From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 01:30:52 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3A28D1065679; Sun, 31 Jan 2010 01:30:52 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 2939E8FC14; Sun, 31 Jan 2010 01:30:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0V1UqX7066896; Sun, 31 Jan 2010 01:30:52 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0V1Uqox066892; Sun, 31 Jan 2010 01:30:52 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001310130.o0V1Uqox066892@svn.freebsd.org> From: Robert Watson Date: Sun, 31 Jan 2010 01:30:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203263 - projects/capabilities8/lib/csu/i386-elf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 01:30:52 -0000 Author: rwatson Date: Sun Jan 31 01:30:51 2010 New Revision: 203263 URL: http://svn.freebsd.org/changeset/base/203263 Log: Merge c173990, c173992, and c173993 from the p4 TrustedBSD Capabilities branch to capabilities8: Correct use of --localizesymbol when constructing capability mode bits of csu on i386. Comment out profiling-related code in capstart on i386 until we work out how to deal with this. Report capability-mode C runtime to i386, which was apparently lost during integration of a rearrangement of this code. Sponsored by: Google, Inc. Modified: projects/capabilities8/lib/csu/i386-elf/Makefile projects/capabilities8/lib/csu/i386-elf/crt1_c.c projects/capabilities8/lib/csu/i386-elf/crt1_s.S Modified: projects/capabilities8/lib/csu/i386-elf/Makefile ============================================================================== --- projects/capabilities8/lib/csu/i386-elf/Makefile Sat Jan 30 23:59:40 2010 (r203262) +++ projects/capabilities8/lib/csu/i386-elf/Makefile Sun Jan 31 01:30:51 2010 (r203263) @@ -21,13 +21,13 @@ gcrt1.o: gcrt1_c.o crt1_s.o crt1.o: crt1_c.o crt1_s.o ${LD} ${LDFLAGS} -o crt1.o -r crt1_s.o crt1_c.o - objcopy --localize-symbol _start1 crt1.o + objcopy --localize-symbol _start1 --localize-symbol _capstart1 crt1.o Scrt1_c.o: crt1_c.c ${CC} ${CFLAGS} -DGCRT -fPIC -DPIC -c -o Scrt1_c.o ${.CURDIR}/crt1_c.c Scrt1.o: Scrt1_c.o crt1_s.o ${LD} ${LDFLAGS} -o Scrt1.o -r crt1_s.o Scrt1_c.o - objcopy --localize-symbol _start1 Scrt1.o + objcopy --localize-symbol _start1 --localize-symbol _capstart1 Scrt1.o .include Modified: projects/capabilities8/lib/csu/i386-elf/crt1_c.c ============================================================================== --- projects/capabilities8/lib/csu/i386-elf/crt1_c.c Sat Jan 30 23:59:40 2010 (r203262) +++ projects/capabilities8/lib/csu/i386-elf/crt1_c.c Sun Jan 31 01:30:51 2010 (r203263) @@ -59,6 +59,7 @@ char **environ; const char *__progname = ""; void _start1(fptr, int, char *[]) __dead2; +void _capstart1(fptr, int, char *[]) __dead2; /* The entry function, C part. */ void @@ -93,23 +94,15 @@ __asm__("eprol:"); exit( main(argc, argv, env) ); } +__asm(".hidden _start1"); /* The Capsicum entry function. */ void -_capstart(char *ap, ...) +_capstart1(fptr cleanup, int argc, char *argv[]) { - fptr cleanup; - int argc; - char **argv; char **env; const char *s; -#ifdef __GNUC__ - __asm__("and $0xfffffff0,%esp"); -#endif - cleanup = get_rtld_cleanup(); - argv = ≈ - argc = *(long *)(void *)(argv - 1); env = argv + argc + 1; environ = env; if (argc > 0 && argv[0] != NULL) { @@ -129,11 +122,11 @@ _capstart(char *ap, ...) #endif atexit(_fini); #ifdef GCRT -/* monstartup(&eprol, &etext); -__asm__("eprol:");*/ +/* XXXCAP: monstartup(&eprol, &etext); */ +/* XXXCAP: __asm__("eprol:"); */ #endif _init(); exit( cap_main(argc, argv, env) ); } -__asm(".hidden _start1"); +__asm(".hidden _capstart1"); Modified: projects/capabilities8/lib/csu/i386-elf/crt1_s.S ============================================================================== --- projects/capabilities8/lib/csu/i386-elf/crt1_s.S Sat Jan 30 23:59:40 2010 (r203262) +++ projects/capabilities8/lib/csu/i386-elf/crt1_s.S Sun Jan 31 01:30:51 2010 (r203263) @@ -41,4 +41,17 @@ _start: xorl %ebp,%ebp call _start1 .size _start, . - _start + .globl _capstart + .type _capstart, @function +_capstart: xorl %ebp,%ebp + pushl %ebp + movl %esp,%ebp + andl $0xfffffff0,%esp # align stack + leal 8(%ebp),%eax + pushl %eax # argv + pushl 4(%ebp) # argc + pushl %edx # rtld cleanup + call _capstart1 + .size _capstart, . - _capstart + .ident "$FreeBSD$" From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 03:06:13 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 07948106566C; Sun, 31 Jan 2010 03:06:13 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id EB22B8FC22; Sun, 31 Jan 2010 03:06:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0V36C01088355; Sun, 31 Jan 2010 03:06:12 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0V36CUl088353; Sun, 31 Jan 2010 03:06:12 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201001310306.o0V36CUl088353@svn.freebsd.org> From: Nathan Whitehorn Date: Sun, 31 Jan 2010 03:06:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203271 - projects/ppc64/sys/powerpc/include X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 03:06:13 -0000 Author: nwhitehorn Date: Sun Jan 31 03:06:12 2010 New Revision: 203271 URL: http://svn.freebsd.org/changeset/base/203271 Log: Fix the Elf64_Auxinfo for PowerPC. This gets RTLD a little farther. Modified: projects/ppc64/sys/powerpc/include/elf.h Modified: projects/ppc64/sys/powerpc/include/elf.h ============================================================================== --- projects/ppc64/sys/powerpc/include/elf.h Sun Jan 31 02:25:15 2010 (r203270) +++ projects/ppc64/sys/powerpc/include/elf.h Sun Jan 31 03:06:12 2010 (r203271) @@ -72,9 +72,8 @@ typedef struct { /* Auxiliary vector ent } a_un; } Elf32_Auxinfo; -/* XXX: check ABI */ typedef struct { /* Auxiliary vector entry on initial stack */ - int a_type; /* Entry type. */ + long a_type; /* Entry type. */ union { long a_val; /* Integer value. */ void *a_ptr; /* Address. */ From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 11:20:28 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2101C106566C; Sun, 31 Jan 2010 11:20:28 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 103258FC14; Sun, 31 Jan 2010 11:20:28 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0VBKRIo008240; Sun, 31 Jan 2010 11:20:27 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0VBKRN7008237; Sun, 31 Jan 2010 11:20:27 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001311120.o0VBKRN7008237@svn.freebsd.org> From: Robert Watson Date: Sun, 31 Jan 2010 11:20:27 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203273 - in projects/capabilities8/sys: amd64/conf i386/conf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 11:20:28 -0000 Author: rwatson Date: Sun Jan 31 11:20:27 2010 New Revision: 203273 URL: http://svn.freebsd.org/changeset/base/203273 Log: Merge c174011 from the p4 TrustedBSD Capabilities branch to capabilities8: Add INVARIANTS to CAPABILITIES configuration -- in 9.x, this has no effect, but we use the same config file in 8.x where INVARIANTS is not the default. Sponsored by: Google, Inc. Modified: projects/capabilities8/sys/amd64/conf/CAPABILITIES projects/capabilities8/sys/i386/conf/CAPABILITIES Modified: projects/capabilities8/sys/amd64/conf/CAPABILITIES ============================================================================== --- projects/capabilities8/sys/amd64/conf/CAPABILITIES Sun Jan 31 08:16:37 2010 (r203272) +++ projects/capabilities8/sys/amd64/conf/CAPABILITIES Sun Jan 31 11:20:27 2010 (r203273) @@ -4,6 +4,7 @@ ident CAPABILITIES options CAPABILITIES options PROCDESC options KDTRACE_HOOKS +options INVARIANTS options WITNESS options KDB options DDB Modified: projects/capabilities8/sys/i386/conf/CAPABILITIES ============================================================================== --- projects/capabilities8/sys/i386/conf/CAPABILITIES Sun Jan 31 08:16:37 2010 (r203272) +++ projects/capabilities8/sys/i386/conf/CAPABILITIES Sun Jan 31 11:20:27 2010 (r203273) @@ -4,6 +4,7 @@ ident CAPABILITIES options CAPABILITIES options PROCDESC options KDTRACE_HOOKS +options INVARIANTS options WITNESS options KDB options DDB From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 12:07:14 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 39741106568B; Sun, 31 Jan 2010 12:07:14 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 286E28FC0C; Sun, 31 Jan 2010 12:07:14 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0VC7EFp018709; Sun, 31 Jan 2010 12:07:14 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0VC7Eaw018706; Sun, 31 Jan 2010 12:07:14 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001311207.o0VC7Eaw018706@svn.freebsd.org> From: Robert Watson Date: Sun, 31 Jan 2010 12:07:14 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203278 - in projects/capabilities8/sys: amd64/conf i386/conf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 12:07:14 -0000 Author: rwatson Date: Sun Jan 31 12:07:13 2010 New Revision: 203278 URL: http://svn.freebsd.org/changeset/base/203278 Log: Merge c174014 from the p4 TrustedBSD Capabilities branch to capabilities8: INVARIANT_SUPPORT also required on 8.x when compiling this kernel configuration. Sponsored by: Google, Inc. Modified: projects/capabilities8/sys/amd64/conf/CAPABILITIES projects/capabilities8/sys/i386/conf/CAPABILITIES Modified: projects/capabilities8/sys/amd64/conf/CAPABILITIES ============================================================================== --- projects/capabilities8/sys/amd64/conf/CAPABILITIES Sun Jan 31 11:48:25 2010 (r203277) +++ projects/capabilities8/sys/amd64/conf/CAPABILITIES Sun Jan 31 12:07:13 2010 (r203278) @@ -4,6 +4,7 @@ ident CAPABILITIES options CAPABILITIES options PROCDESC options KDTRACE_HOOKS +options INVARIANT_SUPPORT options INVARIANTS options WITNESS options KDB Modified: projects/capabilities8/sys/i386/conf/CAPABILITIES ============================================================================== --- projects/capabilities8/sys/i386/conf/CAPABILITIES Sun Jan 31 11:48:25 2010 (r203277) +++ projects/capabilities8/sys/i386/conf/CAPABILITIES Sun Jan 31 12:07:13 2010 (r203278) @@ -4,6 +4,7 @@ ident CAPABILITIES options CAPABILITIES options PROCDESC options KDTRACE_HOOKS +options INVARIANT_SUPPORT options INVARIANTS options WITNESS options KDB From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 13:01:03 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 381CA106566C; Sun, 31 Jan 2010 13:01:03 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1E96A8FC12; Sun, 31 Jan 2010 13:01:03 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0VD13JM030806; Sun, 31 Jan 2010 13:01:03 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0VD12C4030804; Sun, 31 Jan 2010 13:01:03 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201001311301.o0VD12C4030804@svn.freebsd.org> From: Robert Watson Date: Sun, 31 Jan 2010 13:01:02 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203284 - projects/capabilities8/sys/fs/fdescfs X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 13:01:03 -0000 Author: rwatson Date: Sun Jan 31 13:01:02 2010 New Revision: 203284 URL: http://svn.freebsd.org/changeset/base/203284 Log: Merge c174017 from the p4 TrustedBSD Capabilities branch to capabilities8: Disable fdesc_setattr, not fdesc_getattr. Sponsored by: Google, Inc. Modified: projects/capabilities8/sys/fs/fdescfs/fdesc_vnops.c Modified: projects/capabilities8/sys/fs/fdescfs/fdesc_vnops.c ============================================================================== --- projects/capabilities8/sys/fs/fdescfs/fdesc_vnops.c Sun Jan 31 12:32:57 2010 (r203283) +++ projects/capabilities8/sys/fs/fdescfs/fdesc_vnops.c Sun Jan 31 13:01:02 2010 (r203284) @@ -392,7 +392,6 @@ fdesc_getattr(ap) } */ *ap; { -#if 0 struct vnode *vp = ap->a_vp; struct vattr *vap = ap->a_vap; @@ -432,9 +431,6 @@ fdesc_getattr(ap) vp->v_type = vap->va_type; return (0); -#else - return (EOPNOTSUPP); -#endif } static int @@ -445,6 +441,7 @@ fdesc_setattr(ap) struct ucred *a_cred; } */ *ap; { +#if 0 struct vattr *vap = ap->a_vap; struct vnode *vp; struct mount *mp; @@ -488,6 +485,9 @@ fdesc_setattr(ap) } fdrop(fp, td); return (error); +#else + return (EOPNOTSUPP); +#endif } #define UIO_MX 16 From owner-svn-src-projects@FreeBSD.ORG Sun Jan 31 23:39:56 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 465CF1065679; Sun, 31 Jan 2010 23:39:56 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 343538FC15; Sun, 31 Jan 2010 23:39:56 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o0VNduhW073330; Sun, 31 Jan 2010 23:39:56 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o0VNdun7073321; Sun, 31 Jan 2010 23:39:56 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201001312339.o0VNdun7073321@svn.freebsd.org> From: Nathan Whitehorn Date: Sun, 31 Jan 2010 23:39:56 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203330 - in projects/ppc64: lib/libc/powerpc64/gen libexec/rtld-elf/powerpc64 sys/sys X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 31 Jan 2010 23:39:56 -0000 Author: nwhitehorn Date: Sun Jan 31 23:39:55 2010 New Revision: 203330 URL: http://svn.freebsd.org/changeset/base/203330 Log: More hacking at RTLD. TLS is still broken, among other (unknown) things, but RTLD is making its first halting steps toward functionality. Very simple programs like /bin/echo now work. Modified: projects/ppc64/lib/libc/powerpc64/gen/_set_tp.c projects/ppc64/lib/libc/powerpc64/gen/_setjmp.S projects/ppc64/lib/libc/powerpc64/gen/setjmp.S projects/ppc64/lib/libc/powerpc64/gen/sigsetjmp.S projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S projects/ppc64/sys/sys/elf_common.h Modified: projects/ppc64/lib/libc/powerpc64/gen/_set_tp.c ============================================================================== --- projects/ppc64/lib/libc/powerpc64/gen/_set_tp.c Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/lib/libc/powerpc64/gen/_set_tp.c Sun Jan 31 23:39:55 2010 (r203330) @@ -29,7 +29,7 @@ void _set_tp(void *tpval) { - register void *tp __asm__("r2"); + register void *tp __asm__("r13"); - __asm __volatile("mr %0,%1" : "=r"(tp) : "r"((char*)tpval + 0x7008)); + __asm __volatile("mr %0,%1" : "=r"(tp) : "r"((char*)tpval + 0x7016)); } Modified: projects/ppc64/lib/libc/powerpc64/gen/_setjmp.S ============================================================================== --- projects/ppc64/lib/libc/powerpc64/gen/_setjmp.S Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/lib/libc/powerpc64/gen/_setjmp.S Sun Jan 31 23:39:55 2010 (r203330) @@ -64,20 +64,20 @@ ENTRY(_setjmp) std %r15,40 + 6*8(%r3) std %r16,40 + 7*8(%r3) std %r17,40 + 8*8(%r3) - std %r18,40 + 10*8(%r3) - std %r19,40 + 11*8(%r3) - std %r20,40 + 12*8(%r3) - std %r21,40 + 13*8(%r3) - std %r22,40 + 14*8(%r3) - std %r23,40 + 15*8(%r3) - std %r24,40 + 16*8(%r3) - std %r25,40 + 17*8(%r3) - std %r26,40 + 18*8(%r3) - std %r27,40 + 19*8(%r3) - std %r28,40 + 20*8(%r3) - std %r29,40 + 21*8(%r3) - std %r30,40 + 22*8(%r3) - std %r31,40 + 23*8(%r3) + std %r18,40 + 9*8(%r3) + std %r19,40 + 10*8(%r3) + std %r20,40 + 11*8(%r3) + std %r21,40 + 12*8(%r3) + std %r22,40 + 13*8(%r3) + std %r23,40 + 14*8(%r3) + std %r24,40 + 15*8(%r3) + std %r25,40 + 16*8(%r3) + std %r26,40 + 17*8(%r3) + std %r27,40 + 18*8(%r3) + std %r28,40 + 19*8(%r3) + std %r29,40 + 20*8(%r3) + std %r30,40 + 21*8(%r3) + std %r31,40 + 22*8(%r3) li %r3,0 blr @@ -91,20 +91,20 @@ ENTRY(_longjmp) ld %r15,40 + 6*8(%r3) ld %r16,40 + 7*8(%r3) ld %r17,40 + 8*8(%r3) - ld %r18,40 + 10*8(%r3) - ld %r19,40 + 11*8(%r3) - ld %r20,40 + 12*8(%r3) - ld %r21,40 + 13*8(%r3) - ld %r22,40 + 14*8(%r3) - ld %r23,40 + 15*8(%r3) - ld %r24,40 + 16*8(%r3) - ld %r25,40 + 17*8(%r3) - ld %r26,40 + 18*8(%r3) - ld %r27,40 + 19*8(%r3) - ld %r28,40 + 20*8(%r3) - ld %r29,40 + 21*8(%r3) - ld %r30,40 + 22*8(%r3) - ld %r31,40 + 23*8(%r3) + ld %r18,40 + 9*8(%r3) + ld %r19,40 + 10*8(%r3) + ld %r20,40 + 11*8(%r3) + ld %r21,40 + 12*8(%r3) + ld %r22,40 + 13*8(%r3) + ld %r23,40 + 14*8(%r3) + ld %r24,40 + 15*8(%r3) + ld %r25,40 + 16*8(%r3) + ld %r26,40 + 17*8(%r3) + ld %r27,40 + 18*8(%r3) + ld %r28,40 + 19*8(%r3) + ld %r29,40 + 20*8(%r3) + ld %r30,40 + 21*8(%r3) + ld %r31,40 + 22*8(%r3) mtlr %r11 mtcr %r12 Modified: projects/ppc64/lib/libc/powerpc64/gen/setjmp.S ============================================================================== --- projects/ppc64/lib/libc/powerpc64/gen/setjmp.S Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/lib/libc/powerpc64/gen/setjmp.S Sun Jan 31 23:39:55 2010 (r203330) @@ -75,20 +75,20 @@ ENTRY(setjmp) std %r15,40 + 6*8(%r6) std %r16,40 + 7*8(%r6) std %r17,40 + 8*8(%r6) - std %r18,40 + 10*8(%r6) - std %r19,40 + 11*8(%r6) - std %r20,40 + 12*8(%r6) - std %r21,40 + 13*8(%r6) - std %r22,40 + 14*8(%r6) - std %r23,40 + 15*8(%r6) - std %r24,40 + 16*8(%r6) - std %r25,40 + 17*8(%r6) - std %r26,40 + 18*8(%r6) - std %r27,40 + 19*8(%r6) - std %r28,40 + 20*8(%r6) - std %r29,40 + 21*8(%r6) - std %r30,40 + 22*8(%r6) - std %r31,40 + 23*8(%r6) + std %r18,40 + 9*8(%r6) + std %r19,40 + 10*8(%r6) + std %r20,40 + 11*8(%r6) + std %r21,40 + 12*8(%r6) + std %r22,40 + 13*8(%r6) + std %r23,40 + 14*8(%r6) + std %r24,40 + 15*8(%r6) + std %r25,40 + 16*8(%r6) + std %r26,40 + 17*8(%r6) + std %r27,40 + 18*8(%r6) + std %r28,40 + 19*8(%r6) + std %r29,40 + 20*8(%r6) + std %r30,40 + 21*8(%r6) + std %r31,40 + 22*8(%r6) li %r3,0 /* return (0) */ blr @@ -107,20 +107,20 @@ ENTRY(__longjmp) ld %r15,40 + 6*8(%r3) ld %r16,40 + 7*8(%r3) ld %r17,40 + 8*8(%r3) - ld %r18,40 + 10*8(%r3) - ld %r19,40 + 11*8(%r3) - ld %r20,40 + 12*8(%r3) - ld %r21,40 + 13*8(%r3) - ld %r22,40 + 14*8(%r3) - ld %r23,40 + 15*8(%r3) - ld %r24,40 + 16*8(%r3) - ld %r25,40 + 17*8(%r3) - ld %r26,40 + 18*8(%r3) - ld %r27,40 + 19*8(%r3) - ld %r28,40 + 20*8(%r3) - ld %r29,40 + 21*8(%r3) - ld %r30,40 + 22*8(%r3) - ld %r31,40 + 23*8(%r3) + ld %r18,40 + 9*8(%r3) + ld %r19,40 + 10*8(%r3) + ld %r20,40 + 11*8(%r3) + ld %r21,40 + 12*8(%r3) + ld %r22,40 + 13*8(%r3) + ld %r23,40 + 14*8(%r3) + ld %r24,40 + 15*8(%r3) + ld %r25,40 + 16*8(%r3) + ld %r26,40 + 17*8(%r3) + ld %r27,40 + 18*8(%r3) + ld %r28,40 + 19*8(%r3) + ld %r29,40 + 20*8(%r3) + ld %r30,40 + 21*8(%r3) + ld %r31,40 + 22*8(%r3) mr %r6,%r4 /* save val param */ mtlr %r11 /* r11 -> link reg */ mtcr %r12 /* r12 -> condition reg */ Modified: projects/ppc64/lib/libc/powerpc64/gen/sigsetjmp.S ============================================================================== --- projects/ppc64/lib/libc/powerpc64/gen/sigsetjmp.S Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/lib/libc/powerpc64/gen/sigsetjmp.S Sun Jan 31 23:39:55 2010 (r203330) @@ -80,20 +80,20 @@ ENTRY(sigsetjmp) std %r15,40 + 6*8(%r6) std %r16,40 + 7*8(%r6) std %r17,40 + 8*8(%r6) - std %r18,40 + 10*8(%r6) - std %r19,40 + 11*8(%r6) - std %r20,40 + 12*8(%r6) - std %r21,40 + 13*8(%r6) - std %r22,40 + 14*8(%r6) - std %r23,40 + 15*8(%r6) - std %r24,40 + 16*8(%r6) - std %r25,40 + 17*8(%r6) - std %r26,40 + 18*8(%r6) - std %r27,40 + 19*8(%r6) - std %r28,40 + 20*8(%r6) - std %r29,40 + 21*8(%r6) - std %r30,40 + 22*8(%r6) - std %r31,40 + 23*8(%r6) + std %r18,40 + 9*8(%r6) + std %r19,40 + 10*8(%r6) + std %r20,40 + 11*8(%r6) + std %r21,40 + 12*8(%r6) + std %r22,40 + 13*8(%r6) + std %r23,40 + 14*8(%r6) + std %r24,40 + 15*8(%r6) + std %r25,40 + 16*8(%r6) + std %r26,40 + 17*8(%r6) + std %r27,40 + 18*8(%r6) + std %r28,40 + 19*8(%r6) + std %r29,40 + 20*8(%r6) + std %r30,40 + 21*8(%r6) + std %r31,40 + 22*8(%r6) li %r3,0 blr @@ -108,20 +108,20 @@ ENTRY(siglongjmp) ld %r15,40 + 6*8(%r3) ld %r16,40 + 7*8(%r3) ld %r17,40 + 8*8(%r3) - ld %r18,40 + 10*8(%r3) - ld %r19,40 + 11*8(%r3) - ld %r20,40 + 12*8(%r3) - ld %r21,40 + 13*8(%r3) - ld %r22,40 + 14*8(%r3) - ld %r23,40 + 15*8(%r3) - ld %r24,40 + 16*8(%r3) - ld %r25,40 + 17*8(%r3) - ld %r26,40 + 18*8(%r3) - ld %r27,40 + 19*8(%r3) - ld %r28,40 + 20*8(%r3) - ld %r29,40 + 21*8(%r3) - ld %r30,40 + 22*8(%r3) - ld %r31,40 + 23*8(%r3) + ld %r18,40 + 9*8(%r3) + ld %r19,40 + 10*8(%r3) + ld %r20,40 + 11*8(%r3) + ld %r21,40 + 12*8(%r3) + ld %r22,40 + 13*8(%r3) + ld %r23,40 + 14*8(%r3) + ld %r24,40 + 15*8(%r3) + ld %r25,40 + 16*8(%r3) + ld %r26,40 + 17*8(%r3) + ld %r27,40 + 18*8(%r3) + ld %r28,40 + 19*8(%r3) + ld %r29,40 + 20*8(%r3) + ld %r30,40 + 21*8(%r3) + ld %r31,40 + 22*8(%r3) lwz %r7,0(%r3) mr %r6,%r4 Modified: projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Sun Jan 31 23:39:55 2010 (r203330) @@ -44,9 +44,9 @@ #include "rtld.h" struct funcdesc { - uint64_t addr; - uint64_t toc; - uint64_t env; + Elf_Addr addr; + Elf_Addr toc; + Elf_Addr env; }; /* @@ -104,7 +104,7 @@ do_copy_relocations(Obj_Entry *dstobj) srcaddr = (const void *) (srcobj->relocbase+srcsym->st_value); memcpy(dstaddr, srcaddr, size); - dbg("copy_reloc: src=%p,dst=%p,size=%d\n",srcaddr,dstaddr,size); + dbg("copy_reloc: src=%p,dst=%p,size=%zd\n",srcaddr,dstaddr,size); } return (0); @@ -163,8 +163,8 @@ reloc_nonplt_object(Obj_Entry *obj_rtld, case R_PPC_NONE: break; - case R_PPC_ADDR32: /* word32 S + A */ - case R_PPC_GLOB_DAT: /* word32 S + A */ + case R_PPC64_ADDR64: /* doubleword64 S + A */ + case R_PPC_GLOB_DAT: def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, false, cache); if (def == NULL) { @@ -180,7 +180,7 @@ reloc_nonplt_object(Obj_Entry *obj_rtld, } break; - case R_PPC_RELATIVE: /* word32 B + A */ + case R_PPC_RELATIVE: /* doubleword64 B + A */ tmp = (Elf_Addr)(obj->relocbase + rela->r_addend); /* As above, don't issue write unnecessarily */ @@ -211,7 +211,7 @@ reloc_nonplt_object(Obj_Entry *obj_rtld, */ break; - case R_PPC_DTPMOD32: + case R_PPC64_DTPMOD64: def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, false, cache); @@ -222,7 +222,7 @@ reloc_nonplt_object(Obj_Entry *obj_rtld, break; - case R_PPC_TPREL32: + case R_PPC64_TPREL64: def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, false, cache); @@ -251,7 +251,7 @@ reloc_nonplt_object(Obj_Entry *obj_rtld, break; - case R_PPC_DTPREL32: + case R_PPC64_DTPREL64: def = find_symdef(ELF_R_SYM(rela->r_info), obj, &defobj, false, cache); @@ -322,8 +322,8 @@ done: static int reloc_plt_object(Obj_Entry *obj, const Elf_Rela *rela) { - Elf_Word *where = (Elf_Word *)(obj->relocbase + rela->r_offset); - int reloff; + Elf_Addr *where = (Elf_Addr *)(obj->relocbase + rela->r_offset); + long reloff; reloff = rela - obj->pltrela; @@ -331,11 +331,9 @@ reloc_plt_object(Obj_Entry *obj, const E return (-1); } - dbg(" reloc_plt_object: where=%p,pltres=%p,reloff=%x,distance=%x", - (void *)where, (void *)pltresolve, reloff, distance); + dbg(" reloc_plt_object: where=%p,reloff=%lx", (void *)where, reloff); - ((struct funcdesc *)(where))->addr = - (uint64_t)_rtld_powerpc64_pltresolve; + memcpy(where, _rtld_powerpc64_pltresolve, sizeof(struct funcdesc)); ((struct funcdesc *)(where))->toc = reloff; ((struct funcdesc *)(where))->env = (uint64_t)obj; @@ -413,16 +411,15 @@ reloc_jmpslots(Obj_Entry *obj) /* - * Update the value of a PLT jump slot. Branch directly to the target if - * it is within +/- 32Mb, otherwise go indirectly via the pltcall - * trampoline call and jump table. + * Update the value of a PLT jump slot. */ Elf_Addr reloc_jmpslot(Elf_Addr *wherep, Elf_Addr target, const Obj_Entry *defobj, const Obj_Entry *obj, const Elf_Rel *rel) { - dbg(" reloc_jmpslot: where=%p, target=%p", - (void *)wherep, (void *)target); + dbg(" reloc_jmpslot: where=%p, target=%p (%#lx + %#lx)", + (void *)wherep, (void *)target, *(Elf_Addr *)target, + (Elf_Addr)defobj->relocbase); /* * At the PLT entry pointed at by `wherep', construct @@ -431,6 +428,18 @@ reloc_jmpslot(Elf_Addr *wherep, Elf_Addr */ memcpy(wherep, (void *)target, sizeof(struct funcdesc)); + if (((struct funcdesc *)(wherep))->addr < (Elf_Addr)defobj->relocbase) { + /* + * XXX: It is possible (e.g. LD_BIND_NOW) that the function + * descriptor we are copying has not yet been relocated. + * If this happens, fix it. + */ + + ((struct funcdesc *)(wherep))->addr += + (Elf_Addr)defobj->relocbase; + ((struct funcdesc *)(wherep))->toc += + (Elf_Addr)defobj->relocbase; + } return (target); } @@ -438,8 +447,9 @@ reloc_jmpslot(Elf_Addr *wherep, Elf_Addr void init_pltgot(Obj_Entry *obj) { +#if 0 struct funcdesc *pltcall; - int N = obj->pltrelasize / sizeof(Elf_Rela); + //int N = obj->pltrelasize / sizeof(Elf_Rela); pltcall = (struct funcdesc *)obj->pltgot; @@ -448,22 +458,16 @@ init_pltgot(Obj_Entry *obj) } /* - * Copy the function description into the PLT slot + * Copy the function description into the PLT0 slot */ memcpy(pltcall, _rtld_powerpc64_pltresolve, sizeof(*pltcall)); - - /* - * Now fake the two arguments we get in the descriptor to - * pass information to the resolver. - */ - pltcall->toc = N; - pltcall->env = (uint64_t)obj; +#endif } void allocate_initial_tls(Obj_Entry *list) { - register Elf_Addr **tp __asm__("r2"); + register Elf_Addr **tp __asm__("r13"); Elf_Addr **_tp; /* @@ -474,7 +478,7 @@ allocate_initial_tls(Obj_Entry *list) tls_static_space = tls_last_offset + tls_last_size + RTLD_STATIC_TLS_EXTRA; - _tp = (Elf_Addr **) ((char *) allocate_tls(list, NULL, TLS_TCB_SIZE, 8) + _tp = (Elf_Addr **) ((char *)allocate_tls(list, NULL, TLS_TCB_SIZE, 16) + TLS_TP_OFFSET + TLS_TCB_SIZE); /* @@ -487,7 +491,7 @@ allocate_initial_tls(Obj_Entry *list) void* __tls_get_addr(tls_index* ti) { - register Elf_Addr **tp __asm__("r2"); + register Elf_Addr **tp __asm__("r13"); char *p; p = tls_get_addr_common((Elf_Addr**)((Elf_Addr)tp - TLS_TP_OFFSET Modified: projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h Sun Jan 31 23:39:55 2010 (r203330) @@ -65,12 +65,12 @@ void _rtld_powerpc64_pltresolve(void); #define TLS_TP_OFFSET 0x7000 #define TLS_DTV_OFFSET 0x8000 -#define TLS_TCB_SIZE 8 +#define TLS_TCB_SIZE 16 #define round(size, align) \ (((size) + (align) - 1) & ~((align) - 1)) #define calculate_first_tls_offset(size, align) \ - round(8, align) + round(16, align) #define calculate_tls_offset(prev_offset, prev_size, size, align) \ round(prev_offset + prev_size, align) #define calculate_tls_end(off, size) ((off) + (size)) Modified: projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Sun Jan 31 23:39:55 2010 (r203330) @@ -45,6 +45,26 @@ _ENTRY(_rtld_start) /* std %r7,80(%r1) *//* cleanup (always 0) */ std %r8,88(%r1) /* ps_strings */ + /* + * Perform initial relocation of ld-elf.so. Not as easy as it + * sounds. + * - perform small forward branch to put PC into link reg + * - use link-time constants to determine offset to the + * _DYNAMIC section and the GOT. Add these to the PC to + * convert to absolute addresses. + * - call reloc_non_plt_self() to fix up ld-elf.so's relocations + */ + + bl 1f + .llong _DYNAMIC-. +1: + mflr %r3 /* PC value at .llong */ + ld %r4,0(%r3) /* offset to _DYNAMIC */ + add %r3,%r4,%r3 /* r3 = &_DYNAMIC, absolute value */ + + ld %r4,-0x8000(%r2) /* First TOC entry is TOC base */ + subf %r4,%r4,%r2 /* Subtract from real TOC base to get base */ + bl .reloc_non_plt_self /* reloc_non_plt_self(&_DYNAMIC,base) */ nop @@ -55,14 +75,16 @@ _ENTRY(_rtld_start) * original stack layout has to be found by moving back a word * from the argv pointer. */ - ld %r4,56(%r1) /* restore argv */ + ld %r4,56(%r1) addi %r3,%r4,-8 /* locate argc ptr, &argv[-1] */ - - addi %r4,%r1,16 /* &exit_proc on stack */ - addi %r5,%r1,24 /* &obj_main on stack */ + addi %r4,%r1,80 /* &exit_proc on stack */ + addi %r5,%r1,72 /* &obj_main on stack */ bl ._rtld /* &_start = _rtld(sp, &exit_proc, &obj_main)*/ nop + ld %r2,8(%r3) + ld %r11,16(%r3) + ld %r3,0(%r3) mtlr %r3 /* Modified: projects/ppc64/sys/sys/elf_common.h ============================================================================== --- projects/ppc64/sys/sys/elf_common.h Sun Jan 31 23:16:10 2010 (r203329) +++ projects/ppc64/sys/sys/elf_common.h Sun Jan 31 23:39:55 2010 (r203330) @@ -781,6 +781,27 @@ typedef struct { #define R_PPC_SECTOFF_HA 36 /* + * 64-bit relocations + */ +#define R_PPC64_ADDR64 38 +#define R_PPC64_ADDR16_HIGHER 39 +#define R_PPC64_ADDR16_HIGHERA 40 +#define R_PPC64_ADDR16_HIGHEST 41 +#define R_PPC64_ADDR16_HIGHESTA 42 +#define R_PPC64_UADDR64 43 +#define R_PPC64_REL64 44 +#define R_PPC64_PLT64 45 +#define R_PPC64_PLTREL64 46 +#define R_PPC64_TOC16 47 +#define R_PPC64_TOC16_LO 48 +#define R_PPC64_TOC16_HI 49 +#define R_PPC64_TOC16_HA 50 +#define R_PPC64_TOC 51 +#define R_PPC64_DTPMOD64 68 +#define R_PPC64_TPREL64 73 +#define R_PPC64_DTPREL64 78 + +/* * TLS relocations */ #define R_PPC_TLS 67 From owner-svn-src-projects@FreeBSD.ORG Mon Feb 1 00:13:30 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83447106568F; Mon, 1 Feb 2010 00:13:30 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 7215F8FC08; Mon, 1 Feb 2010 00:13:30 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o110DUH6080708; Mon, 1 Feb 2010 00:13:30 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o110DUEA080705; Mon, 1 Feb 2010 00:13:30 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201002010013.o110DUEA080705@svn.freebsd.org> From: Nathan Whitehorn Date: Mon, 1 Feb 2010 00:13:30 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203331 - projects/ppc64/libexec/rtld-elf/powerpc64 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 00:13:30 -0000 Author: nwhitehorn Date: Mon Feb 1 00:13:30 2010 New Revision: 203331 URL: http://svn.freebsd.org/changeset/base/203331 Log: Do not restore the original stack pointer: the PPC64 ABI stores things in the parent's stack frame, which becomes the program arguments if R1 is restored. This leads to bad. Also add some cache-related paranoia to setting of PLT slots, following glibc. With these changes, nearly all dynamic executables run correctly with LD_BIND_NOW=1. Modified: projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Modified: projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Sun Jan 31 23:39:55 2010 (r203330) +++ projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Mon Feb 1 00:13:30 2010 (r203331) @@ -441,6 +441,8 @@ reloc_jmpslot(Elf_Addr *wherep, Elf_Addr (Elf_Addr)defobj->relocbase; } + __asm __volatile("dcbst 0,%0; sync" :: "r"(wherep) : "memory"); + return (target); } Modified: projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Sun Jan 31 23:39:55 2010 (r203330) +++ projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Mon Feb 1 00:13:30 2010 (r203331) @@ -96,7 +96,6 @@ _ENTRY(_rtld_start) ld %r6,72(%r1) /* obj */ ld %r7,80(%r1) /* exit proc */ ld %r8,88(%r1) /* ps_strings */ - addi %r1,%r1,96 /* restore original stackptr */ blrl /* _start(argc, argv, envp, obj, cleanup, ps_strings) */ From owner-svn-src-projects@FreeBSD.ORG Mon Feb 1 01:06:37 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 350E31065676; Mon, 1 Feb 2010 01:06:37 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 239858FC1B; Mon, 1 Feb 2010 01:06:37 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o1116bVb092419; Mon, 1 Feb 2010 01:06:37 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o1116bTJ092416; Mon, 1 Feb 2010 01:06:37 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201002010106.o1116bTJ092416@svn.freebsd.org> From: Nathan Whitehorn Date: Mon, 1 Feb 2010 01:06:37 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203332 - in projects/ppc64/lib/libc/powerpc64: . sys X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 01:06:37 -0000 Author: nwhitehorn Date: Mon Feb 1 01:06:36 2010 New Revision: 203332 URL: http://svn.freebsd.org/changeset/base/203332 Log: Restoration of the TOC value is done by a linker-rewritten nop after branch instructions. Setting of the TOC is done by a linker-written trampoline, and the old value stored in the stack. If two TOC-based function calls were made back-to-back with the same stack frame, this resulted in corruption of the TOC pointer. This happened predominently with cerror, so fix some additional bugs here. With these changes, all dynamically linked executables seem to work, given LD_BIND_NOW. Next up: fix lazy PLT loading. Modified: projects/ppc64/lib/libc/powerpc64/SYS.h projects/ppc64/lib/libc/powerpc64/sys/cerror.S Modified: projects/ppc64/lib/libc/powerpc64/SYS.h ============================================================================== --- projects/ppc64/lib/libc/powerpc64/SYS.h Mon Feb 1 00:13:30 2010 (r203331) +++ projects/ppc64/lib/libc/powerpc64/SYS.h Mon Feb 1 01:06:36 2010 (r203332) @@ -42,8 +42,15 @@ #define SYSCALL(x) \ .text; \ .align 2; \ -2: b PIC_PLT(CNAME(HIDENAME(cerror))); \ +2: mflr %r0; \ + std %r0,16(%r1); \ + stdu %r1,-48(%r1); \ + bl PIC_PLT(CNAME(HIDENAME(cerror))); \ nop; \ + addi %r1,%r1,48; \ + ld %r0,16(%r1); \ + mtlr %r0; \ + blr; \ ENTRY(__CONCAT(__sys_,x)); \ .weak CNAME(x); \ .set CNAME(x),CNAME(__CONCAT(__sys_,x)); \ @@ -66,14 +73,19 @@ ENTRY(__CONCAT(__sys_,x)); \ .set CNAME(__CONCAT(._,x)),CNAME(__CONCAT(.