Giter VIP home page Giter VIP logo

jorisgio / dragonflybsd Goto Github PK

View Code? Open in Web Editor NEW

This project forked from dragonflybsd/dragonflybsd

2.0 2.0 0.0 281.52 MB

gsoc work on kernel capsicum implementation

Home Page: http://www.dragonflybsd.org/

License: Other

C 91.05% Shell 0.49% Objective-C 0.16% D 0.01% Rebol 0.01% Perl 1.18% R 0.01% C++ 6.27% M 0.01% Awk 0.06% SuperCollider 0.02% Emacs Lisp 0.01% Python 0.02% Erlang 0.01% Assembly 0.64% C# 0.01% Verilog 0.01% CSS 0.01% Tcl 0.01% Logos 0.06%

dragonflybsd's People

Contributors

ahoka avatar akoskovacs avatar bissont avatar bwalex avatar cnst avatar corecode avatar dfcat-xx avatar ekamperi avatar fupjack avatar grimreaper avatar idryomov avatar jfhg avatar jrmarino avatar lentferj avatar markuspf avatar maurizio-lombardi avatar mihaicarabas avatar mneumann avatar nolanlum avatar nthery avatar ntunes avatar randy1 avatar rnoland avatar schmidtm avatar sylvestreg avatar thesjg avatar tuxillo avatar uqs avatar vishesh avatar vsrinivas avatar

Stargazers

avatar avatar

Watchers

avatar avatar avatar

dragonflybsd's Issues

Convert holdfp calls to holdfp_capcheck in various places

Convert the various subsystem to the new API if needed.

netproto/smb/smb_dev.c:391: fp = holdfp(scred->scr_td->td_proc->p_fd, fd, FREAD|FWRITE);
sys/filedesc.h:186:struct file holdfp (struct filedesc *fdp, int fd, int flag);
vm/vm_mmap.c:267: fp = holdfp(p->p_fd, fd, -1);
kern/sys_mqueue.c:185: fp = holdfp(curproc->p_fd, (int)mqd, -1); / XXX: Why -1 ? _/
kern/kern_event.c:791: fp = holdfp(p->p_fd, uap->fd, -1);
kern/kern_event.c:844: fp = holdfp(fdp, kev->ident, -1);
kern/kern_checkpoint.c:742: else if ((fp = holdfp(fdp, uap->fd, FWRITE)) == NULL)
kern/kern_checkpoint.c:754: if ((fp = holdfp(fdp, uap->fd, FREAD)) == NULL) {
kern/vfs_syscalls.c:1060: fp = holdfp(p->p_fd, uap->fd, -1);
kern/vfs_syscalls.c:2552: fp = holdfp(p->p_fd, fd, -1);
kern/imgact_elf.c:1582: fp = holdfp(p->p_fd, i, -1);
kern/uipc_syscalls.c:1463: fp = holdfp(p->p_fd, uap->fd, FREAD);
kern/kern_descrip.c:115:int holdfp_capcheck(struct filedesc *fdp, int fd, struct file *_fpp, int flag,
kern/kern_descrip.c:445: error = holdfp_capcheck(p->p_fd, fd, &fp, -1, CAP_FLOCK, 0);
kern/kern_descrip.c:513: error = holdfp_capcheck(p->p_fd, fd, &fp, -1, CAP_FLOCK, 0);
kern/kern_descrip.c:544: error = holdfp_capcheck(p->p_fd, fd, &fp, -1, CAP_FCNTL, cmd);
kern/kern_descrip.c:1181: error = holdfp_capcheck(p->p_fd, fd, &fp, -1, CAP_SHUTDOWN, 0);
kern/kern_descrip.c:1216: if ((error = holdfp_capcheck(p->p_fd, fd, &fp, -1, CAP_FSTAT, 0)) == NULL)
kern/kern_descrip.c:1256: if ((error = holdfp_capcheck(p->p_fd, uap->fd, &fp, -1, CAP_FPATHCONF, 0)) == NULL)
kern/kern_descrip.c:2401:holdfp_capcheck(struct filedesc _fdp, int fd, struct file *_fpp, int flag, cap_rights_t needrights, int needfcntl)
kern/kern_descrip.c:2445:holdfp(struct filedesc *fdp, int fd, int flag) {
kern/kern_descrip.c:2846: error = holdfp_capcheck(p->p_fd, uap->fd, &fp, -1, CAP_FLOCK, 0);
kern/kern_descrip.c:2924: if ((wfp = holdfp(fdp, sfd, -1)) == NULL)
kern/sys_generic.c:259: fp = holdfp(p->p_fd, fd, FREAD);
kern/sys_generic.c:467: fp = holdfp(p->p_fd, fd, FWRITE);
kern/sys_generic.c:588: fp = holdfp(p->p_fd, fd, FREAD|FWRITE);
kern/subr_diskiocom.c:116: fp = holdfp(curproc->p_fd, recl->fd, -1);
vfs/fdesc/fdesc_vnops.c:303: fp = holdfp(p->p_fd, fd, -1);
vfs/hammer2/hammer2_vfsops.c:532: fp = holdfp(curproc->p_fd, info.cluster_fd, -1);
vfs/hammer2/hammer2_ioctl.c:158: fp = holdfp(curproc->p_fd, recl->fd, -1);
emulation/linux/linux_epoll.c:215: fp = holdfp(p->p_fd, args->epfd, -1);
emulation/linux/linux_epoll.c:266: fp = holdfp(p->p_fd, args->epfd, -1);
emulation/linux/linux_file.c:146: fp = holdfp(p->p_fd, *iresult, -1);
emulation/linux/linux_file.c:160: fp = holdfp(p->p_fd, *iresult, -1);
emulation/linux/linux_file.c:1453: fp = holdfp(td->td_proc->p_fd, args->fd, -1);
dev/disk/xdisk/xdisk.c:259: fp = holdfp(curproc->p_fd, xaioc->fd, -1);

