Date: Wed, 2 May 2007 16:12:18 GMT From: Marko Zec <zec@FreeBSD.org> To: Perforce Change Reviews <perforce@FreeBSD.org> Subject: PERFORCE change 119169 for review Message-ID: <200705021612.l42GCI2f042583@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=119169 Change 119169 by zec@zec_tpx32 on 2007/05/02 16:12:02 Coalesce multiple offline changes in a single commit: - Struct ucred now holds vimage affinity for a process / thread, instead of storing vimage * in struct thread; - With vimage affinity now stored in ucreds, teach prison_check() to hide processes attached to different vproc groups one from another; - Introduce the notion of effective and real vimage. Once this will be properly implemented a thread should be able to switch its effective affinity back and forth bellow its current "real" position in the vimage hierarchy, but not escape to any ancestor or paralel vimage branch. The best analogy is probably the cwd / chroot concept in fs namespace; - Add sysctl machinery for accessing virtualized char * strings; - Initial attempt to count processes belonging to each vimage / process group; not working quite accurately yet; - Virtualize cp_time. This allows us to monitor CPU usage on a per vprocg basis. Ticks in interrupt context are charged to all vprocgs. In all other cases a tick is charged to the current vprocg, while incrementing CP_IDLE counter in all other vprocgs; - Virtualize hostname and domainname (placed in vprocg). This is both an experiment to see how well the generalized virtualization infrastructure can be applied to kernel subsystems other than the network stack, and also provides a degree of compatibility with vimages from 4.11 days. I need this to be able to run IMUNES on 7.0-CURRENT. XXX This introduces churn in random parts of the tree, including the machine dependent code. So far only i386 bits are updated to happily compile with this change. - Move ether_ipfw from struct vnet_ipfw to struct vnet_net, given that in case ipfw is not loaded an attempt to access ether_ipfw (in a non-existing structure) will most likely lead to a crash; Affected files ... .. //depot/projects/vimage/src/sys/compat/linprocfs/linprocfs.c#7 edit .. //depot/projects/vimage/src/sys/compat/linux/linux_ioctl.c#5 edit .. //depot/projects/vimage/src/sys/compat/linux/linux_misc.c#6 edit .. //depot/projects/vimage/src/sys/contrib/pf/net/pf_ioctl.c#7 edit .. //depot/projects/vimage/src/sys/fs/cd9660/cd9660_rrip.c#2 edit .. //depot/projects/vimage/src/sys/i386/i386/dump_machdep.c#2 edit .. //depot/projects/vimage/src/sys/i386/i386/minidump_machdep.c#3 edit .. //depot/projects/vimage/src/sys/kern/init_main.c#7 edit .. //depot/projects/vimage/src/sys/kern/kern_clock.c#5 edit .. //depot/projects/vimage/src/sys/kern/kern_exit.c#3 edit .. //depot/projects/vimage/src/sys/kern/kern_fork.c#7 edit .. //depot/projects/vimage/src/sys/kern/kern_jail.c#4 edit .. //depot/projects/vimage/src/sys/kern/kern_kse.c#6 edit .. //depot/projects/vimage/src/sys/kern/kern_linker.c#6 edit .. //depot/projects/vimage/src/sys/kern/kern_mib.c#3 edit .. //depot/projects/vimage/src/sys/kern/kern_resource.c#5 edit .. //depot/projects/vimage/src/sys/kern/kern_synch.c#7 edit .. //depot/projects/vimage/src/sys/kern/kern_sysctl.c#6 edit .. //depot/projects/vimage/src/sys/kern/kern_thr.c#5 edit .. //depot/projects/vimage/src/sys/kern/kern_vimage.c#19 edit .. //depot/projects/vimage/src/sys/kern/kern_xxx.c#3 edit .. //depot/projects/vimage/src/sys/kern/tty.c#6 edit .. //depot/projects/vimage/src/sys/kern/uipc_socket.c#9 edit .. //depot/projects/vimage/src/sys/kern/vfs_export.c#7 edit .. //depot/projects/vimage/src/sys/net/bpf.c#8 edit .. //depot/projects/vimage/src/sys/net/if.c#12 edit .. //depot/projects/vimage/src/sys/net/if_ethersubr.c#10 edit .. //depot/projects/vimage/src/sys/net/vnet.h#5 edit .. //depot/projects/vimage/src/sys/net80211/ieee80211_ioctl.c#3 edit .. //depot/projects/vimage/src/sys/netinet/ip_fw.h#5 edit .. //depot/projects/vimage/src/sys/netinet6/icmp6.c#8 edit .. //depot/projects/vimage/src/sys/netinet6/in6.c#7 edit .. //depot/projects/vimage/src/sys/netinet6/in6_ifattach.c#8 edit .. //depot/projects/vimage/src/sys/sys/kernel.h#5 edit .. //depot/projects/vimage/src/sys/sys/proc.h#9 edit .. //depot/projects/vimage/src/sys/sys/resource.h#2 edit .. //depot/projects/vimage/src/sys/sys/sysctl.h#6 edit .. //depot/projects/vimage/src/sys/sys/ucred.h#3 edit .. //depot/projects/vimage/src/sys/sys/vimage.h#17 edit Differences ... ==== //depot/projects/vimage/src/sys/compat/linprocfs/linprocfs.c#7 (text+ko) ==== @@ -376,19 +376,20 @@ static int linprocfs_dostat(PFS_FILL_ARGS) { + INIT_VPROCG(curthread->td_ucred->cr_vimage->v_procg); int i; sbuf_printf(sb, "cpu %ld %ld %ld %ld\n", - T2J(cp_time[CP_USER]), - T2J(cp_time[CP_NICE]), - T2J(cp_time[CP_SYS] /*+ cp_time[CP_INTR]*/), - T2J(cp_time[CP_IDLE])); + T2J(V_cp_time[CP_USER]), + T2J(V_cp_time[CP_NICE]), + T2J(V_cp_time[CP_SYS] /*+ V_cp_time[CP_INTR]*/), + T2J(V_cp_time[CP_IDLE])); for (i = 0; i < mp_ncpus; ++i) sbuf_printf(sb, "cpu%d %ld %ld %ld %ld\n", i, - T2J(cp_time[CP_USER]) / mp_ncpus, - T2J(cp_time[CP_NICE]) / mp_ncpus, - T2J(cp_time[CP_SYS]) / mp_ncpus, - T2J(cp_time[CP_IDLE]) / mp_ncpus); + T2J(V_cp_time[CP_USER]) / mp_ncpus, + T2J(V_cp_time[CP_NICE]) / mp_ncpus, + T2J(V_cp_time[CP_SYS]) / mp_ncpus, + T2J(V_cp_time[CP_IDLE]) / mp_ncpus); sbuf_printf(sb, "disk 0 0 0 0\n" "page %u %u\n" @@ -412,12 +413,13 @@ static int linprocfs_douptime(PFS_FILL_ARGS) { + INIT_VPROCG(curthread->td_ucred->cr_vimage->v_procg); struct timeval tv; getmicrouptime(&tv); sbuf_printf(sb, "%lld.%02ld %ld.%02ld\n", (long long)tv.tv_sec, tv.tv_usec / 10000, - T2S(cp_time[CP_IDLE]), T2J(cp_time[CP_IDLE]) % 100); + T2S(V_cp_time[CP_IDLE]), T2J(V_cp_time[CP_IDLE]) % 100); return (0); } @@ -971,7 +973,7 @@ static int linprocfs_donetdev(PFS_FILL_ARGS) { - INIT_VNET_NET(curthread->td_vimage->v_vnet); + INIT_VNET_NET(curthread->td_ucred->cr_vimage->v_vnet); char ifname[16]; /* XXX LINUX_IFNAMSIZ */ struct ifnet *ifp; ==== //depot/projects/vimage/src/sys/compat/linux/linux_ioctl.c#5 (text+ko) ==== @@ -2075,7 +2075,7 @@ static struct ifnet * ifname_linux_to_bsd(const char *lxname, char *bsdname) { - INIT_VNET_NET(curthread->td_vimage->v_vnet); + INIT_VNET_NET(curthread->td_ucred->cr_vimage->v_vnet); struct ifnet *ifp; int len, unit; char *ep; @@ -2116,7 +2116,7 @@ static int linux_ifconf(struct thread *td, struct ifconf *uifc) { - INIT_VNET_NET(td->td_vimage->v_vnet); + INIT_VNET_NET(td->td_ucred->cr_vimage->v_vnet); #ifdef COMPAT_LINUX32 struct l_ifconf ifc; #else ==== //depot/projects/vimage/src/sys/compat/linux/linux_misc.c#6 (text+ko) ==== @@ -32,6 +32,7 @@ #include "opt_compat.h" #include "opt_mac.