hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2025-01-01 00:18:15 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
e268f54cb4
HardenedBSD/sys/kern
History
Kirk McKusick e268f54cb4 Background: 
When renaming a directory it passes through several intermediate
states. First its new name will be created causing it to have two
names (from possibly different parents). Next, if it has different
parents, its value of ".." will be changed from pointing to the old
parent to pointing to the new parent. Concurrently, its old name
will be removed bringing it back into a consistent state. When fsck
encounters an extra name for a directory, it offers to remove the
"extraneous hard link"; when it finds that the names have been
changed but the update to ".." has not happened, it offers to rewrite
".." to point at the correct parent. Both of these changes were
considered unexpected so would cause fsck in preen mode or fsck in
background mode to fail with the need to run fsck manually to fix
these problems. Fsck running in preen mode or background mode now
corrects these expected inconsistencies that arise during directory
rename. The functionality added with this update is used by fsck
running in background mode to make these fixes.

Solution:

This update adds three new fsck sysctl commands to support background
fsck in correcting expected inconsistencies that arise from incomplete
directory rename operations. They are:

setcwd(dirinode) - set the current directory to dirinode in the
    filesystem associated with the snapshot.
setdotdot(oldvalue, newvalue) - Verify that the inode number for ".."
    in the current directory is oldvalue then change it to newvalue.
unlink(nameptr, oldvalue) - Verify that the inode number associated
    with nameptr in the current directory is oldvalue then unlink it.

As with all other fsck sysctls, these new ones may only be used by
processes with appropriate priviledge.

Reported by:    	jeff
Security issues:	rwatson
2010-01-11 20:44:05 +00:00
..
bus_if.m Add a facility for associating optional descriptions with active interrupt 2009-10-15 14:54:35 +00:00
clock_if.m
cpufreq_if.m
device_if.m
genassym.sh
imgact_aout.c
imgact_elf32.c
imgact_elf64.c
imgact_elf.c If ET_DYN binary has non-zero base address for some reason, honour it 2009-10-18 12:57:48 +00:00
imgact_gzip.c
imgact_shell.c
inflate.c
init_main.c Random number generator initialization cleanup: 2009-10-20 16:36:51 +00:00
init_sysent.c Regenerate 2009-10-27 11:01:15 +00:00
kern_acct.c
kern_alq.c
kern_clock.c Introduce the new kernel thread called "deadlock resolver". 2010-01-09 01:46:38 +00:00
kern_condvar.c
kern_conf.c Update d_mmap() to accept vm_ooffset_t and vm_memattr_t. 2009-12-29 21:51:28 +00:00
kern_cons.c Allow multiple console devices per driver without insane code duplication. 2009-08-24 10:53:30 +00:00
kern_context.c In r197963, a race with thread being selected for signal delivery 2009-10-27 10:47:58 +00:00
kern_cpu.c Free allocated sbufs before returning ENOMEM. 2010-01-08 22:58:50 +00:00
kern_cpuset.c Another nit that both I and ispell missed. 2009-10-26 18:32:06 +00:00
kern_ctf.c
kern_descrip.c On the return path from F_RDAHEAD and F_READAHEAD fcntls, do not 2009-11-20 22:22:53 +00:00
kern_dtrace.c
kern_environment.c Merge change r198561 from projects/mips to head: 2010-01-10 22:34:18 +00:00