__sys_,x));\ _SYSCALL(x); \ bnslr; \ - b PIC_PLT(CNAME(HIDENAME(cerror))); \ - nop + mflr %r0; \ + std %r0,16(%r1); \ + stdu %r1,-48(%r1); \ + bl PIC_PLT(CNAME(HIDENAME(cerror))); \ + nop; \ + addi %r1,%r1,48; \ + ld %r0,16(%r1); \ + mtlr %r0; \ + blr; #define RSYSCALL(x) \ .text; \ .align 2; \ -2: b PIC_PLT(CNAME(HIDENAME(cerror))); \ - nop; \ ENTRY(__CONCAT(__sys_,x)); \ .weak CNAME(x); \ .set CNAME(x),CNAME(__CONCAT(__sys_,x)); \ @@ -85,5 +97,13 @@ ENTRY(__CONCAT(__sys_,x)); \ .set CNAME(__CONCAT(._,x)),CNAME(__CONCAT(.__sys_,x));\ _SYSCALL(x); \ bnslr; \ - b PIC_PLT(CNAME(HIDENAME(cerror))); \ - nop + \ + mflr %r0; \ + std %r0,16(%r1); \ + stdu %r1,-48(%r1); \ + bl PIC_PLT(CNAME(HIDENAME(cerror))); \ + nop; \ + addi %r1,%r1,48; \ + ld %r0,16(%r1); \ + mtlr %r0; \ + blr; Modified: projects/ppc64/lib/libc/powerpc64/sys/cerror.S ============================================================================== --- projects/ppc64/lib/libc/powerpc64/sys/cerror.S Mon Feb 1 00:13:30 2010 (r203331) +++ projects/ppc64/lib/libc/powerpc64/sys/cerror.S Mon Feb 1 01:06:36 2010 (r203332) @@ -40,19 +40,21 @@ __FBSDID("$FreeBSD$"); */ ENTRY(HIDENAME(cerror)) mflr %r0 + std %r0,16(%r1) /* save lr */ stdu %r1,-56(%r1) /* allocate new stack frame */ - std %r0,16(%r1) /* and save lr, r31 */ std %r31,48(%r1) + mr %r31,%r3 /* stash errval in callee-saved register */ bl PIC_PLT(CNAME(__error)) nop - std %r31,0(%r3) /* store errval into &errno */ - ld %r0,16(%r1) + stw %r31,0(%r3) /* store errval into &errno */ + ld %r31,48(%r1) - mtlr %r0 ld %r1,0(%r1) + ld %r0,16(%r1) + mtlr %r0 li %r3,-1 li %r4,-1 - blr /* return to callers caller */ + blr From owner-svn-src-projects@FreeBSD.ORG Mon Feb 1 14:51:12 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2EE271065695; Mon, 1 Feb 2010 14:51:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1AFBC8FC1C; Mon, 1 Feb 2010 14:51:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o11EpCQP084681; Mon, 1 Feb 2010 14:51:12 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o11EpCJp084674; Mon, 1 Feb 2010 14:51:12 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002011451.o11EpCJp084674@svn.freebsd.org> From: Robert Watson Date: Mon, 1 Feb 2010 14:51:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203346 - projects/capabilities8/lib/libcapsicum X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 01 Feb 2010 14:51:12 -0000 Author: rwatson Date: Mon Feb 1 14:51:11 2010 New Revision: 203346 URL: http://svn.freebsd.org/changeset/base/203346 Log: Merge c173958, c174024, c174029, c174030, c174074, c174075, c174076, c174086, c174087, c174089, c174091: File descriptor reordering via lc_fdlist_reorder() Add a rough draft man page for the libcapsicum fdlist API. Fix markup nits, type nits, and argument names. Fix further nits, document return values for fdlist functions. Added ld_fdlist_append(), plus one sanity check and the ability to ignore names in lc_fdlist_lookup() Add lc_fdlist_append() to libcapsicum.h Added the weak symbol ld_libdirs() Avoid passing lc_fdlist by reference to utility functions by adopting a static lc_fdlist pointer over the life time of the list, with the storage pointer being rewritten instead. The result is more locking friendly. Also correct some locking bugs. Layout fixes, comment that we'll make the _size a private function. Clean up style in a few places. Properly handle lock unwinding in append. Comment on lock recursion. White space tweak. Submitted by: Jonathan Anderson (portions) Sponsored by: Google, Inc. (portions) Added: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Modified: projects/capabilities8/lib/libcapsicum/Makefile projects/capabilities8/lib/libcapsicum/libcapsicum.3 projects/capabilities8/lib/libcapsicum/libcapsicum.h projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Modified: projects/capabilities8/lib/libcapsicum/Makefile ============================================================================== --- projects/capabilities8/lib/libcapsicum/Makefile Mon Feb 1 14:29:07 2010 (r203345) +++ projects/capabilities8/lib/libcapsicum/Makefile Mon Feb 1 14:51:11 2010 (r203346) @@ -21,9 +21,17 @@ SHLIB_MAJOR= 1 WARNS?= 6 MAN= libcapsicum.3 +MAN+= libcapsicum_fdlist.3 MAN+= libcapsicum_host.3 MAN+= libcapsicum_sandbox.3 MLINKS= libcapsicum.3 lc_limitfd.3 \ + libcapsicum_fdlist.3 lc_fdlist_new.3 \ + libcapsicum_fdlist.3 lc_fdlist_global.3 \ + libcapsicum_fdlist.3 lc_fdlist_dup.3 \ + libcapsicum_fdlist.3 lc_fdlist_free.3 \ + libcapsicum_fdlist.3 lc_fdlist_add.3 \ + libcapsicum_fdlist.3 lc_fdlist_addcap.3 \ + libcapsicum_fdlist.3 lc_fdlist_lookup.3 \ libcapsicum_host.3 lch_autosandbox_isenabled.3 \ libcapsicum_host.3 lch_start.3 \ libcapsicum_host.3 lch_startfd.3 \ Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.3 Mon Feb 1 14:29:07 2010 (r203345) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.3 Mon Feb 1 14:51:11 2010 (r203346) @@ -1,5 +1,5 @@ .\" -.\" Copyright (c) 2009 Robert N. M. Watson +.\" Copyright (c) 2009-2010 Robert N. M. Watson .\" All rights reserved. .\" .\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -82,6 +82,13 @@ described in .Xr libcapsicum_sandbox 3 . Sandboxed processes themselves may launch software components in further sandboxes, so a single program may use both host and sandbox APIs. +.Pp +In addition, the +.Nm +file descriptor list API, described in +.Xr libcapsicum_fdlist 3 , +may be used to manage the delegation of file descriptors/capabilities to +sandboxes using a namespace. .Sh CAPABILITY API .Fn lc_limitfd is a wrapper around @@ -99,6 +106,7 @@ with the requested rights mask. .Xr cap_new 2 , .Xr close 2 , .Xr dup2 2 , +.Xr libcapsicum_fdlist 3 , .Xr libcapsicum_host 3 , .Xr libcapsicum_sandbox 3 , .Xr unix 4 @@ -111,6 +119,9 @@ WARNING: THIS IS EXPERIMENTAL SECURITY S PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS. .Sh AUTHORS These functions and the capability facility were created by +.An -nosplit .An "Robert N. M. Watson" +and +.An "Jonathan Anderson" at the University of Cambridge Computer Laboratory with support from a grant from Google, Inc. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.h Mon Feb 1 14:29:07 2010 (r203345) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.h Mon Feb 1 14:51:11 2010 (r203346) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -53,54 +53,76 @@ struct lc_library { int lcl_fd; }; - -/* A list of file descriptors, which can be passed around in shared memory */ +/* + * A list of file descriptors, which can be passed around in shared memory. + */ struct lc_fdlist; +struct lc_fdlist *lc_fdlist_new(void); +struct lc_fdlist *lc_fdlist_global(void); +struct lc_fdlist *lc_fdlist_dup(struct lc_fdlist *lfp_orig); +void lc_fdlist_free(struct lc_fdlist *lfp); -struct lc_fdlist* lc_fdlist_new(void); -struct lc_fdlist* lc_fdlist_global(void); -struct lc_fdlist* lc_fdlist_dup(struct lc_fdlist *orig); -void lc_fdlist_free(struct lc_fdlist *l); - - -/* Size of an FD list in bytes, including all associated string data */ -int lc_fdlist_size(struct lc_fdlist *l); - +/* + * Size of an FD list in bytes, including all associated string data. + * + * XXX: This will probably become library-private soon. + */ +u_int lc_fdlist_size(struct lc_fdlist *lfp); /* * Add a file descriptor to the list. * - * l the list to add to + * lfp the list to add to * subsystem a software component name, e.g. "org.freebsd.rtld-elf" * classname a class name, e.g. "libdir" or "library" * name an instance name, e.g. "system library dir" or "libc.so.6" * fd the file descriptor */ -int lc_fdlist_add(struct lc_fdlist **l, - const char *subsystem, const char *classname, - const char *name, int fd); +int lc_fdlist_add(struct lc_fdlist *lfp, const char *subsystem, + const char *classname, const char *name, int fd); /* - * Like lc_fdlist_add(), but allows capability rights to be specified. The file - * descriptor will be wrapped in a capability with the given rights (so if the - * descriptor *is* a capability, its rights will be constrained according to this - * rights mask) - */ -int lc_fdlist_addcap(struct lc_fdlist **l, - const char *subsystem, const char *classname, - const char *name, int fd, cap_rights_t rights); + * Append the contents of one list to another. + */ +int lc_fdlist_append(struct lc_fdlist *to, struct lc_fdlist *from); + + +/* + * Like lc_fdlist_add(), but allows capability rights to be specified. The + * file descriptor will be wrapped in a capability with the given rights (so + * if the descriptor *is* a capability, its rights will be constrained + * according to this rights mask.) + */ +int lc_fdlist_addcap(struct lc_fdlist *l, const char *subsystem, + const char *classname, const char *name, int fd, + cap_rights_t rights); /* * Look up a file descriptor. * * Multiple entries with the same classname are allowed, so iterating through - * all instances of a class is done by supplying an integer 'pos' which is used - * internally to skip entries which have already been seen. If 'pos' is 0 or NULL, - * the first matching entry will be returned. - */ -int lc_fdlist_lookup(struct lc_fdlist *l, - const char *subsystem, const char *classname, - char **name, int *fdp, int *pos); + * all instances of a class is done by supplying an integer 'pos' which is + * used internally to skip entries which have already been seen. If 'pos' is + * 0 or NULL, the first matching entry will be returned. + */ +int lc_fdlist_lookup(struct lc_fdlist *lfp, const char *subsystem, + const char *classname, char **name, int *fdp, int *pos); + +/* + * Look up a file descriptor without a name. Repeated calls to this function + * will iterate through all descriptors in the list. + */ +int lc_fdlist_getentry(struct lc_fdlist *lfp, char **subsystem, + char **classname, char **name, int *fdp, int *pos); + +/* + * Reorder FD list (WARNING: this could be dangerous!). + * + * This call takes all of the file descriptors in the FD list, and moves them + * into a continuous array, starting at the FD given by 'start'. Any file + * descriptors above 'start' which are not in the FD list are closed. + */ +int lc_fdlist_reorder(struct lc_fdlist *lfp); /* * Capability interfaces. @@ -201,6 +223,9 @@ int lcs_sendrpc_rights(struct lc_host *l int ld_libcache_lookup(const char *libname, int *fdp); int ld_insandbox(void); +/* If this call is successful, the caller is responsible for freeing 'fds'. */ +int ld_libdirs(int **fds); + /* * Applications may declare an alternative entry point to the default ELF * entry point for their binary, which will be used in preference to 'main' Added: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Mon Feb 1 14:51:11 2010 (r203346) @@ -0,0 +1,182 @@ +.\" +.\" Copyright (c) 2010 Robert N. M. Watson +.\" All rights reserved. +.\" +.\" WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED +.\" ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND +.\" UNEXPECTED WAYS. +.\" +.\" This software was developed at the University of Cambridge Computer +.\" Laboratory with support from a grant from Google, Inc. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd January 31, 2010 +.Os +.Dt LIBCAPABILITY_FDLIST 3 +.Sh NAME +.Nm libcapsicum +.Nd "library interface to file descriptor lists" +.Sh LIBRARY +.Lb libcapsicum +.Sh SYNOPSIS +.In sys/types.h +.In sys/capability.h +.In libcapsicum.h +.Ft struct lc_fdlist * +.Fn lc_fdlist_new "void" +.Ft struct lc_fdlist * +.Fn lc_fdlist_global "void" +.Ft struct lc_fdlist * +.Fn lc_fdlist_dup "struct lc_fdlist *lfp" +.Ft void +.Fn lc_fdlist_free "struct lc_fdlist *lfp" +.Ft int +.Fn lc_fdlist_add "struct lc_fdlist *lfp" "const char *subsystem" "const char *classname" "const char *name" "int fd" +.Ft int +.Fn lc_fdlist_addcap "struct lc_fdlist *lfp" "const char *subsystem" "const char *classname" "const char *name" "int fd" "cap_rights_t rights" +.Ft int +.Fn lc_fdlist_lookup "struct lc_fdlist *lfp" "const char *subsystem" "const char **name" "int *fdp" "int *pos" +.Sh DESCRIPTION +These +.Nm +library routines create, manage, and destroy file descriptor lists. +File descriptor lists are used by +.Nm +to describe sets of rights that should be delegated to newly created +sandboxes, as well as binding them to names so that sandboxed code can look +up file descriptors provided by code in the host without using hard-coded +file descriptor numbers. +This is necessary because file descriptors may not be the same in the host +and sandbox environments. +.Nm +will arrange for all necessary name and descriptor information to be +available in the sandbox, and file descriptor numbers returned in the sandbox +are with respect to the sandbox's file descriptor assignments. +.Pp +Note that the file descriptor list code is not aware of any changes in file +descriptor status that may happen as a result of application behavior, such +as calls to +.Xr open 2 , +.Xr dup 2, +or +.Xr close 2. +As such, applications must update any file descriptor lists referring to +manipulated descriptors if the descriptor list will later be queried for +them, or used in creating a new sandbox. +.Ss File descriptor list creation and destruction +These functions create, duplicate, and free file descriptor lists: +.Pp +.Fn lc_fdlist_new +allocates a new file descriptor list containing no file descriptor +registrations. +Sandboxed code may also use +.Fn lc_fdlist_global +to query the global file descriptor list passed in when the sandbox was +created. +.Pp +.Fn lc_fdlist_dup +duplicates an existing file descriptor list, creating a new list with +identical entries. +Once duplicated, the lists may diverge; this allows the creation of a +template list for a class of sandbox, followed by duplication and +customization for a specific sandbox instance. +.Pp +.Fn lc_fdlist_free +frees an existing file descriptor list; note that this does not close or +otherwise modify file descriptors described by the list. +.Ss File descriptor list entries +Each file descriptor list entry is described by a three-part character string +namespace: +.Bl -tag -width "subsystem" +.It Fa subsystem +Application or library name, globally unique in order to prevent collisions +between software components in the same host/sandbox pair. +.It Fa classname +An application-specific or library-specific name, intended to reflect a +specific software component within that application or library. +.It Fa name +A per-subsystem, per-class namespace, which might contain file names or other +specific object instance description. +.El +.Pp +These functions insert and look up file descriptor list entries: +.Pp +.Fn lc_fdlist_add +adds a file descriptor, +.Fa fd , +with the three-part name +.Fa subsystem , +.Fa classname , +and +.Fa name +to the file descriptor list +.Fa lfp . +.Fn lc_fdlist_add +is identical except that it further registers a capability mask to apply to +the descriptor during sandbox creation, avoiding the need for separate calls +to .Xr cap_new +in application code. +.Pp +.Fn lc_fdlist_lookup +looks up a file descriptor using the three-part name +.Fa subsystem , +.Fa classname , +and +.Fa name +from the file descriptor list +.Fa lfp . +.Sh RETURN VALUES +The +.Fn lc_fdlist_new , +.Fn lc_flist_global , +and +.Fn lc_fdlist_dup +functions return a pointer to the desired file descriptor list if successful; +otherwise the value +.Dv NULL +is returned and the global variable +.Va errno +is set to indicate the error. +.Pp +.Rv -std lc_fdlist_add lc_fdlist_addcap lc_fdlist_lookup +.Sh SEE ALSO +.Xr cap_new 2 , +.Xr close 2 , +.Xr dup 2 , +.Xr open 2 , +.Xr libcapsicum 3 , +.Xr libcapsicum_host 3 , +.Xr libcapsicum_sandbox 3 , +.Sh HISTORY +Support for capabilities and capabilities mode was developed as part of the +.Tn TrustedBSD +Project. +.Sh BUGS +WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED ON IN +PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND UNEXPECTED WAYS. +.Sh AUTHORS +These functions were created by +.An "Jonathan Anderson" +at the University of Cambridge Computer Laboratory. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Mon Feb 1 14:29:07 2010 (r203345) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Mon Feb 1 14:51:11 2010 (r203346) @@ -1,5 +1,6 @@ /*- * Copyright (c) 2009 Jonathan Anderson + * Copyright (c) 2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -46,345 +47,492 @@ #include "libcapsicum_sandbox_api.h" - struct lc_fdlist_entry { - - unsigned int sysoff; /* offset of e.g. "org.freebsd.rtld-elf-cap" */ - unsigned int syslen; /* length of above */ - - unsigned int idoff; /* offset of variable ID e.g. "libs" */ - unsigned int idlen; /* length of above */ - - unsigned int nameoff; /* offset of entry name (e.g. "libc.so.7") */ - unsigned int namelen; /* length of above */ - + u_int sysoff; /* offset of e.g. "org.freebsd.rtld-elf-cap" */ + u_int syslen; /* length of above */ + u_int classoff; /* offset of variable ID e.g. "libs" */ + u_int classnamelen; /* length of above */ + u_int nameoff; /* offset of entry name (e.g. "libc.so.7") */ + u_int namelen; /* length of above */ int fd; /* the file descriptor */ }; - -struct lc_fdlist { - - unsigned int count; /* number of entries */ - unsigned int capacity; /* entries that we can hold */ - - unsigned int namelen; /* bytes of name data */ - unsigned int namecapacity; /* bytes of name data we can hold */ - - pthread_mutex_t lock; /* for thread safety */ - - struct lc_fdlist_entry entries[]; /* entries in the descriptor list */ +struct lc_fdlist_storage { + u_int count; /* number of entries */ + u_int capacity; /* entries that we can hold */ + u_int namelen; /* bytes of name data */ + u_int namecapacity; /* bytes of name data we can hold */ + struct lc_fdlist_entry entries[]; /* entries in the descriptor list */ /* followed by bytes of name data */ }; +struct lc_fdlist { + pthread_mutex_t lf_lock; /* for thread safety */ + struct lc_fdlist_storage *lf_storage; +}; - - -#define LOCK(l) pthread_mutex_lock(&((l)->lock)); -#define UNLOCK(l) pthread_mutex_unlock(&((l)->lock)); +#define LOCK(lfp) pthread_mutex_lock(&((lfp)->lf_lock)); +#define UNLOCK(lfp) pthread_mutex_unlock(&((lfp)->lf_lock)); /* Where an FD list's name byte array starts */ -char* lc_fdlist_names(struct lc_fdlist *l); - - - -struct lc_fdlist *global_fdlist = NULL; - - -struct lc_fdlist* -lc_fdlist_global(void) { - - if (global_fdlist == NULL) { - - char *env = getenv(LIBCAPABILITY_SANDBOX_FDLIST); - - if ((env != NULL) && (strnlen(env, 8) < 7)) { - - for (int i = 0; (i < 7) && env[i]; i++) - if ((env[i] < '0') || (env[i] > '9')) - return NULL; - - int fd = -1; - if (sscanf(env, "%d", &fd) != 1) - return NULL; +static char *lc_fdlist_storage_names(struct lc_fdlist_storage *lfsp); +static u_int lc_fdlist_storage_size(struct lc_fdlist_storage *lfsp); - if (fd < 0) - return NULL; - - struct stat stats; - if (fstat(fd, &stats) < 0) - return NULL; +static struct lc_fdlist global_fdlist = { + .lf_lock = PTHREAD_MUTEX_INITIALIZER, +}; - global_fdlist = mmap(NULL, stats.st_size, - PROT_READ | PROT_WRITE, - MAP_NOSYNC | MAP_SHARED, fd, 0); +struct lc_fdlist * +lc_fdlist_global(void) +{ + char *env; + + /* + * global_fdlist.lf_storage is set to a non-NULL value after the + * first call, and will never change; global_fdlist is only valid + * once it has non-NULL storage. + */ + LOCK(&global_fdlist); + if (global_fdlist.lf_storage != NULL) { + UNLOCK(&global_fdlist); + return (&global_fdlist); + } + + env = getenv(LIBCAPABILITY_SANDBOX_FDLIST); + if ((env != NULL) && (strnlen(env, 8) < 7)) { + struct lc_fdlist_storage *lfsp; + struct stat sb; + int fd = -1; + + /* XXX: Should use strtol(3). */ + for (int i = 0; (i < 7) && env[i]; i++) { + if ((env[i] < '0') || (env[i] > '9')) + goto fail; } - } - - return global_fdlist; + if (sscanf(env, "%d", &fd) != 1) + goto fail; + if (fd < 0) + goto fail; + if (fstat(fd, &sb) < 0) + goto fail; + lfsp = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, + MAP_NOSYNC | MAP_SHARED, fd, 0); + if (lfsp == NULL) + goto fail; + + /* + * XXX: Should perform additional validation of shared memory + * to make sure sizes/etc are internally consistent. + */ + global_fdlist.lf_storage = lfsp; + } + return (&global_fdlist); + +fail: + /* XXX: We don't always set errno before returning. */ + UNLOCK(&global_fdlist); + return (NULL); } - #define INITIAL_ENTRIES 16 #define INITIAL_NAMEBYTES (64 * INITIAL_ENTRIES) - -struct lc_fdlist* -lc_fdlist_new(void) { - - int bytes = sizeof(struct lc_fdlist) - + INITIAL_ENTRIES * sizeof(struct lc_fdlist_entry) - + INITIAL_NAMEBYTES; - - struct lc_fdlist *fdlist = malloc(bytes); - if (fdlist == NULL) return (NULL); - - fdlist->count = 0; - fdlist->capacity = INITIAL_ENTRIES; - fdlist->namelen = 0; - fdlist->namecapacity = INITIAL_NAMEBYTES; - - if (pthread_mutex_init(&fdlist->lock, NULL)) { - free(fdlist); - return NULL; +struct lc_fdlist * +lc_fdlist_new(void) +{ + struct lc_fdlist_storage *lfsp; + struct lc_fdlist *lfp; + u_int bytes; + + lfp = malloc(sizeof(*lfp)); + bytes = sizeof(*lfsp) + + INITIAL_ENTRIES * sizeof(struct lc_fdlist_entry) + + INITIAL_NAMEBYTES; + lfsp = lfp->lf_storage = malloc(bytes); + if (lfsp == NULL) { + free(lfp); + return (NULL); + } + lfsp->count = 0; + lfsp->capacity = INITIAL_ENTRIES; + lfsp->namelen = 0; + lfsp->namecapacity = INITIAL_NAMEBYTES; + if (pthread_mutex_init(&lfp->lf_lock, NULL) != 0) { + free(lfp->lf_storage); + free(lfp); + return (NULL); } - - return fdlist; + return (lfp); } - -struct lc_fdlist* -lc_fdlist_dup(struct lc_fdlist *orig) { - - LOCK(orig); - - int size = lc_fdlist_size(orig); - struct lc_fdlist *copy = NULL; - - if (size > 0) { - copy = malloc(size); - if (copy != NULL) memcpy(copy, orig, size); - } - - UNLOCK(orig); - - return copy; +struct lc_fdlist * +lc_fdlist_dup(struct lc_fdlist *lfp_orig) +{ + struct lc_fdlist *lfp_new; + u_int size; + + lfp_new = malloc(sizeof(*lfp_new)); + if (lfp_new == NULL) + return (NULL); + if (pthread_mutex_init(&lfp_new->lf_lock, NULL) != 0) { + free(lfp_new); + return (NULL); + } + LOCK(lfp_orig); + size = lc_fdlist_storage_size(lfp_orig->lf_storage); + lfp_new->lf_storage = malloc(size); + if (lfp_new->lf_storage == NULL) { + UNLOCK(lfp_orig); + pthread_mutex_destroy(&lfp_new->lf_lock); + free(lfp_new); + return (NULL); + } + memcpy(lfp_new->lf_storage, lfp_orig->lf_storage, size); + UNLOCK(lfp_orig); + return (lfp_new); } - void -lc_fdlist_free(struct lc_fdlist *l) { +lc_fdlist_free(struct lc_fdlist *lfp) +{ - LOCK(l); - - pthread_mutex_destroy(&l->lock); - free(l); + free(lfp->lf_storage); + pthread_mutex_destroy(&lfp->lf_lock); + free(lfp); } - - int -lc_fdlist_add(struct lc_fdlist **fdlist, - const char *subsystem, const char *id, - const char *name, int fd) { - - struct lc_fdlist *l = *fdlist; - - if (l == NULL) { - - errno = EINVAL; - return -1; - } - - LOCK(l); - - /* do we need more entry space? */ - if (l->count == l->capacity) { - - /* move name data out of the way */ +lc_fdlist_add(struct lc_fdlist *lfp, const char *subsystem, + const char *classname, const char *name, int fd) +{ + struct lc_fdlist_storage *lfsp; + + LOCK(lfp); + lfsp = lfp->lf_storage; + + /* Do we need more entry space? */ + if (lfsp->count == lfsp->capacity) { + u_int namebytes_per_entry, newnamebytes, newsize; + struct lc_fdlist_storage *lfsp_copy; char *tmp = NULL; - if (l->namelen > 0) { - tmp = malloc(l->namelen); + + /* Copy name data out of the way. */ + if (lfsp->namelen > 0) { + tmp = malloc(lfsp->namelen); if (tmp == NULL) { - UNLOCK(l); + UNLOCK(lfp); return (-1); } - - memcpy(tmp, lc_fdlist_names(l), l->namelen); + memcpy(tmp, lc_fdlist_storage_names(lfsp), + lfsp->namelen); } - /* double the number of available entries */ - int namebytes_per_entry = l->namecapacity / l->capacity; - int newnamebytes = l->capacity * namebytes_per_entry; - - int newsize = lc_fdlist_size(l) + newnamebytes - + l->capacity * sizeof(struct lc_fdlist_entry); - - struct lc_fdlist *copy = realloc(l, newsize); - if (copy == NULL) { + /* Double the number of available entries. */ + namebytes_per_entry = lfsp->namecapacity / lfsp->capacity; + newnamebytes = lfsp->capacity * namebytes_per_entry; + newsize = lc_fdlist_storage_size(lfsp) + newnamebytes + + lfsp->capacity * sizeof(struct lc_fdlist_entry); + lfsp_copy = realloc(lfsp, newsize); + if (lfsp_copy == NULL) { free(tmp); - UNLOCK(l); + UNLOCK(lfp); return (-1); } - copy->capacity *= 2; - copy->namecapacity += newnamebytes; + lfsp_copy->capacity *= 2; + lfsp_copy->namecapacity += newnamebytes; - /* copy name bytes back */ - if (copy->namelen > 0) - memcpy(lc_fdlist_names(copy), tmp, copy->namelen); + /* Copy name bytes back. */ + if (lfsp_copy->namelen > 0) + memcpy(lc_fdlist_storage_names(lfsp_copy), tmp, + lfsp_copy->namelen); + free(lfsp); + lfsp = lfp->lf_storage = lfsp_copy; free(tmp); - - *fdlist = copy; - l = *fdlist; } - - /* do we need more name space? */ - int subsyslen = strlen(subsystem); - int idlen = strlen(id); - int namelen = strlen(name); - - if ((l->namelen + subsyslen + idlen + namelen) >= l->namecapacity) { - - /* double the name capacity */ - struct lc_fdlist* enlarged - = realloc(l, lc_fdlist_size(l) + l->namecapacity); - - if (enlarged == NULL) { - UNLOCK(l); + /* Do we need more name space? */ + u_int subsyslen = strlen(subsystem); + u_int classnamelen = strlen(classname); + u_int namelen = strlen(name); + + if ((lfsp->namelen + subsyslen + classnamelen + namelen) >= + lfsp->namecapacity) { + + /* Double the name capacity. */ + struct lc_fdlist_storage *lfsp_enlarged; + + lfsp_enlarged = realloc(lfsp, lc_fdlist_storage_size(lfsp) + + lfsp->namecapacity); + if (lfsp_enlarged == NULL) { + UNLOCK(lfp); return (-1); } - enlarged->namecapacity *= 2; - *fdlist = enlarged; - l = *fdlist; + lfsp_enlarged->namecapacity *= 2; + lfsp = lfp->lf_storage = lfsp_enlarged; } - - /* create the new entry */ - struct lc_fdlist_entry *entry = l->entries + l->count; + /* Create the new entry. */ + struct lc_fdlist_entry *entry = lfsp->entries + lfsp->count; entry->fd = fd; - char *names = lc_fdlist_names(l); - char *head = names + l->namelen; + char *names = lc_fdlist_storage_names(lfsp); + char *head = names + lfsp->namelen; strncpy(head, subsystem, subsyslen + 1); - entry->sysoff = (head - names); - entry->syslen = subsyslen; - head += subsyslen + 1; - - strncpy(head, id, idlen + 1); - entry->idoff = (head - names); - entry->idlen = idlen; - head += idlen + 1; + entry->sysoff = (head - names); + entry->syslen = subsyslen; + head += subsyslen + 1; + + strncpy(head, classname, classnamelen + 1); + entry->classoff = (head - names); + entry->classnamelen = classnamelen; + head += classnamelen + 1; strncpy(head, name, namelen + 1); - entry->nameoff = (head - names); - entry->namelen = namelen + 1; - head += namelen + 1; - - l->count++; - l->namelen = (head - names); + entry->nameoff = (head - names); + entry->namelen = namelen + 1; + head += namelen + 1; - UNLOCK(l); + lfsp->count++; + lfsp->namelen = (head - names); - return 0; + UNLOCK(lfp); + return (0); } - int -lc_fdlist_addcap(struct lc_fdlist **fdlist, - const char *subsystem, const char *id, - const char *name, int fd, cap_rights_t rights) { - - int cap = cap_new(fd, rights); +lc_fdlist_append(struct lc_fdlist *to, struct lc_fdlist *from) +{ + int pos = 0; + + /* Use address to order lc_fdlist locks. */ + if ((uintptr_t)to < (uintptr_t)from) { + LOCK(to); + LOCK(from); + } else { + LOCK(from); + LOCK(to); + } + + for (u_int i = 0; i < from->lf_storage->count; i++) { + char *subsystem; + char *classname; + char *name; + int fd; + + /* + * XXXRW: This recurses the from lock. + */ + if (lc_fdlist_getentry(from, &subsystem, &classname, &name, + &fd, &pos) < 0) + goto fail; + + /* + * XXXRW: This recurses the to lock. + */ + if (lc_fdlist_add(to, subsystem, classname, name, fd) < 0) { + free(subsystem); + goto fail; + } + free(subsystem); + } + return (0); - return lc_fdlist_add(fdlist, subsystem, id, name, cap); +fail: + UNLOCK(from); + UNLOCK(to); + return (-1); } - int -lc_fdlist_lookup(struct lc_fdlist *l, - const char *subsystem, const char *id, char **name, int *fdp, - int *pos) { +lc_fdlist_addcap(struct lc_fdlist *fdlist, const char *subsystem, + const char *classname, const char *name, int fd, cap_rights_t rights) +{ + int capfd; + + /* + * XXXRW: This API isn't particularly caller-friendly, in that it + * allocates a descriptor that the caller is responsible for freeing, + * but doesn't tell the caller what fd that is. Not yet clear what + * the preferred API is. + */ + capfd = cap_new(fd, rights); + if (capfd < 0) + return (-1); + return (lc_fdlist_add(fdlist, subsystem, classname, name, capfd)); +} - if (l == NULL) { +int +lc_fdlist_lookup(struct lc_fdlist *lfp, const char *subsystem, + const char *classname, char **name, int *fdp, int *pos) +{ + struct lc_fdlist_storage *lfsp; + + LOCK(lfp); + lfsp = lfp->lf_storage; + if ((pos != NULL) && (*pos >= (int)lfsp->count)) { + UNLOCK(lfp); errno = EINVAL; - return -1; + return (-1); } - LOCK(l); - int successful = 0; - const char *names = lc_fdlist_names(l); - - for (unsigned int i = (pos ? *pos + 1 : 0); i < l->count; i++) { + const char *names = lc_fdlist_storage_names(lfsp); - struct lc_fdlist_entry *entry = l->entries + i; + for (u_int i = (pos ? *pos : 0); i < lfsp->count; i++) { + struct lc_fdlist_entry *entry = lfsp->entries + i; - if (!strncmp(subsystem, names + entry->sysoff, entry->syslen + 1) - && !strncmp(id, names + entry->idoff, entry->idlen + 1)) { + if ((!subsystem || + !strncmp(subsystem, names + entry->sysoff, + entry->syslen + 1)) + && (!classname || !strncmp(classname, names + + entry->classoff, entry->classnamelen + 1))) { /* found a matching entry! */ - *name = malloc(entry->namelen + 1); - strncpy(*name, names + entry->nameoff, entry->namelen + 1); + if (name) { + *name = malloc(entry->namelen + 1); + strncpy(*name, names + entry->nameoff, + entry->namelen + 1); + } *fdp = entry->fd; - - if (pos) *pos = i; + if (pos) *pos = i + 1; successful = 1; - break; } } - - UNLOCK(l); - - if (successful) return 0; - else { - errno = ENOENT; - return (-1); - } + UNLOCK(lfp); + if (successful) + return (0); + errno = ENOENT; + return (-1); } - int -lc_fdlist_size(struct lc_fdlist* l) { - - LOCK(l); - - if (l == NULL) { +lc_fdlist_getentry(struct lc_fdlist *lfp, char **subsystem, char **classname, + char **name, int *fdp, int *pos) +{ + struct lc_fdlist_storage *lfsp; + + LOCK(lfp); + lfsp = lfp->lf_storage; + if ((pos == NULL) || (*pos < 0) || (*pos >= (int) lfsp->count) + || (subsystem == NULL) || (classname == NULL) + || (name == NULL) || (fdp == NULL)) { errno = EINVAL; return (-1); } - int size = sizeof(struct lc_fdlist) - + l->capacity * sizeof(struct lc_fdlist_entry) - + l->namecapacity; + struct lc_fdlist_entry *entry = lfsp->entries + *pos; + char *names = lc_fdlist_storage_names(lfsp); + int size = entry->syslen + entry->classnamelen + entry->namelen; *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 16:12:39 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ECBAC1065676; Tue, 2 Feb 2010 16:12:39 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DA4348FC0C; Tue, 2 Feb 2010 16:12:39 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12GCdeX007209; Tue, 2 Feb 2010 16:12:39 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12GCdCj007196; Tue, 2 Feb 2010 16:12:39 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002021612.o12GCdCj007196@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 16:12:39 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203379 - in projects/capabilities8: lib/libc/gen lib/libcapsicum libexec/rtld-elf libexec/rtld-elf-cap usr.bin/gzip X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 16:12:40 -0000 Author: rwatson Date: Tue Feb 2 16:12:39 2010 New Revision: 203379 URL: http://svn.freebsd.org/changeset/base/203379 Log: Merge c174076, c174092, c174095, c174096, and c174128 from the p4 TrustedBSD capabilities branch to capabilities8: Added the weak symbol ld_libdirs() ld_libdirs(int**) => ld_libdirs(int*,int*) Implementation of ld_libdirs() Ensure that the argument to add_libdir_paths() is not NULL Use lc_fdlist for sandbox configuration. No more need for ld_libcache, and libcapsicum has been simplified somewhat. Submitted by: Jonathan Anderson Added: projects/capabilities8/lib/libc/gen/ld_libdirs.c Deleted: projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.c projects/capabilities8/libexec/rtld-elf-cap/rtld_libcache.h Modified: projects/capabilities8/lib/libc/gen/Makefile.inc projects/capabilities8/lib/libc/gen/Symbol.map projects/capabilities8/lib/libcapsicum/libcapsicum.3 projects/capabilities8/lib/libcapsicum/libcapsicum.c projects/capabilities8/lib/libcapsicum/libcapsicum.h projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c projects/capabilities8/lib/libcapsicum/libcapsicum_host.c projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h projects/capabilities8/libexec/rtld-elf-cap/Makefile projects/capabilities8/libexec/rtld-elf/Symbol.map projects/capabilities8/libexec/rtld-elf/rtld.c projects/capabilities8/usr.bin/gzip/gzsandbox.c Modified: projects/capabilities8/lib/libc/gen/Makefile.inc ============================================================================== --- projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 16:12:39 2010 (r203379) @@ -20,7 +20,7 @@ SRCS+= __getosreldate.c __xuname.c \ getpeereid.c getprogname.c getpwent.c getttyent.c \ getusershell.c getvfsbyname.c glob.c \ initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \ - ld_libcache.c ld_sandbox.c \ + ld_libcache.c ld_libdirs.c ld_sandbox.c \ lockf.c lrand48.c mrand48.c nftw.c nice.c \ nlist.c nrand48.c opendir.c \ pause.c pmadvise.c popen.c posix_spawn.c \ Modified: projects/capabilities8/lib/libc/gen/Symbol.map ============================================================================== --- projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 16:12:39 2010 (r203379) @@ -343,6 +343,7 @@ FBSD_1.1 { ld_libcache_add; ld_libcache_lookup; ld_insandbox; + ld_libdirs; posix_spawn; posix_spawn_file_actions_addclose; posix_spawn_file_actions_adddup2; Added: projects/capabilities8/lib/libc/gen/ld_libdirs.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/lib/libc/gen/ld_libdirs.c Tue Feb 2 16:12:39 2010 (r203379) @@ -0,0 +1,44 @@ +/*- + * Copyright (c) 2010 Jonathan Anderson + * All rights reserved. + * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include + +#pragma weak ld_libdirs +int +ld_libdirs(int *fds, int *fdlen) +{ + + errno = EOPNOTSUPP; + return (-1); +} + Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.3 Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.3 Tue Feb 2 16:12:39 2010 (r203379) @@ -34,7 +34,7 @@ .\" .Dd June 11, 2009 .Os -.Dt LIBCAPABILITY 3 +.Dt LIBCAPSICUM 3 .Sh NAME .Nm libcapsicum .Nd "library interface to capability-mode services" @@ -89,7 +89,7 @@ file descriptor list API, described in .Xr libcapsicum_fdlist 3 , may be used to manage the delegation of file descriptors/capabilities to sandboxes using a namespace. -.Sh CAPABILITY API +.Sh CAPSICUM API .Fn lc_limitfd is a wrapper around .Xr cap_new 2 , Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 16:12:39 2010 (r203379) @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#3 $ */ #include @@ -154,7 +154,7 @@ ssize_t _lc_send_rights(int fd, const void *msg, size_t len, int flags, int lc_flags, int *fdp, int fdcount) { - char cmsgbuf[CMSG_SPACE(LIBCAPABILITY_SANDBOX_API_MAXRIGHTS * + char cmsgbuf[CMSG_SPACE(LIBCAPSICUM_SANDBOX_API_MAXRIGHTS * sizeof(int))]; struct cmsghdr *cmsg; struct msghdr msghdr; @@ -170,7 +170,7 @@ _lc_send_rights(int fd, const void *msg, return (-1); } - if (fdcount > LIBCAPABILITY_SANDBOX_API_MAXRIGHTS) { + if (fdcount > LIBCAPSICUM_SANDBOX_API_MAXRIGHTS) { errno = EMSGSIZE; return (-1); } @@ -224,7 +224,7 @@ ssize_t _lc_recv_rights(int fd, void *buf, size_t len, int flags, int lc_flags, int *fdp, int *fdcountp) { - char cmsgbuf[CMSG_SPACE(LIBCAPABILITY_SANDBOX_API_MAXRIGHTS * + char cmsgbuf[CMSG_SPACE(LIBCAPSICUM_SANDBOX_API_MAXRIGHTS * sizeof(int))]; struct msghdr msghdr; struct iovec iov; @@ -238,7 +238,7 @@ _lc_recv_rights(int fd, void *buf, size_ return (-1); } - if (*fdcountp > LIBCAPABILITY_SANDBOX_API_MAXRIGHTS) { + if (*fdcountp > LIBCAPSICUM_SANDBOX_API_MAXRIGHTS) { errno = EMSGSIZE; return (-1); } Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 16:12:39 2010 (r203379) @@ -30,11 +30,11 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#4 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#11 $ */ -#ifndef _LIBCAPABILITY_H_ -#define _LIBCAPABILITY_H_ +#ifndef _LIBCAPSICUM_H_ +#define _LIBCAPSICUM_H_ #include #include @@ -73,7 +73,7 @@ u_int lc_fdlist_size(struct lc_fdlist *l * Add a file descriptor to the list. * * lfp the list to add to - * subsystem a software component name, e.g. "org.freebsd.rtld-elf" + * subsystem a software component name, e.g. "org.freebsd.rtld-elf-cap" * classname a class name, e.g. "libdir" or "library" * name an instance name, e.g. "system library dir" or "libc.so.6" * fd the file descriptor @@ -141,13 +141,12 @@ int lch_autosandbox_isenabled(const char int lch_start(const char *sandbox, char *const argv[], u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_start_libs(const char *sandbox, char *const argv[], u_int flags, - struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds, - struct lc_sandbox **lcspp); + struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_startfd(int fd_sandbox, const char *binname, char *const argv[], u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp); int lch_startfd_libs(int fd_sandbox, const char *binname, - char *const argv[], u_int flags, struct lc_library *lclp, - u_int lcl_count, struct lc_fdlist *fds, struct lc_sandbox **lcspp); + char *const argv[], u_int flags, struct lc_fdlist *fds, + struct lc_sandbox **lcspp); void lch_stop(struct lc_sandbox *lcsp); /* @@ -222,6 +221,11 @@ int lcs_sendrpc_rights(struct lc_host *l */ int ld_libcache_lookup(const char *libname, int *fdp); int ld_insandbox(void); +/* + * If this call fails because the buffer 'fds' is too small, 'fdlen' will contain + * the size of the array which is actually required. + */ +int ld_libdirs(int *fds, int *fdlen); /* If this call is successful, the caller is responsible for freeing 'fds'. */ int ld_libdirs(int **fds); @@ -235,4 +239,4 @@ int cap_main(int argc, char *argv[]); __END_DECLS -#endif /* !_LIBCAPABILITY_H_ */ +#endif /* !_LIBCAPSICUM_H_ */ Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 16:12:39 2010 (r203379) @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#4 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#9 $ */ #include @@ -45,6 +45,7 @@ #include #include +#include "libcapsicum_internal.h" #include "libcapsicum_sandbox_api.h" struct lc_fdlist_entry { @@ -99,7 +100,7 @@ lc_fdlist_global(void) return (&global_fdlist); } - env = getenv(LIBCAPABILITY_SANDBOX_FDLIST); + env = getenv(LIBCAPSICUM_SANDBOX_FDLIST); if ((env != NULL) && (strnlen(env, 8) < 7)) { struct lc_fdlist_storage *lfsp; struct stat sb; @@ -118,7 +119,7 @@ lc_fdlist_global(void) goto fail; lfsp = mmap(NULL, sb.st_size, PROT_READ | PROT_WRITE, MAP_NOSYNC | MAP_SHARED, fd, 0); - if (lfsp == NULL) + if (lfsp == MAP_FAILED) goto fail; /* @@ -126,8 +127,8 @@ lc_fdlist_global(void) * to make sure sizes/etc are internally consistent. */ global_fdlist.lf_storage = lfsp; + return (&global_fdlist); } - return (&global_fdlist); fail: /* XXX: We don't always set errno before returning. */ @@ -309,6 +310,13 @@ int lc_fdlist_append(struct lc_fdlist *to, struct lc_fdlist *from) { int pos = 0; + if (to == NULL) { + errno = EINVAL; + return (-1); + } + + if (from == NULL) + return (0); /* Use address to order lc_fdlist locks. */ if ((uintptr_t)to < (uintptr_t)from) { @@ -401,7 +409,7 @@ lc_fdlist_lookup(struct lc_fdlist *lfp, } *fdp = entry->fd; - if (pos) *pos = i + 1; + if (pos != NULL) *pos = i + 1; successful = 1; break; } @@ -421,14 +429,14 @@ lc_fdlist_getentry(struct lc_fdlist *lfp LOCK(lfp); lfsp = lfp->lf_storage; - if ((pos == NULL) || (*pos < 0) || (*pos >= (int) lfsp->count) - || (subsystem == NULL) || (classname == NULL) - || (name == NULL) || (fdp == NULL)) { + + if ((subsystem == NULL) || (classname == NULL) || (name == NULL) + || (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) { errno = EINVAL; return (-1); } - struct lc_fdlist_entry *entry = lfsp->entries + *pos; + struct lc_fdlist_entry *entry = lfsp->entries + (pos ? *pos : 0); char *names = lc_fdlist_storage_names(lfsp); int size = entry->syslen + entry->classnamelen + entry->namelen; char *head = malloc(size); @@ -448,7 +456,8 @@ lc_fdlist_getentry(struct lc_fdlist *lfp *fdp = entry->fd; UNLOCK(lfp); - (*pos)++; + if (pos) (*pos)++; + return (0); } @@ -536,3 +545,9 @@ lc_fdlist_storage_names(struct lc_fdlist return (((char *) lfsp) + lc_fdlist_storage_size(lfsp) - lfsp->namecapacity); } + +void* +_lc_fdlist_getstorage(struct lc_fdlist* lfp) { + return lfp->lf_storage; +} + Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 16:12:39 2010 (r203379) @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#6 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#10 $ */ #include @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -54,275 +55,230 @@ #include "libcapsicum_internal.h" #include "libcapsicum_sandbox_api.h" -#define LIBCAPABILITY_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE) -#define LIBCAPABILITY_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE) -#define LIBCAPABILITY_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \ +#define LIBCAPSICUM_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE) +#define LIBCAPSICUM_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE) +#define LIBCAPSICUM_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \ CAP_FSTATFS | \ CAP_FEXECVE | CAP_MMAP | \ CAP_MAPEXEC) -#define LIBCAPABILITY_CAPMASK_SANDBOX LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LDSO LIBCAPABILITY_CAPMASK_BIN -#define LIBCAPABILITY_CAPMASK_LIB LIBCAPABILITY_CAPMASK_BIN +#define LIBCAPSICUM_CAPMASK_SANDBOX LIBCAPSICUM_CAPMASK_BIN +#define LIBCAPSICUM_CAPMASK_LDSO LIBCAPSICUM_CAPMASK_BIN +#define LIBCAPSICUM_CAPMASK_LIB LIBCAPSICUM_CAPMASK_BIN +#define LIBCAPSICUM_CAPMASK_LIBDIR LIBCAPSICUM_CAPMASK_LIB \ + | CAP_LOOKUP | CAP_ATBASE +#define LIBCAPSICUM_CAPMASK_FDLIST CAP_READ | CAP_WRITE | CAP_FTRUNCATE \ + | CAP_FSTAT | CAP_MMAP #define _PATH_LIB "/lib" #define _PATH_USR_LIB "/usr/lib" -#define LIBC_SO "libc.so.7" -#define LIBCAPABILITY_SO "libcapsicum.so.1" +#define LIBC_SO "libc.so.7" +#define LIBCAPSICUM_SO "libcapsicum.so.1" #define LIBSBUF_SO "libsbuf.so.5" extern char **environ; #define LD_ELF_CAP_SO "ld-elf-cap.so.1" #define PATH_LD_ELF_CAP_SO "/libexec" -char *ldso_argv[] = { - __DECONST(char *, PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO), - NULL, -}; int lch_autosandbox_isenabled(__unused const char *servicename) { - if (getenv("LIBCAPABILITY_NOAUTOSANDBOX") != NULL) + if (getenv("LIBCAPSICUM_NOAUTOSANDBOX") != NULL) return (0); return (1); } -/* - * Install an array of file descriptors using the array index of each - * descriptor in the array as its destination file descriptor number. All - * other existing file descriptors will be closed when this function returns, - * leaving a pristine vector. If calls fail, then we return (-1), but there - * are no guarantees about the state of the file descriptor array for the - * process, so it's a throw-away. - * - * It would be nice not to shuffle descriptors that already have the right - * number. - */ -static int -lch_installfds(u_int fd_count, int *fds) -{ - u_int i; - int highestfd; - if (fd_count == 0) - return (0); +static void +lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, int fd_devnull, u_int flags, + const char *binname, char *const argv[], __unused struct lc_fdlist *userfds) +{ + struct sbuf *sbufp; + int shmfd = -1; + size_t fdlistsize; + struct lc_fdlist *fds; + void *shm; /* - * Identify the highest source file descriptor we care about so that - * when we play the dup2() rearranging game, we don't overwrite any - * we care about. + * Inform the run-time linked of the binary's name. */ - highestfd = fds[0]; - for (i = 1; i < fd_count; i++) { - if (fds[i] > highestfd) - highestfd = fds[i]; - } - highestfd++; /* Don't tread on the highest */ + if (setenv("LD_BINNAME", binname, 1) == -1) + err(-1, "Error in setenv(LD_BINNAME)"); /* - * First, move all our descriptors up the range. + * Create an anonymous shared memory segment for the FD list. */ - for (i = 0; i < fd_count; i++) { - if (dup2(fds[i], highestfd + i) < 0) - return (-1); - } + shmfd = open("/tmp/jon-foo"/*SHM_ANON*/, O_RDWR | O_CREAT | O_TRUNC, 0600); + if (shmfd < 0) + err(-1, "Error creating shared memory segment"); /* - * Now put them back. + * Create and fill up the FD list. */ - for (i = 0; i < fd_count; i++) { - if (dup2(highestfd + i, i) < 0) - return (-1); - } + fds = lc_fdlist_new(); + if (fds == NULL) + err(-1, "Error in lc_fdlist_new()"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "stdin", "", + STDIN_FILENO, 0) < 0) + err(-1, "Error in lc_fdlist_addcap(stdin)"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "stdout", "", + STDOUT_FILENO, + (flags & LCH_PERMIT_STDOUT) ? CAP_WRITE | CAP_SEEK : 0) < 0) + err(-1, "Error in lc_fdlist_addcap(stdout)"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "stderr", "", + STDERR_FILENO, + (flags & LCH_PERMIT_STDERR) ? CAP_WRITE | CAP_SEEK : 0) < 0) + err(-1, "Error in lc_fdlist_addcap(stderr)"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "socket", "", + fd_sock, LIBCAPSICUM_CAPMASK_SOCK) < 0) + err(-1, "Error in lc_fdlist_addcap(fd_sock)"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "/dev/null", "", + fd_devnull, LIBCAPSICUM_CAPMASK_DEVNULL) < 0) + err(-1, "Error in lc_fdlist_addcap(fd_devnull)"); + + if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "fdlist", "", + shmfd, LIBCAPSICUM_CAPMASK_FDLIST) < 0) + err(-1, "Error in lc_fdlist_addcap(shmfd)"); + + if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "rtld", "", + fd_rtld, LIBCAPSICUM_CAPMASK_LDSO) < 0) + err(-1, "Error in lc_fdlist_addcap(fd_rtld)"); + + if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "binary", "", + fd_binary, LIBCAPSICUM_CAPMASK_SANDBOX) < 0) + err(-1, "Error in lc_fdlist_addcap(fd_binary)"); + + if (lc_fdlist_append(fds, userfds) < 0) + err(-1, "Error in lc_fdlist_append()"); /* - * Close the descriptors that we moved, as well as any others that - * were left open by the caller. + * Ask RTLD for library path descriptors. + * + * NOTE: This is FreeBSD-specific; porting to other operating systems will + * require dynamic linkers capable of answering similar queries. */ - closefrom(fd_count); - return (0); -} + int size = 16; + int *libdirs; + + while (1) { + libdirs = malloc(size * sizeof(int)); + + if (ld_libdirs(libdirs, &size) < 0) { + free(libdirs); + + if (size > 0) continue; + else err(-1, "Error in ld_libdirs()"); + } + else break; + } + + + for (int j = 0; j < size; j++) + if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "libdir", "", + libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0) + err(-1, "Error in lc_fdlist_addcap(libdirs[%d]: %d)", + j, libdirs[j]); + + if (lc_fdlist_reorder(fds) < 0) + err(-1, "Error in lc_fdlist_reorder()"); -static void -lch_sandbox(int fd_sock, int fd_sandbox, int fd_ldso, int fd_libc, - int fd_libcapsicum, int fd_libsbuf, int fd_devnull, u_int flags, - struct lc_library *lclp, u_int lcl_count, const char *binname, - char *const argv[], struct lc_fdlist *fds) -{ - int *fd_array, fdcount, fdnum; - struct sbuf *sbufp; - int shmfd = -1; - size_t fdlistsize; - void *shm; - char fdliststr[8]; - u_int i; /* - * Create an anonymous shared memory segment for the FD list. + * Find the fdlist shared memory segment. */ - if (fds == NULL) fds = lc_fdlist_new(); - - shmfd = shm_open(SHM_ANON, O_RDWR, 0600); - if (shmfd < 0) - return; - fdlistsize = lc_fdlist_size(fds); - if (ftruncate(shmfd, fdlistsize) < 0) - return; + int pos = 0; + if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL, + &shmfd, &pos) < 0) + err(-1, "Error in lc_fdlist_lookup(fdlist)"); + + char tmp[8]; + sprintf(tmp, "%d", shmfd); + if (setenv(LIBCAPSICUM_SANDBOX_FDLIST, tmp, 1) == -1) + err(-1, "Error in setenv(LIBCAPSICUM_SANDBOX_FDLIST)"); /* * Map it and copy the list. */ + fdlistsize = lc_fdlist_size(fds); + if (ftruncate(shmfd, fdlistsize) < 0) + err(-1, "Error in ftruncate(shmfd)"); + shm = mmap(NULL, fdlistsize, PROT_READ | PROT_WRITE, MAP_NOSYNC | MAP_SHARED, shmfd, 0); if (shm == MAP_FAILED) - return; - memcpy(shm, fds, fdlistsize); + err(-1, "Error mapping fdlist SHM"); + + memcpy(shm, _lc_fdlist_getstorage(fds), fdlistsize); if (munmap(shm, fdlistsize)) - return; + err(-1, "Error in munmap(shm, fdlistsize)"); - if (lc_fdlist_addcap(fds, "org.freebsd.libcapsicum", "/dev/null", "", - fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.libcapsicum", "sandbox", "", - fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.libcapsicum", "socket", "", - fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.rtld-elf-cap", "ldso", "", - fd_ldso, LIBCAPABILITY_CAPMASK_LDSO) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.rtld-elf-cap", "lib", "libc", - fd_libc, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.rtld-elf-cap", "lib", "libcapsicum", - fd_libcapsicum, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - if (lc_fdlist_addcap(fds, "org.freebsd.rtld-elf-cap", "lib", "libsbuf", - fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; -/* - { - int pos = 0; - char *subsystem; - char *class; - char *name; - int fd; - while (lc_fdlist_getentry(fds, &subsystem, &class, &name, &fd, &pos) - >= 0) { - printf("%d\t'%s'.'%s': '%s' (%d)\n", - pos, subsystem, class, name, fd); - } - } -*/ - if (lc_limitfd(fd_devnull, LIBCAPABILITY_CAPMASK_DEVNULL) < 0) - return; - if (lc_limitfd(fd_sandbox, LIBCAPABILITY_CAPMASK_SANDBOX) < 0) - return; - if (lc_limitfd(fd_sock, LIBCAPABILITY_CAPMASK_SOCK) < 0) - return; - if (lc_limitfd(fd_ldso, LIBCAPABILITY_CAPMASK_LDSO) < 0) - return; - if (lc_limitfd(fd_libc, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - if (lc_limitfd(fd_libcapsicum, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - if (lc_limitfd(fd_libsbuf, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - - fdnum = 10; - if (shmfd != -1) - fdnum++; - - fdcount = fdnum + lcl_count; - fd_array = malloc(fdcount * sizeof(int)); - if (fd_array == NULL) - return; - - fd_array[0] = fd_devnull; - if (flags & LCH_PERMIT_STDOUT) { - if (lc_limitfd(STDOUT_FILENO, CAP_SEEK | CAP_WRITE) < 0) - return; - fd_array[1] = STDOUT_FILENO; - } else - fd_array[1] = fd_devnull; - if (flags & LCH_PERMIT_STDERR) { - if (lc_limitfd(STDERR_FILENO, CAP_SEEK | CAP_WRITE) < 0) - return; - fd_array[2] = STDERR_FILENO; - } else - fd_array[2] = fd_devnull; - fd_array[3] = fd_sandbox; - fd_array[4] = fd_sock; - fd_array[5] = fd_ldso; - fd_array[6] = fd_libc; - fd_array[7] = fd_libcapsicum; - fd_array[8] = fd_libsbuf; - fd_array[9] = fd_devnull; - if (shmfd != -1) - fd_array[10] = shmfd; - for (i = 0; i < lcl_count; i++) { - if (lc_limitfd(lclp->lcl_fd, LIBCAPABILITY_CAPMASK_LIB) < 0) - return; - fd_array[i + fdnum] = lclp[i].lcl_fd; - } + /* + * Find RTLD. + */ + if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "rtld", NULL, &fd_rtld, + NULL) < 0) + err(-1, "Error in lc_fdlist_lookup(RTLD)"); - if (lch_installfds(fdcount, fd_array) < 0) - return; + /* + * Find the binary for RTLD. + */ + if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL, &fd_binary, + NULL) < 0) + err(-1, "Error in lc_fdlist_lookup(RTLD binary)"); + + sprintf(tmp, "%d", fd_binary); + if (setenv("LD_BINARY", tmp, 1) != 0) + err(-1, "Error in setenv(LD_BINARY)"); + /* + * Build LD_LIBRARY_DIRS for RTLD. + * + * NOTE: This is FreeBSD-specific; porting to other operating systems will + * require dynamic linkers capable of operating on file descriptors. + */ sbufp = sbuf_new_auto(); if (sbufp == NULL) - return; - (void)sbuf_printf(sbufp, "%d:%s,%d:%s,%d:%s,%d:%s,%d:%s,%d:%s", - 3, binname, 5, LD_ELF_CAP_SO, 6, LIBC_SO, 7, LIBCAPABILITY_SO, - 8, LIBSBUF_SO, 9, _PATH_DEVNULL); - for (i = 0; i < lcl_count; i++) - (void)sbuf_printf(sbufp, ",%d:%s", i + fdnum, - lclp[i].lcl_libname); - sbuf_finish(sbufp); - if (sbuf_overflowed(sbufp)) - return; - if (setenv("LD_LIBCACHE", sbuf_data(sbufp), 1) == -1) - return; - sbuf_delete(sbufp); + err(-1, "Error in sbuf_new_auto()"); + + { + int fd; + while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", + NULL, &fd, &pos) >= 0) + sbuf_printf(sbufp, "%d:", fd); + } - sbufp = sbuf_new_auto(); - if (sbufp == NULL) - return; - (void)sbuf_printf(sbufp, "%s:%d", LIBCAPABILITY_SANDBOX_API_SOCK, 4); sbuf_finish(sbufp); if (sbuf_overflowed(sbufp)) - return; - if (setenv(LIBCAPABILITY_SANDBOX_API_ENV, sbuf_data(sbufp), 1) == -1) - return; + err(-1, "sbuf_overflowed()"); + if (setenv("LD_LIBRARY_DIRS", sbuf_data(sbufp), 1) == -1) + err(-1, "Error in setenv(LD_LIBRARY_DIRS)"); sbuf_delete(sbufp); - if (shmfd != -1) { - sprintf(fdliststr, "%d", 10); - if (setenv(LIBCAPABILITY_SANDBOX_FDLIST, fdliststr, 1) == -1) - return; - } if (cap_enter() < 0) - return; + err(-1, "cap_enter() failed"); - (void)fexecve(5, argv, environ); + (void)fexecve(fd_rtld, argv, environ); } int -lch_startfd_libs(int fd_sandbox, const char *binname, char *const argv[], - u_int flags, struct lc_library *lclp, u_int lcl_count, - struct lc_fdlist *fds, struct lc_sandbox **lcspp) +lch_startfd_libs(int fd_binary, const char *binname, char *const argv[], + u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp) { struct lc_sandbox *lcsp; - int fd_devnull, fd_ldso, fd_libc, fd_libcapsicum, fd_libsbuf; + int fd_devnull, fd_rtld, fd_libc, fd_libcapsicum, fd_libsbuf; int fd_procdesc, fd_sockpair[2]; int error, val; pid_t pid; - fd_devnull = fd_ldso = fd_libc = fd_libcapsicum = fd_libsbuf = + fd_devnull = fd_rtld = fd_libc = fd_libcapsicum = fd_libsbuf = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; lcsp = malloc(sizeof(*lcsp)); @@ -331,11 +287,11 @@ lch_startfd_libs(int fd_sandbox, const c bzero(lcsp, sizeof(*lcsp)); if (ld_insandbox()) { - if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_ldso) < 0) + if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_rtld) < 0) goto out_error; if (ld_libcache_lookup(LIBC_SO, &fd_libc) < 0) goto out_error; - if (ld_libcache_lookup(LIBCAPABILITY_SO, + if (ld_libcache_lookup(LIBCAPSICUM_SO, &fd_libcapsicum) < 0) goto out_error; if (ld_libcache_lookup(LIBSBUF_SO, &fd_libsbuf) < 0) @@ -343,9 +299,9 @@ lch_startfd_libs(int fd_sandbox, const c if (ld_libcache_lookup(_PATH_DEVNULL, &fd_devnull) < 0) goto out_error; } else { - fd_ldso = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, + fd_rtld = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY); - if (fd_ldso < 0) + if (fd_rtld < 0) goto out_error; fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY); if (fd_libc < 0) @@ -353,7 +309,7 @@ lch_startfd_libs(int fd_sandbox, const c fd_libsbuf = open(_PATH_LIB "/" LIBSBUF_SO, O_RDONLY); if (fd_libsbuf < 0) goto out_error; - fd_libcapsicum = open(_PATH_USR_LIB "/" LIBCAPABILITY_SO, + fd_libcapsicum = open(_PATH_USR_LIB "/" LIBCAPSICUM_SO, O_RDONLY); if (fd_libcapsicum < 0) goto out_error; @@ -378,9 +334,8 @@ lch_startfd_libs(int fd_sandbox, const c goto out_error; } if (pid == 0) { - lch_sandbox(fd_sockpair[1], fd_sandbox, fd_ldso, fd_libc, - fd_libcapsicum, fd_libsbuf, fd_devnull, flags, lclp, - lcl_count, binname, argv, fds); + lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, fd_devnull, flags, + binname, argv, fds); exit(-1); } #ifndef IN_CAP_MODE @@ -388,7 +343,7 @@ lch_startfd_libs(int fd_sandbox, const c close(fd_libsbuf); close(fd_libcapsicum); close(fd_libc); - close(fd_ldso); + close(fd_rtld); #endif close(fd_sockpair[1]); @@ -414,8 +369,8 @@ out_error: close(fd_libcapsicum); if (fd_libc != -1) close(fd_libc); - if (fd_ldso != -1) - close(fd_ldso); + if (fd_rtld != -1) + close(fd_rtld); #endif if (lcsp != NULL) free(lcsp); @@ -424,33 +379,31 @@ out_error: } int -lch_startfd(int fd_sandbox, const char *binname, char *const argv[], +lch_startfd(int fd_binary, const char *binname, char *const argv[], u_int flags, __unused struct lc_fdlist *fds, struct lc_sandbox **lcspp) { - return (lch_startfd_libs(fd_sandbox, binname, argv, flags, NULL, 0, + return (lch_startfd_libs(fd_binary, binname, argv, flags, fds, lcspp)); } int lch_start_libs(const char *sandbox, char *const argv[], u_int flags, - struct lc_library *lclp, u_int lcl_count, struct lc_fdlist *fds, - struct lc_sandbox **lcspp) + struct lc_fdlist *fds, struct lc_sandbox **lcspp) { char binname[MAXPATHLEN]; - int error, fd_sandbox, ret; + int error, fd_binary, ret; if (basename_r(sandbox, binname) == NULL) return (-1); - fd_sandbox = open(sandbox, O_RDONLY); - if (fd_sandbox < 0) + fd_binary = open(sandbox, O_RDONLY); + if (fd_binary < 0) return (-1); - ret = lch_startfd_libs(fd_sandbox, binname, argv, flags, lclp, - lcl_count, fds, lcspp); + ret = lch_startfd_libs(fd_binary, binname, argv, flags, fds, lcspp); error = errno; - close(fd_sandbox); + close(fd_binary); errno = error; return (ret); } @@ -460,7 +413,7 @@ lch_start(const char *sandbox, char *con struct lc_fdlist *fds, struct lc_sandbox **lcspp) { - return (lch_start_libs(sandbox, argv, flags, NULL, 0, fds, lcspp)); + return (lch_start_libs(sandbox, argv, flags, fds, lcspp)); } void Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 16:12:39 2010 (r203379) @@ -30,11 +30,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#5 $ */ -#ifndef _LIBCAPABILITY_INTERNAL_H_ -#define _LIBCAPABILITY_INTERNAL_H_ +#ifndef _LIBCAPSICUM_INTERNAL_H_ +#define _LIBCAPSICUM_INTERNAL_H_ + +#define LIBCAPSICUM_FQNAME "org.freebsd.libcapsicum" +#define RTLD_CAP_FQNAME "org.freebsd.rtld-elf-cap" struct lc_host { int lch_fd_sock; @@ -46,6 +49,8 @@ struct lc_sandbox { pid_t lcs_pid; }; +void* _lc_fdlist_getstorage(struct lc_fdlist*); + /* * Communications flags for recv/send calls (lc_flags). */ @@ -63,4 +68,4 @@ ssize_t _lc_send(int fd, const void *msg ssize_t _lc_send_rights(int fd, const void *msg, size_t len, int flags, int lc_flags, int *fdp, int fdcount); -#endif /* !_LIBCAPABILITY_INTERNAL_H_ */ +#endif /* !