CHN_LOCK()

2002-06-15 Thread Evan Sarmiento 

I keep on getting debug messages like this, both at startup
and right before any sound plays:

Jun 14 23:44:38 teqnix kernel: /usr/src/sys/vm/uma_core.c:1327: could
sleep with
 "pcm0:play:0" locked from /usr/src/sys/dev/sound/pcm/dsp.c:713
heyeh, Jun 14 23:44:38 teqnix kernel: /usr/src/sys/vm/uma_core.c:1327: could
sleep with
 "pcm0:play:0" locked from /usr/src/sys/dev/sound/pcm/dsp.c:713
Jun 14 23:44:38 teqnix kernel: /usr/src/sys/vm/uma_core.c:1327: could
sleep with
 "pcm0:play:0" locked from /usr/src/sys/dev/sound/pcm/dsp.c:713
Jun 14 23:44:38 teqnix kernel: /usr/se.c:1327: could sleep with
"pcm0:play:0" lo
cked from /usr/src/sys/dev/sound/pcm/dsp.c:713
Jun 14 23:44:38 teqnix kernel: /usr/src/sys/vm/uma_core.c:1327: could
sleep with
 "pcm0:play:0" locked from /usr/src/sys/dev/sound/pcm/dsp.c:713
Jun 14 23:44:38 teqnix kernel: /usr/src/sys/vm/uma_core.c:1327: could
sleep with
 "pcm0:play:0" locked from /usr/src/sys/dev/sound/pcm/dsp.c:713

To avoid this, I was wondering if I could change CHN_LOCK() to use
spin locks instead of sleeping mutex locks? Of course I would
make it so that mtx_init has RECURS.. would this work?

- Evan

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

jail.c patch (fixed)

2001-12-10 Thread Evan Sarmiento 

Hey guys.

heh. Sorry about that, I just fixed it and it all works fine. :-) Exams are
making my brain fry.

Here is the revised patch.

Thanks,
- Evan

--- jail.c  Mon Jul 30 06:19:54 2001
+++ jail.modMon Dec 10 14:00:57 2001
@@ -10,9 +10,8 @@
  * 
  */
 
-#include 
+#include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -21,12 +20,13 @@
 int
 main(int argc, char **argv)
 {
+   struct hostent *hp;
struct jail j;
int i;
struct in_addr in;
 
if (argc < 5) 
-   errx(1, "Usage: %s path hostname ip-number command ...\n",
+   errx(1, "Usage: %s path hostname address command ...\n",
argv[0]);
i = chdir(argv[1]);
if (i)
@@ -36,14 +36,26 @@
j.path = argv[1];
j.hostname = argv[2];
i = inet_aton(argv[3], &in);
-   if (!i)
-   errx(1, "Couldn't make sense of ip-number\n");
+
+   if (!i) {
+ hp = gethostbyname(argv[3]);
+
+ if (hp == NULL)
+  errx(1, "gethostbyname(%s): %s (and) inet_aton(%s): Could not
+   make sense of ip-number", argv[3], hstrerror(h_errno), argv[3] );
+
+ else if (hp)
+  in = *(struct in_addr *)hp->h_addr;
+
+}
+   
j.ip_number = ntohl(in.s_addr);
i = jail(&j);
if (i)
-   err(1, "Imprisonment failed");
+ err(1, "Imprisonment failed");
i = execv(argv[4], argv + 4);
if (i)
-   err(1, "execv(%s)", argv[4]);
+ err(1, "execv(%s)", argv[4]);
+
exit (0);
 }

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

jail.c patch

2001-12-10 Thread Evan Sarmiento 

Hello,

I've been reading this thread. I made the augustments to the
patch so that it first checks if it is an IP address, if it is not,
it then tries to see if it is a hostname. If neither are true
it exits with an error.