kern_event.c If a filter has already been added, actually return EEXIST when trying 2009-12-31 20:56:28 +00:00
kern_exec.c - Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and 2009-10-23 15:14:54 +00:00
kern_exit.c Let access overriding to TTYs depend on the cdev_priv, not the vnode. 2009-12-19 18:42:12 +00:00
kern_fail.c Remove extraneous semicolons, no functional changes. 2010-01-07 21:01:37 +00:00
kern_fork.c Reintroduce the r196640, after fixing the problem with my testing. 2009-09-01 11:41:51 +00:00
kern_idle.c Split P_NOLOAD into a per-thread flag (TDF_NOLOAD). 2009-11-03 16:46:52 +00:00
kern_intr.c Split P_NOLOAD into a per-thread flag (TDF_NOLOAD). 2009-11-03 16:46:52 +00:00
kern_jail.c (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. 2009-12-28 22:56:30 +00:00
kern_kthread.c Reintroduce the r196640, after fixing the problem with my testing. 2009-09-01 11:41:51 +00:00
kern_ktr.c
kern_ktrace.c - Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and 2009-10-23 15:14:54 +00:00
kern_linker.c - Unbreak build with KLD_DEBUG defined 2009-11-17 21:56:12 +00:00
kern_lock.c Fix typos. 2010-01-07 01:24:09 +00:00
kern_lockf.c In lf_iteratelocks_vnode, increment state->ls_threads around iterating 2009-06-25 18:54:56 +00:00
kern_lockstat.c
kern_malloc.c
kern_mbuf.c Add support to the virtual memory system for configuring machine- 2009-07-12 23:31:20 +00:00
kern_mib.c Correct the explination text for the kern.ngroups. It reflects the 2010-01-09 23:22:31 +00:00
kern_module.c
kern_mtxpool.c
kern_mutex.c Revert previous commit and add myself to the list of people who should 2009-09-08 13:19:05 +00:00
kern_ntptime.c
kern_osd.c
kern_physio.c
kern_pmc.c
kern_poll.c Rather than fix questionable ifnet list locking in the implementation of 2009-08-15 23:07:43 +00:00
kern_priv.c
kern_proc.c Remove an unused global. 2009-12-25 20:03:03 +00:00
kern_prot.c Remove the interim vimage containers, struct vimage and struct procg, 2009-07-17 14:48:21 +00:00
kern_resource.c Implement global and per-uid accounting of the anonymous memory. Add 2009-06-23 20:45:22 +00:00
kern_rmlock.c Remove extra spaces (no functional change). 2009-12-25 21:14:05 +00:00
kern_rwlock.c When releasing a read/shared lock we need to use a write memory barrier 2009-09-30 13:26:31 +00:00
kern_sdt.c
kern_sema.c
kern_shutdown.c Don't bother copying the name of a kproc or kthread out into a temporary 2009-10-23 15:09:51 +00:00
kern_sig.c Remove wrong assertion. Debugee is allowed to lose a signal. 2009-12-03 20:16:59 +00:00
kern_subr.c Constify prime numbers. 2009-08-23 09:55:06 +00:00
kern_switch.c - Use DPCPU for SCHED_STATS. This is somewhat awkward because the 2009-06-25 01:33:51 +00:00
kern_sx.c In current code, threads performing an interruptible sleep (on both 2009-12-12 21:31:07 +00:00
kern_synch.c Add new msleep(9) flag PBDY that shall be specified together with 2009-07-14 22:52:46 +00:00
kern_syscalls.c
kern_sysctl.c Make it possible to change the vnet sysctl variables on jails 2009-08-13 10:26:34 +00:00
kern_tc.c
kern_thr.c Currently, when signal is delivered to the process and there is a thread 2009-10-11 16:49:30 +00:00
kern_thread.c Inform hwpmc(4) of a thread's impending demise prior to invoking sched_throw(). 2009-10-25 04:34:47 +00:00
kern_time.c
kern_timeout.c Properly fix callout handling by putting all the per-cpu info in 2009-12-14 12:23:46 +00:00
kern_umtx.c Make a chain be a list of queues, and make threads waiting 2010-01-10 09:31:57 +00:00
