From owner-cvs-all Mon Jan 22 11:24:21 2001 Delivered-To: cvs-all@freebsd.org Received: from fledge.watson.org (fledge.watson.org [204.156.12.50]) by hub.freebsd.org (Postfix) with ESMTP id 00A9C37B400; Mon, 22 Jan 2001 11:23:53 -0800 (PST) Received: from fledge.watson.org (robert@fledge.pr.watson.org [192.0.2.3]) by fledge.watson.org (8.11.1/8.11.1) with SMTP id f0MJNlB22055; Mon, 22 Jan 2001 14:23:47 -0500 (EST) (envelope-from robert@fledge.watson.org) Date: Mon, 22 Jan 2001 14:23:47 -0500 (EST) From: Robert Watson X-Sender: robert@fledge.watson.org To: Peter Pentchev Cc: Dag-Erling Smorgrav , cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/sys/vm vm_zone.c vm_zone.h In-Reply-To: <20010122201559.B11979@ringworld.oblivion.bg> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG If vmstat is broken as a result of no longer being able to waltz through kernel memory, that's probably a good thing, as vmstat should be fixed to use sysctl() instead of kmem as much as possible. We'd really like to elminate the last of the setgid kmem utilities as soon as possible, as the ability to get kmem read access can be used to gain root access (i.e., just because it's setgid kmem and not setuid root doesn't help against a qualified attacker -- or against a qualified exploit used by an unqualified attacker). I've updated a lot of systat to remove use of kmem, but don't know enough about the vm subsystem or networking subsystem to remove what remains without a substantially greater time investment. If the authors of various sections of the kernel code and userland utility set could place an emphasis on avoiding the introduction of new kmem dependencies, and work to elminate old ones, that would be greatly appreciated. (this will also make it easier for portable kernel monitoring tools to be written, and allow graphical monitoring tools to run with less privilege). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services On Mon, 22 Jan 2001, Peter Pentchev wrote: > Is this the commit that broke usr.bin/vmstat/vmstat.c, in the dozmem() > function? It would seem vmstat is still looking for the znext pointer :( > > G'luck, > Peter > > -- > If this sentence didn't exist, somebody would have invented it. > > On Sun, Jan 21, 2001 at 11:01:51PM -0800, Dag-Erling Smorgrav wrote: > > des 2001/01/21 23:01:51 PST > > > > Modified files: > > sys/vm vm_zone.c vm_zone.h > > Log: > > Give this code a major facelift: > > > > - replace the simplelock in struct vm_zone with a mutex. > > > > - use a proper SLIST rather than a hand-rolled job for the zone list. > > > > - add a subsystem lock that protects the zone list and the statistics > > counters. > > > > - merge _zalloc() into zalloc() and _zfree() into zfree(), and > > move them below _zget() so there's no need for a prototype. > > > > - add two initialization functions: one which initializes the > > subsystem mutex and the zone list, and one that currently doesn't > > do anything. > > > > - zap zerror(); use KASSERTs instead. > > > > - dike out half of sysctl_vm_zone(), which was mostly trying to do > > manually what the snprintf() call could do better. > > > > Reviewed by: jhb, jasone > > > > Revision Changes Path > > 1.38 +151 -222 src/sys/vm/vm_zone.c > > 1.16 +16 -13 src/sys/vm/vm_zone.h > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message