Hope this is what you're looking for,
Evan

--- jail.c  Mon Jul 30 06:19:54 2001
+++ jail.modMon Dec 10 07:51:03 2001
@@ -10,9 +10,8 @@
  * 
  */
 
-#include 
+#include 
 #include 
-#include 
 #include 
 #include 
 #include 
@@ -21,12 +20,13 @@
 int
 main(int argc, char **argv)
 {
+   struct hostent *hp;
struct jail j;
int i;
struct in_addr in;
 
if (argc < 5) 
-   errx(1, "Usage: %s path hostname ip-number command ...\n",
+   errx(1, "Usage: %s path hostname address command ...\n",
argv[0]);
i = chdir(argv[1]);
if (i)
@@ -36,14 +36,23 @@
j.path = argv[1];
j.hostname = argv[2];
i = inet_aton(argv[3], &in);
+
if (!i)
-   errx(1, "Couldn't make sense of ip-number\n");
+ hp = gethostbyname(argv[3]);
+ if (hp == NULL)
+  errx(1, "gethostbyname(%s): %s (and) inet_aton(%s): Could not
+make sense of ip-number", argv[3], hstrerror(h_errno), argv[3] );
+   
+   if (hp)
+   in = *(struct in_addr *)hp->h_addr;
+
j.ip_number = ntohl(in.s_addr);
i = jail(&j);
if (i)
-   err(1, "Imprisonment failed");
+ err(1, "Imprisonment failed");
i = execv(argv[4], argv + 4);
if (i)
-   err(1, "execv(%s)", argv[4]);
+ err(1, "execv(%s)", argv[4]);
+
exit (0);
 }

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

jail patch

2001-11-25 Thread Evan Sarmiento 

Hello,

I wrote this a while ago, but, if anyone is interested, please
take a look: this module implements a system call that takes
a u_int_32t. This system call, named killjail, kills all processes
which belong to the jail which uses that particular IP address.

I included it in a tar with a makefile and with a program
that uses it. (Eg: ./killjail 1.2.3.4)

http://www.sekt7.org/kjs.tar

Works on 4.4 but can be easily ported to 5.0.

- Evan

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: Changing syscalls numbers

2001-10-31 Thread Evan Sarmiento 

Did you type make init_sysent.c, after editing syscalls.master?

- Evan

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

IMPORTANT!! Re: panic on mount

2001-09-25 Thread Evan Sarmiento 

Hello,

Just to clarify things for everyone who may be having this probme:
there is a panic on bootup with current, within the witness* code.
You can avoid this by commenting out WITNESS in your kernel configuration
and recompiling. It worked for me..

Hope this helps someone.

Thanks,
Evan

John Baldwin writes:
 > 
 > On 25-Sep-01 Bill Fenner wrote:
 > > 
 > > I also started getting this error with recent kernels (in the last
 > > day or so).
 > 
 > It looks like the mutex is really held since the mtx_assert before
 > witness_unlock didn't trigger.  You can try turning witness off for the time
 > being as a workaround.  I'm not sure why witness would be broken, however.
 > 
 > > Mounting root from ufs:/dev/ad0s1a
 > > panic: lock (sleep mutex) vnode interlock not locked @
 > > /usr/src/sys/kern/vfs_default.c:460
 > > Debugger("panic")
 > > Stopped at  Debugger+0x44:  pushl   %ebx
 > > db> t
 > > Debugger(c03c5bbb) at Debugger+0x44
 > > panic(c03c8c40,c03c4b80,c03ccf20,c03cc8a0,1cc) at panic+0x70
 > > witness_unlock(c7765f2c,8,c03cc8a0,1cc,c7765f2c,1,c03c4ba0,f6) at
 > > witness_unlock+0x1d0
 > > _mtx_unlock_flags(c7765f2c,0,c03cc8a0,1cc,c0567bd0) at _mtx_unlock_flags+0x59
 > > vop_nolock(c0567be8,c0567bf8,c02920c2,c0567be8,c0567d4c) at vop_nolock+0x24
 > > vop_defaultop(c0567be8) at vop_defaultop+0x15
 > > vn_lock(c7765ec0,20002,c049f7c4,c0567d4c,c1346680) at vn_lock+0xca
 > > ffs_mountfs(c7765ec0,c1351600,c049f7c4,c0446900,c0567d4c) at ffs_mountfs+0x7e
 > > ffs_mount(c1351600,0,0,0,c049f7c4) at ffs_mount+0x67
 > > vfs_mountroot_try(c05447a8,c03cc48c) at vfs_mountroot_try+0x14e
 > > vfs_mountroot(0,564c00,564000,0,c012caac) at vfs_mountroot+0x5a
 > > mi_startup() at mi_startup+0x90
 > > begin() at begin+0x43
 > > 
 > > I dunno how to get a dump from this point since kern.dumpdev hasn't been
 > > set..
 > > 
 > >   Bill
 > > 
 > > To Unsubscribe: send mail to [EMAIL PROTECTED]
 > > with "unsubscribe freebsd-current" in the body of the message
 > 
 > -- 
 > 
 > John Baldwin <[EMAIL PROTECTED]> -- http://www.FreeBSD.org/~jhb/
 > PGP Key: http://www.baldwin.cx/~john/pgpkey.asc
 > "Power Users Use the Power to Serve!"  -  http://www.FreeBSD.org/
 > 