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/blist.h> @@ -63,6 +64,7 @@ #include <sys/vmmeter.h> #include <sys/vnode.h> #include <sys/wait.h> +#include <sys/vimage.h> #include <security/mac/mac_framework.h> @@ -692,6 +694,7 @@ int linux_newuname(struct thread *td, struct linux_newuname_args *args) { + INIT_VPROCG(td->td_ucred->cr_vimage->v_procg); struct l_new_utsname utsname; char osname[LINUX_MAX_UTSNAME]; char osrelease[LINUX_MAX_UTSNAME]; @@ -743,7 +746,7 @@ #else /* something other than i386 or amd64 - assume we and Linux agree */ strlcpy(utsname.machine, machine, LINUX_MAX_UTSNAME); #endif /* __i386__ */ - strlcpy(utsname.domainname, domainname, LINUX_MAX_UTSNAME); + strlcpy(utsname.domainname, V_domainname, LINUX_MAX_UTSNAME); return (copyout(&utsname, args->buf, sizeof(utsname))); } ==== //depot/projects/vimage/src/sys/contrib/pf/net/pf_ioctl.c#7 (text+ko) ==== @@ -1457,7 +1457,7 @@ } #ifdef __FreeBSD__ - CURVNET_SET(td->td_vimage->v_vnet); + CURVNET_SET(td->td_ucred->cr_vimage->v_vnet); INIT_VNET_PF(curvnet); PF_LOCK(); #else ==== //depot/projects/vimage/src/sys/fs/cd9660/cd9660_rrip.c#2 (text+ko) ==== @@ -34,6 +34,8 @@ * @(#)cd9660_rrip.c 8.6 (Berkeley) 12/5/94 */ +#include "opt_vimage.h" + #include <sys/cdefs.h> __FBSDID("$FreeBSD: src/sys/fs/cd9660/cd9660_rrip.c,v 1.30 2007/02/11 13:54:25 rodrigc Exp $"); @@ -44,6 +46,7 @@ #include <sys/vnode.h> #include <sys/mount.h> #include <sys/kernel.h> +#include <sys/vimage.h> #include <fs/cd9660/iso.h> #include <fs/cd9660/cd9660_node.h> @@ -113,6 +116,7 @@ ISO_RRIP_SLINK *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(curthread->td_ucred->cr_vimage->v_procg); ISO_RRIP_SLINK_COMPONENT *pcomp; ISO_RRIP_SLINK_COMPONENT *pcompe; int len, wlen, cont; @@ -171,8 +175,8 @@ case ISO_SUSP_CFLAG_HOST: /* Inserting hostname i.e. "kurt.tools.de" */ - inbuf = hostname; - wlen = strlen(hostname); + inbuf = V_hostname; + wlen = strlen(V_hostname); break; case ISO_SUSP_CFLAG_CONTINUE: @@ -222,6 +226,7 @@ ISO_RRIP_ALTNAME *p; ISO_RRIP_ANALYZE *ana; { + INIT_VPROCG(curthread->td_ucred->cr_vimage->v_procg); char *inbuf; int wlen; int cont; @@ -243,8 +248,8 @@ case ISO_SUSP_CFLAG_HOST: /* Inserting hostname i.e. "kurt.tools.de" */ - inbuf = hostname; - wlen = strlen(hostname); + inbuf = V_hostname; + wlen = strlen(V_hostname); break; case ISO_SUSP_CFLAG_CONTINUE: ==== //depot/projects/vimage/src/sys/i386/i386/dump_machdep.c#2 (text+ko) ==== @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "opt_vimage.h" + #include <sys/cdefs.h> __FBSDID("$FreeBSD: src/sys/i386/i386/dump_machdep.c,v 1.12 2006/04/21 04:28:43 peter Exp $"); @@ -34,6 +36,7 @@ #include <sys/sysctl.h> #include <sys/kernel.h> #include <sys/kerneldump.h> +#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/elf.h> @@ -109,6 +112,7 @@ mkdumpheader(struct kerneldumpheader *kdh, uint32_t archver, uint64_t dumplen, uint32_t blksz) { + INIT_VPROCG(vimage_0.v_procg); bzero(kdh, sizeof(*kdh)); strncpy(kdh->magic, KERNELDUMPMAGIC, sizeof(kdh->magic)); @@ -118,7 +122,7 @@ kdh->dumplength = htod64(dumplen); kdh->dumptime = htod64(time_second); kdh->blocksize = htod32(blksz); - strncpy(kdh->hostname, hostname, sizeof(kdh->hostname)); + strncpy(kdh->hostname, V_hostname, sizeof(kdh->hostname)); strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); ==== //depot/projects/vimage/src/sys/i386/i386/minidump_machdep.c#3 (text) ==== @@ -24,6 +24,8 @@ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ +#include "opt_vimage.h" + #include <sys/cdefs.h> __FBSDID("$FreeBSD: src/sys/i386/i386/minidump_machdep.c,v 1.3 2007/04/06 18:15:02 ru Exp $"); @@ -34,6 +36,7 @@ #include <sys/kernel.h> #include <sys/kerneldump.h> #include <sys/msgbuf.h> +#include <sys/vimage.h> #include <vm/vm.h> #include <vm/pmap.h> #include <machine/atomic.h> @@ -83,6 +86,7 @@ mkdumpheader(struct kerneldumpheader *kdh, uint32_t archver, uint64_t dumplen, uint32_t blksz) { + INIT_VPROCG(vimage_0.v_procg); bzero(kdh, sizeof(*kdh)); strncpy(kdh->magic, KERNELDUMPMAGIC, sizeof(kdh->magic)); @@ -92,7 +96,7 @@ kdh->dumplength = htod64(dumplen); kdh->dumptime = htod64(time_second); kdh->blocksize = htod32(blksz); - strncpy(kdh->hostname, hostname, sizeof(kdh->hostname)); + strncpy(kdh->hostname, V_hostname, sizeof(kdh->hostname)); strncpy(kdh->versionstring, version, sizeof(kdh->versionstring)); if (panicstr != NULL) strncpy(kdh->panicstring, panicstr, sizeof(kdh->panicstring)); ==== //depot/projects/vimage/src/sys/kern/init_main.c#7 (text+ko) ==== @@ -441,6 +441,10 @@ p->p_ucred->cr_uidinfo = uifind(0); p->p_ucred->cr_ruidinfo = uifind(0); p->p_ucred->cr_prison = NULL; /* Don't jail it. */ +#ifdef VIMAGE + p->p_ucred->cr_vimage = p->p_ucred->cr_rvimage = &vimage_0; + vimage_0.v_procg->nprocs = 1; +#endif #ifdef AUDIT audit_proc_alloc(p); audit_proc_kproc0(p); @@ -450,11 +454,6 @@ #endif td->td_ucred = crhold(p->p_ucred); -#ifdef VIMAGE - /* Init lives in the default vimage */ - td->td_vimage = &vimage_0; -#endif - /* Create sigacts. */ p->p_sigacts = sigacts_alloc(); ==== //depot/projects/vimage/src/sys/kern/kern_clock.c#5 (text+ko) ==== @@ -41,6 +41,7 @@ #include "opt_hwpmc_hooks.h" #include "opt_ntp.h" #include "opt_watchdog.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/systm.h> @@ -64,6 +65,7 @@ #include <sys/interrupt.h> #include <sys/limits.h> #include <sys/timetc.h> +#include <sys/vimage.h> #ifdef GPROF #include <sys/gmon.h> @@ -81,11 +83,15 @@ SYSINIT(clocks, SI_SUB_CLOCKS, SI_ORDER_FIRST, initclocks, NULL) /* Some of these don't belong here, but it's easiest to concentrate them. */ +#ifndef VIMAGE long cp_time[CPUSTATES]; +#endif static int sysctl_kern_cp_time(SYSCTL_HANDLER_ARGS) { + INIT_VPROCG(curthread->td_ucred->cr_vimage->v_procg); + int error; #ifdef SCTL_MASK32 int i; @@ -95,14 +101,14 @@ if (!req->oldptr) return SYSCTL_OUT(req, 0, sizeof(cp_time32)); for (i = 0; i < CPUSTATES; i++) - cp_time32[i] = (unsigned int)cp_time[i]; + cp_time32[i] = (unsigned int)V_cp_time[i]; error = SYSCTL_OUT(req, cp_time32, sizeof(cp_time32)); } else #endif { if (!req->oldptr) - return SYSCTL_OUT(req, 0, sizeof(cp_time)); - error = SYSCTL_OUT(req, cp_time, sizeof(cp_time)); + return SYSCTL_OUT(req, 0, sizeof(V_cp_time)); + error = SYSCTL_OUT(req, V_cp_time, sizeof(V_cp_time)); } return error; } @@ -408,9 +414,14 @@ struct thread *td; struct proc *p; long rss; + int