL) { + mac_update_vnode_from_mount(vn, vn->v_mount); + return (0); + } + + /* + * This is necessary because either process' privileges may + * have changed since the last open() call. + */ + if (!pfs_visible(curthread, pn, pvd->pvd_pid)) + PFS_RETURN (EIO); + + /* XXX duplicate bits of pfs_visible() */ + if (pvd->pvd_pid != NO_PID) { + if ((proc = pfind(pvd->pvd_pid)) == NULL) + PFS_RETURN (EIO); + _PHOLD(proc); + PROC_UNLOCK(proc); + } + + error = (pn->pn_refreshlabel)(curthread, proc, vn, pn, va->a_cred); + + if (proc != NULL) + PRELE(proc); + + PFS_RETURN (error); +} +#endif + /* * Set attributes */ @@ -821,6 +868,9 @@ { &vop_readdir_desc, (vop_t *)pfs_readdir }, { &vop_readlink_desc, (vop_t *)pfs_readlink }, { &vop_reclaim_desc, (vop_t *)pfs_reclaim }, +#ifdef MAC + { &vop_refreshlabel_desc, (vop_t *)pfs_refreshlabel }, +#endif { &vop_remove_desc, (vop_t *)vop_eopnotsupp }, { &vop_rename_desc, (vop_t *)vop_eopnotsupp }, { &vop_rmdir_desc, (vop_t *)vop_eopnotsupp }, ==== //depot/projects/trustedbsd/base/sys/kern/kern_acl.c#10 (text+ko) ==== @@ -25,17 +25,20 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/sys/kern/kern_acl.c,v 1.31 2002/07/22 03:57:07 rwatson Exp $ + * $FreeBSD: src/sys/kern/kern_acl.c,v 1.32 2002/08/01 01:04:16 rwatson Exp $ */ /* * Developed by the TrustedBSD Project. * Support for POSIX.1e access control lists. */ +#include "opt_mac.h" + #include #include #include #include +#include #include #include #include @@ -582,7 +585,15 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernacl); + if (error != 0) + goto out; +#endif error = VOP_SETACL(vp, type, &inkernacl, td->td_ucred, td); +#ifdef MAC +out: +#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return(error); @@ -600,7 +611,15 @@ VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); +#ifdef MAC + error = mac_check_vnode_getacl(td->td_ucred, vp, type); + if (error != 0) + goto out; +#endif error = VOP_GETACL(vp, type, &inkernelacl, td->td_ucred, td); +#ifdef MAC +out: +#endif VOP_UNLOCK(vp, 0, td); if (error == 0) error = copyout(&inkernelacl, aclp, sizeof(struct acl)); @@ -621,7 +640,15 @@ return (error); VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = VOP_SETACL(vp, type, NULL, td->td_ucred, td); +#ifdef MAC + error = mac_check_vnode_deleteacl(td->td_ucred, vp, type); + if (error) + goto out; +#endif + error = VOP_SETACL(vp, type, 0, td->td_ucred, td); +#ifdef MAC +out: +#endif VOP_UNLOCK(vp, 0, td); vn_finished_write(mp); return (error); ==== //depot/projects/trustedbsd/base/sys/kern/kern_ktrace.c#8 (text+ko) ==== @@ -31,10 +31,11 @@ * SUCH DAMAGE. * * @(#)kern_ktrace.c 8.2 (Berkeley) 9/23/93 - * $FreeBSD: src/sys/kern/kern_ktrace.c,v 1.68 2002/06/29 01:50:24 alfred Exp $ + * $FreeBSD: src/sys/kern/kern_ktrace.c,v 1.69 2002/08/01 01:07:03 rwatson Exp $ */ #include "opt_ktrace.h" +#include "opt_mac.h" #include #include @@ -44,6 +45,7 @@ #include #include #include +#include #include #include #include @@ -766,7 +768,11 @@ vn_start_write(vp, &mp, V_WAIT); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); - error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); +#ifdef MAC + error = mac_check_vnode_op(cred, vp, MAC_OP_VNODE_WRITE); + if (error == 0) +#endif + error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); if (error == 0 && uio != NULL) { (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); error = VOP_WRITE(vp, uio, IO_UNIT | IO_APPEND, cred); ==== //depot/projects/trustedbsd/base/sys/kern/tty_tty.c#4 (text+ko) ==== @@ -31,19 +31,22 @@ * SUCH DAMAGE. * * @(#)tty_tty.c 8.2 (Berkeley) 9/23/93 - * $FreeBSD: src/sys/kern/tty_tty.c,v 1.39 2002/03/19 21:24:06 alfred Exp $ + * $FreeBSD: src/sys/kern/tty_tty.c,v 1.40 2002/08/01 01:09:54 rwatson Exp $ */ >>> TRUNCATED FOR MAIL (1000 lines) <<< To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe p4-projects" in the body of the message