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

panic on mount

2001-09-23 Thread Evan Sarmiento 

Hello,

After compiling a new kernel, installing it, when my laptop
tries to mount its drive, it panics with this message:

panic: lock (sleep mutex) vnode interlock not locked  @
../../../kern/vfs_default.c:460

which is:

  if (ap->a_flags & LK_INTERLOCK)
 mtx_unlock(&ap->a_vp->v_interlock);

within the function vop_nolock.

Thanks,
Evan

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

interesting -current project

2001-09-15 Thread Evan Sarmiento 

Hello,

Since the relaes for 5.0 was extended another year, an interesting
feature I'd like to see go in to the kernel is hooks. So users
can add extra security checks.. etc. There's a project in its
beginnings right now,
www.freesoftware.fsf.org/jailuser/
Think anyone could join the prfw mailing list and help development?

Thanks,
Evan :)

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

sysent in fork()

2001-09-01 Thread Evan Sarmiento 

Hey,

I have a question about sysent. If a modification
to a processes p->p_sysent and associated substructures
are made, are the changes propagated through fork
to children?

Thanks,

Evan



To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

mutex locking pgrp

2001-08-08 Thread Evan Sarmiento 

Hello,

I was looking through kern_proc.c, and I noticed that unlike pfind,
pgfind does not lock the pointer to a structure being returned,
further investigating showed that the definition fo the pgrp
structure itself, in proc.h, doesn't have a mtx struct defined
within it either.

My proposal is to create a patch that would create pgrp locking,
by adding a mtx to pgrp, and then a MACRO which locks
and unlocks that structure, like PROC_LOCK()

Would this create any problems?

Also, my pr has been sitting in gnats for a while, I think that patch
may be beneficial...
http://www.freebsd.org/cgi/query-pr.cgi?pr=29423

-- 
---
Evan Sarmiento | www.open-root.org 
[EMAIL PROTECTED]  | www.sekt7.org/~ems/
---









To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: kern/29423: [PATCH] kernel security hooks implementation

2001-08-03 Thread Evan Sarmiento 
def KTRACE
  #include 
  #endif
! 
  #include 
  #include 
  #include 
--- 68,74 
  #ifdef KTRACE
  #include 
  #endif
! #include 
  #include 
  #include 
  #include 
***
*** 1029,1036 
--- 1029,1039 
  {
caddr_t params;
int i;
+   int sysnum;
struct sysent *callp;
struct proc *p = curproc;
+   extern int prfw_all_status;
+   struct prfw_all_res *prfw_a;
u_quad_t sticks;
int error;
int narg;
***
*** 1088,1096 
  
if (code >= p->p_sysent->sv_size)
callp = &p->p_sysent->sv_table[0];
!   else
callp = &p->p_sysent->sv_table[code];
! 
narg = callp->sy_narg & SYF_ARGMASK;
  
/*
--- 1091,1100 
  
if (code >= p->p_sysent->sv_size)
callp = &p->p_sysent->sv_table[0];
!   else {
callp = &p->p_sysent->sv_table[code];
!   sysnum = code;  
!   }
narg = callp->sy_narg & SYF_ARGMASK;
  