sel; td = curthread; p = td->td_proc; +#ifdef VIMAGE + INIT_VPROCG(p->p_ucred->cr_rvimage->v_procg); + struct vprocg *vprocg_iter; +#endif mtx_lock_spin_flags(&sched_lock, MTX_QUIET); if (usermode) { @@ -423,9 +434,9 @@ #endif td->td_uticks++; if (p->p_nice > NZERO) - cp_time[CP_NICE]++; + sel = CP_NICE; else - cp_time[CP_USER]++; + sel = CP_USER; } else { /* * Came from kernel mode, so we were: @@ -442,7 +453,7 @@ if ((td->td_pflags & TDP_ITHREAD) || td->td_intr_nesting_level >= 2) { td->td_iticks++; - cp_time[CP_INTR]++; + sel = CP_INTR; } else { #ifdef KSE if (p->p_flag & P_SA) @@ -451,11 +462,20 @@ td->td_pticks++; td->td_sticks++; if (!TD_IS_IDLETHREAD(td)) - cp_time[CP_SYS]++; + sel = CP_SYS; else - cp_time[CP_IDLE]++; + sel = CP_IDLE; } } + V_cp_time[sel]++; +#ifdef VIMAGE + if (sel != CP_INTR) + sel = CP_IDLE; + /* XXX list locking? sched_lock is held here... */ + LIST_FOREACH(vprocg_iter, &vprocg_head, vprocg_le) + if (vprocg != vprocg_iter) + vprocg_iter->_cp_time[sel]++; +#endif CTR4(KTR_SCHED, "statclock: %p(%s) prio %d stathz %d", td, td->td_proc->p_comm, td->td_priority, (stathz)?stathz:hz); ==== //depot/projects/vimage/src/sys/kern/kern_exit.c#3 (text+ko) ==== @@ -40,6 +40,7 @@ #include "opt_compat.h" #include "opt_ktrace.h" #include "opt_mac.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/systm.h> @@ -67,6 +68,7 @@ #include <sys/filedesc.h> #include <sys/shm.h> #include <sys/sem.h> +#include <sys/vimage.h> #ifdef KTRACE #include <sys/ktrace.h> #endif @@ -170,6 +172,25 @@ */ } +#ifdef VIMAGE + /* + * Switch back to vprocg of our parent so we can deliver + * signals, otherwise we won't die - why?!? XXX + * + * XXX real or effective vimage? + * XXX nprocs counting in vprocg? + */ + if (p->p_pptr && p->p_ucred->cr_vimage->v_procg != + p->p_pptr->p_ucred->cr_vimage->v_procg) { + struct ucred *oldcred = p->p_ucred; + + setsugid(p); + p->p_ucred = p->p_pptr->p_ucred; + crhold(p->p_ucred); + crfree(oldcred); + } +#endif + /* * Wakeup anyone in procfs' PIOCWAIT. They should have a hold * on our vmspace, so we should block below until they have @@ -666,6 +687,7 @@ AUDIT_ARG(pid, pid); q = td->td_proc; + if (pid == 0) { PROC_LOCK(q); pid = -q->p_pgid; @@ -709,6 +731,9 @@ nfound++; if (p->p_state == PRS_ZOMBIE) { +#ifdef VIMAGE + struct vimage *rvp = p->p_ucred->cr_rvimage; +#endif /* * It is possible that the last thread of this @@ -815,6 +840,9 @@ uma_zfree(proc_zone, p); sx_xlock(&allproc_lock); nprocs--; +#ifdef VIMAGE + rvp->v_procg->nprocs--; +#endif sx_xunlock(&allproc_lock); return (0); } ==== //depot/projects/vimage/src/sys/kern/kern_fork.c#7 (text+ko) ==== @@ -198,16 +198,6 @@ struct sigacts *newsigacts; int error; -#ifdef VIMAGE - /* XXX this should never happen! */ - if (td->td_vimage == NULL) { - if (td->td_proc->p_pid == 0) - td->td_vimage = &vimage_0; - else - panic("td_vimage not set"); - } -#endif - /* Can't copy and clear. */ if ((flags & (RFFDG|RFCFDG)) == (RFFDG|RFCFDG)) return (EINVAL); @@ -340,6 +330,9 @@ * are hard-limits as to the number of processes that can run. */ nprocs++; +#ifdef VIMAGE + p1->p_ucred->cr_rvimage->v_procg->nprocs++; +#endif /* * Find an unused process ID. We remember a range of unused IDs @@ -505,7 +498,6 @@ td2->td_sigstk = td->td_sigstk; td2->td_sigmask = td->td_sigmask; - td2->td_vimage = td->td_vimage; td2->td_vnet = NULL; /* XXX */ td2->td_vnet_lpush = NULL; /* XXX */ ==== //depot/projects/vimage/src/sys/kern/kern_jail.c#4 (text+ko) ==== @@ -11,6 +11,7 @@ __FBSDID("$FreeBSD: src/sys/kern/kern_jail.c,v 1.70 2007/04/13 23:54:22 pjd Exp $"); #include "opt_mac.