summaryrefslogtreecommitdiffstats
path: root/sys/dev/systrace.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* boom goes the dynamitetedu2016-04-251-1844/+0
|
* Copy the stackgap_init() and stackgap_alloc() functions fromnaddy2016-03-011-2/+33
| | | | | | compat/common/compat_util.c to dev/systrace.c, the one place they are used, and remove the remaining kernel references to compat/*. ok visa@
* sizes for free(); ok semariederaadt2015-09-081-3/+3
|
* simple sizes for free()deraadt2015-08-271-5/+6
|
* Remove some includes include-what-you-use claims don'tjsg2015-03-141-2/+1
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* Another uiomovei(,sizeof,) -> uiomovemiod2015-02-101-2/+2
|
* First step towards making uiomove() take a size_t size argument:miod2015-02-101-2/+2
| | | | | | | - rename uiomove() to uiomovei() and update all its users. - introduce uiomove(), which is similar to uiomovei() but with a size_t. - rewrite uiomovei() as an uiomove() wrapper. ok kettenis@
* use SYMLOOP_MAX rather than MAXSYMLINKSderaadt2015-01-191-2/+2
|
* Some reallocarray() use; review Jean-Philippe Ouellet, patrick keshishianderaadt2014-07-131-3/+2
| | | | ok tedu
* add a size argument to free. will be used soon, but for now default to 0.tedu2014-07-121-9/+9
| | | | after discussions with beck deraadt kettenis.
* Revise previous: if a user calls STRIOCGETCWD two or more times in a rowguenther2014-06-171-29/+51
| | | | | | | | | | without an intervening STRIOCRESCWD, release the current values instead of the saved values, so as to effectively emulate a STRIOCRESCWD. While here, make sure the fdc->fd_[cr]dir members are updated before vrele()ing their old values, so that they can't be caught as dangling refs. ok matthew@
* Fix vnode leak in systrace(4).matthew2014-06-151-1/+7
| | | | | | | | If a user calls STRIOCGETCWD two or more times in a row without an intervening STRIOCRESCWD, then the references held on fst->fd_{c,r}dir would leak. ok miod
* Have each thread keeps its own (counted!) reference to the process's ucredsguenther2014-04-181-86/+48
| | | | | | | | | to avoid possible use-after-free references when swapping ids in threaded processes. "Do I have the right creds?" checks are always made with the threads creds. Inspired by FreeBSD and NetBSD "right time" deraadt@
* Eliminates struct pcred by moving the real and saved ugids intoguenther2014-03-301-31/+31
| | | | | | | | | struct ucred; struct process then directly links to the ucred Based on a discussion at c2k10 or so before noting that FreeBSD and NetBSD did this too. ok matthew@
* Check for PS_SUGID/PS_SUGIDEXEC against the correct set of flagsguenther2014-03-271-2/+2
| | | | ok deraadt@
* Move p_emul and p_sigcode from proc to process.guenther2014-03-261-12/+13
| | | | | | | | | Tweak the handling of ktrace EMUL when changing ktracing: only generate one per process (not one per thread) and pass the correct proc pointer down to the VFS layer. Permit generating of NAMI and CSW records inside ktrace(2) itself. ok deraadt@ millert@
* Add struct proc * argument to FRELE() and FILE_SET_MATURE() inguenther2012-04-221-2/+2
| | | | | | anticipation of further changes to closef(). No binary change. ok krw@ miod@ deraadt@
* First steps for making ptrace work with rthreads:guenther2012-02-201-4/+4
| | | | | | | | | | - move the P_TRACED and P_INEXEC flags, and p_oppid, p_ptmask, and p_ptstat member from struct proc to struct process - sort the PT_* requests into those that take a PID vs those that can also take a TID - stub in PT_GET_THREAD_FIRST and PT_GET_THREAD_NEXT ok kettenis@
* Hold struct filedesc's fd_lock when writing to the fd_ofiles, fd_ofileflags,guenther2012-02-151-1/+3
| | | | | | | | or fd_{lo,hi}maps members, or when doing a read for a write. Fixes hangs when an rthreaded processes sleeps while copying the fd table for fork() and catches another thread with the lock. ok jsing@ tedu@
* Add support for *at(2) system calls to systrace(1).matthew2011-09-181-7/+23
| | | | ok deraadt@, sthen@, jasper@
* Revert art@'s moving around of the KERNEL_LOCK()/KERNEL_UNLOCK() calls,guenther2011-07-111-12/+2
| | | | | | as it causes hangs in some ports, including libsigsegv's configure script confirmed by krw@, landry@
* There is a bunch of places in the kernel entry points where we don'tart2011-07-071-2/+12
