opnsense-src/sys
Mark Johnston 8635c1ad51 shm: Respect PROT_MAX when creating private mappings
We were previously unconditionally adding PROT_WRITE to the maxprot of
private mapping (because a private mapping can be written even if the
fd is read-only), but this might violate the user's PROT_MAX request.

While here, rename cap_maxprot to max_maxprot.  This is the intersection
of the maximum protections imposed by capsicum rights on the fd (not
really relevant for private mappings) and the user-required maximum
protections (which were not being obeyed).  In particular, cap_maxprot
is a misnomer after the introduction of PROT_MAX.

Add some regression test cases.  mmap__maxprot_shm fails without this
patch.

Note: Capsicum's CAP_MMAP_W is a bit ambiguous.  Should it be required
in order to create writeable private mappings?  Currently it is, even
though such mappings don't permit writes to the object referenced by the
fd.

Reported by:	brooks
Reviewed by:	brooks
MFC after:	1 month
Fixes:		c7841c6b8e ("Relax restrictions on private mappings of POSIX shm objects.")
Differential Revision:	https://reviews.freebsd.org/D46741

(cherry picked from commit 33c2c58f0a3db0a6d3996fa14ac7967274678771)
2024-11-04 15:38:35 +00:00
..
amd64 la57: explain how the trampoline works 2024-10-23 21:04:58 +03:00
arm sys: Use the new arm_smccc_invoke macros 2024-10-21 15:03:27 +00:00
arm64 arm64: rockchip: Remove a stray semicolon 2024-10-31 12:40:17 +08:00
bsm
cam ctl: limit memory allocation in pci_virtio_scsi 2024-10-11 11:53:17 -04:00
cddl dtrace/amd64: Remove the dtrace_invop_callsite symbol 2024-10-04 15:56:42 +00:00
compat LinuxKPI: 802.11: adjustments for v6.11 iwlwifi, rtw88 and rtw89 2024-10-31 14:33:57 +00:00
conf GPIO: Add ACPI _AEI support 2024-11-03 08:01:28 -08:00
contrib ena: Upgrade ena-com to freebsd v2.8.0 2024-10-31 14:54:10 +00:00
crypto openssl: Import OpenSSL 3.0.15. 2024-09-27 20:50:47 -07:00
ddb
dev vt: add comments for KDMKTONE ioctl implementation 2024-11-04 08:54:10 -05:00
dts
fs nfs: trivial typo fix 2024-10-29 16:33:33 -04:00
gdb
geom ggate: Avoid dropping the GEOM topology lock in dumpconf 2024-10-18 12:27:13 +00:00
gnu
i386 sys: add conf/std.debug, generic debugging options 2024-10-09 10:44:35 +02:00
isa
kern shm: Respect PROT_MAX when creating private mappings 2024-11-04 15:38:35 +00:00
kgssapi
libkern arm64: Mark the armv8 crc32c as supporting BTI 2024-02-19 13:17:47 +00:00
modules modules: gpioaei: Fix arm64.LINT-FDT breakage 2024-11-03 08:01:28 -08:00
net ifnet: Assert that we are assigning network stack correctly 2024-10-31 12:40:16 +08:00
net80211 net80211: scan/internal: change boolean argument from int to bool 2024-09-28 10:35:12 +00:00
netgraph bluetooth(3): Fix two typos in source code comments 2024-09-23 06:50:34 +02:00
netinet sctp: another cleanup 2024-10-31 12:44:02 +01:00
netinet6 netinet: Explicitly disallow connections to the unspecified address 2024-09-20 11:39:16 +00:00
netipsec ipsec esp: avoid dereferencing freed secasindex 2024-03-04 02:27:17 +02:00
netlink netlink: Wrap long lines 2024-07-21 20:55:27 -04:00
netpfil pf: Stop checking for failures from malloc(M_WAITOK) 2024-09-30 12:44:16 +08:00
netsmb netsmb: Stop checking for failures from malloc(M_WAITOK) 2024-09-30 12:44:16 +08:00
nfs
nfsclient
nfsserver
nlm
ofed ibcore: Mark write-only variables 2024-07-15 12:28:53 +00:00
opencrypto ktls: Remove the socket parameter to ktls_ocf_try() 2024-07-23 09:01:30 -04:00
powerpc ps3: add elfv2 support 2024-10-23 22:08:00 -04:00
riscv sys: add conf/std.debug, generic debugging options 2024-10-09 10:44:35 +02:00
rpc svc.c: Check for a non-NULL xp_socket 2024-05-31 15:35:18 -07:00
security MAC: improve handling of listening sockets 2024-10-31 12:32:36 +01:00
sys sys: Add GPIO_INTR_EDGE_MASK define 2024-11-03 08:01:27 -08:00
teken
tests tests: Stop checking for failures from malloc(M_WAITOK) 2024-09-30 12:44:18 +08:00
tools amd64: do not pass -z rodynamic to ld.bfd when building vdso 2024-10-24 05:44:40 +03:00
ufs softdep_mount: report failure of the softdepflush thread creation 2024-09-22 00:19:50 +03:00
vm vm_meter: Fix laundry accounting 2024-10-29 13:04:25 +00:00
x86 x86: do not leak msi_lock in msix_alloc() on iommu remapping failure 2024-11-03 02:39:43 +02:00
xdr xdr: Stop checking for failures from malloc(M_WAITOK) 2024-09-30 12:44:16 +08:00
xen
Makefile
README.md

FreeBSD Kernel Source:

This directory contains the source files and build glue that make up the FreeBSD kernel and its modules, including both original and contributed software.

Kernel configuration files are located in the conf/ subdirectory of each architecture. GENERIC is the configuration used in release builds. NOTES contains documentation of all possible entries. LINT is a compile-only configuration used to maximize build coverage and detect regressions.

Documentation:

Source code documentation is maintained in a set of man pages, under section 9. These pages are located in share/man/man9, from the top-level of the src tree. Consult intro(9) for an overview of existing pages.

Some additional high-level documentation of the kernel is maintained in the Architecture Handbook.

Source Roadmap:

Directory Description
amd64 AMD64 (64-bit x86) architecture support
arm 32-bit ARM architecture support
arm64 64-bit ARM (AArch64) architecture support
cam Common Access Method storage subsystem - cam(4) and ctl(4)
cddl CDDL-licensed optional sources such as DTrace
conf kernel build glue
compat Linux compatibility layer, FreeBSD 32-bit compatibility
contrib 3rd-party imported software such as OpenZFS
crypto crypto drivers
ddb interactive kernel debugger - ddb(4)
fs most filesystems, excluding UFS, NFS, and ZFS
dev device drivers and other arch independent code
gdb kernel remote GDB stub - gdb(4)
geom GEOM framework - geom(4)
i386 i386 (32-bit x86) architecture support
kern main part of the kernel
libkern libc-like and other support functions for kernel use
modules kernel module infrastructure
net core networking code
net80211 wireless networking (IEEE 802.11) - net80211(4)
netgraph graph-based networking subsystem - netgraph(4)
netinet IPv4 protocol implementation - inet(4)
netinet6 IPv6 protocol implementation - inet6(4)
netipsec IPsec protocol implementation - ipsec(4)
netpfil packet filters - ipfw(4), pf(4), and ipfilter(4)
opencrypto OpenCrypto framework - crypto(7)
powerpc PowerPC/POWER (32 and 64-bit) architecture support
riscv 64-bit RISC-V architecture support
security security facilities - audit(4) and mac(4)
sys kernel headers
tests kernel unit tests
ufs Unix File System - ffs(7)
vm virtual memory system
x86 code shared by AMD64 and i386 architectures