Implement pdkill()

int pdkill(int fd, int signum)

send signal to a process referenced by a process descriptor

Convert holdsock calls to the new API.

Convert subsystem to the new holdsock API if needed.

sys/filedesc.h:187:int holdsock (struct filedesc _fdp, int fdes, struct file *_fpp);
kern/uipc_syscalls.c:147: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:184: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:276: error = holdsock(td->td_proc->p_fd, s, &lfp);
kern/uipc_syscalls.c:499: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:687: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:865: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:1106: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:1169: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:1244: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:1310: error = holdsock(p->p_fd, s, &fp);
kern/uipc_syscalls.c:1569: error = holdsock(p->p_fd, sfd, &fp);
kern/uipc_syscalls.c:1861: error = holdsock(td->td_proc->p_fd, uap->sd, &lfp);
kern/kern_descrip.c:2469: * holdsock() - load the struct file pointer associated
kern/kern_descrip.c:2476:holdsock(struct filedesc _fdp, int fd, struct file *_fpp)
vfs/portal/portal_vfsops.c:93: error = holdsock(curproc->p_fd, args.pa_socket, &fp);
vfs/nfs/nfs_syscalls.c:195: error = holdsock(td->td_proc->p_fd, nfsdarg.sock, &fp);
emulation/linux/linux_socket.c:377: error = holdsock(p->p_fd, linux_args.s, &fp);
dev/disk/iscsi/initiator/iscsi.c:427: if ((error = holdsock(td->td_proc->p_fd, fd, &fp)) == 0) {

Implement poll for procdesc

On dragonfly, poll is implemented using kqueue.
https://github.com/jorisgio/DragonFlyBSD/blob/procdesc/sys/kern/sys_generic.c#L1222

It uses EVFIL_READ and EVFILT_WRITE to implement POLLIN and POLLOUT. For process, since read/write are not implemented, we only want to handle POLLHUP. The current code does not seems to be design for that.

Note that their is also NOTE_PROC https://github.com/jorisgio/DragonFlyBSD/blob/procdesc/sys/kern/kern_event.c#L207 which contains some code we need for process descriptors. Adding a filter for kqueue is as simple as creating a filterops struct with the needed functions. For a file descriptor, the kqfilter function handles the different fileters for NOTE_FILE. Here, we want implement a NOTE_PROC like as NOTE_FILE

ioctls list allocation scheme

ioctls lists are whitelists of ioctls allowed on a file descriptor when CAP_IOCTL is set. Since filedesc entries are protected by spin_lock, we cannot allocate memory easily in critical sections. Hence, the ioctls list are shared, and copy on write.

It removes the malloc out the fork path : we don't need to do a full copy of ioctls list when copying a filedesc entry.

pdgetpid has not the same semantic than freeBSD

FreeBSD caches the pid of the referenced process in a struct ( see http://bxr.su/FreeBSD/sys/sys/procdesc.h#63).
There are 3 cases :

  1. if the process exits, procdesc_exit (http://bxr.su/FreeBSD/sys/kern/sys_procdesc.c#327) is called via exit and destroy the procdesc if the proc descriptor has been closed.
  2. If the process is reap'ed procdesc_reap (http://bxr.su/FreeBSD/sys/kern/sys_procdesc.c#327) is called and destroy the prodesc.
  3. the process exits, but the process descriptor has not been closed : the pid of the process is cached in the procdesc, but the reference to the process is set to NULL.

In case 3, if pdgetpid is called, it will succeed and return the pid of the now dead process. http://bxr.su/FreeBSD/sys/kern/sys_procdesc.c#187

What the point of caching the pid ?

There are two alternatives :

  1. return an error when pdgetpid is called in case 3.
  2. find a way to get the pid of a zombie process

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.