_LIBCAPSICUM_INTERNAL_H_ */ Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 16:12:39 2010 (r203379) @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include /* TODO: temporary */ #include #include @@ -54,9 +55,7 @@ static struct lc_host lch_global; int lcs_get(struct lc_host **lchpp) { - char *endp, *env, *env_dup, *env_dup_free, *name, *token, *value; - int error, fd_sock; - long long ll; + int fd_sock; if (lch_initialized) { *lchpp = &lch_global; @@ -68,39 +67,16 @@ lcs_get(struct lc_host **lchpp) return (-1); } - env = getenv(LIBCAPABILITY_SANDBOX_API_ENV); - if (env == NULL) { - errno = EINVAL; /* XXXRW: Better errno? */ + struct lc_fdlist *fds = lc_fdlist_global(); + if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "socket", NULL, + &fd_sock, NULL) < 0) return (-1); - } - - env_dup = env_dup_free = strdup(env); - if (env_dup == NULL) + if (fd_sock == -1) return (-1); - fd_sock = -1; - while ((token = strsep(&env_dup, ",")) != NULL) { - name = strsep(&token, ":"); - if (name == NULL) - continue; - value = token; - if (strcmp(name, LIBCAPABILITY_SANDBOX_API_SOCK) == 0) { - ll = strtoll(value, &endp, 10); - if (*endp != '\0' || ll < 0 || ll > INT_MAX) - continue; - fd_sock = ll; - } - } - if (fd_sock == -1) { - error = errno; - free(env_dup_free); - errno = error; - return (-1); - } lch_global.lch_fd_sock = fd_sock; lch_initialized = 1; *lchpp = &lch_global; - free(env_dup_free); return (0); } Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 16:02:09 2010 (r203378) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 16:12:39 2010 (r203379) @@ -30,25 +30,25 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#3 $ */ -#ifndef _LIBCAPABILITY_SANDBOX_API_H_ -#define _LIBCAPABILITY_SANDBOX_API_H_ +#ifndef _LIBCAPSICUM_SANDBOX_API_H_ +#define _LIBCAPSICUM_SANDBOX_API_H_ /* * This include file captures the assumptions libcapsicum sandboxs will * make about the runtime environment set up by libcapsicum hosts. */ -#define LIBCAPABILITY_SANDBOX_API_ENV "LIBCAPABILITY_SANDBOX" -#define LIBCAPABILITY_SANDBOX_FDLIST "LIBCAPABILITY_FDLIST" -#define LIBCAPABILITY_SANDBOX_API_SOCK "sock" +#define LIBCAPSICUM_SANDBOX_API_ENV "LIBCAPSICUM_SANDBOX" +#define LIBCAPSICUM_SANDBOX_FDLIST "LIBCAPSICUM_FDLIST" +#define LIBCAPSICUM_SANDBOX_API_SOCK "sock" /* *** DIFF OUTPUT TRUNCATED AT 1000 LINES *** From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 16:15:51 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 586DB1065693; Tue, 2 Feb 2010 16:15:51 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 4925D8FC13; Tue, 2 Feb 2010 16:15:51 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12GFp0a008038; Tue, 2 Feb 2010 16:15:51 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12GFp1Q008036; Tue, 2 Feb 2010 16:15:51 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002021615.o12GFp1Q008036@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 16:15:51 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203380 - projects/capabilities8/lib/libcapsicum X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 16:15:51 -0000 Author: rwatson Date: Tue Feb 2 16:15:50 2010 New Revision: 203380 URL: http://svn.freebsd.org/changeset/base/203380 Log: Fix merge-o when bringing libcapsicum changes back to capabilities8. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 16:12:39 2010 (r203379) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 16:15:50 2010 (r203380) @@ -227,9 +227,6 @@ int ld_insandbox(void); */ int ld_libdirs(int *fds, int *fdlen); -/* If this call is successful, the caller is responsible for freeing 'fds'. */ -int ld_libdirs(int **fds); - /* * Applications may declare an alternative entry point to the default ELF * entry point for their binary, which will be used in preference to 'main' From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 16:17:44 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 79713106568B; Tue, 2 Feb 2010 16:17:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 69DB38FC1D; Tue, 2 Feb 2010 16:17:44 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12GHib7008526; Tue, 2 Feb 2010 16:17:44 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12GHi7O008522; Tue, 2 Feb 2010 16:17:44 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002021617.o12GHi7O008522@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 16:17:44 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203381 - projects/capabilities8/lib/libcapsicum X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 16:17:44 -0000 Author: rwatson Date: Tue Feb 2 16:17:44 2010 New Revision: 203381 URL: http://svn.freebsd.org/changeset/base/203381 Log: Merge c174149 from the p4 TrustedBSD Capabilities branch to capabilities8: Fix a few last references to LIBCAPABILITY in libcapsicum. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 projects/capabilities8/lib/libcapsicum/libcapsicum_host.3 projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.3 Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Tue Feb 2 16:15:50 2010 (r203380) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Tue Feb 2 16:17:44 2010 (r203381) @@ -34,7 +34,7 @@ .\" .Dd January 31, 2010 .Os -.Dt LIBCAPABILITY_FDLIST 3 +.Dt LIBCAPSICUM_FDLIST 3 .Sh NAME .Nm libcapsicum .Nd "library interface to file descriptor lists" Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_host.3 Tue Feb 2 16:15:50 2010 (r203380) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.3 Tue Feb 2 16:17:44 2010 (r203381) @@ -34,7 +34,7 @@ .\" .Dd June 11, 2009 .Os -.Dt LIBCAPABILITY_HOST 3 +.Dt LIBCAPSICUM_HOST 3 .Sh NAME .Nm libcapsicum .Nd "library interface to capability-mode services" Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.3 Tue Feb 2 16:15:50 2010 (r203380) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.3 Tue Feb 2 16:17:44 2010 (r203381) @@ -34,7 +34,7 @@ .\" .Dd June 11, 2009 .Os -.Dt LIBCAPABILITY_SANDBOX 3 +.Dt LIBCAPSICUM_SANDBOX 3 .Sh NAME .Nm libcapsicum .Nd "library interface to capability-mode services" From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 19:19:58 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3F11F1065697; Tue, 2 Feb 2010 19:19:58 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 24BD38FC14; Tue, 2 Feb 2010 19:19:58 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12JJwGL053012; Tue, 2 Feb 2010 19:19:58 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12JJw75053009; Tue, 2 Feb 2010 19:19:58 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002021919.o12JJw75053009@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 19:19:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203392 - projects/capabilities8/usr.bin/gzip X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 19:19:58 -0000 Author: rwatson Date: Tue Feb 2 19:19:57 2010 New Revision: 203392 URL: http://svn.freebsd.org/changeset/base/203392 Log: Merge c174178 from the p4 TrustedBSD Capabilities branch to capabilities8: When compressing in a sandbox, forward 'numflag' for zlib compression, as that controls the compression level. Reported by: kris Sponsored by: Google, Inc. Modified: projects/capabilities8/usr.bin/gzip/gzip.c projects/capabilities8/usr.bin/gzip/gzip.h projects/capabilities8/usr.bin/gzip/gzsandbox.c Modified: projects/capabilities8/usr.bin/gzip/gzip.c ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzip.c Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzip.c Tue Feb 2 19:19:57 2010 (r203392) @@ -186,7 +186,7 @@ static const char gzip_copyright[] = \ static int cflag; /* stdout mode */ static int dflag; /* decompress mode */ static int lflag; /* list mode */ -static int numflag = 6; /* gzip -1..-9 value */ +int numflag = 6; /* gzip -1..-9 value */ #ifndef SMALL static int fflag; /* force mode */ Modified: projects/capabilities8/usr.bin/gzip/gzip.h ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzip.h Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzip.h Tue Feb 2 19:19:57 2010 (r203392) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2009 Robert N. M. Watson + * Copyright (c) 2009-2010 Robert N. M. Watson * All rights reserved. * * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED @@ -34,6 +34,12 @@ #ifndef _GZIP_H_ #define _GZIP_H_ +/* + * We need to forward the global variable 'numflag' to the sandbox as well as + * function arguments. + */ +extern int numflag; + off_t gz_compress(int in, int out, off_t *gsizep, const char *origname, uint32_t mtime); off_t gz_compress_wrapper(int in, int out, off_t *gsizep, Modified: projects/capabilities8/usr.bin/gzip/gzsandbox.c ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 19:02:08 2010 (r203391) +++ projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 19:19:57 2010 (r203392) @@ -110,6 +110,7 @@ gzsandbox_initialize(void) struct host_gz_compress_req { char hgc_req_origname[PATH_MAX]; + int hgc_req_numflag; uint32_t hgc_req_mtime; } __packed; @@ -131,6 +132,7 @@ gz_compress_insandbox(int in, int out, o bzero(&req, sizeof(req)); strlcpy(req.hgc_req_origname, origname, sizeof(req.hgc_req_origname)); + req.hgc_req_numflag = numflag; req.hgc_req_mtime = mtime; iov_req.iov_base = &req; iov_req.iov_len = sizeof(req); @@ -165,6 +167,7 @@ sandbox_gz_compress_buffer(struct lc_hos bcopy(buffer, &req, sizeof(req)); bzero(&rep, sizeof(rep)); + numflag = req.hgc_req_numflag; rep.hgc_rep_retval = gz_compress(fd_in, fd_out, &rep.hgc_rep_gsize, req.hgc_req_origname, req.hgc_req_mtime); iov.iov_base = &rep; From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 20:37:11 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CCD8A106566C; Tue, 2 Feb 2010 20:37:11 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BCCA48FC13; Tue, 2 Feb 2010 20:37:11 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12KbBJL070545; Tue, 2 Feb 2010 20:37:11 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12KbBqN070543; Tue, 2 Feb 2010 20:37:11 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002022037.o12KbBqN070543@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 20:37:11 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203400 - projects/capabilities8/lib/libcapsicum X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 20:37:11 -0000 Author: rwatson Date: Tue Feb 2 20:37:11 2010 New Revision: 203400 URL: http://svn.freebsd.org/changeset/base/203400 Log: Merge c174155 from the p4 TrustedBSD Capabilities branch to capabilities8: Various updates and fixes to the fdlist man page. Sponsored by: Google, Inc. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Tue Feb 2 20:05:27 2010 (r203399) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.3 Tue Feb 2 20:37:11 2010 (r203400) @@ -57,7 +57,11 @@ .Ft int .Fn lc_fdlist_addcap "struct lc_fdlist *lfp" "const char *subsystem" "const char *classname" "const char *name" "int fd" "cap_rights_t rights" .Ft int -.Fn lc_fdlist_lookup "struct lc_fdlist *lfp" "const char *subsystem" "const char **name" "int *fdp" "int *pos" +.Fn lc_fdlist_append "struct lc_fdlist *to" "struct lc_fdlist *from" +.Ft int +.Fn lc_fdlist_getentry "struct lc_fdlist *lfp" "char **subsystem" "char **classname" "char **name" "int *fdp" "int *pos" +.Ft int +.Fn lc_fdlist_lookup "struct lc_fdlist *lfp" "const char *subsystem" "const char *classname" "const char **name" "int *fdp" "int *pos" .Sh DESCRIPTION These .Nm @@ -147,6 +151,8 @@ and .Fa name from the file descriptor list .Fa lfp . +.Fn lc_fdlist_getentry +may be used to iterate through all descriptors in the list. .Sh RETURN VALUES The .Fn lc_fdlist_new , From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 20:49:49 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 33FA41065672; Tue, 2 Feb 2010 20:49:49 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 224678FC12; Tue, 2 Feb 2010 20:49:49 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12KnnQD073395; Tue, 2 Feb 2010 20:49:49 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12KnmhJ073383; Tue, 2 Feb 2010 20:49:48 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002022049.o12KnmhJ073383@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 20:49:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203402 - in projects/capabilities8/lib: libc/gen libcapsicum X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 20:49:49 -0000 Author: rwatson Date: Tue Feb 2 20:49:48 2010 New Revision: 203402 URL: http://svn.freebsd.org/changeset/base/203402 Log: Merge c174156, c174157, c174160, c174162, c174163, c174164 from the p4 TrustedBSD Capabilities branch to capabilities8: Style tweaks. Revert to using an anonymous POSIX shared memory segment to pass fdlist information from the sandbox host into the sandbox. Garbage collect historic library management for sandboxes: we now pass in directory descriptors for library path directories and the sandboxed rtld can just search the path itself. libc no longer requires stub libcache functions. No longer need special handling of /dev/null during sandbox creation, we simply now pass in the original stdin/stdout/stderr, but without any capability rights. When creating a sandbox from within a sandbox, look in the global fdlist inherited from the parent sandbox to find the runtime linker. Sponsored by: Google, Inc. Deleted: projects/capabilities8/lib/libc/gen/ld_libcache.c Modified: projects/capabilities8/lib/libc/gen/Makefile.inc projects/capabilities8/lib/libc/gen/Symbol.map projects/capabilities8/lib/libcapsicum/libcapsicum.c projects/capabilities8/lib/libcapsicum/libcapsicum.h projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c projects/capabilities8/lib/libcapsicum/libcapsicum_host.c projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c Modified: projects/capabilities8/lib/libc/gen/Makefile.inc ============================================================================== --- projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libc/gen/Makefile.inc Tue Feb 2 20:49:48 2010 (r203402) @@ -20,7 +20,7 @@ SRCS+= __getosreldate.c __xuname.c \ getpeereid.c getprogname.c getpwent.c getttyent.c \ getusershell.c getvfsbyname.c glob.c \ initgroups.c isatty.c isinf.c isnan.c jrand48.c lcong48.c \ - ld_libcache.c ld_libdirs.c ld_sandbox.c \ + ld_libdirs.c ld_sandbox.c \ lockf.c lrand48.c mrand48.c nftw.c nice.c \ nlist.c nrand48.c opendir.c \ pause.c pmadvise.c popen.c posix_spawn.c \ Modified: projects/capabilities8/lib/libc/gen/Symbol.map ============================================================================== --- projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libc/gen/Symbol.map Tue Feb 2 20:49:48 2010 (r203402) @@ -340,8 +340,6 @@ FBSD_1.1 { fts_read; fts_set; fts_set_clientptr; - ld_libcache_add; - ld_libcache_lookup; ld_insandbox; ld_libdirs; posix_spawn; Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.c Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#3 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.c#4 $ */ #include Modified: projects/capabilities8/lib/libcapsicum/libcapsicum.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum.h Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#11 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum.h#12 $ */ #ifndef _LIBCAPSICUM_H_ @@ -45,15 +45,6 @@ struct lc_sandbox; struct lc_host; /* - * Description of a library passed to lch_start_libs(). - */ -struct lc_library { - const char *lcl_libpath; - const char *lcl_libname; - int lcl_fd; -}; - -/* * A list of file descriptors, which can be passed around in shared memory. */ struct lc_fdlist; Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_fdlist.c Tue Feb 2 20:49:48 2010 (r203402) @@ -6,9 +6,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -31,7 +31,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#9 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_fdlist.c#10 $ */ #include @@ -99,7 +99,6 @@ lc_fdlist_global(void) UNLOCK(&global_fdlist); return (&global_fdlist); } - env = getenv(LIBCAPSICUM_SANDBOX_FDLIST); if ((env != NULL) && (strnlen(env, 8) < 7)) { struct lc_fdlist_storage *lfsp; @@ -430,8 +429,8 @@ lc_fdlist_getentry(struct lc_fdlist *lfp LOCK(lfp); lfsp = lfp->lf_storage; - if ((subsystem == NULL) || (classname == NULL) || (name == NULL) - || (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) { + if ((subsystem == NULL) || (classname == NULL) || (name == NULL) || + (fdp == NULL) || ((pos != NULL) && (*pos >= (int) lfsp->count))) { errno = EINVAL; return (-1); } @@ -441,23 +440,22 @@ lc_fdlist_getentry(struct lc_fdlist *lfp int size = entry->syslen + entry->classnamelen + entry->namelen; char *head = malloc(size); - strncpy(head, names + entry->sysoff, entry->syslen + 1); + strncpy(head, names + entry->sysoff, entry->syslen + 1); *subsystem = head; head += size; - strncpy(head, names + entry->classoff, entry->classnamelen + 1); + strncpy(head, names + entry->classoff, entry->classnamelen + 1); *classname = head; head += size; - strncpy(head, names + entry->nameoff, entry->namelen + 1); + strncpy(head, names + entry->nameoff, entry->namelen + 1); *name = head; head += size; *fdp = entry->fd; UNLOCK(lfp); - - if (pos) (*pos)++; - + if (pos) + (*pos)++; return (0); } @@ -547,7 +545,8 @@ lc_fdlist_storage_names(struct lc_fdlist } void* -_lc_fdlist_getstorage(struct lc_fdlist* lfp) { - return lfp->lf_storage; -} +_lc_fdlist_getstorage(struct lc_fdlist* lfp) +{ + return (lfp->lf_storage); +} Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#10 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#15 $ */ #include @@ -55,7 +55,6 @@ #include "libcapsicum_internal.h" #include "libcapsicum_sandbox_api.h" -#define LIBCAPSICUM_CAPMASK_DEVNULL (CAP_EVENT | CAP_READ | CAP_WRITE) #define LIBCAPSICUM_CAPMASK_SOCK (CAP_EVENT | CAP_READ | CAP_WRITE) #define LIBCAPSICUM_CAPMASK_BIN (CAP_READ | CAP_EVENT | CAP_FSTAT | \ CAP_FSTATFS | \ @@ -63,18 +62,11 @@ CAP_MAPEXEC) #define LIBCAPSICUM_CAPMASK_SANDBOX LIBCAPSICUM_CAPMASK_BIN #define LIBCAPSICUM_CAPMASK_LDSO LIBCAPSICUM_CAPMASK_BIN -#define LIBCAPSICUM_CAPMASK_LIB LIBCAPSICUM_CAPMASK_BIN -#define LIBCAPSICUM_CAPMASK_LIBDIR LIBCAPSICUM_CAPMASK_LIB \ +#define LIBCAPSICUM_CAPMASK_LIBDIR LIBCAPSICUM_CAPMASK_BIN \ | CAP_LOOKUP | CAP_ATBASE #define LIBCAPSICUM_CAPMASK_FDLIST CAP_READ | CAP_WRITE | CAP_FTRUNCATE \ | CAP_FSTAT | CAP_MMAP -#define _PATH_LIB "/lib" -#define _PATH_USR_LIB "/usr/lib" -#define LIBC_SO "libc.so.7" -#define LIBCAPSICUM_SO "libcapsicum.so.1" -#define LIBSBUF_SO "libsbuf.so.5" - extern char **environ; #define LD_ELF_CAP_SO "ld-elf-cap.so.1" @@ -89,10 +81,15 @@ lch_autosandbox_isenabled(__unused const return (1); } - +/* + * Once in the child process, create the new sandbox. + * + * XXX: A number of things happen here that are not safe after fork(), + * especially calls to err(). + */ static void -lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, int fd_devnull, u_int flags, - const char *binname, char *const argv[], __unused struct lc_fdlist *userfds) +lch_sandbox(int fd_sock, int fd_binary, int fd_rtld, u_int flags, + const char *binname, char *const argv[], struct lc_fdlist *userfds) { struct sbuf *sbufp; int shmfd = -1; @@ -109,7 +106,7 @@ lch_sandbox(int fd_sock, int fd_binary, /* * Create an anonymous shared memory segment for the FD list. */ - shmfd = open("/tmp/jon-foo"/*SHM_ANON*/, O_RDWR | O_CREAT | O_TRUNC, 0600); + shmfd = shm_open(SHM_ANON, O_RDWR | O_CREAT | O_TRUNC, 0600); if (shmfd < 0) err(-1, "Error creating shared memory segment"); @@ -138,10 +135,6 @@ lch_sandbox(int fd_sock, int fd_binary, fd_sock, LIBCAPSICUM_CAPMASK_SOCK) < 0) err(-1, "Error in lc_fdlist_addcap(fd_sock)"); - if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "/dev/null", "", - fd_devnull, LIBCAPSICUM_CAPMASK_DEVNULL) < 0) - err(-1, "Error in lc_fdlist_addcap(fd_devnull)"); - if (lc_fdlist_addcap(fds, LIBCAPSICUM_FQNAME, "fdlist", "", shmfd, LIBCAPSICUM_CAPMASK_FDLIST) < 0) err(-1, "Error in lc_fdlist_addcap(shmfd)"); @@ -160,41 +153,38 @@ lch_sandbox(int fd_sock, int fd_binary, /* * Ask RTLD for library path descriptors. * - * NOTE: This is FreeBSD-specific; porting to other operating systems will - * require dynamic linkers capable of answering similar queries. + * NOTE: This is FreeBSD-specific; porting to other operating systems + * will require dynamic linkers capable of answering similar queries. */ int size = 16; int *libdirs; while (1) { libdirs = malloc(size * sizeof(int)); - if (ld_libdirs(libdirs, &size) < 0) { free(libdirs); - - if (size > 0) continue; - else err(-1, "Error in ld_libdirs()"); - } - else break; + if (size > 0) + continue; + err(-1, "Error in ld_libdirs()"); + } else + break; } - for (int j = 0; j < size; j++) if (lc_fdlist_addcap(fds, RTLD_CAP_FQNAME, "libdir", "", - libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0) + libdirs[j], LIBCAPSICUM_CAPMASK_LIBDIR) < 0) err(-1, "Error in lc_fdlist_addcap(libdirs[%d]: %d)", j, libdirs[j]); if (lc_fdlist_reorder(fds) < 0) err(-1, "Error in lc_fdlist_reorder()"); - /* * Find the fdlist shared memory segment. */ int pos = 0; - if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL, - &shmfd, &pos) < 0) + if (lc_fdlist_lookup(fds, LIBCAPSICUM_FQNAME, "fdlist", NULL, &shmfd, + &pos) < 0) err(-1, "Error in lc_fdlist_lookup(fdlist)"); char tmp[8]; @@ -229,8 +219,8 @@ lch_sandbox(int fd_sock, int fd_binary, /* * Find the binary for RTLD. */ - if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL, &fd_binary, - NULL) < 0) + if (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "binary", NULL, + &fd_binary, NULL) < 0) err(-1, "Error in lc_fdlist_lookup(RTLD binary)"); sprintf(tmp, "%d", fd_binary); @@ -240,8 +230,9 @@ lch_sandbox(int fd_sock, int fd_binary, /* * Build LD_LIBRARY_DIRS for RTLD. * - * NOTE: This is FreeBSD-specific; porting to other operating systems will - * require dynamic linkers capable of operating on file descriptors. + * NOTE: This is FreeBSD-specific; porting to other operating systems + * will require dynamic linkers capable of operating on file + * descriptors. */ sbufp = sbuf_new_auto(); if (sbufp == NULL) @@ -249,8 +240,8 @@ lch_sandbox(int fd_sock, int fd_binary, { int fd; - while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", - NULL, &fd, &pos) >= 0) + while (lc_fdlist_lookup(fds, RTLD_CAP_FQNAME, "libdir", NULL, + &fd, &pos) >= 0) sbuf_printf(sbufp, "%d:", fd); } @@ -261,7 +252,6 @@ lch_sandbox(int fd_sock, int fd_binary, err(-1, "Error in setenv(LD_LIBRARY_DIRS)"); sbuf_delete(sbufp); - if (cap_enter() < 0) err(-1, "cap_enter() failed"); @@ -269,17 +259,16 @@ lch_sandbox(int fd_sock, int fd_binary, } int -lch_startfd_libs(int fd_binary, const char *binname, char *const argv[], +lch_startfd(int fd_binary, const char *binname, char *const argv[], u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp) { struct lc_sandbox *lcsp; - int fd_devnull, fd_rtld, fd_libc, fd_libcapsicum, fd_libsbuf; + int fd_rtld; int fd_procdesc, fd_sockpair[2]; int error, val; pid_t pid; - fd_devnull = fd_rtld = fd_libc = fd_libcapsicum = fd_libsbuf = - fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; + fd_rtld = fd_procdesc = fd_sockpair[0] = fd_sockpair[1] = -1; lcsp = malloc(sizeof(*lcsp)); if (lcsp == NULL) @@ -287,35 +276,20 @@ lch_startfd_libs(int fd_binary, const ch bzero(lcsp, sizeof(*lcsp)); if (ld_insandbox()) { - if (ld_libcache_lookup(LD_ELF_CAP_SO, &fd_rtld) < 0) - goto out_error; - if (ld_libcache_lookup(LIBC_SO, &fd_libc) < 0) - goto out_error; - if (ld_libcache_lookup(LIBCAPSICUM_SO, - &fd_libcapsicum) < 0) - goto out_error; - if (ld_libcache_lookup(LIBSBUF_SO, &fd_libsbuf) < 0) + struct lc_fdlist *globals; + int pos = 0; + + globals = lc_fdlist_global(); + if (globals == NULL) goto out_error; - if (ld_libcache_lookup(_PATH_DEVNULL, &fd_devnull) < 0) + if (lc_fdlist_lookup(globals, RTLD_CAP_FQNAME, "rtld", NULL, + &fd_rtld, &pos) < 0) goto out_error; } else { fd_rtld = open(PATH_LD_ELF_CAP_SO "/" LD_ELF_CAP_SO, O_RDONLY); if (fd_rtld < 0) goto out_error; - fd_libc = open(_PATH_LIB "/" LIBC_SO, O_RDONLY); - if (fd_libc < 0) - goto out_error; - fd_libsbuf = open(_PATH_LIB "/" LIBSBUF_SO, O_RDONLY); - if (fd_libsbuf < 0) - goto out_error; - fd_libcapsicum = open(_PATH_USR_LIB "/" LIBCAPSICUM_SO, - O_RDONLY); - if (fd_libcapsicum < 0) - goto out_error; - fd_devnull = open(_PATH_DEVNULL, O_RDWR); - if (fd_devnull < 0) - goto out_error; } if (socketpair(PF_LOCAL, SOCK_STREAM, 0, fd_sockpair) < 0) @@ -334,15 +308,11 @@ lch_startfd_libs(int fd_binary, const ch goto out_error; } if (pid == 0) { - lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, fd_devnull, flags, + lch_sandbox(fd_sockpair[1], fd_binary, fd_rtld, flags, binname, argv, fds); exit(-1); } #ifndef IN_CAP_MODE - close(fd_devnull); - close(fd_libsbuf); - close(fd_libcapsicum); - close(fd_libc); close(fd_rtld); #endif close(fd_sockpair[1]); @@ -361,14 +331,6 @@ out_error: if (fd_sockpair[1] != -1) close(fd_sockpair[1]); #ifndef IN_CAP_MODE - if (fd_devnull != -1) - close(fd_devnull); - if (fd_libsbuf != -1) - close(fd_libsbuf); - if (fd_libcapsicum != -1) - close(fd_libcapsicum); - if (fd_libc != -1) - close(fd_libc); if (fd_rtld != -1) close(fd_rtld); #endif @@ -379,16 +341,7 @@ out_error: } int -lch_startfd(int fd_binary, const char *binname, char *const argv[], - u_int flags, __unused struct lc_fdlist *fds, struct lc_sandbox **lcspp) -{ - - return (lch_startfd_libs(fd_binary, binname, argv, flags, - fds, lcspp)); -} - -int -lch_start_libs(const char *sandbox, char *const argv[], u_int flags, +lch_start(const char *sandbox, char *const argv[], u_int flags, struct lc_fdlist *fds, struct lc_sandbox **lcspp) { char binname[MAXPATHLEN]; @@ -401,21 +354,13 @@ lch_start_libs(const char *sandbox, char if (fd_binary < 0) return (-1); - ret = lch_startfd_libs(fd_binary, binname, argv, flags, fds, lcspp); + ret = lch_startfd(fd_binary, binname, argv, flags, fds, lcspp); error = errno; close(fd_binary); errno = error; return (ret); } -int -lch_start(const char *sandbox, char *const argv[], u_int flags, - struct lc_fdlist *fds, struct lc_sandbox **lcspp) -{ - - return (lch_start_libs(sandbox, argv, flags, fds, lcspp)); -} - void lch_stop(struct lc_sandbox *lcsp) { Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_host_io.c Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#2 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host_io.c#3 $ */ #include Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_internal.h Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,14 +30,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#5 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_internal.h#6 $ */ #ifndef _LIBCAPSICUM_INTERNAL_H_ #define _LIBCAPSICUM_INTERNAL_H_ -#define LIBCAPSICUM_FQNAME "org.freebsd.libcapsicum" -#define RTLD_CAP_FQNAME "org.freebsd.rtld-elf-cap" +#define LIBCAPSICUM_FQNAME "org.freebsd.libcapsicum" +#define RTLD_CAP_FQNAME "org.freebsd.rtld-elf-cap" struct lc_host { int lch_fd_sock; Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox.c Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_api.h Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#3 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_sandbox_api.h#4 $ */ #ifndef _LIBCAPSICUM_SANDBOX_API_H_ @@ -41,7 +41,7 @@ * make about the runtime environment set up by libcapsicum hosts. */ #define LIBCAPSICUM_SANDBOX_API_ENV "LIBCAPSICUM_SANDBOX" -#define LIBCAPSICUM_SANDBOX_FDLIST "LIBCAPSICUM_FDLIST" +#define LIBCAPSICUM_SANDBOX_FDLIST "LIBCAPSICUM_FDLIST" #define LIBCAPSICUM_SANDBOX_API_SOCK "sock" /* Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c Tue Feb 2 20:38:30 2010 (r203401) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_sandbox_io.c Tue Feb 2 20:49:48 2010 (r203402) @@ -5,9 +5,9 @@ * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND * UNEXPECTED WAYS. - * + * * This software was developed at the University of Cambridge Computer - * Laboratory with support from a grant from Google, Inc. + * Laboratory with support from a grant from Google, Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 20:51:35 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E6CEA1065787; Tue, 2 Feb 2010 20:51:35 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BD93B8FC0C; Tue, 2 Feb 2010 20:51:35 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12KpZTh073827; Tue, 2 Feb 2010 20:51:35 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12KpZC6073825; Tue, 2 Feb 2010 20:51:35 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002022051.o12KpZC6073825@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 20:51:35 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203403 - projects/capabilities8/libexec/rtld-elf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 20:51:36 -0000 Author: rwatson Date: Tue Feb 2 20:51:35 2010 New Revision: 203403 URL: http://svn.freebsd.org/changeset/base/203403 Log: Merge c174171 from the p4 TrustedBSD Capabilities branch to capabilities8: Process LD_BINARY in rtld-elf-cap rather than using a hard-coded descriptor number; this is already set in libcapsicum but we weren't using it. Sponsored by: Google, Inc. Modified: projects/capabilities8/libexec/rtld-elf/rtld.c Modified: projects/capabilities8/libexec/rtld-elf/rtld.c ============================================================================== --- projects/capabilities8/libexec/rtld-elf/rtld.c Tue Feb 2 20:49:48 2010 (r203402) +++ projects/capabilities8/libexec/rtld-elf/rtld.c Tue Feb 2 20:51:35 2010 (r203403) @@ -395,6 +395,11 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_ assert(aux_info[AT_BASE] != NULL); init_rtld((caddr_t) aux_info[AT_BASE]->a_un.a_ptr); + /* XXXRW: Need to do something about program names in capability mode. */ + __progname = obj_rtld.path; /* TODO: binary name */ + argv0 = argv[0] != NULL ? argv[0] : "(null)"; + environ = env; + #ifdef IN_RTLD_CAP /* * In capability mode, the kernel has executed ld-elf-cap.so directly, @@ -404,23 +409,32 @@ _rtld(Elf_Addr *sp, func_ptr_type *exit_ * descriptor using AT_EXECFD. */ if (aux_info[AT_EXECFD] == NULL) { - bzero(&aux_execfd, sizeof(aux_execfd)); - aux_execfd.a_type = AT_EXECFD; - aux_execfd.a_un.a_val = 7; /* TODO: stop hardcoding */ - aux_info[AT_EXECFD] = &aux_execfd; - if (fstat(7, &sb) < 0) { + const char *ld_binary; + char *endp; + long ld_binary_fd; + + ld_binary = getenv(LD_ "BINARY"); + if (ld_binary == NULL) { + _rtld_error("LD_BINARY unset; aborting"); + die(); + } + ld_binary_fd = strtol(ld_binary, &endp, 10); + if (ld_binary_fd < 0 || ld_binary_fd > __INT_MAX || *endp != 0) { + _rtld_error("LD_BINARY invalid"); + die(); + } + if (fstat(ld_binary_fd, &sb) < 0) { __progname = "ld-elf-cap.so"; _rtld_error("executable