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/types.h> @@ -33,6 +34,8 @@ #include <sys/syscallsubr.h> #include <sys/sysctl.h> #include <sys/vnode.h> +#include <sys/vimage.h> + #include <net/if.h> #include <netinet/in.h> @@ -449,6 +452,10 @@ if (cred2->cr_prison != cred1->cr_prison) return (ESRCH); } +#ifdef VIMAGE + if (cred2->cr_vimage->v_procg != cred1->cr_vimage->v_procg) + return (ESRCH); +#endif return (0); } @@ -469,13 +476,14 @@ void getcredhostname(struct ucred *cred, char *buf, size_t size) { + INIT_VPROCG(cred->cr_vimage->v_procg); if (jailed(cred)) { mtx_lock(&cred->cr_prison->pr_mtx); strlcpy(buf, cred->cr_prison->pr_host, size); mtx_unlock(&cred->cr_prison->pr_mtx); } else - strlcpy(buf, hostname, size); + strlcpy(buf, V_hostname, size); } /* ==== //depot/projects/vimage/src/sys/kern/kern_kse.c#6 (text+ko) ==== @@ -1019,10 +1019,8 @@ bcopy(&td->td_startcopy, &td2->td_startcopy, __rangeof(struct thread, td_startcopy, td_endcopy)); - /* XXX don't forget refcounting in vimage */ - td2->td_vimage = td->td_vimage; - td2->td_vnet = NULL; /* XXX */ - td2->td_vnet_lpush = NULL; /* XXX */ + td2->td_vnet = NULL; + td2->td_vnet_lpush = NULL; thread_link(td2, ku->ku_proc); /* inherit parts of blocked thread's context as a good template */ ==== //depot/projects/vimage/src/sys/kern/kern_linker.c#6 (text+ko) ==== @@ -862,11 +862,11 @@ return (error); #ifdef VIMAGE - if (td->td_vimage != &vimage_0) + if (td->td_ucred->cr_vimage != &vimage_0) return (EPERM); #endif - CURVNET_SET(td->td_vimage->v_vnet); + CURVNET_SET(td->td_ucred->cr_vimage->v_vnet); /* * If file does not contain a qualified name or any dot in it @@ -934,10 +934,10 @@ return (error); /* XXX should suser catch this for us? */ - VNET_ASSERT(td->td_vimage == &vimage_0); + VNET_ASSERT(td->td_ucred->cr_vimage == &vimage_0); /* XXX is this necessary at all? */ VNET_ASSERT(td == curthread); - CURVNET_SET(td->td_vimage->v_vnet); + CURVNET_SET(td->td_ucred->cr_vimage->v_vnet); KLD_LOCK(); lf = linker_find_file_by_id(fileid); @@ -1182,7 +1182,7 @@ } #ifdef VIMAGE if (lf == NULL) { - CURVNET_SET(td->td_vimage->v_vnet); + CURVNET_SET(td->td_ucred->cr_vimage->v_vnet); error = vi_symlookup(&lookup, symstr); CURVNET_RESTORE(); if (error == 0) { ==== //depot/projects/vimage/src/sys/kern/kern_mib.c#3 (text+ko) ==== @@ -39,6 +39,7 @@ __FBSDID("$FreeBSD: src/sys/kern/kern_mib.c,v 1.77 2007/04/09 19:18:09 pjd Exp $"); #include "opt_posix.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/kernel.h> @@ -50,6 +51,7 @@ #include <sys/jail.h> #include <sys/smp.h> #include <sys/unistd.h> +#include <sys/vimage.h> SYSCTL_NODE(, 0, sysctl, CTLFLAG_RW, 0, "Sysctl internal magic"); @@ -188,11 +190,14 @@ SYSCTL_STRING(_hw, HW_MACHINE_ARCH, machine_arch, CTLFLAG_RD, machine_arch, 0, "System architecture"); +#ifndef VIMAGE char hostname[MAXHOSTNAMELEN]; +#endif static int sysctl_hostname(SYSCTL_HANDLER_ARGS) { + INIT_VPROCG(req->td->td_ucred->cr_vimage->v_procg); struct