/*
***
*** 1105, 
  #endif
goto bad;
}
! 
/*
 * Try to run the syscall without the MP lock if the syscall
 * is MP safe.
--- 1109,1139 
  #endif
goto bad;
}
!   
!   if (prfw_all_status && ((prfw_a = prfw_ret_all()) != NULL))
!   {
!   if (prfw_a->ex_root && (p->p_ucred->cr_ruid != 0))
! {
! if ((error = prfw_operation_all(prfw_a->sl, sysnum, prfw_a)) < 2)
!   return (error);
!  }
! if (!(prfw_a->ex_root))
! {
! if ((error = prfw_operation_all(prfw_a->sl, sysnum, prfw_a)) < 2)
!   return (error);
! }
!   if (prfw_a->ex_root && (p->p_ucred->cr_ruid == 0))
! error = 0; 
!   
!   } 
!   
! 
!if (IS_PRFW)
!   {
!   if ((error = prfw_operation_a(prfw_sl, sysnum)) < 2)
! return (error);
!   }
!   
/*
 * Try to run the syscall without the MP lock if the syscall
 * is MP safe.
*** /usr/src/sys/conf/files Thu Jul 26 19:04:46 2001
--- src/sys/conf/files  Fri Aug  3 10:41:46 2001
***
*** 758,763 
--- 758,764 
  kern/kern_idle.c  standard
  kern/kern_intr.c  standard
  kern/kern_jail.c  standard
+ kern/kern_jailuser.cstandard
  kern/kern_kthread.c   standard
  kern/kern_ktr.c   optional ktr
  kern/kern_ktrace.cstandard



-- 
---
Evan Sarmiento | www.open-root.org 
[EMAIL PROTECTED]  | www.sekt7.org/~ems/
---


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

Re: messed up /etc/rc.conf

2001-07-30 Thread Evan Sarmiento 

Hello,
I don't think this is the right mailing list for your question, direct it
to -questions, But, here's how to fix it anyway:
1. mount -ahw

>Delivered-To: [EMAIL PROTECTED]
>Delivered-To: [EMAIL PROTECTED]
>From: Rohit Grover <[EMAIL PROTECTED]>
>Organization: Panasas Inc.
>Date: Mon, 30 Jul 2001 07:55:44 -0700
>X-Mailer: KMail [version 1.0.29]
>Content-Type: text/plain
>MIME-Version: 1.0
>Content-Transfer-Encoding: 8bit
>Sender: [EMAIL PROTECTED]
>List-ID: 
>List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
>List-Help: <mailto:[EMAIL PROTECTED]?subject=help> (List Instructions)
>List-Subscribe: <mailto:[EMAIL PROTECTED]?subject=subscribe%20freebsd-hackers>
>List-Unsubscribe: <mailto:[EMAIL PROTECTED]?subject=unsubscribe%20freebsd-hackers>
>X-Loop: FreeBSD.ORG
>Precedence: bulk
>
>Hello,
>
>I made a mistake while modifying my /etc/rc.conf. I forgot to
>put the terminating quote for a string. Now, my machine fails to boot
>correctly. Upon boot, it gives me an option to launch a shell to
>correct the problem. Interestingly, / is mounted as read-only and so
>I cannot correct /etc/rc.conf. Please help.
>
>regards,
>Rohit Grover.
>
>To Unsubscribe: send mail to [EMAIL PROTECTED]
>with "unsubscribe freebsd-hackers" in the body of the message
>


-- 
---
Evan Sarmiento | www.open-root.org 
[EMAIL PROTECTED]  | www.sekt7.org/~ems/
---


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

hooks

2001-07-25 Thread Evan Sarmiento 

Hello,

I need each system call to check with a master table of restrictions before executing 
a function.
Is there a way to do this without copying and pasting a bit of code that does this 
checking into
every system call?