file descriptor unusable"); die(); } + bzero(&aux_execfd, sizeof(aux_execfd)); + aux_execfd.a_type = AT_EXECFD; + aux_execfd.a_un.a_val = ld_binary_fd; + aux_info[AT_EXECFD] = &aux_execfd; } #endif - /* XXXRW: Need to do something about program names in capability mode. */ - __progname = obj_rtld.path; /* TODO: binary name */ - argv0 = argv[0] != NULL ? argv[0] : "(null)"; - environ = env; - trust = !issetugid(); ld_bind_now = getenv(LD_ "BIND_NOW"); From owner-svn-src-projects@FreeBSD.ORG Tue Feb 2 20:55:12 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id CC5C5106566B; Tue, 2 Feb 2010 20:55:12 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BC4278FC17; Tue, 2 Feb 2010 20:55:12 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o12KtCLs074651; Tue, 2 Feb 2010 20:55:12 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o12KtClG074649; Tue, 2 Feb 2010 20:55:12 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002022055.o12KtClG074649@svn.freebsd.org> From: Robert Watson Date: Tue, 2 Feb 2010 20:55:12 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203404 - projects/capabilities8/usr.bin/gzip X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Feb 2010 20:55:12 -0000 Author: rwatson Date: Tue Feb 2 20:55:12 2010 New Revision: 203404 URL: http://svn.freebsd.org/changeset/base/203404 Log: Merge c174161 from the p4 TrustedBSD Capabilities branch to capabilities8: Garbage collect historic library behavior of libcapsicum: no special library logic is required in gzip anymore. Modified: projects/capabilities8/usr.bin/gzip/gzsandbox.c Modified: projects/capabilities8/usr.bin/gzip/gzsandbox.c ============================================================================== --- projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 20:51:35 2010 (r203403) +++ projects/capabilities8/usr.bin/gzip/gzsandbox.c Tue Feb 2 20:55:12 2010 (r203404) @@ -49,27 +49,10 @@ __FBSDID("$FreeBSD$"); #include "gzip.h" -/* - * In the future, these library dependencies won't need to be explicit, so - * this will go away. - */ -#define LC_LIB_LIBZ_SO "/lib/libz.so.5" -#define LC_LIBZ_SO "libz.so.5" - -#define LC_USR_LIB_LIBBZ2_SO "/usr/lib/libbz2.so.4" -#define LC_LIBBZ2_SO "libbz2.so.4" - #define LC_USR_BIN_GZIP_SANDBOX "/usr/bin/gzip" #ifndef NO_SANDBOX_SUPPORT -struct lc_library gzsandbox_libs[] = { - { LC_LIB_LIBZ_SO, LC_LIBZ_SO, -1 }, - { LC_USR_LIB_LIBBZ2_SO, LC_LIBBZ2_SO, -1 }, -}; -static const u_int gzsandbox_libs_count = sizeof(gzsandbox_libs) / - sizeof(gzsandbox_libs[0]); - static char *lc_sandbox_argv[] = { __DECONST(char *, LC_USR_BIN_GZIP_SANDBOX), NULL }; @@ -84,7 +67,6 @@ static int gzsandbox_enabled; static void gzsandbox_initialize(void) { - u_int i; if (gzsandbox_initialized) return; @@ -93,17 +75,7 @@ gzsandbox_initialize(void) if (!gzsandbox_enabled) return; - /* - * If sandboxes are in use, open libraries that we'll require in the - * sandbox and kick it off. - */ - for (i = 0; i < gzsandbox_libs_count; i++) { - gzsandbox_libs[i].lcl_fd = - open(gzsandbox_libs[i].lcl_libpath, O_RDONLY); - if (gzsandbox_libs[i].lcl_fd < 0) - err(-1, "open: %s", gzsandbox_libs[i].lcl_libname); - } - if (lch_start_libs(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, + if (lch_start(LC_USR_BIN_GZIP_SANDBOX, lc_sandbox_argv, LCH_PERMIT_STDERR, NULL, &lcsp) < 0) err(-1, "lch_start %s", LC_USR_BIN_GZIP_SANDBOX); } From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 04:58:09 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EEC091065679; Wed, 3 Feb 2010 04:58:08 +0000 (UTC) (envelope-from lstewart@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id DCABD8FC13; Wed, 3 Feb 2010 04:58:08 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o134w875082826; Wed, 3 Feb 2010 04:58:08 GMT (envelope-from lstewart@svn.freebsd.org) Received: (from lstewart@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o134w88Y082815; Wed, 3 Feb 2010 04:58:08 GMT (envelope-from lstewart@svn.freebsd.org) Message-Id: <201002030458.o134w88Y082815@svn.freebsd.org> From: Lawrence Stewart Date: Wed, 3 Feb 2010 04:58:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203416 - in projects/tcp_cc_head/sys: conf modules/ertt net netinet X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 04:58:09 -0000 Author: lstewart Date: Wed Feb 3 04:58:08 2010 New Revision: 203416 URL: http://svn.freebsd.org/changeset/base/203416 Log: Extremely rough proof of concept work to create a framework for allowing arbitrary helper functions to do "things" e.g. calculate a better RTT estimate (ertt = enhanced rtt) and store their data per TCP connection. Current approach using pfil is unsatisfactory, but wanted to commit it for posterity's sake. Added: projects/tcp_cc_head/sys/modules/ertt/ projects/tcp_cc_head/sys/modules/ertt/Makefile (contents, props changed) projects/tcp_cc_head/sys/netinet/ertt.c (contents, props changed) projects/tcp_cc_head/sys/netinet/tcp_helper.c (contents, props changed) projects/tcp_cc_head/sys/netinet/tcp_helper.h (contents, props changed) projects/tcp_cc_head/sys/netinet/tcp_helper_module.h (contents, props changed) Modified: projects/tcp_cc_head/sys/conf/files projects/tcp_cc_head/sys/net/pfil.h projects/tcp_cc_head/sys/netinet/tcp_input.c projects/tcp_cc_head/sys/netinet/tcp_subr.c projects/tcp_cc_head/sys/netinet/tcp_var.h Modified: projects/tcp_cc_head/sys/conf/files ============================================================================== --- projects/tcp_cc_head/sys/conf/files Wed Feb 3 04:09:36 2010 (r203415) +++ projects/tcp_cc_head/sys/conf/files Wed Feb 3 04:58:08 2010 (r203416) @@ -2485,6 +2485,7 @@ netinet/sctp_timer.c optional inet sctp netinet/sctp_usrreq.c optional inet sctp netinet/sctputil.c optional inet sctp netinet/tcp_debug.c optional tcpdebug +netinet/tcp_helper.c optional inet netinet/tcp_hostcache.c optional inet netinet/tcp_input.c optional inet netinet/tcp_lro.c optional inet Added: projects/tcp_cc_head/sys/modules/ertt/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/modules/ertt/Makefile Wed Feb 3 04:58:08 2010 (r203416) @@ -0,0 +1,10 @@ +# $FreeBSD$ + +.include + +.PATH: ${.CURDIR}/../../netinet +KMOD=hlpr_ertt +SRCS=ertt.c + +.include + Modified: projects/tcp_cc_head/sys/net/pfil.h ============================================================================== --- projects/tcp_cc_head/sys/net/pfil.h Wed Feb 3 04:09:36 2010 (r203415) +++ projects/tcp_cc_head/sys/net/pfil.h Wed Feb 3 04:58:08 2010 (r203416) @@ -63,6 +63,7 @@ typedef TAILQ_HEAD(pfil_list, packet_fil #define PFIL_TYPE_AF 1 /* key is AF_* type */ #define PFIL_TYPE_IFNET 2 /* key is ifnet pointer */ +#define PFIL_TYPE_TCP 3 /* see PFIL_TCP_* in netinet/tcp.h */ struct pfil_head { pfil_list_t ph_in; Added: projects/tcp_cc_head/sys/netinet/ertt.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/ertt.c Wed Feb 3 04:58:08 2010 (r203416) @@ -0,0 +1,119 @@ +/*- + * Copyright (c) 2009-2010 + * Swinburne University of Technology, Melbourne, Australia + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by David Hayes and Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation and + * Cisco University Research Program Fund at Community Foundation + * Silicon Valley. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include + +#include +#include + +#include +#include +#include +#include +#include +#include + +struct ertt { + int test; +}; + +int ertt_tcpest_hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, + struct inpcb *inp); +int ertt_mod_init(void); +int ertt_mod_destroy(void); +int ertt_block_init(uintptr_t *block); +int ertt_block_destroy(uintptr_t *block); + +int +ertt_tcpest_hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) +{ + struct ertt *e = (struct ertt *)(((struct tcpcb *)inp->inp_ppcb)->helper_data[0]); + //struct ertt *e = (struct ertt *)arg; + printf("In the hook with pkt: 0x%p, ertt->test = %d\n", *m, e->test++); + return (0); +} + + +int +ertt_mod_init(void) +{ + return pfil_add_hook(&ertt_tcpest_hook, NULL, PFIL_IN | PFIL_WAITOK, + pfil_head_get(PFIL_TYPE_TCP, PFIL_TCP_ESTABLISHED)); +} + +int +ertt_mod_destroy(void) +{ + return pfil_remove_hook(&ertt_tcpest_hook, NULL, PFIL_IN | PFIL_WAITOK, + pfil_head_get(PFIL_TYPE_TCP, PFIL_TCP_ESTABLISHED)); +} + +int +ertt_block_init(uintptr_t *block) +{ + *block = (uintptr_t)malloc(sizeof(struct ertt), M_HLPR, M_NOWAIT); + + ((struct ertt *)*block)->test = 5; + + printf("Malloced %ld bytes for ertt and set the value to %d\n", + sizeof(struct ertt), ((struct ertt *)*block)->test); + + return (0); +} + +int +ertt_block_destroy(uintptr_t *block) +{ + KASSERT(block != NULL, ("Block is NULL!")); + free((void *)*block, M_HLPR); + + return (0); +} + +struct helper ertt_helper = { + .mod_init = ertt_mod_init, + .mod_destroy = ertt_mod_destroy, + .block_init = ertt_block_init, + .block_destroy = ertt_block_destroy, + .flags = HLPR_NEEDS_DATABLOCK +}; + +DECLARE_HELPER(ertt, &ertt_helper); Added: projects/tcp_cc_head/sys/netinet/tcp_helper.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/tcp_helper.c Wed Feb 3 04:58:08 2010 (r203416) @@ -0,0 +1,161 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include + +#include +#include + + +struct hlpr_head helpers = STAILQ_HEAD_INITIALIZER(helpers); +static int num_datablocks = 0; + + +int +init_datablocks(uintptr_t **array_head, int *nblocks) +{ + struct helper *h; + int i = 0; + + if(num_datablocks <= 0) + return (0); + + + *array_head = malloc(num_datablocks * sizeof(uintptr_t), M_HLPR, M_NOWAIT + | M_ZERO); + + printf("Malloced ptr %p for %d data blocks\n", *array_head, num_datablocks); + STAILQ_FOREACH(h, &helpers, entries) { + KASSERT(i < num_datablocks, ("Badness!\n")); + if (h->block_init != NULL) { + printf("Calling block_init(%p) for helper: %p\n", + (*array_head)+i, h); + h->block_init((*array_head)+i); + } + i++; + } + + *nblocks = num_datablocks; + + return (0); +} + +int +destroy_datablocks(uintptr_t **array_head, int nblocks) +{ + struct helper *h; + int i = 0; + //for (; nblocks >= 0; nblocks--) + // h->block_destroy(); + + STAILQ_FOREACH(h, &helpers, entries) { + if (h->block_destroy != NULL) { + printf("Calling block_destroy(%p) for helper: %p\n", + array_head[i], h); + h->block_destroy(array_head[i++]); + } + } + + return (0); +} + +int +register_helper(struct helper *h) +{ + /*for hooks in hlpr + register hlpr_callback for hook + + if !errorgt + h->dynamic_id = X + */ + printf("Register helper 0x%p\n", h); + + if (h->flags | HLPR_NEEDS_DATABLOCK) + num_datablocks++; + + STAILQ_INSERT_TAIL(&helpers, h, entries); + + return (0); +} + +int +deregister_helper(struct helper *h) +{ + printf("Deregister helper 0x%p\n", h); + + STAILQ_REMOVE(&helpers, h, helper, entries); + num_datablocks--; + return (0); +} + + + +/* + * Handles kld related events. Returns 0 on success, non-zero on failure. + */ +int +hlpr_modevent(module_t mod, int event_type, void *data) +{ + int error = 0; + struct helper *h = (struct helper *)data; + + switch(event_type) { + case MOD_LOAD: + if (h->mod_init != NULL) + error = h->mod_init(); + if (!error) + error = register_helper(h); + break; + + case MOD_QUIESCE: + error = deregister_helper(h); + if (!error && h->mod_destroy != NULL) + h->mod_destroy(); + break; + + case MOD_SHUTDOWN: + case MOD_UNLOAD: + break; + + default: + return EINVAL; + break; + } + + return (error); +} Added: projects/tcp_cc_head/sys/netinet/tcp_helper.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/tcp_helper.h Wed Feb 3 04:58:08 2010 (r203416) @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _TCP_HELPER_H +#define _TCP_HELPER_H + + +struct helper { + /* Init global module state on kldload. */ + int (*mod_init) (void); + + /* Cleanup global module state on kldunload. */ + int (*mod_destroy) (void); + + int (*block_init) (uintptr_t *data); + int (*block_destroy) (uintptr_t *data); + + uint16_t flags; + + //STAILQ hooks; /* which hooks does this helper want to be called from */ + //STAILQ struct helper_data; + int dynamic_id; /* ID assigned by system to this hlpr's data in the + dynamic array */ + + + STAILQ_ENTRY(helper) entries; +}; + +/* Helper flags */ +#define HLPR_NEEDS_DATABLOCK 0x0001 + +extern STAILQ_HEAD(hlpr_head, helper) helpers; + +int init_datablocks(uintptr_t **array_head, int *nblocks); +int destroy_datablocks(uintptr_t **array_head, int nblocks); +int register_helper(struct helper *h); +int deregister_helper(struct helper *h); + +#endif /* _TCP_HELPER_H */ Added: projects/tcp_cc_head/sys/netinet/tcp_helper_module.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/tcp_helper_module.h Wed Feb 3 04:58:08 2010 (r203416) @@ -0,0 +1,51 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETINET_TCP_HELPER_MODULE_H_ +#define _NETINET_TCP_HELPER_MODULE_H_ + +#define DECLARE_HELPER(hlprname, hlpr_data) \ + static moduledata_t hlpr_##hlprname = { \ + #hlprname, \ + hlpr_modevent, \ + hlpr_data \ + }; \ + DECLARE_MODULE(hlprname, hlpr_##hlprname, SI_SUB_PROTO_IFATTACHDOMAIN, \ + SI_ORDER_ANY) + +int hlpr_modevent(module_t mod, int type, void *data); + +MALLOC_DECLARE(M_HLPR); +MALLOC_DEFINE(M_HLPR, "helper data", "Blah"); + + +#endif Modified: projects/tcp_cc_head/sys/netinet/tcp_input.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_input.c Wed Feb 3 04:09:36 2010 (r203415) +++ projects/tcp_cc_head/sys/netinet/tcp_input.c Wed Feb 3 04:58:08 2010 (r203416) @@ -56,6 +56,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include @@ -2121,6 +2122,11 @@ tcp_do_segment(struct mbuf *m, struct tc ((to.to_flags & TOF_SACK) || !TAILQ_EMPTY(&tp->snd_holes))) tcp_sack_doack(tp, &to, th->th_ack); + + if (tp->nhelpers > 0 && PFIL_HOOKED(&V_tcpest_pfil_hook)) + pfil_run_hooks(&V_tcpest_pfil_hook, &m, NULL, PFIL_IN, + tp->t_inpcb); + if (SEQ_LEQ(th->th_ack, tp->snd_una)) { if (tlen == 0 && tiwin == tp->snd_wnd) { TCPSTAT_INC(tcps_rcvdupack); Modified: projects/tcp_cc_head/sys/netinet/tcp_subr.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_subr.c Wed Feb 3 04:09:36 2010 (r203415) +++ projects/tcp_cc_head/sys/netinet/tcp_subr.c Wed Feb 3 04:58:08 2010 (r203416) @@ -62,6 +62,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include @@ -84,6 +85,7 @@ __FBSDID("$FreeBSD$"); #endif #include #include +#include #include #include #include @@ -119,6 +121,7 @@ VNET_DEFINE(int, tcp_v6mssdflt); #endif VNET_DEFINE(int, tcp_minmss); VNET_DEFINE(int, tcp_do_rfc1323); +VNET_DEFINE(struct pfil_head, tcpest_pfil_hook); static VNET_DEFINE(int, icmp_may_rst); static VNET_DEFINE(int, tcp_isn_reseed_interval); @@ -376,6 +379,12 @@ tcp_init(void) V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; + V_tcpest_pfil_hook.ph_type = PFIL_TYPE_TCP; + V_tcpest_pfil_hook.ph_af = PFIL_TCP_ESTABLISHED; + + if(pfil_head_register(&V_tcpest_pfil_hook) != 0) + printf("%s: WARNING: unable to register pfil hook\n", __func__); + cc_init(); TUNABLE_INT_FETCH("net.inet.tcp.sack.enable", &V_tcp_do_sack); @@ -768,6 +777,11 @@ tcp_newtcpcb(struct inpcb *inp) return NULL; } + KASSERT(tp->helper_data == NULL, ("tp->hlpr_data NOT NULL!")); + init_datablocks(&tp->helper_data, &tp->nhelpers); + printf("tp->helper_data = %p, tp->nhelpers = %d\n", tp->helper_data, + tp->nhelpers); + #ifdef VIMAGE tp->t_vnet = inp->inp_vnet; #endif @@ -937,6 +951,8 @@ tcp_discardcb(struct tcpcb *tp) if (CC_ALGO(tp)->cb_destroy != NULL) CC_ALGO(tp)->cb_destroy(tp); + destroy_datablocks(&tp->helper_data, tp->nhelpers); + CC_ALGO(tp) = NULL; inp->inp_ppcb = NULL; tp->t_inpcb = NULL; Modified: projects/tcp_cc_head/sys/netinet/tcp_var.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_var.h Wed Feb 3 04:09:36 2010 (r203415) +++ projects/tcp_cc_head/sys/netinet/tcp_var.h Wed Feb 3 04:58:08 2010 (r203416) @@ -44,9 +44,11 @@ VNET_DECLARE(int, tcp_do_rfc1323); VNET_DECLARE(int, tcp_reass_qsize); VNET_DECLARE(struct uma_zone *, tcp_reass_zone); +VNET_DECLARE(struct pfil_head, tcpest_pfil_hook); #define V_tcp_do_rfc1323 VNET(tcp_do_rfc1323) #define V_tcp_reass_qsize VNET(tcp_reass_qsize) #define V_tcp_reass_zone VNET(tcp_reass_zone) +#define V_tcpest_pfil_hook VNET(tcpest_pfil_hook) #endif /* _KERNEL */ @@ -204,6 +206,8 @@ struct tcpcb { uint64_t _pad[12]; /* 7 UTO, 5 TBD (1-2 CC/RTT?) */ struct cc_algo *cc_algo; /* the algorithm that will manage congestion control*/ void *cc_data; /* pointer to a struct containing data required for the cc algorithm in use */ + uintptr_t *helper_data; /* */ + int nhelpers; }; /* @@ -243,6 +247,12 @@ struct tcpcb { #define BYTES_ACKED(tp, th) (th->th_ack - tp->snd_una) /* + * TCP specific PFIL hook point identifiers + */ +#define PFIL_TCP_ALL 0 +#define PFIL_TCP_ESTABLISHED 1 + +/* * Flags for the t_oobflags field. */ #define TCPOOB_HAVEDATA 0x01 From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 11:12:03 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id ACB621065672; Wed, 3 Feb 2010 11:12:03 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 9A0888FC18; Wed, 3 Feb 2010 11:12:03 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13BC331075735; Wed, 3 Feb 2010 11:12:03 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13BC3k8075732; Wed, 3 Feb 2010 11:12:03 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002031112.o13BC3k8075732@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 11:12:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203424 - projects/capabilities8/tools/tools/syscall_timing X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 11:12:03 -0000 Author: rwatson Date: Wed Feb 3 11:12:03 2010 New Revision: 203424 URL: http://svn.freebsd.org/changeset/base/203424 Log: Merge c174200, c174201, c174202, c174220, c174203, c174204, and c174219 from the p4 TrustedBSD Capabilities branch to capabilities8: Rework syscall timing microbenchmark to make it a bit more flexible, add some capability-related tests. Allow multiple loops of a test to be run, not just iterations within a test. Add microbenchmark to compare cost of creating a shared memory object w/o a capability, and cost w/ a capability. cap_enter, fork, pdfork benchmarks. First cut at a sandbox create/rpc/destroy benchmark, which appears not to work. Microbenchmark for vfork. Can't create sandboxes from a statically linked binary, so don't try. Remove debugging printf, we can now micro-benchmark sandbox creation. Benchmark various fork variations with exec of /usr/bin/true. Sponsored by: Google, Inc. Modified: projects/capabilities8/tools/tools/syscall_timing/Makefile projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Modified: projects/capabilities8/tools/tools/syscall_timing/Makefile ============================================================================== --- projects/capabilities8/tools/tools/syscall_timing/Makefile Wed Feb 3 10:12:49 2010 (r203423) +++ projects/capabilities8/tools/tools/syscall_timing/Makefile Wed Feb 3 11:12:03 2010 (r203424) @@ -3,7 +3,8 @@ # PROG= syscall_timing -CFLAGS+= -static -O +CFLAGS+= -O -Wall -rdynamic NO_MAN= +LDADD= -lcapsicum -lsbuf .include Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c ============================================================================== --- projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 10:12:49 2010 (r203423) +++ projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 11:12:03 2010 (r203424) @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2003-2004 Robert N. M. Watson + * Copyright (c) 2003-2004, 2010 Robert N. M. Watson * All rights reserved. * * Redistribution and use in source and binary forms, with or without @@ -27,26 +27,53 @@ */ #include +#include +#include +#include +#include #include +#include #include +#include #include +#include +#include +#include +#include +#include #include #include #include #include +static struct timespec ts_start, ts_end; + #define timespecsub(vvp, uvp) \ - do { \ - (vvp)->tv_sec -= (uvp)->tv_sec; \ - (vvp)->tv_nsec -= (uvp)->tv_nsec; \ - if ((vvp)->tv_nsec < 0) { \ - (vvp)->tv_sec--; \ - (vvp)->tv_nsec += 1000000000; \ - } \ - } while (0) + do { \ + (vvp)->tv_sec -= (uvp)->tv_sec; \ + (vvp)->tv_nsec -= (uvp)->tv_nsec; \ + if ((vvp)->tv_nsec < 0) { \ + (vvp)->tv_sec--; \ + (vvp)->tv_nsec += 1000000000; \ + } \ + } while (0) + +static void +benchmark_start(void) +{ + + assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); +} -inline void +static void +benchmark_stop(void) +{ + + assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); +} + +void test_getuid(int num) { int i; @@ -55,11 +82,13 @@ test_getuid(int num) * Thread-local data should require no locking if system * call is MPSAFE. */ + benchmark_start(); for (i = 0; i < num; i++) getuid(); + benchmark_stop(); } -inline void +void test_getppid(int num) { int i; @@ -68,28 +97,28 @@ test_getppid(int num) * This is process-local, but can change, so will require a * lock. */ + benchmark_start(); for (i = 0; i < num; i++) getppid(); + benchmark_stop(); } -inline void +void test_clock_gettime(int num) { struct timespec ts; int i; - for (i = 0; i < num; i++) { - if (clock_gettime(CLOCK_REALTIME, &ts) == -1) { - perror("clock_gettime"); - exit(-1); - } - } + benchmark_start(); + for (i = 0; i < num; i++) + (void)clock_gettime(CLOCK_REALTIME, &ts); + benchmark_stop(); } -inline void +void test_pipe(int num) { - int i; + int fd[2], i; /* * pipe creation is expensive, as it will allocate a new file @@ -97,153 +126,634 @@ test_pipe(int num) * Destroying is also expensive, as we now have to free up * the file descriptors and return the pipe. */ + if (pipe(fd) < 0) + err(-1, "test_pipe: pipe"); + close(fd[0]); + close(fd[1]); + benchmark_start(); for (i = 0; i < num; i++) { - int fd[2]; - if (pipe(fd) == -1) { - perror("pipe"); - exit(-1); - } - + if (pipe(fd) == -1) + err(-1, "test_pipe: pipe"); close(fd[0]); close(fd[1]); } + benchmark_stop(); } -inline void +void test_socket_stream(int num) { int i, so; + so = socket(PF_LOCAL, SOCK_STREAM, 0); + if (so < 0) + err(-1, "test_socket_stream: socket"); + close(so); + benchmark_start(); for (i = 0; i < num; i++) { so = socket(PF_LOCAL, SOCK_STREAM, 0); - if (so == -1) { - perror("socket_stream"); - exit(-1); - } + if (so == -1) + err(-1, "test_socket_stream: socket"); close(so); } + benchmark_stop(); } -inline void +void test_socket_dgram(int num) { int i, so; + so = socket(PF_LOCAL, SOCK_DGRAM, 0); + if (so < 0) + err(-1, "test_socket_dgram: socket"); + close(so); + benchmark_start(); for (i = 0; i < num; i++) { so = socket(PF_LOCAL, SOCK_DGRAM, 0); - if (so == -1) { - perror("socket_dgram"); - exit(-1); - } + if (so == -1) + err(-1, "test_socket_dgram: socket"); close(so); } + benchmark_stop(); } -inline void +void test_socketpair_stream(int num) { int i, so[2]; + if (socketpair(PF_LOCAL, SOCK_STREAM, 0, so) == -1) + err(-1, "test_socketpair_stream: socketpair"); + close(so[0]); + close(so[1]); + benchmark_start(); for (i = 0; i < num; i++) { - if (socketpair(PF_LOCAL, SOCK_STREAM, 0, so) == -1) { - perror("socketpair_stream"); - exit(-1); - } + if (socketpair(PF_LOCAL, SOCK_STREAM, 0, so) == -1) + err(-1, "test_socketpair_stream: socketpair"); close(so[0]); close(so[1]); } + benchmark_stop(); } -inline void +void test_socketpair_dgram(int num) { int i, so[2]; + if (socketpair(PF_LOCAL, SOCK_DGRAM, 0, so) == -1) + err(-1, "test_socketpair_dgram: socketpair"); + close(so[0]); + close(so[1]); + benchmark_start(); for (i = 0; i < num; i++) { - if (socketpair(PF_LOCAL, SOCK_DGRAM, 0, so) == -1) { - perror("socketpair_dgram"); - exit(-1); - } + if (socketpair(PF_LOCAL, SOCK_DGRAM, 0, so) == -1) + err(-1, "test_socketpair_dgram: socketpair"); close(so[0]); close(so[1]); } + benchmark_stop(); +} + +void +test_dup(int num) +{ + int fd, i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_dup: shm_open"); + fd = dup(shmfd); + if (fd >= 0) + close(fd); + benchmark_start(); + for (i = 0; i < num; i++) { + fd = dup(shmfd); + if (fd >= 0) + close(fd); + } + benchmark_stop(); + close(shmfd); } +void +test_cap_new(int num) +{ + int fd, i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_cap_new: shm_open"); + fd = cap_new(shmfd, 0); + if (fd >= 0) + close(fd); + benchmark_start(); + for (i = 0; i < num; i++) { + fd = cap_new(shmfd, 0); + if (fd >= 0) + close(fd); + } + benchmark_stop(); + close(shmfd); +} + +void +test_shmfd(int num) +{ + int i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_shmfd: shm_open"); + close(shmfd); + benchmark_start(); + for (i = 0; i < num; i++) { + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_shmfd: shm_open"); + close(shmfd); + } + benchmark_stop(); +} + +void +test_cap_shmfd(int num) +{ + int fd, i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_cap_shmfd: shm_open"); + fd = cap_new(shmfd, 0); + if (fd < 0) + err(-1, "test_cap_shmfd: cap_new"); + close(fd); + close(shmfd); + benchmark_start(); + for (i = 0; i < num; i++) { + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_cap_shmfd: shm_open"); + fd = cap_new(shmfd, 0); + if (fd < 0) + err(-1, "test_cap_shmfd: cap_new"); + close(fd); + close(shmfd); + } + benchmark_stop(); +} + +void +test_fstat_shmfd(int num) +{ + struct stat sb; + int i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_fstat_shmfd: shm_open"); + if (fstat(shmfd, &sb) < 0) + err(-1, "test_fstat_shmfd: fstat"); + benchmark_start(); + for (i = 0; i < num; i++) + (void)fstat(shmfd, &sb); + benchmark_stop(); + close(shmfd); +} + +void +test_fstat_cap_shmfd(int num) +{ + struct stat sb; + int fd, i, shmfd; + + shmfd = shm_open(SHM_ANON, O_CREAT | O_RDWR, 0600); + if (shmfd < 0) + err(-1, "test_fstat_cap_shmfd: shm_open"); + fd = cap_new(shmfd, CAP_FSTAT); + if (fd < 0) + err(-1, "test_fstat_cap_shmfd: shm_open"); + if (fstat(fd, &sb) < 0) + err(-1, "test_fstat_cap_shmfd: fstat"); + benchmark_start(); + for (i = 0; i < num; i++) + (void)fstat(fd, &sb); + benchmark_stop(); + close(fd); + close(shmfd); +} + +void +test_cap_enter(int num) +{ + int i; + + /* XXXRW: Note that some tests will fail after this test. */ + + if (cap_enter() < 0) + err(-1, "test_cap_enter: cap_enter"); + benchmark_start(); + for (i = 0; i < num; i++) { + if (cap_enter() < 0) + err(-1, "test_cap_enter: cap_enter"); + } + benchmark_stop(); +} + +void +test_fork(int num) +{ + pid_t pid; + int i; + + pid = fork(); + if (pid < 0) + err(-1, "test_fork: fork"); + if (pid == 0) + exit(0); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_fork: waitpid"); + benchmark_start(); + for (i = 0; i < num; i++) { + pid = fork(); + if (pid < 0) + err(-1, "test_fork: fork"); + if (pid == 0) + exit(0); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_fork: waitpid"); + } + benchmark_stop(); +} + +void +test_vfork(int num) +{ + pid_t pid; + int i; + + pid = vfork(); + if (pid < 0) + err(-1, "test_vfork: vfork"); + if (pid == 0) + exit(0); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_vfork: waitpid"); + benchmark_start(); + for (i = 0; i < num; i++) { + pid = vfork(); + if (pid < 0) + err(-1, "test_vfork: vfork"); + if (pid == 0) + exit(0); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_vfork: waitpid"); + } + benchmark_stop(); +} + +void +test_pdfork(int num) +{ + struct pollfd pollfd; + pid_t pid; + int fd, i, n; + + pid = pdfork(&fd); + if (pid < 0) + err(-1, "test_pdfork: pdfork"); + if (pid == 0) + exit(0); + pollfd.fd = fd; + pollfd.events = POLLHUP; + pollfd.revents = 0; + n = poll(&pollfd, 1, INFTIM); + if (n < 0) + err(-1, "poll"); + if (n != 1) + errx(-1, "poll returned %d", n); + close(fd); + + benchmark_start(); + for (i = 0; i < num; i++) { + pid = pdfork(&fd); + if (pid < 0) + err(-1, "test_pdfork: pdfork"); + if (pid == 0) + exit(0); + pollfd.fd = fd; + pollfd.events = POLLHUP; + pollfd.revents = 0; + n = poll(&pollfd, 1, INFTIM); + if (n < 0) + err(-1, "poll"); + if (n != 1) + errx(-1, "poll returned %d", n); + close(fd); + } + benchmark_stop(); +} + +#define USR_BIN_TRUE "/usr/bin/true" +static char *execve_args[] = { USR_BIN_TRUE, NULL}; +extern char **environ; + +void +test_fork_exec(int num) +{ + pid_t pid; + int i; + + pid = fork(); + if (pid < 0) + err(-1, "test_fork: fork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_fork: waitpid"); + benchmark_start(); + for (i = 0; i < num; i++) { + pid = fork(); + if (pid < 0) + err(-1, "test_fork: fork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_fork: waitpid"); + } + benchmark_stop(); +} + +void +test_vfork_exec(int num) +{ + pid_t pid; + int i; + + pid = vfork(); + if (pid < 0) + err(-1, "test_vfork: vfork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_vfork: waitpid"); + benchmark_start(); + for (i = 0; i < num; i++) { + pid = vfork(); + if (pid < 0) + err(-1, "test_vfork: vfork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_vfork: waitpid"); + } + benchmark_stop(); +} + +void +test_pdfork_exec(int num) +{ + struct pollfd pollfd; + pid_t pid; + int fd, i, n; + + pid = pdfork(&fd); + if (pid < 0) + err(-1, "test_pdfork: pdfork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + pollfd.fd = fd; + pollfd.events = POLLHUP; + pollfd.revents = 0; + n = poll(&pollfd, 1, INFTIM); + if (n < 0) + err(-1, "poll"); + if (n != 1) + errx(-1, "poll returned %d", n); + close(fd); + + benchmark_start(); + for (i = 0; i < num; i++) { + pid = pdfork(&fd); + if (pid < 0) + err(-1, "test_pdfork: pdfork"); + if (pid == 0) { + (void)execve(USR_BIN_TRUE, execve_args, environ); + err(-1, "execve"); + } + pollfd.fd = fd; + pollfd.events = POLLHUP; + pollfd.revents = 0; + n = poll(&pollfd, 1, INFTIM); + if (n < 0) + err(-1, "poll"); + if (n != 1) + errx(-1, "poll returned %d", n); + close(fd); + } + benchmark_stop(); +} + +#define MYNAME "./syscall_timing" /* Binary to run in sandbox. */ + +/* + * Unsandboxed host process with full user rights. + */ +void +test_sandbox(int num) +{ + struct lc_sandbox *lcsp; + char *sandbox_argv[2] = { MYNAME, NULL }; + struct iovec iov; + size_t len; + char ch; + int i; + + if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR | + LCH_PERMIT_STDOUT, NULL, &lcsp) < 0) + err(-1, "lch_start %s", MYNAME); + ch = 'X'; + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + if (lch_rpc(lcsp, 0, &iov, 1, &iov, 1, &len) < 0) + err(-1, "lch_rpc"); + if (len != sizeof(ch)) + errx(-1, "lch_rpc returned size %zd not %zd", len, sizeof(ch)); + if (ch != 'X') + errx(-1, "lch_recv: expected %d and got %d", 'X', ch); + lch_stop(lcsp); + + benchmark_start(); + for (i = 0; i < num; i++) { + if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR | + LCH_PERMIT_STDOUT, NULL, &lcsp) < 0) + err(-1, "lch_start %s", MYNAME); + ch = 'X'; + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + if (lch_rpc(lcsp, 0, &iov, 1, &iov, 1, &len) < 0) + err(-1, "lch_rpc"); + if (len != sizeof(ch)) + errx(-1, "lch_rpc returned size %zd not %zd", len, + sizeof(ch)); + if (ch != 'X') + errx(-1, "lch_recv: expected %d and got %d", 'X', ch); + lch_stop(lcsp); + } + benchmark_stop(); +} + +int +cap_main(int argc, char *argv[]) +{ + struct lc_host *lchp; + u_int32_t opno, seqno; + struct iovec iov; + u_char *buffer; + size_t len; + + if (lcs_get(&lchp) < 0) + err(-1, "lcs_get"); + + /* + * Serve RPCs from the host until the sandbox is killed. + */ + while (1) { + /* + * Receive a one-byte RPC from the host. + */ + if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0) { + if (errno != EPIPE) + err(-6, "lcs_recvrpc"); + else + exit(-6); + } + if (len != 1) + errx(-7, "lcs_recvrpc len"); + + /* + * Reply with the same message. Remember to free the message + * when done. + */ + iov.iov_base = buffer; + iov.iov_len = 1; + if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) { + if (errno != EPIPE) + err(-8, "lcs_sendrpc"); + else + exit(-8); + } + free(buffer); + } +} + +struct test { + const char *t_name; + void (*t_func)(int); +}; + +static const struct test tests[] = { + { "getuid", test_getuid }, + { "getppid", test_getppid }, + { "clock_gettime", test_clock_gettime }, + { "pipe", test_pipe }, + { "socket_stream", test_socket_stream }, + { "socket_dgram", test_socket_dgram }, + { "socketpair_stream", test_socketpair_stream }, + { "socketpair_dgram", test_socketpair_dgram }, + { "dup", test_dup }, + { "cap_new", test_cap_new }, + { "test_shmfd", test_shmfd }, + { "test_cap_shmfd", test_cap_shmfd }, + { "fstat_shmfd", test_fstat_shmfd }, + { "fstat_cap_shmfd", test_fstat_cap_shmfd }, + { "cap_enter", test_cap_enter }, + { "fork", test_fork }, + { "vfork", test_vfork }, + { "pdfork", test_pdfork }, + { "fork_exec", test_fork_exec }, + { "vfork_exec", test_vfork_exec }, + { "pdfork_exec", test_pdfork_exec }, + { "sandbox", test_sandbox }, +}; +static const int tests_count = sizeof(tests) / sizeof(tests[0]); + static void usage(void) { + int i; - fprintf(stderr, "syscall_timing [iterations] [test]\n"); - fprintf(stderr, - "supported tests: getuid getppid clock_gettime pipe\n" - "socket_stream socket_dgram socketpair_stream\n" - "socketpair_dgram\n"); + fprintf(stderr, "syscall_timing [iterations] [loops] [test]\n"); + for (i = 0; i < tests_count; i++) + fprintf(stderr, " %s\n", tests[i].t_name); exit(-1); } int main(int argc, char *argv[]) { - struct timespec ts_start, ts_end, ts_res; - int count; + struct timespec ts_res; + const struct test *the_test; + long long ll; + char *endp; + int i, j, k; + int iterations, loops; - if (argc != 3) + if (argc < 3) usage(); - count = atoi(argv[1]); - - assert(clock_getres(CLOCK_REALTIME, &ts_res) == 0); - printf("Clock resolution: %d.