Date: Fri, 2 Oct 2009 22:34:33 GMT From: Edward Tomasz Napierala <trasz@FreeBSD.org> To: Perforce Change Reviews <perforce@freebsd.org> Subject: PERFORCE change 169165 for review Message-ID: <200910022234.n92MYXeK091749@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
http://perforce.freebsd.org/chv.cgi?CH=169165 Change 169165 by trasz@trasz_victim on 2009/10/02 22:34:12 IFC. Affected files ... .. //depot/projects/soc2009/trasz_limits/etc/rc.d/routing#5 integrate .. //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#15 integrate .. //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#8 integrate .. //depot/projects/soc2009/trasz_limits/sys/kern/uipc_socket.c#11 integrate .. //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#8 integrate .. //depot/projects/soc2009/trasz_limits/tools/regression/mmap/mmap.c#2 integrate Differences ... ==== //depot/projects/soc2009/trasz_limits/etc/rc.d/routing#5 (text+ko) ==== @@ -2,7 +2,7 @@ # # Configure routing and miscellaneous network tunables # -# $FreeBSD: src/etc/rc.d/routing,v 1.151 2009/10/02 02:28:59 hrs Exp $ +# $FreeBSD: src/etc/rc.d/routing,v 1.152 2009/10/02 20:19:53 hrs Exp $ # # PROVIDE: routing @@ -13,26 +13,80 @@ . /etc/network.subr name="routing" -start_cmd="routing_start" +start_cmd="routing_start doall" stop_cmd="routing_stop" extra_commands="options static" -static_cmd="static_start" -options_cmd="options_start" +static_cmd="routing_start static" +options_cmd="routing_start options" + +afcheck() +{ + case $_af in + ""|inet|inet6|ipx|atm) + ;; + *) + err 1 "Unsupported address family: $_af." + ;; + esac +} routing_start() { - static_start "$@" - options_start "$@" + local _cmd _af _a + _cmd=$1 + _af=$2 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + setroutes $_cmd $_af + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a && setroutes $_cmd $_a + done + ;; + esac + [ -n "${_ropts_initdone}" ] && echo '.' } routing_stop() { - local _af + local _af _a + _af=$1 + + afcheck + + case $_af in + inet|inet6|ipx|atm) + eval static_${_af} delete + eval routing_stop_${_af} + ;; + "") + for _a in inet inet6 ipx atm; do + afexists $_a || continue + eval static_${_a} delete + eval routing_stop_${_a} + done + ;; + esac +} - static_stop "$@" - for _af in inet inet6; do - afexists ${_af} && eval routing_stop_${_af} - done +setroutes() +{ + case $1 in + static) + static_$2 add + ;; + options) + options_$2 + ;; + doall) + static_$2 add + options_$2 + ;; + esac } routing_stop_inet() @@ -50,47 +104,16 @@ done } -static_start() +routing_stop_atm() { - local _af - _af=$1 - - case ${_af} in - inet|inet6|atm) - do_static add ${_af} - ;; - "") - do_static add inet inet6 atm - ;; - esac + return 0 } -static_stop() +routing_stop_ipx() { - local _af - _af=$1 - - case ${_af} in - inet|inet6|atm) - do_static delete ${_af} - ;; - "") - do_static delete inet inet6 atm - ;; - esac + return 0 } -do_static() -{ - local _af _action - _action=$1 - - shift - for _af in "$@"; do - afexists ${_af} && eval static_${_af} ${_action} - done -} - static_inet() { local _action @@ -233,6 +256,10 @@ fi } +static_ipx() +{ +} + _ropts_initdone= ropts_init() { @@ -242,16 +269,6 @@ fi } -options_start() -{ - local _af - - for _af in inet inet6 ipx; do - afexists ${_af} && eval options_${_af} - done - [ -n "${_ropts_initdone}" ] && echo '.' -} - options_inet() { if checkyesno icmp_bmcastecho; then @@ -322,6 +339,10 @@ fi } +options_atm() +{ +} + options_ipx() { if checkyesno ipxgateway_enable; then ==== //depot/projects/soc2009/trasz_limits/sys/kern/init_main.c#15 (text+ko) ==== @@ -42,7 +42,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/init_main.c,v 1.305 2009/10/01 10:53:12 avg Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/init_main.c,v 1.306 2009/10/02 17:48:51 bz Exp $"); #include "opt_ddb.h" #include "opt_init_path.h" @@ -510,6 +510,11 @@ pmap_pinit0(vmspace_pmap(&vmspace0)); p->p_vmspace = &vmspace0; vmspace0.vm_refcnt = 1; + + /* + * proc0 is not expected to enter usermode, so there is no special + * handling for sv_minuser here, like is done for exec_new_vmspace(). + */ vm_map_init(&vmspace0.vm_map, p->p_sysent->sv_minuser, p->p_sysent->sv_maxuser); vmspace0.vm_map.pmap = vmspace_pmap(&vmspace0); ==== //depot/projects/soc2009/trasz_limits/sys/kern/kern_exec.c#8 (text+ko) ==== @@ -25,7 +25,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.338 2009/09/09 10:52:36 kib Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/kern_exec.c,v 1.339 2009/10/02 17:48:51 bz Exp $"); #include "opt_hwpmc_hooks.h" #include "opt_kdtrace.h" @@ -122,6 +122,11 @@ SYSCTL_ULONG(_kern, OID_AUTO, ps_arg_cache_limit, CTLFLAG_RW, &ps_arg_cache_limit, 0, ""); +static int map_at_zero = 0; +TUNABLE_INT("security.bsd.map_at_zero", &map_at_zero); +SYSCTL_INT(_security_bsd, OID_AUTO, map_at_zero, CTLFLAG_RW, &map_at_zero, 0, + "Permit processes to map an object at virtual address 0."); + static int sysctl_kern_ps_strings(SYSCTL_HANDLER_ARGS) { @@ -1002,7 +1007,7 @@ int error; struct proc *p = imgp->proc; struct vmspace *vmspace = p->p_vmspace; - vm_offset_t stack_addr; + vm_offset_t sv_minuser, stack_addr; vm_map_t map; u_long ssiz; @@ -1018,13 +1023,17 @@ * not disrupted */ map = &vmspace->vm_map; - if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv->sv_minuser && + if (map_at_zero) + sv_minuser = sv->sv_minuser; + else + sv_minuser = MAX(sv->sv_minuser, PAGE_SIZE); + if (vmspace->vm_refcnt == 1 && vm_map_min(map) == sv_minuser && vm_map_max(map) == sv->sv_maxuser) { shmexit(vmspace); pmap_remove_pages(vmspace_pmap(vmspace)); vm_map_remove(map, vm_map_min(map), vm_map_max(map)); } else { - error = vmspace_exec(p, sv->sv_minuser, sv->sv_maxuser); + error = vmspace_exec(p, sv_minuser, sv->sv_maxuser); if (error) return (error); vmspace = p->p_vmspace; ==== //depot/projects/soc2009/trasz_limits/sys/kern/uipc_socket.c#11 (text+ko) ==== @@ -95,7 +95,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/kern/uipc_socket.c,v 1.344 2009/09/15 22:23:45 andre Exp $"); +__FBSDID("$FreeBSD: src/sys/kern/uipc_socket.c,v 1.345 2009/10/02 21:31:15 rwatson Exp $"); #include "opt_inet.h" #include "opt_inet6.h" @@ -970,9 +970,6 @@ * must use a signed comparison of space and resid. On the other * hand, a negative resid causes us to loop sending 0-length * segments to the protocol. - * - * Also check to make sure that MSG_EOR isn't used on SOCK_STREAM - * type sockets since that's an error. */ if (resid < 0) { error = EINVAL; ==== //depot/projects/soc2009/trasz_limits/sys/vm/vm_mmap.c#8 (text+ko) ==== @@ -41,7 +41,7 @@ */ #include <sys/cdefs.h> -__FBSDID("$FreeBSD: src/sys/vm/vm_mmap.c,v 1.235 