Fix build breakage caused by #176061 (#176283)
https://github.com/llvm/llvm-project/pull/176061 added an extern
declaration of `EnableMachineCombinerPass`, which is `static`, causing
missing symbol errors in the debug build. This PR fixes this by making
that symbol non-static. Furthermore, this PR renames that symbol to
`X86EnableMachineCombinerPass` as `EnableMachineCombinerPass` exists in
other places.
17211 Tools svccfg build missing LIBSCF
Reviewed by: Bill Sommerfeld <sommerfeld at hamachi.org>
Reviewed by: Andy Fiddaman <illumos at fiddaman.net>
Approved by: Gordon Ross <gordon.w.ross at gmail.com>
kernel: modules: Add SPDX license identifier to kmod.c
Add a GPL-2.0 license identifier line for this file.
kmod.c was originally introduced in the kernel in February
of 1998 by Linus Torvalds - who was familiar with kernel
licensing at the time this was introduced.
Signed-off-by: Tim Bird <tim.bird at sony.com>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
jail: document the mac.label parameter
In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators. Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.
Differential Revision: https://reviews.freebsd.org/D54067
libjail: extend struct handlers to included MAC labels
MAC label handling is a little special; to avoid being too disruptive,
we allocate a `mac_t *` here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:
- A custom free() handler to avoid leaking the *jp_value
- A custom jailparam_get() handler to mac_prepare() the mac_t and
populate the iove properly, so that the kernel doesn't have to
do something funky like copyin, dereference, copyin again.
- A custom jailparam_set() handler to similarly populate the iovec
properly.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53960
libjail: start refactoring struct ioctl support
Instead of ad-hoc comparisons against the struct type in a few places,
start to abstract out an interface for dealing with struct types. For
now, this just means that we have some special jailparam_import and
jailparam_export handling for the ip addr types, but in the next commit
we'll extend it further to support MAC labels.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53959
libjail: extend struct handlers to included MAC labels
MAC label handling is a little special; to avoid being too disruptive,
we allocate a `mac_t *` here for the value so that we can mac_prepare()
or mac_from_text() into. As a result, we need:
- A custom free() handler to avoid leaking the *jp_value
- A custom jailparam_get() handler to mac_prepare() the mac_t and
populate the iove properly, so that the kernel doesn't have to
do something funky like copyin, dereference, copyin again.
- A custom jailparam_set() handler to similarly populate the iovec
properly.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53960
libjail: start refactoring struct ioctl support
Instead of ad-hoc comparisons against the struct type in a few places,
start to abstract out an interface for dealing with struct types. For
now, this just means that we have some special jailparam_import and
jailparam_export handling for the ip addr types, but in the next commit
we'll extend it further to support MAC labels.
Reviewed by: jamie
Differential Revision: https://reviews.freebsd.org/D53959
jail: document the mac.label parameter
In particular, we should provide a hint about mac.conf(5), since libjail
will just use the mac_prepare_type(3) API to provide a reasonably sane
interface for system administrators. Progammers wanting to fetch an
arbitrary MAC label would need to bypass libjail and use jail_get(2)
directly with their own prepared `struct mac`.
Differential Revision: https://reviews.freebsd.org/D54067
mac_set_fd(3): add support for jail descriptors
We'll still add an old-fashioned jail param to configure jail MAC
labels, but for testing it's really easy to grab a jaildesc and use
that.
Reviewed by: jamie, olce
Differential Revision: https://reviews.freebsd.org/D53956
kern: mac: add various jail MAC hooks
This adds the following hooks:
- mpo_prison_check_attach: check for subject capability to attach to
a given jail
- mpo_prison_check_create: check for subject capability to create a
jail with the given option set
- mpo_prison_check_get: check for subject capability to fetch the
given parameters for a jail
- mpo_prison_check_set: check for subject capability to set the
given parameters for a jail
- mpo_prison_check_remove: check for subject capability to remove the
jail
check_get wouldn't typically be a privileged operation, but is included
to give MAC policies a wider range of capabilities at a relatively low
cost. We also add two more for the purpose of label propagation:
- mpo_prison_created: surface the creation of a jail so that one can
do propagation to, e.g., the root vnode or any mounts
[28 lines not shown]
kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.
We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53957
kern: add a mac.label jail parameter
Have it take a `struct mac` and we'll paper over the difference for
jail(8)/jls(8) in libjail(3). The mac_syscalls.h model is taken from
mac_set_proc_*() that were previously done.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53958
kern: add a mac.label jail parameter
Have it take a `struct mac` and we'll paper over the difference for
jail(8)/jls(8) in libjail(3). The mac_syscalls.h model is taken from
mac_set_proc_*() that were previously done.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53958
mac: add macros for 5-argument SDT probes
A last-minute change to the jail MAC entry points in D53954 is going to
pass the jail_[gs]et(2) flags to mac_prison_check_[gs]et() so that a
policy can, e.g., reject or allow a change if the intent is to
immediately attach, or disallow some fetching of dying jails.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D54658
kern: mac: pull mac_label_copyin_string out
A future commit to the area will further our jail integration and add
a use for this: the struct mac itself was already copied in as part of
vfs_buildopts(), so we only need to copyin the strings.
We add an explicit flag argument because the jail operation will need to
do it while holding the prison lock.
Reviewed by: olce
Differential Revision: https://reviews.freebsd.org/D53957
mac: add macros for 5-argument SDT probes
A last-minute change to the jail MAC entry points in D53954 is going to
pass the jail_[gs]et(2) flags to mac_prison_check_[gs]et() so that a
policy can, e.g., reject or allow a change if the intent is to
immediately attach, or disallow some fetching of dying jails.
Reviewed by: markj
Differential Revision: https://reviews.freebsd.org/D54658
mac_set_fd(3): add support for jail descriptors
We'll still add an old-fashioned jail param to configure jail MAC
labels, but for testing it's really easy to grab a jaildesc and use
that.
Reviewed by: jamie, olce
Differential Revision: https://reviews.freebsd.org/D53956
jaildesc: add an accessor for the struct prison in a jaildesc
We'll subsequently use this in the MAC framework to get a struct prison
when we already have the struct file in question, rather than an fd.
Reviewed by: jamie, olce
Differential Revision: https://reviews.freebsd.org/D53955