%09lu\n", ts_res.tv_sec, ts_res.tv_nsec); - if (strcmp(argv[2], "getuid") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_getuid(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "getppid") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_getppid(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "clock_gettime") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_clock_gettime(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "pipe") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_pipe(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "socket_stream") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_socket_stream(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "socket_dgram") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_socket_dgram(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "socketpair_stream") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_socketpair_stream(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else if (strcmp(argv[2], "socketpair_dgram") == 0) { - assert(clock_gettime(CLOCK_REALTIME, &ts_start) == 0); - test_socketpair_dgram(count); - assert(clock_gettime(CLOCK_REALTIME, &ts_end) == 0); - } else + ll = strtoll(argv[1], &endp, 10); + if (*endp != 0 || ll < 0 || ll > 100000) usage(); + iterations = ll; - timespecsub(&ts_end, &ts_start); - - printf("test: %s\n", argv[2]); + ll = strtoll(argv[2], &endp, 10); + if (*endp != 0 || ll < 0 || ll > 100000) + usage(); + loops = ll; - printf("%d.%09lu for %d iterations\n", ts_end.tv_sec, - ts_end.tv_nsec, count); + assert(clock_getres(CLOCK_REALTIME, &ts_res) == 0); + printf("Clock resolution: %ju.%ju\n", (uintmax_t)ts_res.tv_sec, + (uintmax_t)ts_res.tv_nsec); + printf("test\tloop\ttotal\titerations\tperiteration\n"); + + for (j = 3; j < argc; j++) { + the_test = NULL; + for (i = 0; i < tests_count; i++) { + if (strcmp(argv[j], tests[i].t_name) == 0) + the_test = &tests[i]; + } + if (the_test == NULL) + usage(); - /* - * Note. This assumes that each iteration takes less than - * a second, and that our total nanoseconds doesn't exceed - * the room in our arithmetic unit. Fine for system calls, - * but not for long things. - */ - ts_end.tv_sec *= 1000000000 / count; - printf("0.%09lu per/iteration\n", - ts_end.tv_sec + ts_end.tv_nsec / count); + for (k = 0; k < loops; k++) { + the_test->t_func(iterations); + timespecsub(&ts_end, &ts_start); + printf("%s\t%d\t", the_test->t_name, k); + printf("%ju.%09ju\t%d\t", (uintmax_t)ts_end.tv_sec, + (uintmax_t)ts_end.tv_nsec, iterations); + + /* + * Note. This assumes that each iteration takes less than + * a second, and that our total nanoseconds doesn't exceed + * the room in our arithmetic unit. Fine for system calls, + * but not for long things. + */ + ts_end.tv_sec *= 1000000000 / iterations; + printf("0.%09ju\n", (uintmax_t)(ts_end.tv_sec + + ts_end.tv_nsec / iterations)); + } + } return (0); } From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 11:22:04 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 201BC106566B; Wed, 3 Feb 2010 11:22:04 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0D1AD8FC19; Wed, 3 Feb 2010 11:22:04 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13BM3KQ078203; Wed, 3 Feb 2010 11:22:03 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13BM3Mr078200; Wed, 3 Feb 2010 11:22:03 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002031122.o13BM3Mr078200@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 11:22:03 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203425 - in projects/capabilities8: lib/libcapsicum libexec/rtld-elf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 11:22:04 -0000 Author: rwatson Date: Wed Feb 3 11:22:03 2010 New Revision: 203425 URL: http://svn.freebsd.org/changeset/base/203425 Log: Merge c174211, c174213, c174214, and c174218 from the p4 TrustedBSD Capabilities branch to capabilities8: There's no IN_CAP_MODE definition for libcapsicum, so just test for a negative fd_rtld before closing. Improve style alignment of capability-related code with existing rtld style (which isn't style(9)). Add missing free of string and explicit NULL return on error. Keep a running count of valid file descriptors in the directory length array, rather than marking unused ones as (-1). This avoids several loops. While here, fix a (+ sizeof(int)) into a (* sizeof(int)) and a few other nits. Sponsored by: Google, Inc. Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c projects/capabilities8/libexec/rtld-elf/rtld.c Modified: projects/capabilities8/lib/libcapsicum/libcapsicum_host.c ============================================================================== --- projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Wed Feb 3 11:12:03 2010 (r203424) +++ projects/capabilities8/lib/libcapsicum/libcapsicum_host.c Wed Feb 3 11:22:03 2010 (r203425) @@ -30,7 +30,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#15 $ + * $P4: //depot/projects/trustedbsd/capabilities/src/lib/libcapsicum/libcapsicum_host.c#16 $ */ #include @@ -312,9 +312,8 @@ lch_startfd(int fd_binary, const char *b binname, argv, fds); exit(-1); } -#ifndef IN_CAP_MODE - close(fd_rtld); -#endif + if (fd_rtld != -1) + close(fd_rtld); close(fd_sockpair[1]); lcsp->lcs_fd_procdesc = fd_procdesc; @@ -330,10 +329,8 @@ out_error: close(fd_sockpair[0]); if (fd_sockpair[1] != -1) close(fd_sockpair[1]); -#ifndef IN_CAP_MODE if (fd_rtld != -1) close(fd_rtld); -#endif if (lcsp != NULL) free(lcsp); errno = error; Modified: projects/capabilities8/libexec/rtld-elf/rtld.c ============================================================================== --- projects/capabilities8/libexec/rtld-elf/rtld.c Wed Feb 3 11:12:03 2010 (r203424) +++ projects/capabilities8/libexec/rtld-elf/rtld.c Wed Feb 3 11:22:03 2010 (r203425) @@ -188,7 +188,9 @@ static bool dangerous_ld_env; /* True if static char *ld_bind_now; /* Environment variable for immediate binding */ static char *ld_debug; /* Environment variable for debugging */ static int *ld_library_dirs = NULL; /* File descriptors of lib path (end: -1) */ +static int ld_library_dirs_done; /* ld_library_dirs has been initialized */ static int ld_library_dirlen; /* Capacity of ld_library_dirs */ +static int ld_library_dircount; /* Number of entries in ld_library_dirs */ #ifndef IN_RTLD_CAP static char *ld_library_path; /* Environment variable for search path */ static char *ld_preload; /* Environment variable for libraries to @@ -251,7 +253,6 @@ static func_ptr_type exports[] = { (func_ptr_type) &ld_insandbox, #endif (func_ptr_type) &ld_libdirs, - NULL }; @@ -836,19 +837,19 @@ origin_subst(const char *real, const cha static void * find_capstart(const Obj_Entry *obj) { - const char *capstart_str = "_capstart"; - const Elf_Sym *def; - const Obj_Entry *defobj; - unsigned long hash; + const char *capstart_str = "_capstart"; + const Elf_Sym *def; + const Obj_Entry *defobj; + unsigned long hash; - hash = elf_hash(capstart_str); - def = symlook_default(capstart_str, hash, obj, &defobj, NULL, - SYMLOOK_IN_PLT); - if (def == NULL) - return (NULL); - if (ELF_ST_TYPE(def->st_info) != STT_FUNC) - return (NULL); - return (make_function_pointer(def, defobj)); + hash = elf_hash(capstart_str); + def = symlook_default(capstart_str, hash, obj, &defobj, NULL, + SYMLOOK_IN_PLT); + if (def == NULL) + return (NULL); + if (ELF_ST_TYPE(def->st_info) != STT_FUNC) + return (NULL); + return (make_function_pointer(def, defobj)); } #endif @@ -1236,23 +1237,24 @@ elf_hash(const char *name) #ifdef IN_RTLD_CAP /* - * Find the library with the given name, and return an open file descriptor to it. + * Find the library with the given name, and return an open file descriptor + * to it. */ static int -find_library_fd(const char *name) { - - if (ld_library_dirs == NULL) - init_libdirs(); - - for (int i = 0; (i < ld_library_dirlen) && (ld_library_dirs[i] != -1); i++) { +find_library_fd(const char *name) +{ + int fd, i; - int fd = openat(ld_library_dirs[i], name, O_RDONLY); + if (!ld_library_dirs_done) + init_libdirs(); + for (i = 0; i < ld_library_dircount); i++) { + fd = openat(ld_library_dirs[i], name, O_RDONLY); if (fd >= 0) - return fd; + return (fd); } - return (-1); } + #else /* * Find the library with the given name, and return its full pathname. @@ -1664,26 +1666,26 @@ load_object(const char *name, const Obj_ path = xstrdup(name); if ((fd = find_library_fd(path)) < 0) { _rtld_error("Unable to find \"%s\" in LD_LIBRARY_DIRS", path); + free(path); + return NULL; } #else - if (fd == -1) { - path = find_library(name, refobj); - if (path == NULL) + path = find_library(name, refobj); + if (path == NULL) return NULL; - /* - * If we didn't find a match by pathname, open the file and check - * again by device and inode. This avoids false mismatches caused - * by multiple links or ".." in pathnames. - * - * To avoid a race, we open the file and use fstat() rather than - * using stat(). - */ - if ((fd = open(path, O_RDONLY)) == -1) { + /* + * If we didn't find a match by pathname, open the file and check + * again by device and inode. This avoids false mismatches caused + * by multiple links or ".." in pathnames. + * + * To avoid a race, we open the file and use fstat() rather than + * using stat(). + */ + if ((fd = open(path, O_RDONLY)) == -1) { _rtld_error("Cannot open \"%s\"", path); free(path); return NULL; - } } #endif if (fstat(fd, &sb) == -1) { @@ -2114,42 +2116,48 @@ search_library_path(const char *name, co /* * Add a file descriptor to ld_library_dirs. + * + * XXX: This may be called from either the rtld startup code, or from + * ld_libdirs. We have no way to distinguish them on error, so die() + * unconditionally. Perhaps the latter case should allow graceful failure. + * + * XXX: Synchronization? */ static void -add_libdir_fd(int fd) { - - if (ld_library_dirs == NULL) { - /* Initialize the FD list. */ - - ld_library_dirlen = INITIAL_FDLEN; - ld_library_dirs = xmalloc(ld_library_dirlen * sizeof(int)); - memset(ld_library_dirs, 0xff, ld_library_dirlen * sizeof(int)); - } - - /* Find the next available FD slot. */ - int i; - for (i = 0; (i < ld_library_dirlen) && (ld_library_dirs[i] != -1); i++) ; - - if (i == ld_library_dirlen) { - /* We need more space. */ - int old_size = ld_library_dirlen + sizeof(int); +add_libdir_fd(int fd) +{ - ld_library_dirlen *= 2; - ld_library_dirs = realloc(ld_library_dirs, 2 * old_size); - memset(ld_library_dirs + old_size, 0xff, old_size); + /* Initialize the FD list. */ + if (!ld_library_dirs_done) { + ld_library_dirlen = INITIAL_FDLEN; + ld_library_dircount = 0; + ld_library_dirs = xmalloc(ld_library_dirlen * sizeof(int)); + ld_library_dirs_done = 1; + } - if (ld_library_dirs == NULL) - err(-1, "realloc() failed"); + /* Do we need to grow? */ + if (ld_library_dirlen == ld_library_dircount) { + ld_library_dirlen *= 2; + ld_library_dirs = realloc(ld_library_dirs, + ld_library_dirlen * sizeof(int)); + if (ld_library_dirs == NULL) { + _rtld_error("add_libdir_fd: realloc failed"); + die(); } + } - ld_library_dirs[i] = fd; + /* Add the new library directory fd to the end. */ + ld_library_dirs[ld_library_dircount] = fd; + ld_library_dircount++; } /* - * Add file descriptors for a path list (e.g. '/lib:/usr/lib') to ld_library_dirs. + * Add file descriptors for a path list (e.g. '/lib:/usr/lib') to + * ld_library_dirs. */ static void -add_libdir_paths(const char *path) { +add_libdir_paths(const char *path) +{ if (path == NULL) return; @@ -2161,24 +2169,22 @@ add_libdir_paths(const char *path) { strncpy(pathcopy, path, pathlen + 1); for (dirname = strtok_r(pathcopy, ":", &tokcontext); dirname; - dirname = strtok_r(NULL, ":", &tokcontext)) { - + dirname = strtok_r(NULL, ":", &tokcontext)) { + struct try_library_args arg; int fd; - struct try_library_args arg; arg.name = ""; arg.namelen = 0; arg.buffer = xmalloc(PATH_MAX); arg.buflen = PATH_MAX; - if (try_library_path(dirname, strnlen(dirname, PATH_MAX), &arg)) + if (try_library_path(dirname, strnlen(dirname, PATH_MAX), &arg)) { fd = open(dirname, O_RDONLY); - - else { + } else { /* 'dirname' is not a directory path; perhaps it's a descriptor? */ fd = (int) strtol(dirname, NULL, 0); if ((fd == 0) && (errno == 0)) - continue; + continue; } if (fd >= 0) @@ -2192,57 +2198,47 @@ add_libdir_paths(const char *path) { * Build the list of library file descriptors. */ static void -init_libdirs(void) { +init_libdirs(void) +{ #ifdef IN_RTLD_CAP - char *envvar = getenv(LD_ "LIBRARY_DIRS"); + if (envvar == NULL) err(-1, "No %s set in capability mode", LD_ "LIBRARY_DIRS"); add_libdir_paths(envvar); - #else /* !IN_RTLD_CAP */ - /* Look for directories a la find_library (TODO: refactor!). */ add_libdir_paths(ld_library_path); add_libdir_paths(gethints()); add_libdir_paths(STANDARD_LIBRARY_PATH); #endif - - /* If all else fails, create an empty array */ - if (ld_library_dirlen == 0) { - ld_library_dirs = malloc(sizeof(int)); - ld_library_dirs[0] = -1; - } } + /* * Return an array of file descriptors for the library search paths. + * + * XXX: synchronization of ld_library_dirs? */ int -ld_libdirs(int *fds, int *fdcount) { - - if (fdcount == NULL) - return (-1); - - else if (fds == NULL) { - *fdcount = -1; - return (-1); - } - - if (ld_library_dirs == NULL) - init_libdirs(); - - int i = 0; - for (i = 0; (i < ld_library_dirlen) && (ld_library_dirs[i] != -1); i++) ; - - if (*fdcount < i) { - *fdcount = i; - return (-1); - } +ld_libdirs(int *fds, int *fdcount) +{ - *fdcount = i; - memcpy(fds, ld_library_dirs, i * sizeof(int)); - return 0; + if (fdcount == NULL) + return (-1); + else if (fds == NULL) { + *fdcount = -1; + return (-1); + } + if (!ld_library_dirs_done) + init_libdirs(); + if (*fdcount < ld_library_dircount) { + *fdcount = ld_library_dircount; + return (-1); + } + *fdcount = ld_library_dircount; + memcpy(fds, ld_library_dirs, ld_library_dircount * sizeof(int)); + return (0); } int From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 16:02:59 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C768106566B; Wed, 3 Feb 2010 16:02:59 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1AC7E8FC17; Wed, 3 Feb 2010 16:02:59 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13G2xtM040745; Wed, 3 Feb 2010 16:02:59 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13G2xQ4040744; Wed, 3 Feb 2010 16:02:59 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002031602.o13G2xQ4040744@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 16:02:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203431 - projects/capabilities8/tools/tools/syscall_timing X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 16:02:59 -0000 Author: rwatson Date: Wed Feb 3 16:02:58 2010 New Revision: 203431 URL: http://svn.freebsd.org/changeset/base/203431 Log: Merge c174234, c174235, c174236, c174238, c174242 from the p4 TrustedBSD Capabilities branch to capabilities8: Consistently don't stick "test_" in front of printed test names, since they are all tests. On the other hand, we do use test_ in front of internal function names. Improve debugging output. Use _exit(0) not exit(0) after fork, or I/O may be flushed more than once. Add a 'pingpong' test, which is socketpair + fork + send + recv + send + recv + exit + waitpid. A bit like sandbox but no exec or sandboxy magic. Force at least one benchmark to be run. Submitted by: antoine Sponsored by: Google, Inc. Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c ============================================================================== --- projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 14:35:33 2010 (r203430) +++ projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 16:02:58 2010 (r203431) @@ -371,7 +371,7 @@ test_fork(int num) if (pid < 0) err(-1, "test_fork: fork"); if (pid == 0) - exit(0); + _exit(0); if (waitpid(pid, NULL, 0) < 0) err(-1, "test_fork: waitpid"); benchmark_start(); @@ -380,7 +380,7 @@ test_fork(int num) if (pid < 0) err(-1, "test_fork: fork"); if (pid == 0) - exit(0); + _exit(0); if (waitpid(pid, NULL, 0) < 0) err(-1, "test_fork: waitpid"); } @@ -397,7 +397,7 @@ test_vfork(int num) if (pid < 0) err(-1, "test_vfork: vfork"); if (pid == 0) - exit(0); + _exit(0); if (waitpid(pid, NULL, 0) < 0) err(-1, "test_vfork: waitpid"); benchmark_start(); @@ -406,7 +406,7 @@ test_vfork(int num) if (pid < 0) err(-1, "test_vfork: vfork"); if (pid == 0) - exit(0); + _exit(0); if (waitpid(pid, NULL, 0) < 0) err(-1, "test_vfork: waitpid"); } @@ -424,15 +424,15 @@ test_pdfork(int num) if (pid < 0) err(-1, "test_pdfork: pdfork"); if (pid == 0) - exit(0); + _exit(0); pollfd.fd = fd; pollfd.events = POLLHUP; pollfd.revents = 0; n = poll(&pollfd, 1, INFTIM); if (n < 0) - err(-1, "poll"); + err(-1, "test_pdfork: poll"); if (n != 1) - errx(-1, "poll returned %d", n); + errx(-1, "test_pdfork: poll returned %d", n); close(fd); benchmark_start(); @@ -441,15 +441,15 @@ test_pdfork(int num) if (pid < 0) err(-1, "test_pdfork: pdfork"); if (pid == 0) - exit(0); + _exit(0); pollfd.fd = fd; pollfd.events = POLLHUP; pollfd.revents = 0; n = poll(&pollfd, 1, INFTIM); if (n < 0) - err(-1, "poll"); + err(-1, "test_pdfork: poll"); if (n != 1) - errx(-1, "poll returned %d", n); + errx(-1, "test_pdfork: poll returned %d", n); close(fd); } benchmark_stop(); @@ -467,7 +467,7 @@ test_fork_exec(int num) pid = fork(); if (pid < 0) - err(-1, "test_fork: fork"); + err(-1, "test_fork_exec: fork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); err(-1, "execve"); @@ -478,13 +478,13 @@ test_fork_exec(int num) for (i = 0; i < num; i++) { pid = fork(); if (pid < 0) - err(-1, "test_fork: fork"); + err(-1, "test_fork_exec: fork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); - err(-1, "execve"); + err(-1, "test_fork_exec: execve"); } if (waitpid(pid, NULL, 0) < 0) - err(-1, "test_fork: waitpid"); + err(-1, "test_fork_exec: waitpid"); } benchmark_stop(); } @@ -497,24 +497,24 @@ test_vfork_exec(int num) pid = vfork(); if (pid < 0) - err(-1, "test_vfork: vfork"); + err(-1, "test_vfork_exec: vfork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); - err(-1, "execve"); + err(-1, "test_vfork_exec: execve"); } if (waitpid(pid, NULL, 0) < 0) - err(-1, "test_vfork: waitpid"); + err(-1, "test_vfork_exec: waitpid"); benchmark_start(); for (i = 0; i < num; i++) { pid = vfork(); if (pid < 0) - err(-1, "test_vfork: vfork"); + err(-1, "test_vfork_exec: vfork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); err(-1, "execve"); } if (waitpid(pid, NULL, 0) < 0) - err(-1, "test_vfork: waitpid"); + err(-1, "test_vfork_exec: waitpid"); } benchmark_stop(); } @@ -528,43 +528,131 @@ test_pdfork_exec(int num) pid = pdfork(&fd); if (pid < 0) - err(-1, "test_pdfork: pdfork"); + err(-1, "test_pdfork_exec: pdfork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); - err(-1, "execve"); + err(-1, "test_pdfork_exec: execve"); } pollfd.fd = fd; pollfd.events = POLLHUP; pollfd.revents = 0; n = poll(&pollfd, 1, INFTIM); if (n < 0) - err(-1, "poll"); + err(-1, "test_pdfork_exec: poll"); if (n != 1) - errx(-1, "poll returned %d", n); + errx(-1, "test_pdfork_exec: poll returned %d", n); close(fd); benchmark_start(); for (i = 0; i < num; i++) { pid = pdfork(&fd); if (pid < 0) - err(-1, "test_pdfork: pdfork"); + err(-1, "test_pdfork_exec: pdfork"); if (pid == 0) { (void)execve(USR_BIN_TRUE, execve_args, environ); - err(-1, "execve"); + err(-1, "test_pdfork_exec: execve"); } pollfd.fd = fd; pollfd.events = POLLHUP; pollfd.revents = 0; n = poll(&pollfd, 1, INFTIM); if (n < 0) - err(-1, "poll"); + err(-1, "test_pdfork_exec: poll"); if (n != 1) - errx(-1, "poll returned %d", n); + errx(-1, "test_pdfork_exec: poll returned %d", n); close(fd); } benchmark_stop(); } +/* + * A bit like sandbox, in that a process is forked, IPC ping-pong is done, + * but with none of the sandboxing goo. + */ +void +test_pingpong(int num) +{ + char ch; + int so[2]; + pid_t pid; + ssize_t len; + int i; + + if (socketpair(PF_LOCAL, SOCK_STREAM, 0, so) < 0) + err(-1, "test_pingpong: socketpair"); + pid = fork(); + if (pid < 0) + err(-1, "test_pingpong: fork"); + if (pid == 0) { + close(so[0]); + len = recv(so[1], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: child: recv"); + if (len != 1) + errx(-1, "test_pingpong: child: recv %d", (int)len); + len = send(so[1], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: child: send"); + if (len != 1) + errx(-1, "test_pingpong: child: send %d", (int)len); + _exit(0); + } + close(so[1]); + len = send(so[0], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: parent: send"); + if (len != 1) + errx(-1, "test_pingpong: parent: send %d", (int)len); + len = recv(so[0], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: parent: recv"); + if (len != 1) + errx(-1, "test_pingpong: parent: recv %d", (int)len); + close(so[0]); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_pingpong: waitpid"); + + benchmark_start(); + for (i = 0; i < num; i++) { + if (socketpair(PF_LOCAL, SOCK_STREAM, 0, so) < 0) + err(-1, "test_pingpong: socketpair"); + pid = fork(); + if (pid < 0) + err(-1, "test_pingpong: fork"); + if (pid == 0) { + close(so[0]); + len = recv(so[1], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: child: recv"); + if (len != 1) + errx(-1, "test_pingpong: child: recv %d", + (int)len); + len = send(so[1], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: child: send"); + if (len != 1) + errx(-1, "test_pingpong: child: send %d", + (int)len); + _exit(0); + } + close(so[1]); + len = send(so[0], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: parent: send"); + if (len != 1) + errx(-1, "test_pingpong: parent: send %d", (int)len); + len = recv(so[0], &ch, sizeof(ch), 0); + if (len < 0) + err(-1, "test_pingpong: parent: recv"); + if (len != 1) + errx(-1, "test_pingpong: parent: recv %d", (int)len); + close(so[0]); + if (waitpid(pid, NULL, 0) < 0) + err(-1, "test_pingpong: waitpid"); + } + benchmark_stop(); +} + #define MYNAME "./syscall_timing" /* Binary to run in sandbox. */ /* @@ -674,8 +762,8 @@ static const struct test tests[] = { { "socketpair_dgram", test_socketpair_dgram }, { "dup", test_dup }, { "cap_new", test_cap_new }, - { "test_shmfd", test_shmfd }, - { "test_cap_shmfd", test_cap_shmfd }, + { "shmfd", test_shmfd }, + { "cap_shmfd", test_cap_shmfd }, { "fstat_shmfd", test_fstat_shmfd }, { "fstat_cap_shmfd", test_fstat_cap_shmfd }, { "cap_enter", test_cap_enter }, @@ -685,6 +773,7 @@ static const struct test tests[] = { { "fork_exec", test_fork_exec }, { "vfork_exec", test_vfork_exec }, { "pdfork_exec", test_pdfork_exec }, + { "pingpong", test_pingpong }, { "sandbox", test_sandbox }, }; static const int tests_count = sizeof(tests) / sizeof(tests[0]); @@ -710,7 +799,7 @@ main(int argc, char *argv[]) int i, j, k; int iterations, loops; - if (argc < 3) + if (argc < 4) usage(); ll = strtoll(argv[1], &endp, 10); From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 16:04:20 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DDB501065696; Wed, 3 Feb 2010 16:04:20 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CDE458FC19; Wed, 3 Feb 2010 16:04:20 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13G4KUt041073; Wed, 3 Feb 2010 16:04:20 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13G4Kma041071; Wed, 3 Feb 2010 16:04:20 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002031604.o13G4Kma041071@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 16:04:20 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203432 - projects/capabilities8/libexec/rtld-elf X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 16:04:20 -0000 Author: rwatson Date: Wed Feb 3 16:04:20 2010 New Revision: 203432 URL: http://svn.freebsd.org/changeset/base/203432 Log: Merge c174241 from the p4 TrustedBSD Capabilities branch to capabilities8: Fix typo affecting rtld-elf-cap but not rtld-elf. Submitted by: antoine Modified: projects/capabilities8/libexec/rtld-elf/rtld.c Modified: projects/capabilities8/libexec/rtld-elf/rtld.c ============================================================================== --- projects/capabilities8/libexec/rtld-elf/rtld.c Wed Feb 3 16:02:58 2010 (r203431) +++ projects/capabilities8/libexec/rtld-elf/rtld.c Wed Feb 3 16:04:20 2010 (r203432) @@ -1247,7 +1247,7 @@ find_library_fd(const char *name) if (!ld_library_dirs_done) init_libdirs(); - for (i = 0; i < ld_library_dircount); i++) { + for (i = 0; i < ld_library_dircount; i++) { fd = openat(ld_library_dirs[i], name, O_RDONLY); if (fd >= 0) return (fd); From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 21:29:50 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id E245B1065670; Wed, 3 Feb 2010 21:29:50 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id D1D7A8FC13; Wed, 3 Feb 2010 21:29:50 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13LToso013277; Wed, 3 Feb 2010 21:29:50 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13LToXf013274; Wed, 3 Feb 2010 21:29:50 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002032129.o13LToXf013274@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 21:29:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203447 - in projects/capabilities8/tools/cap: . sandbox_world X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 21:29:51 -0000 Author: rwatson Date: Wed Feb 3 21:29:50 2010 New Revision: 203447 URL: http://svn.freebsd.org/changeset/base/203447 Log: Merge cap/sandbox_world test tool from the p4 TrustedBSD Capabilities to capabilities8. Sponsored by: Google, Inc. Added: projects/capabilities8/tools/cap/ projects/capabilities8/tools/cap/sandbox_world/ projects/capabilities8/tools/cap/sandbox_world/Makefile projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c Added: projects/capabilities8/tools/cap/sandbox_world/Makefile ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/tools/cap/sandbox_world/Makefile Wed Feb 3 21:29:50 2010 (r203447) @@ -0,0 +1,8 @@ +PROG=sandbox_world +NO_MAN= +CFLAGS=-Wall -g -rdynamic + +DPADD= ${LIBCAPABILITY} ${LIBSBUF} +LDADD= -lcapsicum -lsbuf + +.include Added: projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/capabilities8/tools/cap/sandbox_world/sandbox_world.c Wed Feb 3 21:29:50 2010 (r203447) @@ -0,0 +1,145 @@ +/*- + * Copyright (c) 2009-2010 Robert N. M. Watson + * All rights reserved. + * + * WARNING: THIS IS EXPERIMENTAL SECURITY SOFTWARE THAT MUST NOT BE RELIED + * ON IN PRODUCTION SYSTEMS. IT WILL BREAK YOUR SOFTWARE IN NEW AND + * UNEXPECTED WAYS. + * + * This software was developed at the University of Cambridge Computer + * Laboratory with support from a grant from Google, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include + +#include +#include +#include +#include +#include +#include +#include + +/* + * Almost your standard "hello world" application, only we run the printf in + * a sandbox, and we use a 1-byte synchronous RPC to make sure that the host + * doesn't exit until the sandbox is done. + */ + +#define MYNAME "sandbox_world" /* Binary to run in sandbox. */ + +/* + * Unsandboxed host process with full user rights. + */ +int +main(int argc, char *argv[]) +{ + struct lc_sandbox *lcsp; + char *sandbox_argv[3] = { argv[1], "nested", NULL }; + struct iovec iov; + size_t len; + char ch; + + if (argc != 1) + errx(-1, "usage: sandbox_world"); + + /* + * Create a sandbox, do permit access to stdout and stderr. + */ + if (lch_start(MYNAME, sandbox_argv, LCH_PERMIT_STDERR | + LCH_PERMIT_STDOUT, NULL, &lcsp) < 0) + err(-1, "lch_start %s", argv[1]); + + /* + * Send a one-byte message to the sandbox and wait for a one-byte + * reply. + */ + ch = 'X'; + iov.iov_base = &ch; + iov.iov_len = sizeof(ch); + if (lch_rpc(lcsp, 0, &iov, 1, &iov, 1, &len) < 0) + err(-1, "lch_rpc"); + if (len != sizeof(ch)) + errx(-1, "lch_rpc returned size %zd not %zd", len, sizeof(ch)); + if (ch != 'X') + errx(-1, "lch_recv: expected %d and got %d", 'X', ch); + + /* + * Terminate the sandbox when done. + */ + lch_stop(lcsp); +} + +/* + * Sandboxed process implementing a 'printf hello world' RPC. + */ +int +cap_main(int argc, char *argv[]) +{ + struct lc_host *lchp; + u_int32_t opno, seqno; + struct iovec iov; + u_char *buffer; + size_t len; + + if (lcs_get(&lchp) < 0) + err(-1, "lcs_get"); + + /* + * Serve RPCs from the host until the sandbox is killed. + */ + while (1) { + /* + * Receive a one-byte RPC from the host. + */ + if (lcs_recvrpc(lchp, &opno, &seqno, &buffer, &len) < 0) { + if (errno != EPIPE) + err(-6, "lcs_recvrpc"); + else + exit(-6); + } + if (len != 1) + errx(-7, "lcs_recvrpc len"); + printf("Hello world!