2009/09/27 14:49:51 simon Exp $"); +__FBSDID("$FreeBSD: src/sys/vm/vm_mmap.c,v 1.236 2009/10/02 17:51:46 bz Exp $"); #include "opt_compat.h" #include "opt_hwpmc_hooks.h" @@ -97,14 +97,6 @@ "Maximum number of memory-mapped files per process"); /* - * 'mmap_zero' determines whether or not MAP_FIXED mmap() requests for - * virtual address zero are permitted. - */ -static int mmap_zero; -SYSCTL_INT(_security_bsd, OID_AUTO, mmap_zero, CTLFLAG_RW, &mmap_zero, 0, - "Processes may map an object at virtual address zero"); - -/* * Set the maximum number of vm_map_entry structures per process. Roughly * speaking vm_map_entry structures are tiny, so allowing them to eat 1/100 * of our KVM malloc space still results in generous limits. We want a @@ -277,13 +269,6 @@ if (addr & PAGE_MASK) return (EINVAL); - /* - * Mapping to address zero is only permitted if - * mmap_zero is enabled. - */ - if (addr == 0 && !mmap_zero) - return (EINVAL); - /* Address range must be all in user VM space. */ if (addr < vm_map_min(&vms->vm_map) || addr + size > vm_map_max(&vms->vm_map)) ==== //depot/projects/soc2009/trasz_limits/tools/regression/mmap/mmap.c#2 (text+ko) ==== @@ -23,7 +23,7 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $FreeBSD: src/tools/regression/mmap/mmap.c,v 1.1 2009/09/27 21:03:33 bz Exp $ + * $FreeBSD: src/tools/regression/mmap/mmap.c,v 1.2 2009/10/02 17:53:48 bz Exp $ */ #include <sys/param.h> @@ -36,7 +36,7 @@ const struct tests { void *addr; - int ok[2]; /* Depending on security.bsd.mmap_zero {0, !=0}. */ + int ok[2]; /* Depending on security.bsd.map_at_zero {0, !=0}. */ } tests[] = { { (void *)0, { 0, 1 } }, /* Test sysctl. */ { (void *)1, { 0, 0 } }, @@ -54,37 +54,37 @@ { void *p; size_t len; - int i, error, mib[3], mmap_zero; + int i, error, mib[3], map_at_zero; error = 0; - /* Get the current sysctl value of security.bsd.mmap_zero. */ + /* Get the current sysctl value of security.bsd.map_at_zero. */ len = sizeof(mib) / sizeof(*mib); - if (sysctlnametomib("security.bsd.mmap_zero", mib, &len) == -1) - err(1, "sysctlnametomib(security.bsd.mmap_zero)"); + if (sysctlnametomib("security.bsd.map_at_zero", mib, &len) == -1) + err(1, "sysctlnametomib(security.bsd.map_at_zero)"); - len = sizeof(mmap_zero); - if (sysctl(mib, 3, &mmap_zero, &len, NULL, 0) == -1) - err(1, "sysctl(security.bsd.mmap_zero)"); + len = sizeof(map_at_zero); + if (sysctl(mib, 3, &map_at_zero, &len, NULL, 0) == -1) + err(1, "sysctl(security.bsd.map_at_zero)"); /* Normalize to 0 or 1 for array access. */ - mmap_zero = !!mmap_zero; + map_at_zero = !!map_at_zero; for (i=0; i < (sizeof(tests) / sizeof(*tests)); i++) { p = mmap((void *)tests[i].addr, PAGE_SIZE, PROT_READ | PROT_WRITE | PROT_EXEC, MAP_ANON | MAP_FIXED, -1, 0); if (p == MAP_FAILED) { - if (tests[i].ok[mmap_zero] != 0) + if (tests[i].ok[map_at_zero] != 0) error++; warnx("%s: mmap(%p, ...) failed.", - (tests[i].ok[mmap_zero] == 0) ? "OK " : "ERR", + (tests[i].ok[map_at_zero] == 0) ? "OK " : "ERR", tests[i].addr); } else { - if (tests[i].ok[mmap_zero] != 1) + if (tests[i].ok[map_at_zero] != 1) error++; warnx("%s: mmap(%p, ...) succeeded: p=%p", - (tests[i].ok[mmap_zero] == 1) ? "OK " : "ERR", + (tests[i].ok[map_at_zero] == 1) ? "OK " : "ERR", tests[i].addr, p); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200910022234.n92MYXeK091749>