kern_uuid.c Rework global locks for interface list and index management, correcting 2009-08-23 20:40:19 +00:00
kern_xxx.c
ksched.c
link_elf_obj.c Add macros VNET_SETNAME and VNET_SYMPREFIX, and expose to userspace if 2009-07-20 07:50:50 +00:00
link_elf.c Build on Jeff Roberson's linker-set based dynamic per-CPU allocator 2009-07-14 22:48:30 +00:00
linker_if.m
Make.tags.inc
Makefile
makesyscalls.sh Add a new COMPAT7 flag for FreeBSD 7.x compatibility system calls. 2009-06-24 13:36:37 +00:00
md4c.c
md5c.c
p1003_1b.c
posix4_mib.c
sched_4bsd.c - Fix a bug in sched_4bsd where the timestamp for the sleeping operation 2010-01-08 14:55:11 +00:00
sched_ule.c Allow swap out of the kernel stack for the thread with priority greater 2009-12-31 18:52:58 +00:00
serdev_if.m
stack_protector.c Random number generator initialization cleanup: 2009-10-20 16:36:51 +00:00
subr_acl_nfs4.c Fix comments. 2010-01-04 12:39:42 +00:00
subr_acl_posix1e.c Now that all the callers seem to be fixed, add KASSERTs to make sure VAPPEND 2009-12-26 11:36:10 +00:00
subr_autoconf.c
subr_blist.c
subr_bufring.c
subr_bus.c Actually set RLE_ALLOCATED when allocating a reserved resource so that 2009-12-30 22:37:28 +00:00
subr_clock.c
subr_devstat.c Update d_mmap() to accept vm_ooffset_t and vm_memattr_t. 2009-12-29 21:51:28 +00:00
subr_disk.c
subr_eventhandler.c If the runcount is non-zero in eventhandler_deregister() then one or more 2009-12-17 21:17:13 +00:00
subr_fattime.c
subr_firmware.c Remove extraneous semicolons, no functional changes. 2010-01-07 21:01:37 +00:00
subr_hints.c
subr_kdb.c * Completely Remove the option STOP_NMI from the kernel. This option 2009-08-13 17:09:45 +00:00
subr_kobj.c
subr_lock.c
subr_log.c Make /dev/klog and kern.msgbuf* MPSAFE. 2009-11-03 21:06:19 +00:00
subr_mbpool.c
subr_mchain.c
subr_module.c
subr_msgbuf.c
subr_param.c Increase HZ_VM from 10 to 100. While 10 hz saves cpu time 2009-07-08 01:09:12 +00:00
subr_pcpu.c Add ddb show dpcpu_off command to ease dpcpu memory debugging. 2009-08-12 12:06:16 +00:00
subr_power.c
subr_prf.c Make /dev/klog and kern.msgbuf* MPSAFE. 2009-11-03 21:06:19 +00:00
subr_prof.c
subr_rman.c
subr_rtc.c
subr_sbuf.c
subr_scanf.c
subr_sglist.c This patch fixes two bugs in sglist(9) and improves robustness of the API via 2009-08-21 02:59:07 +00:00
subr_sleepqueue.c Introduce the new kernel thread called "deadlock resolver". 2010-01-09 01:46:38 +00:00
subr_smp.c Remove forward_roundrobin(), it is unused for quite some time. 2009-09-21 13:09:56 +00:00
subr_stack.c Add stack_print_short() and stack_print_short_ddb() interfaces to 2009-06-24 12:06:15 +00:00
subr_taskqueue.c - Fix several off-by-one errors when using MAXCOMLEN. The p_comm[] and 2009-10-23 15:14:54 +00:00
subr_trap.c Current pselect(3) is implemented in usermode and thus vulnerable to 2009-10-27 10:55:34 +00:00
subr_turnstile.c Introduce the new kernel thread called "deadlock resolver". 2010-01-09 01:46:38 +00:00
subr_unit.c
subr_witness.c SLIP is gone; remove its mutex from witness. 2009-12-29 08:45:27 +00:00
sys_generic.c Current pselect(3) is implemented in usermode and thus vulnerable to 2009-10-27 10:55:34 +00:00
sys_pipe.c Use C99 initialization for struct filterops. 2009-09-12 20:03:45 +00:00
sys_process.c Replace VM_PROT_OVERRIDE_WRITE by VM_PROT_COPY. VM_PROT_OVERRIDE_WRITE has 2009-11-26 05:16:07 +00:00