\n"); + fflush(stdout); + + /* + * Reply with the same message. Remember to free the message + * when done. + */ + iov.iov_base = buffer; + iov.iov_len = 1; + if (lcs_sendrpc(lchp, opno, seqno, &iov, 1) < 0) { + if (errno != EPIPE) + err(-8, "lcs_sendrpc"); + else + exit(-8); + } + free(buffer); + } +} From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 21:41:42 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id DC19B1065692; Wed, 3 Feb 2010 21:41:42 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id CCBBB8FC19; Wed, 3 Feb 2010 21:41:42 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13LfgPb016135; Wed, 3 Feb 2010 21:41:42 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13LfgVG016133; Wed, 3 Feb 2010 21:41:42 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002032141.o13LfgVG016133@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 21:41:42 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203448 - projects/capabilities8/libexec/rtld-elf-cap X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 21:41:42 -0000 Author: rwatson Date: Wed Feb 3 21:41:42 2010 New Revision: 203448 URL: http://svn.freebsd.org/changeset/base/203448 Log: Merge c172968 from the p4 TrustdBSD Capabilities branch to capabilities8: Merge changes in rtld-elf's makefile into our local rtld-elf-cap. Modified: projects/capabilities8/libexec/rtld-elf-cap/Makefile Modified: projects/capabilities8/libexec/rtld-elf-cap/Makefile ============================================================================== --- projects/capabilities8/libexec/rtld-elf-cap/Makefile Wed Feb 3 21:29:50 2010 (r203447) +++ projects/capabilities8/libexec/rtld-elf-cap/Makefile Wed Feb 3 21:41:42 2010 (r203448) @@ -1,9 +1,8 @@ # $FreeBSD$ # $P4: //depot/projects/trustedbsd/capabilities/src/libexec/rtld-elf-cap/Makefile#21 $ -WITHOUT_SSP= - .include +MK_SSP= no PROG?= ld-elf-cap.so.1 SRCS= rtld_start.S \ @@ -15,6 +14,7 @@ CSTD?= gnu99 CFLAGS+= -Wall -DFREEBSD_ELF -DIN_RTLD -DIN_RTLD_CAP -g CFLAGS+= -I${.CURDIR} -I${.CURDIR}/../rtld-elf/${MACHINE_ARCH} -I${.CURDIR}/../rtld-elf LDFLAGS+= -nostdlib -Wl,-e,.rtld_start +WARNS?= 2 INSTALLFLAGS= -C -b PRECIOUSPROG= BINDIR= /libexec @@ -23,7 +23,7 @@ MLINKS= rtld-elf-cap.1 ld-elf-cap.so.1. CFLAGS+= -fpic -DPIC LDFLAGS+= -shared -Wl,-Bsymbolic DPADD= ${LIBC_PIC} -LDADD= -lc_pic +LDADD= -lc_pic -lssp_nonshared .if ${MACHINE_ARCH} != "ia64" .if ${MK_SYMVER} == "yes" From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 22:05:31 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D60561065670; Wed, 3 Feb 2010 22:05:31 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id C63838FC13; Wed, 3 Feb 2010 22:05:31 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13M5VL6021559; Wed, 3 Feb 2010 22:05:31 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13M5Vw8021557; Wed, 3 Feb 2010 22:05:31 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002032205.o13M5Vw8021557@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 22:05:31 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203450 - projects/capabilities8/lib/libc/gen X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 22:05:31 -0000 Author: rwatson Date: Wed Feb 3 22:05:31 2010 New Revision: 203450 URL: http://svn.freebsd.org/changeset/base/203450 Log: In capabilities8 rtld, ld_libdirs is symbol version 1.2, so modify libc so that it also uses version 1.2. Foot shot off: kris Modified: projects/capabilities8/lib/libc/gen/Symbol.map Modified: projects/capabilities8/lib/libc/gen/Symbol.map ============================================================================== --- projects/capabilities8/lib/libc/gen/Symbol.map Wed Feb 3 21:45:09 2010 (r203449) +++ projects/capabilities8/lib/libc/gen/Symbol.map Wed Feb 3 22:05:31 2010 (r203450) @@ -341,7 +341,6 @@ FBSD_1.1 { fts_set; fts_set_clientptr; ld_insandbox; - ld_libdirs; posix_spawn; posix_spawn_file_actions_addclose; posix_spawn_file_actions_adddup2; @@ -370,6 +369,7 @@ FBSD_1.1 { FBSD_1.2 { getpagesizes; + ld_libdirs; }; FBSDprivate_1.0 { From owner-svn-src-projects@FreeBSD.ORG Wed Feb 3 22:31:52 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2DB07106566B; Wed, 3 Feb 2010 22:31:52 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 1D2D68FC14; Wed, 3 Feb 2010 22:31:52 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o13MVqfo027595; Wed, 3 Feb 2010 22:31:52 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o13MVqMf027593; Wed, 3 Feb 2010 22:31:52 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002032231.o13MVqMf027593@svn.freebsd.org> From: Robert Watson Date: Wed, 3 Feb 2010 22:31:52 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203456 - projects/capabilities8/tools/tools/syscall_timing X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Feb 2010 22:31:52 -0000 Author: rwatson Date: Wed Feb 3 22:31:51 2010 New Revision: 203456 URL: http://svn.freebsd.org/changeset/base/203456 Log: Merge c174284 from the TrustedBSD Capabilities p4 branch to capabilities8: Micro-benchmarks for chroot() and setuid(). Sponsored by: Google, Inc. Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c ============================================================================== --- projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 22:20:57 2010 (r203455) +++ projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Wed Feb 3 22:31:51 2010 (r203456) @@ -565,6 +565,38 @@ test_pdfork_exec(int num) benchmark_stop(); } +void +test_chroot(int num) +{ + int i; + + if (chroot("/") < 0) + err(-1, "test_chroot: chroot"); + benchmark_start(); + for (i = 0; i < num; i++) { + if (chroot("/") < 0) + err(-1, "test_chroot: chroot"); + } + benchmark_stop(); +} + +void +test_setuid(int num) +{ + uid_t uid; + int i; + + uid = getuid(); + if (setuid(uid) < 0) + err(-1, "test_setuid: setuid"); + benchmark_start(); + for (i = 0; i < num; i++) { + if (setuid(uid) < 0) + err(-1, "test_setuid: setuid"); + } + benchmark_stop(); +} + /* * A bit like sandbox, in that a process is forked, IPC ping-pong is done, * but with none of the sandboxing goo. @@ -773,6 +805,8 @@ static const struct test tests[] = { { "fork_exec", test_fork_exec }, { "vfork_exec", test_vfork_exec }, { "pdfork_exec", test_pdfork_exec }, + { "chroot", test_chroot }, + { "setuid", test_setuid }, { "pingpong", test_pingpong }, { "sandbox", test_sandbox }, }; From owner-svn-src-projects@FreeBSD.ORG Thu Feb 4 03:19:32 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D0E2F106566C; Thu, 4 Feb 2010 03:19:32 +0000 (UTC) (envelope-from lstewart@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id BE9748FC16; Thu, 4 Feb 2010 03:19:32 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o143JWdu091367; Thu, 4 Feb 2010 03:19:32 GMT (envelope-from lstewart@svn.freebsd.org) Received: (from lstewart@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o143JWNV091360; Thu, 4 Feb 2010 03:19:32 GMT (envelope-from lstewart@svn.freebsd.org) Message-Id: <201002040319.o143JWNV091360@svn.freebsd.org> From: Lawrence Stewart Date: Thu, 4 Feb 2010 03:19:32 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203470 - in projects/tcp_cc_head/sys: conf netinet X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Feb 2010 03:19:32 -0000 Author: lstewart Date: Thu Feb 4 03:19:32 2010 New Revision: 203470 URL: http://svn.freebsd.org/changeset/base/203470 Log: Helpers aren't and don't need to be TCP specific. Added: projects/tcp_cc_head/sys/netinet/helper.c - copied, changed from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper.c projects/tcp_cc_head/sys/netinet/helper.h - copied unchanged from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper.h projects/tcp_cc_head/sys/netinet/helper_module.h - copied unchanged from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper_module.h Deleted: projects/tcp_cc_head/sys/netinet/tcp_helper.c projects/tcp_cc_head/sys/netinet/tcp_helper.h projects/tcp_cc_head/sys/netinet/tcp_helper_module.h Modified: projects/tcp_cc_head/sys/conf/files projects/tcp_cc_head/sys/netinet/ertt.c projects/tcp_cc_head/sys/netinet/tcp_subr.c Modified: projects/tcp_cc_head/sys/conf/files ============================================================================== --- projects/tcp_cc_head/sys/conf/files Thu Feb 4 03:07:48 2010 (r203469) +++ projects/tcp_cc_head/sys/conf/files Thu Feb 4 03:19:32 2010 (r203470) @@ -2435,6 +2435,7 @@ netgraph/ng_vlan.c optional netgraph_vl netinet/accf_data.c optional accept_filter_data inet netinet/accf_dns.c optional accept_filter_dns inet netinet/accf_http.c optional accept_filter_http inet +netinet/helper.c optional inet netinet/if_atm.c optional atm netinet/if_ether.c optional inet ether netinet/igmp.c optional inet @@ -2485,7 +2486,6 @@ netinet/sctp_timer.c optional inet sctp netinet/sctp_usrreq.c optional inet sctp netinet/sctputil.c optional inet sctp netinet/tcp_debug.c optional tcpdebug -netinet/tcp_helper.c optional inet netinet/tcp_hostcache.c optional inet netinet/tcp_input.c optional inet netinet/tcp_lro.c optional inet Modified: projects/tcp_cc_head/sys/netinet/ertt.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/ertt.c Thu Feb 4 03:07:48 2010 (r203469) +++ projects/tcp_cc_head/sys/netinet/ertt.c Thu Feb 4 03:19:32 2010 (r203470) @@ -44,12 +44,12 @@ __FBSDID("$FreeBSD$"); #include #include +#include +#include #include #include #include #include -#include -#include struct ertt { int test; Copied and modified: projects/tcp_cc_head/sys/netinet/helper.c (from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper.c) ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_helper.c Wed Feb 3 04:58:08 2010 (r203416, copy source) +++ projects/tcp_cc_head/sys/netinet/helper.c Thu Feb 4 03:19:32 2010 (r203470) @@ -38,8 +38,8 @@ __FBSDID("$FreeBSD$"); #include #include -#include -#include +#include +#include struct hlpr_head helpers = STAILQ_HEAD_INITIALIZER(helpers); Copied: projects/tcp_cc_head/sys/netinet/helper.h (from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/helper.h Thu Feb 4 03:19:32 2010 (r203470, copy of r203416, projects/tcp_cc_head/sys/netinet/tcp_helper.h) @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _TCP_HELPER_H +#define _TCP_HELPER_H + + +struct helper { + /* Init global module state on kldload. */ + int (*mod_init) (void); + + /* Cleanup global module state on kldunload. */ + int (*mod_destroy) (void); + + int (*block_init) (uintptr_t *data); + int (*block_destroy) (uintptr_t *data); + + uint16_t flags; + + //STAILQ hooks; /* which hooks does this helper want to be called from */ + //STAILQ struct helper_data; + int dynamic_id; /* ID assigned by system to this hlpr's data in the + dynamic array */ + + + STAILQ_ENTRY(helper) entries; +}; + +/* Helper flags */ +#define HLPR_NEEDS_DATABLOCK 0x0001 + +extern STAILQ_HEAD(hlpr_head, helper) helpers; + +int init_datablocks(uintptr_t **array_head, int *nblocks); +int destroy_datablocks(uintptr_t **array_head, int nblocks); +int register_helper(struct helper *h); +int deregister_helper(struct helper *h); + +#endif /* _TCP_HELPER_H */ Copied: projects/tcp_cc_head/sys/netinet/helper_module.h (from r203416, projects/tcp_cc_head/sys/netinet/tcp_helper_module.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/helper_module.h Thu Feb 4 03:19:32 2010 (r203470, copy of r203416, projects/tcp_cc_head/sys/netinet/tcp_helper_module.h) @@ -0,0 +1,51 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETINET_TCP_HELPER_MODULE_H_ +#define _NETINET_TCP_HELPER_MODULE_H_ + +#define DECLARE_HELPER(hlprname, hlpr_data) \ + static moduledata_t hlpr_##hlprname = { \ + #hlprname, \ + hlpr_modevent, \ + hlpr_data \ + }; \ + DECLARE_MODULE(hlprname, hlpr_##hlprname, SI_SUB_PROTO_IFATTACHDOMAIN, \ + SI_ORDER_ANY) + +int hlpr_modevent(module_t mod, int type, void *data); + +MALLOC_DECLARE(M_HLPR); +MALLOC_DEFINE(M_HLPR, "helper data", "Blah"); + + +#endif Modified: projects/tcp_cc_head/sys/netinet/tcp_subr.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_subr.c Thu Feb 4 03:07:48 2010 (r203469) +++ projects/tcp_cc_head/sys/netinet/tcp_subr.c Thu Feb 4 03:19:32 2010 (r203470) @@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -85,7 +86,6 @@ __FBSDID("$FreeBSD$"); #endif #include #include -#include #include #include #include From owner-svn-src-projects@FreeBSD.ORG Thu Feb 4 14:11:15 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 7880C106566B; Thu, 4 Feb 2010 14:11:15 +0000 (UTC) (envelope-from lstewart@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 678C08FC1A; Thu, 4 Feb 2010 14:11:15 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o14EBFah038582; Thu, 4 Feb 2010 14:11:15 GMT (envelope-from lstewart@svn.freebsd.org) Received: (from lstewart@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o14EBFnJ038571; Thu, 4 Feb 2010 14:11:15 GMT (envelope-from lstewart@svn.freebsd.org) Message-Id: <201002041411.o14EBFnJ038571@svn.freebsd.org> From: Lawrence Stewart Date: Thu, 4 Feb 2010 14:11:15 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203488 - in projects/tcp_cc_head/sys: conf netinet X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Feb 2010 14:11:15 -0000 Author: lstewart Date: Thu Feb 4 14:11:15 2010 New Revision: 203488 URL: http://svn.freebsd.org/changeset/base/203488 Log: WIP snapshot of helper framework. Added a helper hooks interface modelled on PFIL to allow creation of more generic hooks than is capable with PFIL. Still need to integrate helper data blocks with the helper hooks KPI. Added: projects/tcp_cc_head/sys/netinet/hhooks.c (contents, props changed) projects/tcp_cc_head/sys/netinet/hhooks.h (contents, props changed) Modified: projects/tcp_cc_head/sys/conf/files projects/tcp_cc_head/sys/netinet/ertt.c projects/tcp_cc_head/sys/netinet/helper.c projects/tcp_cc_head/sys/netinet/helper.h projects/tcp_cc_head/sys/netinet/helper_module.h projects/tcp_cc_head/sys/netinet/tcp_input.c projects/tcp_cc_head/sys/netinet/tcp_subr.c projects/tcp_cc_head/sys/netinet/tcp_var.h Modified: projects/tcp_cc_head/sys/conf/files ============================================================================== --- projects/tcp_cc_head/sys/conf/files Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/conf/files Thu Feb 4 14:11:15 2010 (r203488) @@ -2436,6 +2436,7 @@ netinet/accf_data.c optional accept_fil netinet/accf_dns.c optional accept_filter_dns inet netinet/accf_http.c optional accept_filter_http inet netinet/helper.c optional inet +netinet/hhooks.c optional inet netinet/if_atm.c optional atm netinet/if_ether.c optional inet ether netinet/igmp.c optional inet Modified: projects/tcp_cc_head/sys/netinet/ertt.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/ertt.c Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/ertt.c Thu Feb 4 14:11:15 2010 (r203488) @@ -46,6 +46,7 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include @@ -55,41 +56,40 @@ struct ertt { int test; }; -int ertt_tcpest_hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, - struct inpcb *inp); +void ertt_tcpest_hook(void *udata, void *ctx_data); int ertt_mod_init(void); int ertt_mod_destroy(void); int ertt_block_init(uintptr_t *block); int ertt_block_destroy(uintptr_t *block); -int -ertt_tcpest_hook(void *arg, struct mbuf **m, struct ifnet *ifp, int dir, struct inpcb *inp) +void +ertt_tcpest_hook(void *udata, void *ctx_data) { - struct ertt *e = (struct ertt *)(((struct tcpcb *)inp->inp_ppcb)->helper_data[0]); + //struct ertt *e = (struct ertt *)(((struct tcpcb *)inp->inp_ppcb)->helper_data[0]); //struct ertt *e = (struct ertt *)arg; - printf("In the hook with pkt: 0x%p, ertt->test = %d\n", *m, e->test++); - return (0); + printf("In the hook with ctx_data: %p, curack = %d\n", ctx_data, + ((struct tcp_hhook_data *)ctx_data)->curack); } int ertt_mod_init(void) { - return pfil_add_hook(&ertt_tcpest_hook, NULL, PFIL_IN | PFIL_WAITOK, - pfil_head_get(PFIL_TYPE_TCP, PFIL_TCP_ESTABLISHED)); + return register_hhook(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, + &ertt_tcpest_hook, NULL, HHOOK_WAITOK); } int ertt_mod_destroy(void) { - return pfil_remove_hook(&ertt_tcpest_hook, NULL, PFIL_IN | PFIL_WAITOK, - pfil_head_get(PFIL_TYPE_TCP, PFIL_TCP_ESTABLISHED)); + return deregister_hhook(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, + &ertt_tcpest_hook, NULL, 0); } int ertt_block_init(uintptr_t *block) { - *block = (uintptr_t)malloc(sizeof(struct ertt), M_HLPR, M_NOWAIT); + *block = (uintptr_t)malloc(sizeof(struct ertt), M_HELPER, M_NOWAIT); ((struct ertt *)*block)->test = 5; @@ -103,7 +103,7 @@ int ertt_block_destroy(uintptr_t *block) { KASSERT(block != NULL, ("Block is NULL!")); - free((void *)*block, M_HLPR); + free((void *)*block, M_HELPER); return (0); } Modified: projects/tcp_cc_head/sys/netinet/helper.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/helper.c Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/helper.c Thu Feb 4 14:11:15 2010 (r203488) @@ -56,7 +56,7 @@ init_datablocks(uintptr_t **array_head, return (0); - *array_head = malloc(num_datablocks * sizeof(uintptr_t), M_HLPR, M_NOWAIT + *array_head = malloc(num_datablocks * sizeof(uintptr_t), M_HELPER, M_NOWAIT | M_ZERO); printf("Malloced ptr %p for %d data blocks\n", *array_head, num_datablocks); Modified: projects/tcp_cc_head/sys/netinet/helper.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/helper.h Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/helper.h Thu Feb 4 14:11:15 2010 (r203488) @@ -30,8 +30,8 @@ * $FreeBSD$ */ -#ifndef _TCP_HELPER_H -#define _TCP_HELPER_H +#ifndef _NETINET_HELPER_H_ +#define _NETINET_HELPER_H_ struct helper { @@ -65,4 +65,4 @@ int destroy_datablocks(uintptr_t **array int register_helper(struct helper *h); int deregister_helper(struct helper *h); -#endif /* _TCP_HELPER_H */ +#endif /* _NETINET_HELPER_H_ */ Modified: projects/tcp_cc_head/sys/netinet/helper_module.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/helper_module.h Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/helper_module.h Thu Feb 4 14:11:15 2010 (r203488) @@ -44,8 +44,8 @@ int hlpr_modevent(module_t mod, int type, void *data); -MALLOC_DECLARE(M_HLPR); -MALLOC_DEFINE(M_HLPR, "helper data", "Blah"); +MALLOC_DECLARE(M_HELPER); +MALLOC_DEFINE(M_HELPER, "helper data", "Blah"); #endif Added: projects/tcp_cc_head/sys/netinet/hhooks.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/hhooks.c Thu Feb 4 14:11:15 2010 (r203488) @@ -0,0 +1,289 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD$"); + +#include +#include +#include +#include +#include +#include +#include + +#include + +#include +#include + +#define RLOCK_HHOOK_HEAD 0x01 +#define WLOCK_HHOOK_HEAD 0x02 + +MALLOC_DECLARE(M_HHOOK); +MALLOC_DEFINE(M_HHOOK, "helper hook related memory", "Blah"); + +struct hhook { + hhook_func_t h_func; + void *h_udata; + STAILQ_ENTRY(hhook) h_next; +}; + +typedef STAILQ_HEAD(hhook_list, hhook) hhook_list_t; + +struct hhook_head { + int hh_type; + int hh_id; + int hh_nhooks; + hhook_list_t hh_hooks; + struct rmlock hh_lock; + LIST_ENTRY(hhook_head) hh_next; +}; + +LIST_HEAD(hhookheadhead, hhook_head); +VNET_DEFINE(struct hhookheadhead, hhook_head_list); +#define V_hhook_head_list VNET(hhook_head_list) + +static struct mtx hhook_head_list_lock; +MTX_SYSINIT(hhookheadlistlock, &hhook_head_list_lock, "hhook_head list lock", + MTX_DEF); + +static struct hhook_head * get_hhook_head(int hhook_type, int hhook_id, + struct rm_priotracker* rmpt, int flags); + + +/* + * Public KPI functions + */ +int +register_hhook_head(int hhook_type, int hhook_id, int flags) +{ + struct hhook_head *hh; + + HHOOK_HEAD_LIST_LOCK(); + hh = get_hhook_head(hhook_type, hhook_id, NULL, 0); + + if (hh != NULL) + return (EEXIST); + + hh = malloc(sizeof(struct hhook_head), M_HHOOK, + M_ZERO | ((flags & HHOOK_WAITOK) ? M_WAITOK : M_NOWAIT)); + + if (hh == NULL) + return (ENOMEM); + + printf("About to register hhook_head %p with type: %d and id: %d\n", hh, + hhook_type, hhook_id); + + hh->hh_type = hhook_type; + hh->hh_id = hhook_id; + hh->hh_nhooks = 0; + STAILQ_INIT(&hh->hh_hooks); + HHOOK_HEAD_LOCK_INIT(hh); + + LIST_INSERT_HEAD(&V_hhook_head_list, hh, hh_next); + HHOOK_HEAD_LIST_UNLOCK(); + return (0); +} + +int +deregister_hhook_head(int hhook_type, int hhook_id) +{ + struct hhook_head *hh; + struct hhook *tmp, *tmp2; + int error = 0; + + HHOOK_HEAD_LIST_LOCK(); + hh = get_hhook_head(hhook_type, hhook_id, NULL, WLOCK_HHOOK_HEAD); + + if (hh == NULL) + error = ENOENT; + else { + LIST_REMOVE(hh, hh_next); + + STAILQ_FOREACH_SAFE(tmp, &hh->hh_hooks, h_next, tmp2) { + free(tmp, M_HHOOK); + } + + HHOOK_HEAD_WUNLOCK(hh); + HHOOK_HEAD_LOCK_DESTROY(hh); + free(hh, M_HHOOK); + } + + HHOOK_HEAD_LIST_UNLOCK(); + + /* + TAILQ_FOREACH_SAFE(pfh, &ph->ph_in, pfil_link, pfnext) + free(pfh, M_IFADDR); + TAILQ_FOREACH_SAFE(pfh, &ph->ph_out, pfil_link, pfnext) + free(pfh, M_IFADDR); + */ + + return (error); +} + +int +register_hhook(int hhook_type, int hhook_id, hhook_func_t hook, void *udata, + int flags) +{ + struct hhook *h, *tmp; + struct hhook_head *hh; + int error = 0; + + h = malloc(sizeof(struct hhook), M_HHOOK, (flags & HHOOK_WAITOK) ? + M_WAITOK : M_NOWAIT); + + if (h == NULL) + return (ENOMEM); + + h->h_func = hook; + h->h_udata = udata; + + hh = get_hhook_head(hhook_type, hhook_id, NULL, WLOCK_HHOOK_HEAD); + + if (hh == NULL) { + free(h, M_HHOOK); + return (ENOENT); + } + + STAILQ_FOREACH(tmp, &hh->hh_hooks, h_next) { + if (tmp->h_func == hook && tmp->h_udata == udata) { + error = EEXIST; + break; + } + } + + if (!error) { + STAILQ_INSERT_HEAD(&hh->hh_hooks, h, h_next); + hh->hh_nhooks++; + } + else + free(h, M_HHOOK); + + HHOOK_HEAD_WUNLOCK(hh); + + return (error); +} + +int +deregister_hhook(int hhook_type, int hhook_id, hhook_func_t hook, void *udata, + int flags) +{ + struct hhook *tmp; + struct hhook_head *hh; + + hh = get_hhook_head(hhook_type, hhook_id, NULL, WLOCK_HHOOK_HEAD); + + if (hh == NULL) + return (ENOENT); + + STAILQ_FOREACH(tmp, &hh->hh_hooks, h_next) { + if (tmp->h_func == hook && tmp->h_udata == udata) { + STAILQ_REMOVE(&hh->hh_hooks, tmp, hhook, h_next); + free(tmp, M_HHOOK); + hh->hh_nhooks--; + break; + } + } + + HHOOK_HEAD_WUNLOCK(hh); + return (0); +} + +void +run_hhooks(int hhook_type, int hhook_id, void *ctx_data) +{ + struct hhook_head *hh; + struct hhook *tmp; + struct rm_priotracker rmpt; + + hh = get_hhook_head(hhook_type, hhook_id, &rmpt, RLOCK_HHOOK_HEAD); + + if (hh == NULL) + return; + + STAILQ_FOREACH(tmp, &hh->hh_hooks, h_next) + tmp->h_func(tmp->h_udata, ctx_data); + + HHOOK_HEAD_RUNLOCK(hh, &rmpt); +} + + +/* + * Private KPI functions + */ +static struct hhook_head * +get_hhook_head(int hhook_type, int hhook_id, struct rm_priotracker *rmpt, + int flags) +{ + struct hhook_head *tmp, *ret = NULL; + + /*KASSERT(HHOOK_HEAD_LIST_LOCK_ASSERT(), ("hhook_head_list_lock not + * locked"));*/ + + LIST_FOREACH(tmp, &V_hhook_head_list, hh_next) { + if (tmp->hh_type == hhook_type && tmp->hh_id == hhook_id) { + ret = tmp; + if (flags & RLOCK_HHOOK_HEAD) + HHOOK_HEAD_RLOCK(ret, rmpt); + else if (flags & WLOCK_HHOOK_HEAD) + HHOOK_HEAD_WLOCK(ret); + break; + } + } + + return (ret); +} + +static int +vnet_hhook_init(const void *unused) +{ + + LIST_INIT(&V_hhook_head_list); + return (0); +} + +static int +vnet_hhook_uninit(const void *unused) +{ + + return (0); +} + +#define HHOOK_SYSINIT_ORDER SI_SUB_PROTO_BEGIN +#define HHOOK_MODEVENT_ORDER (SI_ORDER_FIRST) +#define HHOOK_VNET_ORDER (HHOOK_MODEVENT_ORDER + 2) + +VNET_SYSINIT(vnet_hhook_init, HHOOK_SYSINIT_ORDER, HHOOK_VNET_ORDER, + vnet_hhook_init, NULL); + +VNET_SYSUNINIT(vnet_hhook_uninit, HHOOK_SYSINIT_ORDER, HHOOK_VNET_ORDER, + vnet_hhook_uninit, NULL); + Added: projects/tcp_cc_head/sys/netinet/hhooks.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ projects/tcp_cc_head/sys/netinet/hhooks.h Thu Feb 4 14:11:15 2010 (r203488) @@ -0,0 +1,68 @@ +/*- + * Copyright (c) 2010 Lawrence Stewart + * All rights reserved. + * + * This software was developed at the Centre for Advanced Internet + * Architectures, Swinburne University, by Lawrence Stewart, + * made possible in part by a grant from the FreeBSD Foundation. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $FreeBSD$ + */ + +#ifndef _NETINET_HHOOKS_H_ +#define _NETINET_HHOOKS_H_ + +#define HHOOK_WAITOK 0x01 +#define HHOOK_NOWAIT 0x02 + +#define HHOOK_TYPE_TCP 1 + +typedef void (*hhook_func_t)(void *udata, void *ctx_data); + +struct hhook_head; + +int register_hhook_head(int hhook_type, int hhook_id, int flags); +int deregister_hhook_head(int hhook_type, int hhook_id); +int register_hhook(int hhook_type, int hhook_id, hhook_func_t hook, + void *udata, int flags); +int deregister_hhook(int hhook_type, int hhook_id, hhook_func_t hook, + void *udata, int flags); +void run_hhooks(int hhook_type, int hhook_id, void *ctx_data); + + +#define HHOOKED(hh) ((hh)->hh_nhooks > 0) + +#define HHOOK_HEAD_LIST_LOCK() mtx_lock(&hhook_head_list_lock) +#define HHOOK_HEAD_LIST_UNLOCK() mtx_unlock(&hhook_head_list_lock) +#define HHOOK_HEAD_LIST_LOCK_ASSERT() mtx_assert(&hhook_head_list_lock, MA_OWNED) + +#define HHOOK_HEAD_LOCK_INIT(hh) rm_init(&(hh)->hh_lock, "hhook_head rm lock") +#define HHOOK_HEAD_LOCK_DESTROY(hh) rm_destroy(&(hh)->hh_lock) +#define HHOOK_HEAD_WLOCK(hh) rm_wlock(&(hh)->hh_lock) +#define HHOOK_HEAD_WUNLOCK(hh) rm_wunlock(&(hh)->hh_lock) +#define HHOOK_HEAD_RLOCK(hh,rmpt) rm_rlock(&(hh)->hh_lock, (rmpt)) +#define HHOOK_HEAD_RUNLOCK(hh,rmpt) rm_runlock(&(hh)->hh_lock, (rmpt)) + +#endif /* _NETINET_HHOOKS_H_ */ + Modified: projects/tcp_cc_head/sys/netinet/tcp_input.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_input.c Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/tcp_input.c Thu Feb 4 14:11:15 2010 (r203488) @@ -63,6 +63,7 @@ __FBSDID("$FreeBSD$"); #define TCPSTATES /* for logging */ #include +#include #include #include #include @@ -1174,7 +1175,7 @@ tcp_do_segment(struct mbuf *m, struct tc int rstreason, todrop, win; u_long tiwin; struct tcpopt to; - + struct tcp_hhook_data hhook_data; #ifdef TCPDEBUG /* * The size of tcp_saveipgen must be the size of the max ip header, @@ -2123,9 +2124,8 @@ tcp_do_segment(struct mbuf *m, struct tc !TAILQ_EMPTY(&tp->snd_holes))) tcp_sack_doack(tp, &to, th->th_ack); - if (tp->nhelpers > 0 && PFIL_HOOKED(&V_tcpest_pfil_hook)) - pfil_run_hooks(&V_tcpest_pfil_hook, &m, NULL, PFIL_IN, - tp->t_inpcb); + hhook_data.curack = th->th_ack; + run_hhooks(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, &hhook_data); if (SEQ_LEQ(th->th_ack, tp->snd_una)) { if (tlen == 0 && tiwin == tp->snd_wnd) { Modified: projects/tcp_cc_head/sys/netinet/tcp_subr.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_subr.c Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/tcp_subr.c Thu Feb 4 14:11:15 2010 (r203488) @@ -62,11 +62,11 @@ __FBSDID("$FreeBSD$"); #include #include -#include #include #include #include +#include #include #include #include @@ -121,7 +121,6 @@ VNET_DEFINE(int, tcp_v6mssdflt); #endif VNET_DEFINE(int, tcp_minmss); VNET_DEFINE(int, tcp_do_rfc1323); -VNET_DEFINE(struct pfil_head, tcpest_pfil_hook); static VNET_DEFINE(int, icmp_may_rst); static VNET_DEFINE(int, tcp_isn_reseed_interval); @@ -379,11 +378,9 @@ tcp_init(void) V_tcp_inflight_rttthresh = TCPTV_INFLIGHT_RTTTHRESH; - V_tcpest_pfil_hook.ph_type = PFIL_TYPE_TCP; - V_tcpest_pfil_hook.ph_af = PFIL_TCP_ESTABLISHED; - - if(pfil_head_register(&V_tcpest_pfil_hook) != 0) - printf("%s: WARNING: unable to register pfil hook\n", __func__); + if (register_hhook_head(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, + HHOOK_NOWAIT) != 0) + printf("%s: WARNING: unable to register helper hook\n", __func__); cc_init(); Modified: projects/tcp_cc_head/sys/netinet/tcp_var.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_var.h Thu Feb 4 12:50:23 2010 (r203487) +++ projects/tcp_cc_head/sys/netinet/tcp_var.h Thu Feb 4 14:11:15 2010 (r203488) @@ -44,11 +44,11 @@ VNET_DECLARE(int, tcp_do_rfc1323); VNET_DECLARE(int, tcp_reass_qsize); VNET_DECLARE(struct uma_zone *, tcp_reass_zone); -VNET_DECLARE(struct pfil_head, tcpest_pfil_hook); +VNET_DECLARE(struct hhook_head, tcpest_hhook); #define V_tcp_do_rfc1323 VNET(tcp_do_rfc1323) #define V_tcp_reass_qsize VNET(tcp_reass_qsize) #define V_tcp_reass_zone VNET(tcp_reass_zone) -#define V_tcpest_pfil_hook VNET(tcpest_pfil_hook) +#define V_tcpest_hhook VNET(tcpest_hhook) #endif /* _KERNEL */ @@ -247,10 +247,13 @@ struct tcpcb { #define BYTES_ACKED(tp, th) (th->th_ack - tp->snd_una) /* - * TCP specific PFIL hook point identifiers + * TCP specific helper hook point identifiers */ -#define PFIL_TCP_ALL 0 -#define PFIL_TCP_ESTABLISHED 1 +#define HHOOK_TCP_ESTABLISHED 1 + +struct tcp_hhook_data { + tcp_seq curack; +}; /* * Flags for the t_oobflags field. From owner-svn-src-projects@FreeBSD.ORG Fri Feb 5 10:00:18 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 94AF6106566C; Fri, 5 Feb 2010 10:00:18 +0000 (UTC) (envelope-from lstewart@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 840878FC0C; Fri, 5 Feb 2010 10:00:18 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o15A0Io2001932; Fri, 5 Feb 2010 10:00:18 GMT (envelope-from lstewart@svn.freebsd.org) Received: (from lstewart@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o15A0Iw5001923; Fri, 5 Feb 2010 10:00:18 GMT (envelope-from lstewart@svn.freebsd.org) Message-Id: <201002051000.o15A0Iw5001923@svn.freebsd.org> From: Lawrence Stewart Date: Fri, 5 Feb 2010 10:00:18 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203517 - projects/tcp_cc_head/sys/netinet X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 10:00:18 -0000 Author: lstewart Date: Fri Feb 5 10:00:18 2010 New Revision: 203517 URL: http://svn.freebsd.org/changeset/base/203517 Log: Checkpoint commit. Helper's data block is now passed to it's hook. Modified: projects/tcp_cc_head/sys/netinet/ertt.c projects/tcp_cc_head/sys/netinet/helper.c projects/tcp_cc_head/sys/netinet/helper.h projects/tcp_cc_head/sys/netinet/hhooks.c projects/tcp_cc_head/sys/netinet/hhooks.h projects/tcp_cc_head/sys/netinet/tcp_input.c projects/tcp_cc_head/sys/netinet/tcp_subr.c projects/tcp_cc_head/sys/netinet/tcp_var.h Modified: projects/tcp_cc_head/sys/netinet/ertt.