prison *pr; char tmphostname[MAXHOSTNAMELEN]; int error; @@ -224,7 +229,7 @@ } } else error = sysctl_handle_string(oidp, - hostname, sizeof hostname, req); + V_hostname, sizeof V_hostname, req); return (error); } @@ -295,9 +300,12 @@ CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, sysctl_kern_securelvl, "I", "Current secure level"); +#ifndef VIMAGE char domainname[MAXHOSTNAMELEN]; -SYSCTL_STRING(_kern, KERN_NISDOMAINNAME, domainname, CTLFLAG_RW, - &domainname, sizeof(domainname), "Name of the current YP/NIS domain"); +#endif +SYSCTL_V_STRING(V_PROCG, vprocg, _kern, KERN_NISDOMAINNAME, domainname, + CTLFLAG_RW, domainname, MAXHOSTNAMELEN, + "Name of the current YP/NIS domain"); u_long hostid; SYSCTL_ULONG(_kern, KERN_HOSTID, hostid, CTLFLAG_RW, &hostid, 0, "Host ID"); ==== //depot/projects/vimage/src/sys/kern/kern_resource.c#5 (text+ko) ==== ==== //depot/projects/vimage/src/sys/kern/kern_synch.c#7 (text+ko) ==== @@ -375,7 +375,6 @@ mtx_assert(&sched_lock, MA_OWNED | MA_NOTRECURSED); td = curthread; /* XXX */ p = td->td_proc; /* XXX */ - VNET_ASSERT(td->td_vimage); /* XXX */ KASSERT(!TD_ON_RUNQ(td), ("mi_switch: called by old code")); #ifdef INVARIANTS if (!TD_ON_LOCK(td) && !TD_IS_RUNNING(td)) ==== //depot/projects/vimage/src/sys/kern/kern_sysctl.c#6 (text+ko) ==== @@ -832,16 +832,16 @@ int sysctl_handle_v_int(SYSCTL_HANDLER_V_ARGS) { - int error = 0; + int tmpout, error = 0; SYSCTL_RESOLVE_V_ARG1(); /* * Attempt to get a coherent snapshot by making a copy of the data. */ + tmpout = *(int *)arg1; + error = SYSCTL_OUT(req, &tmpout, sizeof(int)); - error = SYSCTL_OUT(req, arg1, sizeof(int)); - if (error || !req->newptr) return (error); @@ -963,6 +963,48 @@ return (error); } +#ifdef VIMAGE +int +sysctl_handle_v_string(SYSCTL_HANDLER_V_ARGS) +{ + int error=0; + char *tmparg; + size_t outlen; + + SYSCTL_RESOLVE_V_ARG1(); + + /* + * Attempt to get a coherent snapshot by copying to a + * temporary kernel buffer. + */ +retry: + outlen = strlen((char *)arg1)+1; + tmparg = malloc(outlen, M_SYSCTLTMP, M_WAITOK); + + if (strlcpy(tmparg, (char *)arg1, outlen) >= outlen) { + free(tmparg, M_SYSCTLTMP); + goto retry; + } + + error = SYSCTL_OUT(req, tmparg, outlen); + free(tmparg, M_SYSCTLTMP); + + if (error || !req->newptr) + return (error); + + if ((req->newlen - req->newidx) >= arg2) { + error = EINVAL; + } else { + arg2 = (req->newlen - req->newidx); + error = SYSCTL_IN(req, arg1, arg2); + ((char *)arg1)[arg2] = '\0'; + } + + return (error); +} +#endif + + /* * Handle any kind of opaque data. * arg1 points to it, arg2 is the size. @@ -1437,7 +1479,7 @@ req.lock = REQ_LOCKED; SYSCTL_LOCK(); - CURVNET_SET(curthread->td_vimage->v_vnet); + CURVNET_SET(curthread->td_ucred->cr_vimage->v_vnet); VNET_ASSERT(td == curthread); do { ==== //depot/projects/vimage/src/sys/kern/kern_thr.c#5 (text+ko) ==== @@ -199,8 +199,6 @@ newtd->td_proc = td->td_proc; newtd->td_ucred = crhold(td->td_ucred); - newtd->td_vimage = td->td_vimage; - cpu_set_upcall(newtd, td); if (ctx != NULL) { /* old way to set user context */ ==== //depot/projects/vimage/src/sys/kern/kern_vimage.c#19 (text+ko) ==== @@ -271,7 +271,7 @@ struct thread *td; { int error; - struct vimage *vip = td->td_vimage; + struct vimage *vip = td->td_ucred->cr_vimage; struct