sys_socket.c Merge the remainder of kern_vimage.c and vimage.h into vnet.c and 2009-08-01 19:26:27 +00:00
syscalls.c Regenerate 2009-10-27 11:01:15 +00:00
syscalls.master Current pselect(3) is implemented in usermode and thus vulnerable to 2009-10-27 10:55:34 +00:00
systrace_args.c Regenerate 2009-10-27 11:01:15 +00:00
sysv_ipc.c Change the ABI of some of the structures used by the SYSV IPC API: 2009-06-24 21:10:52 +00:00
sysv_msg.c Change the ABI of some of the structures used by the SYSV IPC API: 2009-06-24 21:10:52 +00:00
sysv_sem.c Change the ABI of some of the structures used by the SYSV IPC API: 2009-06-24 21:10:52 +00:00
sysv_shm.c - Rename tunable kern.ipc.shmmaxpgs to kern.ipc.shmall. 2009-10-24 19:00:58 +00:00
tty_compat.c Make TIOCSTI work again. 2010-01-04 20:59:52 +00:00
tty_info.c
tty_inq.c
tty_outq.c
tty_pts.c Make TIOCSTI work again. 2010-01-04 20:59:52 +00:00
tty_tty.c
tty_ttydisc.c Print backspaces after echoing an EOF. 2009-10-17 08:59:41 +00:00
tty.c Make TIOCSTI work again. 2010-01-04 20:59:52 +00:00
uipc_accf.c (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. 2009-12-28 22:56:30 +00:00
uipc_cow.c
uipc_debug.c
uipc_domain.c When registering a protocol to an existing protocol domain via 2009-08-24 10:03:41 +00:00
uipc_mbuf2.c
uipc_mbuf.c Add m_mbuftouio() helper function to copy(out) an arbitrary 2009-06-22 22:20:38 +00:00
uipc_mqueue.c Use C99 initialization for struct filterops. 2009-09-12 20:03:45 +00:00
uipc_sem.c Use umtx to implement process sharable semaphore, to make this work, 2010-01-05 02:37:59 +00:00
uipc_shm.c Implement global and per-uid accounting of the anonymous memory. Add 2009-06-23 20:45:22 +00:00
uipc_sockbuf.c In sbappendstream_locked() demote all incoming packet mbufs (and 2009-06-22 21:46:40 +00:00
uipc_socket.c Don't comment on stream socket handling in sosend_dgram, since that's 2009-10-02 21:31:15 +00:00
uipc_syscalls.c Fix argument order in a call to mtx_init. 2009-12-17 00:22:56 +00:00
uipc_usrreq.c Fix build on amd64, where sysctl arg1 is a pointer. 2009-10-05 22:23:12 +00:00
vfs_acl.c Add change that was somehow missed in r192586. It could manifest by 2009-12-03 13:29:24 +00:00
vfs_aio.c Use C99 initialization for struct filterops. 2009-09-12 20:03:45 +00:00
vfs_bio.c When buffer write is failed, it is wrong for brelse() to invalidate 2009-07-19 20:25:59 +00:00
vfs_cache.c Correctly handle unlock for !MAKEENTRY case, after successfull attempt of 2009-08-14 10:57:28 +00:00
vfs_cluster.c Remove a stale comment. The very same revision (r85511) that introduced 2009-06-30 19:39:17 +00:00
vfs_default.c Revert r198873. Having different VAPPEND semantics for VOP_ACCESS(9) 2009-11-11 13:49:22 +00:00
vfs_export.c Set the prison in NFS anon and GSS SVC creds. 2009-09-28 18:07:16 +00:00
vfs_extattr.c Replace AUDIT_ARG() with variable argument macros with a set more more 2009-06-27 13:58:44 +00:00
vfs_hash.c
vfs_init.c
vfs_lookup.c When rename("a", "b/.") is performed, target namei() call returns 2009-11-10 11:50:37 +00:00
vfs_mount.c (S)LIST_HEAD_INITIALIZER takes a (S)LIST_HEAD as an argument. 2009-12-28 22:56:30 +00:00
vfs_subr.c Add a knob to allow reclaim of the directory vnodes that are source of 2009-12-28 15:35:39 +00:00
vfs_syscalls.c Background: 2010-01-11 20:44:05 +00:00
vfs_vnops.c Don't add VAPPEND if the file is not being opened for writing. Note that this 2009-12-08 20:47:10 +00:00
vnode_if.src