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/ertt.c Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/ertt.c Fri Feb 5 10:00:18 2010 (r203517) @@ -52,23 +52,32 @@ __FBSDID("$FreeBSD$"); #include #include +void ertt_tcpest_hook(void *udata, void *ctx_data, void *dblock); +int ertt_mod_init(void); +int ertt_mod_destroy(void); +int ertt_block_init(void **block); +int ertt_block_destroy(void *block); + struct ertt { int test; }; -void ertt_tcpest_hook(void *udata, void *ctx_data); -int ertt_mod_init(void); -int ertt_mod_destroy(void); -int ertt_block_init(uintptr_t *block); -int ertt_block_destroy(uintptr_t *block); +struct helper ertt_helper = { + .mod_init = ertt_mod_init, + .mod_destroy = ertt_mod_destroy, + .block_init = ertt_block_init, + .block_destroy = ertt_block_destroy, + .flags = HELPER_NEEDS_DBLOCK +}; + void -ertt_tcpest_hook(void *udata, void *ctx_data) +ertt_tcpest_hook(void *udata, void *ctx_data, void *dblock) { //struct ertt *e = (struct ertt *)(((struct tcpcb *)inp->inp_ppcb)->helper_data[0]); - //struct ertt *e = (struct ertt *)arg; - printf("In the hook with ctx_data: %p, curack = %d\n", ctx_data, - ((struct tcp_hhook_data *)ctx_data)->curack); + struct ertt *e = (struct ertt *)dblock; + printf("In the hook with errt->test: %d, ctx_data: %p, curack = %u\n", + e->test, ctx_data, ((struct tcp_hhook_data *)ctx_data)->curack); } @@ -76,7 +85,7 @@ int ertt_mod_init(void) { return register_hhook(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, - &ertt_tcpest_hook, NULL, HHOOK_WAITOK); + &ertt_helper, &ertt_tcpest_hook, NULL, HHOOK_WAITOK); } int @@ -87,9 +96,9 @@ ertt_mod_destroy(void) } int -ertt_block_init(uintptr_t *block) +ertt_block_init(void **block) { - *block = (uintptr_t)malloc(sizeof(struct ertt), M_HELPER, M_NOWAIT); + *block = malloc(sizeof(struct ertt), M_HELPER, M_NOWAIT); ((struct ertt *)*block)->test = 5; @@ -100,20 +109,12 @@ ertt_block_init(uintptr_t *block) } int -ertt_block_destroy(uintptr_t *block) +ertt_block_destroy(void *block) { KASSERT(block != NULL, ("Block is NULL!")); - free((void *)*block, M_HELPER); + free(block, M_HELPER); return (0); } -struct helper ertt_helper = { - .mod_init = ertt_mod_init, - .mod_destroy = ertt_mod_destroy, - .block_init = ertt_block_init, - .block_destroy = ertt_block_destroy, - .flags = HLPR_NEEDS_DATABLOCK -}; - DECLARE_HELPER(ertt, &ertt_helper); Modified: projects/tcp_cc_head/sys/netinet/helper.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/helper.c Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/helper.c Fri Feb 5 10:00:18 2010 (r203517) @@ -33,82 +33,100 @@ __FBSDID("$FreeBSD$"); #include #include +#include #include #include #include +#include #include #include #include +static struct rwlock helper_list_lock; +RW_SYSINIT(helperlistlock, &helper_list_lock, "helper list lock"); -struct hlpr_head helpers = STAILQ_HEAD_INITIALIZER(helpers); -static int num_datablocks = 0; +static STAILQ_HEAD(hlpr_head, helper) helpers = STAILQ_HEAD_INITIALIZER(helpers); +static int num_dblocks = 0; +/* Monotonically increasing ID assigned to helpers on registration. */ +static int helper_id = 0; + +static struct helper * get_helper(int id); + +/* + * Public KPI functions. + */ int -init_datablocks(uintptr_t **array_head, int *nblocks) +init_helper_dblocks(struct helper_dblock **dblocks, int *nblocks) { struct helper *h; - int i = 0; + struct helper_dblock *dblock; + int i = 0, error = 0; - if(num_datablocks <= 0) - return (0); + HELPER_LIST_RLOCK(); + if (num_dblocks == 0) { + HELPER_LIST_RUNLOCK(); + return (0); + } - *array_head = malloc(num_datablocks * sizeof(uintptr_t), M_HELPER, M_NOWAIT - | M_ZERO); + *dblocks = malloc(num_dblocks * sizeof(struct helper_dblock), M_HELPER, + M_NOWAIT | M_ZERO); - printf("Malloced ptr %p for %d data blocks\n", *array_head, num_datablocks); - STAILQ_FOREACH(h, &helpers, entries) { - KASSERT(i < num_datablocks, ("Badness!\n")); - if (h->block_init != NULL) { - printf("Calling block_init(%p) for helper: %p\n", - (*array_head)+i, h); - h->block_init((*array_head)+i); + if (*dblocks != NULL) { + printf("Malloced ptr %p for %d data blocks\n", *dblocks, num_dblocks); + STAILQ_FOREACH(h, &helpers, h_next) { + if (h->block_init != NULL) { + dblock = dblocks[i]; + h->block_init(&dblock->block); + dblock->id = h->id; + printf("dblock[%d]: id=%d, block=%p\n", i, + dblock->id, dblock->block); + } + i++; } - i++; - } - - *nblocks = num_datablocks; + *nblocks = num_dblocks; + } else + error = ENOMEM; - return (0); + HELPER_LIST_RUNLOCK(); + return (error); } int -destroy_datablocks(uintptr_t **array_head, int nblocks) +destroy_helper_dblocks(struct helper_dblock *array_head, int nblocks) { struct helper *h; - int i = 0; - //for (; nblocks >= 0; nblocks--) - // h->block_destroy(); - - STAILQ_FOREACH(h, &helpers, entries) { - if (h->block_destroy != NULL) { - printf("Calling block_destroy(%p) for helper: %p\n", - array_head[i], h); - h->block_destroy(array_head[i++]); - } + + HELPER_LIST_WLOCK(); + + for (nblocks--; nblocks >= 0; nblocks--) { + h = get_helper(array_head[nblocks].id); + if (h->block_destroy != NULL) + h->block_destroy(array_head[nblocks].block); } + HELPER_LIST_WUNLOCK(); return (0); } int register_helper(struct helper *h) { - /*for hooks in hlpr - register hlpr_callback for hook - - if !errorgt - h->dynamic_id = X - */ printf("Register helper 0x%p\n", h); - if (h->flags | HLPR_NEEDS_DATABLOCK) - num_datablocks++; + HELPER_LIST_WLOCK(); + + if (h->flags | HELPER_NEEDS_DBLOCK) + num_dblocks++; + + h->id = helper_id++; + + STAILQ_INSERT_TAIL(&helpers, h, h_next); - STAILQ_INSERT_TAIL(&helpers, h, entries); + HELPER_LIST_WUNLOCK(); return (0); } @@ -118,12 +136,32 @@ deregister_helper(struct helper *h) { printf("Deregister helper 0x%p\n", h); - STAILQ_REMOVE(&helpers, h, helper, entries); - num_datablocks--; + HELPER_LIST_WLOCK(); + STAILQ_REMOVE(&helpers, h, helper, h_next); + num_dblocks--; + HELPER_LIST_WUNLOCK(); + + /* Block unload if there are still consumers to avoid mem leak*/ + return (0); } +/* + * Private KPI functions. + */ +static struct helper * +get_helper(int id) +{ + struct helper *h; + HELPER_LIST_LOCK_ASSERT(); + + STAILQ_FOREACH(h, &helpers, h_next) { + if (h->id == id) + return (h); + } + return (NULL); +} /* * Handles kld related events. Returns 0 on success, non-zero on failure. Modified: projects/tcp_cc_head/sys/netinet/helper.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/helper.h Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/helper.h Fri Feb 5 10:00:18 2010 (r203517) @@ -34,6 +34,13 @@ #define _NETINET_HELPER_H_ +struct helper_dblock { + /* ID of the helper this data block is associated with */ + int id; + + void *block; +}; + struct helper { /* Init global module state on kldload. */ int (*mod_init) (void); @@ -41,28 +48,34 @@ struct helper { /* Cleanup global module state on kldunload. */ int (*mod_destroy) (void); - int (*block_init) (uintptr_t *data); - int (*block_destroy) (uintptr_t *data); + int (*block_init) (void **data); + int (*block_destroy) (void *data); uint16_t flags; //STAILQ hooks; /* which hooks does this helper want to be called from */ - //STAILQ struct helper_data; - int dynamic_id; /* ID assigned by system to this hlpr's data in the + unsigned int id; /* ID assigned by system to this hlpr's data in the dynamic array */ - STAILQ_ENTRY(helper) entries; + STAILQ_ENTRY(helper) h_next; }; /* Helper flags */ -#define HLPR_NEEDS_DATABLOCK 0x0001 +#define HELPER_NEEDS_DBLOCK 0x0001 -extern STAILQ_HEAD(hlpr_head, helper) helpers; -int init_datablocks(uintptr_t **array_head, int *nblocks); -int destroy_datablocks(uintptr_t **array_head, int nblocks); +int init_helper_dblocks(struct helper_dblock **dblocks, int *nblocks); +int destroy_helper_dblocks(struct helper_dblock *array_head, int nblocks); int register_helper(struct helper *h); int deregister_helper(struct helper *h); +/*struct helper_dblock * get_helper_dblock(struct helper_dblock *array_head, int +id);*/ + +#define HELPER_LIST_WLOCK() rw_wlock(&helper_list_lock) +#define HELPER_LIST_WUNLOCK() rw_wunlock(&helper_list_lock) +#define HELPER_LIST_RLOCK() rw_rlock(&helper_list_lock) +#define HELPER_LIST_RUNLOCK() rw_runlock(&helper_list_lock) +#define HELPER_LIST_LOCK_ASSERT() rw_assert(&helper_list_lock, RA_LOCKED) #endif /* _NETINET_HELPER_H_ */ Modified: projects/tcp_cc_head/sys/netinet/hhooks.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/hhooks.c Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/hhooks.c Fri Feb 5 10:00:18 2010 (r203517) @@ -53,6 +53,7 @@ MALLOC_DEFINE(M_HHOOK, "helper hook rela struct hhook { hhook_func_t h_func; void *h_udata; + struct helper *h_helper; STAILQ_ENTRY(hhook) h_next; }; @@ -138,31 +139,24 @@ deregister_hhook_head(int hhook_type, in } HHOOK_HEAD_LIST_UNLOCK(); - - /* - TAILQ_FOREACH_SAFE(pfh, &ph->ph_in, pfil_link, pfnext) - free(pfh, M_IFADDR); - TAILQ_FOREACH_SAFE(pfh, &ph->ph_out, pfil_link, pfnext) - free(pfh, M_IFADDR); - */ - return (error); } int -register_hhook(int hhook_type, int hhook_id, hhook_func_t hook, void *udata, - int flags) +register_hhook(int hhook_type, int hhook_id, struct helper *helper, + hhook_func_t hook, void *udata, int flags) { struct hhook *h, *tmp; struct hhook_head *hh; int error = 0; - h = malloc(sizeof(struct hhook), M_HHOOK, (flags & HHOOK_WAITOK) ? - M_WAITOK : M_NOWAIT); + h = malloc(sizeof(struct hhook), M_HHOOK, + M_ZERO | ((flags & HHOOK_WAITOK) ? M_WAITOK : M_NOWAIT)); if (h == NULL) return (ENOMEM); + h->h_helper = helper; h->h_func = hook; h->h_udata = udata; @@ -181,7 +175,7 @@ register_hhook(int hhook_type, int hhook } if (!error) { - STAILQ_INSERT_HEAD(&hh->hh_hooks, h, h_next); + STAILQ_INSERT_TAIL(&hh->hh_hooks, h, h_next); hh->hh_nhooks++; } else @@ -218,19 +212,34 @@ deregister_hhook(int hhook_type, int hho } void -run_hhooks(int hhook_type, int hhook_id, void *ctx_data) +run_hhooks(int hhook_type, int hhook_id, void *ctx_data, + struct helper_dblock *dblocks, int n_dblocks) { struct hhook_head *hh; struct hhook *tmp; struct rm_priotracker rmpt; + int i = 0; + void *dblock = NULL; hh = get_hhook_head(hhook_type, hhook_id, &rmpt, RLOCK_HHOOK_HEAD); if (hh == NULL) return; - STAILQ_FOREACH(tmp, &hh->hh_hooks, h_next) - tmp->h_func(tmp->h_udata, ctx_data); + STAILQ_FOREACH(tmp, &hh->hh_hooks, h_next) { + printf("Running hook %p for helper %d\n", tmp, + tmp->h_helper->id); + if (tmp->h_helper->flags & HELPER_NEEDS_DBLOCK) { + if (n_dblocks == 0 + || i >= n_dblocks + || tmp->h_helper->id != dblocks[i].id) + continue; + dblock = dblocks[i].block; + i++; + } + tmp->h_func(tmp->h_udata, ctx_data, dblock); + dblock = NULL; + } HHOOK_HEAD_RUNLOCK(hh, &rmpt); } Modified: projects/tcp_cc_head/sys/netinet/hhooks.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/hhooks.h Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/hhooks.h Fri Feb 5 10:00:18 2010 (r203517) @@ -38,20 +38,20 @@ #define HHOOK_TYPE_TCP 1 -typedef void (*hhook_func_t)(void *udata, void *ctx_data); +typedef void (*hhook_func_t)(void *udata, void *ctx_data, void *helper_dblock); +struct helper; +struct helper_dblock; struct hhook_head; int register_hhook_head(int hhook_type, int hhook_id, int flags); int deregister_hhook_head(int hhook_type, int hhook_id); -int register_hhook(int hhook_type, int hhook_id, hhook_func_t hook, - void *udata, int flags); +int register_hhook(int hhook_type, int hhook_id, struct helper *helper, + hhook_func_t hook, void *udata, int flags); int deregister_hhook(int hhook_type, int hhook_id, hhook_func_t hook, void *udata, int flags); -void run_hhooks(int hhook_type, int hhook_id, void *ctx_data); - - -#define HHOOKED(hh) ((hh)->hh_nhooks > 0) +void run_hhooks(int hhook_type, int hhook_id, void *ctx_data, + struct helper_dblock *dblocks, int n_dblocks); #define HHOOK_HEAD_LIST_LOCK() mtx_lock(&hhook_head_list_lock) #define HHOOK_HEAD_LIST_UNLOCK() mtx_unlock(&hhook_head_list_lock) Modified: projects/tcp_cc_head/sys/netinet/tcp_input.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_input.c Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/tcp_input.c Fri Feb 5 10:00:18 2010 (r203517) @@ -2125,7 +2125,8 @@ tcp_do_segment(struct mbuf *m, struct tc tcp_sack_doack(tp, &to, th->th_ack); hhook_data.curack = th->th_ack; - run_hhooks(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, &hhook_data); + run_hhooks(HHOOK_TYPE_TCP, HHOOK_TCP_ESTABLISHED, &hhook_data, + tp->dblocks, tp->n_dblocks); if (SEQ_LEQ(th->th_ack, tp->snd_una)) { if (tlen == 0 && tiwin == tp->snd_wnd) { Modified: projects/tcp_cc_head/sys/netinet/tcp_subr.c ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_subr.c Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/tcp_subr.c Fri Feb 5 10:00:18 2010 (r203517) @@ -774,10 +774,9 @@ tcp_newtcpcb(struct inpcb *inp) return NULL; } - KASSERT(tp->helper_data == NULL, ("tp->hlpr_data NOT NULL!")); - init_datablocks(&tp->helper_data, &tp->nhelpers); - printf("tp->helper_data = %p, tp->nhelpers = %d\n", tp->helper_data, - tp->nhelpers); + KASSERT(tp->dblocks == NULL, ("tp->dblocks NOT NULL!")); + init_helper_dblocks(&tp->dblocks, &tp->n_dblocks); + printf("tp->dblocks = %p, tp->n_dblocks = %d\n", tp->dblocks, tp->n_dblocks); #ifdef VIMAGE tp->t_vnet = inp->inp_vnet; @@ -948,7 +947,7 @@ tcp_discardcb(struct tcpcb *tp) if (CC_ALGO(tp)->cb_destroy != NULL) CC_ALGO(tp)->cb_destroy(tp); - destroy_datablocks(&tp->helper_data, tp->nhelpers); + destroy_helper_dblocks(tp->dblocks, tp->n_dblocks); CC_ALGO(tp) = NULL; inp->inp_ppcb = NULL; Modified: projects/tcp_cc_head/sys/netinet/tcp_var.h ============================================================================== --- projects/tcp_cc_head/sys/netinet/tcp_var.h Fri Feb 5 08:56:10 2010 (r203516) +++ projects/tcp_cc_head/sys/netinet/tcp_var.h Fri Feb 5 10:00:18 2010 (r203517) @@ -206,8 +206,8 @@ struct tcpcb { uint64_t _pad[12]; /* 7 UTO, 5 TBD (1-2 CC/RTT?) */ struct cc_algo *cc_algo; /* the algorithm that will manage congestion control*/ void *cc_data; /* pointer to a struct containing data required for the cc algorithm in use */ - uintptr_t *helper_data; /* */ - int nhelpers; + struct helper_dblock *dblocks; /* */ + int n_dblocks; }; /* From owner-svn-src-projects@FreeBSD.ORG Fri Feb 5 15:03:44 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1E79E106568D; Fri, 5 Feb 2010 15:03:44 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 0E9EF8FC08; Fri, 5 Feb 2010 15:03:44 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o15F3hNq072303; Fri, 5 Feb 2010 15:03:43 GMT (envelope-from rwatson@svn.freebsd.org) Received: (from rwatson@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o15F3hQJ072301; Fri, 5 Feb 2010 15:03:43 GMT (envelope-from rwatson@svn.freebsd.org) Message-Id: <201002051503.o15F3hQJ072301@svn.freebsd.org> From: Robert Watson Date: Fri, 5 Feb 2010 15:03:43 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203526 - projects/capabilities8/tools/tools/syscall_timing X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 05 Feb 2010 15:03:44 -0000 Author: rwatson Date: Fri Feb 5 15:03:43 2010 New Revision: 203526 URL: http://svn.freebsd.org/changeset/base/203526 Log: Merge c174286 by rwatson@rwatson_vimage_client on 2010/02/03 22:52:48 Always do one "warmup" run of every test before the measured loops. Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Modified: projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c ============================================================================== --- projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Fri Feb 5 14:41:18 2010 (r203525) +++ projects/capabilities8/tools/tools/syscall_timing/syscall_timing.c Fri Feb 5 15:03:43 2010 (r203526) @@ -860,6 +860,10 @@ main(int argc, char *argv[]) if (the_test == NULL) usage(); + /* + * Run one warmup, then do the real thing (loops) times. + */ + the_test->t_func(iterations); for (k = 0; k < loops; k++) { the_test->t_func(iterations); timespecsub(&ts_end, &ts_start); From owner-svn-src-projects@FreeBSD.ORG Sat Feb 6 04:22:55 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 028551065780; Sat, 6 Feb 2010 04:22:55 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id E54848FC19; Sat, 6 Feb 2010 04:22:54 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o164MsQZ050544; Sat, 6 Feb 2010 04:22:54 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o164MsFe050540; Sat, 6 Feb 2010 04:22:54 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201002060422.o164MsFe050540@svn.freebsd.org> From: Nathan Whitehorn Date: Sat, 6 Feb 2010 04:22:54 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203539 - projects/ppc64/libexec/rtld-elf/powerpc64 X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Feb 2010 04:22:55 -0000 Author: nwhitehorn Date: Sat Feb 6 04:22:54 2010 New Revision: 203539 URL: http://svn.freebsd.org/changeset/base/203539 Log: Add lazy binding support for 64-bit PowerPC. The last remaining bug here is that, despite TLS working, enabling TLS in malloc causes segfaults for some inscrutable reason. Modified: projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Modified: projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Sat Feb 6 04:20:06 2010 (r203538) +++ projects/ppc64/libexec/rtld-elf/powerpc64/reloc.c Sat Feb 6 04:22:54 2010 (r203539) @@ -323,19 +323,25 @@ static int reloc_plt_object(Obj_Entry *obj, const Elf_Rela *rela) { Elf_Addr *where = (Elf_Addr *)(obj->relocbase + rela->r_offset); + Elf_Addr *glink; long reloff; reloff = rela - obj->pltrela; + if (obj->priv == NULL) + obj->priv = malloc(obj->pltrelasize); + glink = obj->priv + reloff*sizeof(Elf_Addr)*2; + if ((reloff < 0) || (reloff >= 0x8000)) { return (-1); } - dbg(" reloc_plt_object: where=%p,reloff=%lx", (void *)where, reloff); + dbg(" reloc_plt_object: where=%p,reloff=%lx,glink=%p", (void *)where, reloff, glink); - memcpy(where, _rtld_powerpc64_pltresolve, sizeof(struct funcdesc)); - ((struct funcdesc *)(where))->toc = reloff; - ((struct funcdesc *)(where))->env = (uint64_t)obj; + memcpy(where, _rtld_bind_start, sizeof(struct funcdesc)); + ((struct funcdesc *)(where))->env = (Elf_Addr)glink; + *(glink++) = (Elf_Addr)obj; + *(glink++) = reloff*sizeof(Elf_Rela); return (0); } @@ -351,7 +357,6 @@ reloc_plt(Obj_Entry *obj) const Elf_Rela *rela; if (obj->pltrelasize != 0) { - relalim = (const Elf_Rela *)((char *)obj->pltrela + obj->pltrelasize); for (rela = obj->pltrela; rela < relalim; rela++) { @@ -449,21 +454,6 @@ reloc_jmpslot(Elf_Addr *wherep, Elf_Addr void init_pltgot(Obj_Entry *obj) { -#if 0 - struct funcdesc *pltcall; - //int N = obj->pltrelasize / sizeof(Elf_Rela); - - pltcall = (struct funcdesc *)obj->pltgot; - - if (pltcall == NULL) { - return; - } - - /* - * Copy the function description into the PLT0 slot - */ - memcpy(pltcall, _rtld_powerpc64_pltresolve, sizeof(*pltcall)); -#endif } void Modified: projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h Sat Feb 6 04:20:06 2010 (r203538) +++ projects/ppc64/libexec/rtld-elf/powerpc64/rtld_machdep.h Sat Feb 6 04:22:54 2010 (r203539) @@ -54,12 +54,6 @@ Elf_Addr reloc_jmpslot(Elf_Addr *where, void _rtld_bind_start(void); /* - * PLT functions. Not really correct prototypes, but the - * symbol values are needed. - */ -void _rtld_powerpc64_pltresolve(void); - -/* * TLS */ Modified: projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S ============================================================================== --- projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Sat Feb 6 04:20:06 2010 (r203538) +++ projects/ppc64/libexec/rtld-elf/powerpc64/rtld_start.S Sat Feb 6 04:22:54 2010 (r203539) @@ -105,56 +105,57 @@ _ENTRY(_rtld_start) /* * _rtld_bind_start() * - * Call into the MI binder. This routine is reached via the PLT call cell, - * and then _rtld_powerpc_pltresolve(). - * On entry, %r13 contains the index of the PLT cell, and %r12 contains - * a pointer to the ELF object for the file. - * Save all registers, call into the binder to resolve and fixup the external + * Call into the MI binder. This routine is reached via the PLT call cell + * On entry, %r11 contains a pointer to the (object, relocation) tuple. + * + * Save all registers, call into the binder to resolve and fixup the external * routine, and then transfer to the external routine on return. */ .globl _rtld_bind _ENTRY(_rtld_bind_start) - stwu %r1,-160(%r1) # stack space for 29 regs + r0/lr/cr - stw %r0,20(%r1) # save r0 mflr %r0 - stw %r0,16(%r1) # save lr + std %r0,16(%r1) # save lr mfcr %r0 - stw %r0,12(%r1) # save cr - stmw %r3,24(%r1) # save r3-r31 + std %r0,8(%r1) # save cr + + stdu %r1,-48-9*8(%r1) # stack space for 8 regs + header + std %r3,48+0*8(%r1) # save r3-r31 + std %r4,48+1*8(%r1) + std %r5,48+2*8(%r1) + std %r6,48+3*8(%r1) + std %r7,48+4*8(%r1) + std %r8,48+5*8(%r1) + std %r9,48+6*8(%r1) + std %r10,48+7*8(%r1) + std %r12,48+8*8(%r1) - mr %r3,%r12 # obj - mulli %r4,%r11,12 # rela index * sizeof(Elf_Rela) + ld %r3,0(%r11) + ld %r4,8(%r11) bl ._rtld_bind # target addr = _rtld_bind(obj, reloff) nop + + ld %r2,8(%r3) + ld %r11,16(%r3) + ld %r3,0(%r3) mtctr %r3 # move absolute target addr into ctr - lmw %r3,24(%r1) # restore r3-r31 - lwz %r0,12(%r1) # restore cr + ld %r3,48+0*8(%r1) # restore r3-r31 + ld %r4,48+1*8(%r1) + ld %r5,48+2*8(%r1) + ld %r6,48+3*8(%r1) + ld %r7,48+4*8(%r1) + ld %r8,48+5*8(%r1) + ld %r9,48+6*8(%r1) + ld %r10,48+7*8(%r1) + ld %r12,48+8*8(%r1) + + addi %r1,%r1,48+9*8 # restore stack + + ld %r0,8(%r1) # restore cr mtcr %r0 - lwz %r0,16(%r1) # restore lr + ld %r0,16(%r1) # restore lr mtlr %r0 - lwz %r0,20(%r1) # restore r0 - addi %r1,%r1,160 # restore stack bctr # jump to target - -/* - * _rtld_powerpc64_pltresolve() - * - * The first time an external routine is called, the PLT slot will - * set up %r2 to the offset of the slot, and will jump to this routine. - * The ELF object is in %r11, and _rtld_bind_start is called - * to complete the binding. - */ -_ENTRY(_rtld_powerpc64_pltresolve) - mr %r13,%r2 - ld %r2,40(%r1) - addis %r12,%r2,_rtld_bind_start@toc@ha - addi %r12,%r12,_rtld_bind_start@toc@l - ld %r2,8(%r12) - ld %r12,0(%r12) - mtctr %r12 - bctr - From owner-svn-src-projects@FreeBSD.ORG Sat Feb 6 20:40:47 2010 Return-Path: Delivered-To: svn-src-projects@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 73586106566C; Sat, 6 Feb 2010 20:40:47 +0000 (UTC) (envelope-from nwhitehorn@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:4f8:fff6::2c]) by mx1.freebsd.org (Postfix) with ESMTP id 5FF838FC12; Sat, 6 Feb 2010 20:40:47 +0000 (UTC) Received: from svn.freebsd.org (localhost [127.0.0.1]) by svn.freebsd.org (8.14.3/8.14.3) with ESMTP id o16KelIq033443; Sat, 6 Feb 2010 20:40:47 GMT (envelope-from nwhitehorn@svn.freebsd.org) Received: (from nwhitehorn@localhost) by svn.freebsd.org (8.14.3/8.14.3/Submit) id o16KelOZ033440; Sat, 6 Feb 2010 20:40:47 GMT (envelope-from nwhitehorn@svn.freebsd.org) Message-Id: <201002062040.o16KelOZ033440@svn.freebsd.org> From: Nathan Whitehorn Date: Sat, 6 Feb 2010 20:40:47 +0000 (UTC) To: src-committers@freebsd.org, svn-src-projects@freebsd.org X-SVN-Group: projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Cc: Subject: svn commit: r203570 - in projects/ppc64/sys/powerpc: aim powerpc X-BeenThere: svn-src-projects@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "SVN commit messages for the src " projects" tree" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 06 Feb 2010 20:40:47 -0000 Author: nwhitehorn Date: Sat Feb 6 20:40:47 2010 New Revision: 203570 URL: http://svn.freebsd.org/changeset/base/203570 Log: Provide a working thread implementation for powerpc64. Modified: projects/ppc64/sys/powerpc/aim/vm_machdep.c projects/ppc64/sys/powerpc/powerpc/exec_machdep.c Modified: projects/ppc64/sys/powerpc/aim/vm_machdep.c ============================================================================== --- projects/ppc64/sys/powerpc/aim/vm_machdep.c Sat Feb 6 20:36:14 2010 (r203569) +++ projects/ppc64/sys/powerpc/aim/vm_machdep.c Sat Feb 6 20:40:47 2010 (r203570) @@ -397,106 +397,3 @@ is_physical_memory(addr) return 1; } -/* - * Threading functions - */ -void -cpu_thread_exit(struct thread *td) -{ -} - -void -cpu_thread_clean(struct thread *td) -{ -} - -void -cpu_thread_alloc(struct thread *td) -{ - struct pcb *pcb; - - pcb = (struct pcb *)((td->td_kstack + td->td_kstack_pages * PAGE_SIZE - - sizeof(struct pcb)) & ~0x2fU); - td->td_pcb = pcb; - td->td_frame = (struct trapframe *)pcb - 1; -} - -void -cpu_thread_free(struct thread *td) -{ -} - -void -cpu_thread_swapin(struct thread *td) -{ -} - -void -cpu_thread_swapout(struct thread *td) -{ -} - -void -cpu_set_upcall(struct thread *td, struct thread *td0) -{ - struct pcb *pcb2; - struct trapframe *tf; - struct callframe *cf; - - pcb2 = td->td_pcb; - - /* Copy the upcall pcb */ - bcopy(td0->td_pcb, pcb2, sizeof(*pcb2)); - - /* Create a stack for the new thread */ - tf = td->td_frame; - bcopy(td0->td_frame, tf, sizeof(struct trapframe)); - tf->fixreg[FIRSTARG] = 0; - tf->fixreg[FIRSTARG + 1] = 0; - tf->cr &= ~0x10000000; - - /* Set registers for trampoline to user mode. */ - cf = (struct callframe *)tf - 1; - memset(cf, 0, sizeof(struct callframe)); - cf->cf_func = (register_t)fork_return; - cf->cf_arg0 = (register_t)td; - cf->cf_arg1 = (register_t)tf; - - pcb2->pcb_sp = (register_t)cf; - #ifdef __powerpc64__ - pcb2->pcb_lr = ((register_t *)fork_trampoline)[0]; - pcb2->pcb_toc = ((register_t *)fork_trampoline)[1]; - #else - pcb2->pcb_lr = (register_t)fork_trampoline; - #endif - pcb2->pcb_cpu.aim.usr_vsid = 0; - pcb2->pcb_cpu.aim.usr_esid = 0; - - /* Setup to release spin count in fork_exit(). */ - td->td_md.md_spinlock_count = 1; - td->td_md.md_saved_msr = PSL_KERNSET; -} - -void -cpu_set_upcall_kse(struct thread *td, void (*entry)(void *), void *arg, - stack_t *stack) -{ - struct trapframe *tf; - uintptr_t sp; - - tf = td->td_frame; - /* align stack and alloc space for frame ptr and saved LR */ - sp = ((uintptr_t)stack->ss_sp + stack->ss_size - sizeof(uint64_t)) & - ~0x1f; - bzero(tf, sizeof(struct trapframe)); - - tf->fixreg[1] = (register_t)sp; - tf->fixreg[3] = (register_t)arg; - tf->srr0 = (register_t)entry; - tf->srr1 = PSL_MBO | PSL_USERSET | PSL_FE_DFLT; - td->td_pcb->pcb_flags = 0; - - td->td_retval[0] = (register_t)entry; - td->td_retval[1] = 0; -} - Modified: projects/ppc64/sys/powerpc/powerpc/exec_machdep.c ============================================================================== --- projects/ppc64/sys/powerpc/powerpc/exec_machdep.c Sat Feb 6 20:36:14 2010 (r203569) +++ projects/ppc64/sys/powerpc/powerpc/exec_machdep.c Sat Feb 6 20:40:47 2010 (r203570) @@ -902,14 +902,132 @@ cpu_set_syscall_retval(struct thread *td } } +/* + * Threading functions + */ +void +cpu_thread_exit(struct thread *td) +{ +} + +void +cpu_thread_clean(struct thread *td) +{ +} + +void +cpu_thread_alloc(struct thread *td) +{ + struct pcb *pcb; + + pcb = (struct pcb *)((td->td_kstack + td->td_kstack_pages * PAGE_SIZE - + sizeof(struct pcb)) & ~0x2fU); + td->td_pcb = pcb; + td->td_frame = (struct trapframe *)pcb - 1; +} + +void +cpu_thread_free(struct thread *td) +{ +} + +void +cpu_thread_swapin(struct thread *td) +{ +} + +void +cpu_thread_swapout(struct thread *td) +{ +} + int cpu_set_user_tls(struct thread *td, void *tls_base) { if (td->td_proc->p_sysent->sv_flags & SV_LP64) - td->td_frame->fixreg[13] = (register_t)tls_base + 0x8000; + td->td_frame->fixreg[13] = (register_t)tls_base + 0x7010; else td->td_frame->fixreg[2] = (register_t)tls_base + 0x7008; return (0); } +void +cpu_set_upcall(struct thread *td, struct thread *td0) +{ + struct pcb *pcb2; + struct trapframe *tf; + struct callframe *cf; + + pcb2 = td->td_pcb; + + /* Copy the upcall pcb */ + bcopy(td0->td_pcb, pcb2, sizeof(*pcb2)); + + /* Create a stack for the new thread */ + tf = td->td_frame; + bcopy(td0->td_frame, tf, sizeof(struct trapframe)); + tf->fixreg[FIRSTARG] = 0; + tf->fixreg[FIRSTARG + 1] = 0; + tf->cr &= ~0x10000000; + + /* Set registers for trampoline to user mode. */ + cf = (struct callframe *)tf - 1; + memset(cf, 0, sizeof(struct callframe)); + cf->cf_func = (register_t)fork_return; + cf->cf_arg0 = (register_t)td; + cf->cf_arg1 = (register_t)tf; + + pcb2->pcb_sp = (register_t)cf; + #ifdef __powerpc64__ + pcb2->pcb_lr = ((register_t *)fork_trampoline)[0]; + pcb2->pcb_toc = ((register_t *)fork_trampoline)[1]; + #else + pcb2->pcb_lr = (register_t)fork_trampoline; + #endif + pcb2->pcb_cpu.aim.usr_vsid = 0; + pcb2->pcb_cpu.aim.usr_esid = 0; + + /* Setup to release spin count in fork_exit(). */ + td->td_md.md_spinlock_count = 1; + td->td_md.md_saved_msr = PSL_KERNSET; +} + +void +cpu_set_upcall_kse(struct thread *td, void (*entry)(void *), void *arg, + stack_t *stack) +{ + struct trapframe *tf; + uintptr_t sp; + + tf = td->td_frame; + /* align stack and alloc space for frame ptr and saved LR */ + sp = ((uintptr_t)stack->ss_sp + stack->ss_size - sizeof(uint64_t)) & + ~0x1f; + bzero(tf, sizeof(struct trapframe)); + + tf->fixreg[1] = (register_t)sp; + tf->fixreg[3] = (register_t)arg; + if (td->td_proc->p_sysent->sv_flags & SV_ILP32) { + tf->srr0 = (register_t)entry; + #ifdef AIM + tf->srr1 = PSL_MBO | PSL_USERSET | PSL_FE_DFLT; + #else + tf->srr1 = PSL_USERSET; + #endif + } else { + #ifdef __powerpc64__ + register_t entry_desc[3]; + (void)copyin((void *)entry, entry_desc, sizeof(entry_desc)); + tf->srr0 = entry_desc[0]; + tf->fixreg[2] = entry_desc[1]; + tf->fixreg[11] = entry_desc[2]; + tf->srr1 = PSL_SF | PSL_MBO | PSL_USERSET | PSL_FE_DFLT; + #endif + } + td->td_pcb->pcb_flags = 0; + + td->td_retval[0] = (register_t)entry; + td->td_retval[1] = 0; +} +