Thanks,


-- 
---
Evan Sarmiento | www.open-root.org 
[EMAIL PROTECTED]  | www.sekt7.org/~ems/
---


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

passing function ptrs to syscalls

2001-07-23 Thread Evan Sarmiento 

Hello,

I'm writing a system call which requires a function pointer as an argument,
In syscalls.master, it is specified as such:

366 STD BSD { int prfw_inject_fp(int sl, int synum, pid_t pi
d, int (*fp)() ); }

However, when I try compiling the kernel, sysproto complains

In file included from ../../kern/imgact_shell.c:31:
../../sys/sysproto.h:1038: unterminated macro call
../../sys/sysproto.h:1449: warning: preprocessing directive not recognized within 
macro arg
../../sys/sysproto.h:1449: warning: preprocessing directive not recognized within 
macro arg
../../sys/sysproto.h:1449: warning: preprocessing directive not recognized within 
macro arg
../../sys/sysproto.h:1449: warning: preprocessing directive not recognized within 
macro arg
../../sys/sysproto.h:9: unterminated `#if' conditional
In file included from ../../kern/imgact_shell.c:31:
../../sys/sysproto.h:1038: syntax error before `)'
../../sys/sysproto.h:1275: undefined or invalid # directive
../../sys/sysproto.h:1444: undefined or invalid # directive
../../sys/sysproto.h:1448: undefined or invalid # directive
../../sys/sysproto.h:1449: syntax error before `)'

What definition should I use?

Thanks,
Evan

-- 
---
Evan Sarmiento | www.open-root.org 
[EMAIL PROTECTED]  | www.sekt7.org/~ems/
---


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

pfind() question

2001-07-11 Thread Evan Sarmiento 

Hello,

I have a small dilema. My module finds a pointer to a specific proc structure by 
calling pfind(pid). It then makes
changes to that process structure and returns 0. However, when I try and use this 
seemingly simple code,
it core dumps. This is the actual panic message:

[teqnix](~/work/jailuser/current/src/sys/compile/KAWORU)%gdb -k kernel.debug 
/home/kaworu/vmcore.0   
GNU gdb 4.18
Copyright 1998 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for details.
This GDB was configured as "i386-unknown-freebsd"...
SMP 0 cpus
IdlePTD 27757
initial pcb at 332d00
panic messages:
---
dmesg: kvm_read: invalid address (c032a380)
---

cannot read proc pointer at ff84

And here's my code:

int
prfw_setflags(p, uap)
  struct proc *p;
  struct prfw_setflags_r *uap;
{
 register struct proc *nproc;
 ...
 if (uap->id) {
   if((nproc = pfind(uap->id)) == NULL)
 return (0);
 }
 ...
 nproc->p_flag |= P_JAILED; 
}


Am I allowed to change information in this proc structure?

Thanks a lot,
Evan Sarmiento


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

LIST_NEXT()

2001-07-06 Thread Evan Sarmiento 

Hello,

I'm writing a kernel module, and it involves traversing the proc list searching for 
the right structure,
however, when I use SLIST_NEXT(p, p_list) in the program, I get a warning when I 
compile it: 

warning: statement with mo effect

What am I doing wrong? I've read the manpages on queue and looked at the proc 
structure.

Here's the code:
int
prfw_setflags(p, uap)
struct proc *p;
struct prfw_setflags_args *uap;
{
...
if (uap->id) {
 while (uap->id != p->p_pid)
  LIST_NEXT(p, p_list);
}

...
}

Thanks a lot.
Evan Sarmiento


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message

No Subject

2001-06-25 Thread Evan Sarmiento 

Subject: jailuser project
--text follows this line--
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Hello,

I would like your input on a project I am currently working on called Jailuser. Jail, 
which is similar, chroots an enviornment and sets restrictions on processes forked 
within. However, problems arise: Inability to login to jail from console, hard to 
manage externally, have to reproduce base system for each jail (or an nfs mount, but 
insecure)

Therefore, I have created jailuser. Users with UID of 1000 have the same jail 
restrictions, eg. unable to use certain socket functions, sysv ipc, etc. Also, users 
are confined by a "kernel restricted shell", which I have yet to implement.

I have committed a few things, http://savannah.gnu.org/projects/jailuser/, please take 
a look.

Thanks,
Evan
 
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.4 (SunOS)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard 

iEYEARECAAYFAjs3waAACgkQBLUKTEZ4y0bhNQCfYjgfmzM8R9GHdoIY0veoQUFF
7kkAn2Opz8H+RMIF1HIx73Sqw4stTR+J
=L2xv
-END PGP SIGNATURE-


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message