vimage *vip_r = NULL; struct vimage *tvip; @@ -321,6 +321,7 @@ sizeof (vi_req->vi_parent_name)); else vi_req->vi_parent_name[0] = 0; + vi_req->vi_proc_count = vip_r->v_procg->nprocs; vi_req->vi_if_count = vip_r->v_vnet->ifccnt; vi_req->vi_sock_count = vip_r->v_vnet->sockcnt; break; @@ -332,7 +333,24 @@ } if (vi_req->req_action == VI_SWITCHTO) { - td->td_vimage = vip_r; + struct proc *p = td->td_proc; + struct ucred *oldcred, *newcred; + + /* + * XXX priv_check()? + * XXX refcounting ucred -> vimage ? + * XXX change ucred for proc or thread, or both? + */ + newcred = crget(); + PROC_LOCK(p); + oldcred = p->p_ucred; + setsugid(p); + crcopy(newcred, oldcred); + newcred->cr_vimage = vip_r; + newcred->cr_rvimage = vip_r; /* XXX */ + p->p_ucred = newcred; + PROC_UNLOCK(p); + crfree(oldcred); break; } ==== //depot/projects/vimage/src/sys/kern/kern_xxx.c#3 (text+ko) ==== @@ -33,6 +33,7 @@ __FBSDID("$FreeBSD: src/sys/kern/kern_xxx.c,v 1.49 2007/03/05 13:10:57 rwatson Exp $"); #include "opt_compat.h" +#include "opt_vimage.h" #include <sys/param.h> #include <sys/systm.h> @@ -44,6 +45,7 @@ #include <sys/mutex.h> #include <sys/sysctl.h> #include <sys/utsname.h> +#include <sys/vimage.h> #if defined(COMPAT_43) @@ -245,14 +247,15 @@ struct thread *td; struct getdomainname_args *uap; { + INIT_VPROCG(td->td_ucred->cr_vimage->v_procg); int domainnamelen; int error; mtx_lock(&Giant); - domainnamelen = strlen(domainname) + 1; + domainnamelen = strlen(V_domainname) + 1; if ((u_int)uap->len > domainnamelen) uap->len = domainnamelen; - error = copyout(domainname, uap->domainname, uap->len); + error = copyout(V_domainname, uap->domainname, uap->len); mtx_unlock(&Giant); return (error); } @@ -269,19 +272,21 @@ struct thread *td; struct setdomainname_args *uap; { + INIT_VPROCG(td->td_ucred->cr_vimage->v_procg); int error, domainnamelen; error = priv_check(td, PRIV_SETDOMAINNAME); +printf("setdomainname error=%d\n", error); if (error) return (error); mtx_lock(&Giant); - if ((u_int)uap->len > sizeof (domainname) - 1) { + if ((u_int)uap->len > sizeof (V_domainname) - 1) { error = EINVAL; goto done2; } domainnamelen = uap->len; - error = copyin(uap->domainname, domainname, uap->len); - domainname[domainnamelen] = 0; + error = copyin(uap->domainname, V_domainname, uap->len); + V_domainname[domainnamelen] = 0; done2: mtx_unlock(&Giant); return (error); ==== //depot/projects/vimage/src/sys/kern/tty.c#6 (text+ko) ==== @@ -1141,7 +1141,7 @@ if (t == tp->t_line) return (0); s = spltty(); - CURVNET_SET(curthread->td_vimage->v_vnet); /* XXX */ + CURVNET_SET(curthread->td_ucred->cr_vimage->v_vnet); ttyld_close(tp, flag); tp->t_line = t; /* XXX: we should use the correct cdev here */ @@ -3131,7 +3131,7 @@ goto out; goto open_top; } - CURVNET_SET(curthread->td_vimage->v_vnet); /* XXX */ + CURVNET_SET(curthread->td_ucred->cr_vimage->v_vnet); error = ttyld_open(tp, dev); CURVNET_RESTORE(); ttyldoptim(tp); @@ -3150,7 +3150,7 @@ struct tty *tp; tp = dev->si_tty; - CURVNET_SET(curthread->td_vimage->v_vnet); /* XXX */ + CURVNET_SET(curthread->td_ucred->cr_vimage->v_vnet); ttyld_close(tp, flag); CURVNET_RESTORE(); ttyldoptim(tp); >>> TRUNCATED FOR MAIL (1000 lines) <<<
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200705021612.l42GCI2f042583>