| | | | | | | | | | | hold the kernel lock, but still need call one function that needs it. Instead of grabbing the lock all over the place, move the locks into the affected functions: trapsignal, scdebug*, ktrsyscall, ktrsysret, systrace_redirect and ADDUPROF. In the cases we already hold the biglock we'll just recurse. kettenis@, beck@ ok
* printf -> DPRINTF in the SIGKILL pathdjm2011-06-241-2/+3
|
* ansify a few files. ok deraadt dlg krw matthewtedu2011-06-231-46/+13
|
* Add a SYSTR_POLICY_KILL per-syscall policy option that sends SIGKILL todjm2011-06-221-4/+10
| | | | | | | | | the traced process when the syscall is attempted. This is more useful and safer for unsupervised sandboxing than returning EPERM (which is the behaviour of SYSTR_POLICY_NEVER), as this could cause dangerous misbehaviour in applications that don't expect it. "I like it" deraadt@ markus@
* Move P_SUGID and P_SUGIDEXEC from struct proc to struct process, soguenther2011-04-021-12/+10
| | | | | | that you can't evade the checks by doing the dirty work in an rthread ok blambert@, deraadt@
* No need for read/write functions, just use enodev like all the otherderaadt2010-07-211-31/+1
| | | | | things things do ok nicm
* Every selwakeup() should have a matching KNOTE() (even if kqueue isn'tnicm2009-11-091-2/+1
| | | | | | | | | | supported it doesn't do any harm), so put the KNOTE() in selwakeup() itself and remove it from any occurences where both are used, except one for kqueue itself and one in sys_pipe.c (where the selwakeup is under a PIPE_SEL flag). Based on a diff from tedu. ok deraadt
* Add missing KNOTE() calls after selwakeup(), until we decide if the KNOTE()deraadt2009-10-311-1/+2
| | | | | | | calls can go directly into selwakeup() safely long discussion with nicm, murmers of consent from tedu and miod, noone else seems to care of kqueue is busted as long as it makes their sockets move data fast... pretty sad.
* Remove the VREF() macro and replaces all instances with a call to verf(),thib2009-07-091-3/+3
| | | | | | | | | | | which is exactly what the macro does. Macro's that are nothing more then: #define FUNCTION(arg) function(arg) are almost always pointless and should go away. OK blambert@ Agreed by many.
* systrace activation happens in the middle of a rather sensitive piece ofderaadt2008-11-091-24/+39
| | | | | | | fork(), i worry about it a lot but cannot prove yet that sleeping there is bad. Anyways, this change makes us never sleep in that area -- the memory needed is allocated ealier like the ptrace state. tested by many developers.
* Remove bzero/memset calls after pool_gets by passing the PR_ZEROblambert2008-09-121-5/+3
| | | | | | flag to the pool_get call. ok art@, krw@
* return with ENOTTY instead of EINVAL for unknown ioctl requests.brad2008-01-051-3/+3
| | | | ok krw@ deraadt@ dlg@
* KNFgilles2007-09-111-2/+2
| | | | prompted and "much better" by marco@, ok pyr@
* more MALLOC/FREE -> malloc/free and M_ZERO changesgilles2007-09-101-7/+5
| | | | ok pyr@
* Since p_flag is often manipulated in interrupts and without biglockart2007-03-151-6/+6
| | | | | | | | | | | | it's a good idea to use atomic.h operations on it. This mechanic change updates all bit operations on p_flag to atomic_{set,clear}bits_int. Only exception is that P_OWEUPC is set by MI code before calling need_proftick and it's automatically cleared by ADDUPC. There's no reason for MD handling of that flag since everyone handles it the same way. kettenis@ ok
* fix an exploitable integer overflow found by Chris Evans of Googledjm2006-10-061-3/+14
| | | | Security; ok deraadt
* Allow len == 1 in systrace_fname(), so systraced processes can proceedpedro2006-05-281-2/+2
| | | | | | | | | | their *stat() calls, for example, and get ENOENT, which is expected for "", instead of a forced EINVAL. Fixes the spurious 'rm: : Invalid argument' warnings when building with option USE_SYSTRACE, reported on ports@. Okay provos@ sturm@ deraadt@
* Replace lockmgr with rwlock; 'i think so' tedu@, ok sturm@alek2006-05-231-34/+34
|
* Replace procfs_domem() with a similar interface, process_domem(), which livesmiod2005-12-111-4/+3
| | | | | | | out of procfs and gets a ptrace request PT_{READ,WRITE}_{I,D} as argument; also procfs_checkioperm() becomes process_checkioperm(). From art@ some time ago; ok kettenis@ pedro@
* Remove unnecessary lockmgr() archaism that was costing too much in termspedro2005-11-191-31/+30
| | | | | | of panics and bugfixes. Access curproc directly, do not expect a process pointer as an argument. Should fix many "process context required" bugs. Incentive and okay millert@, okay marc@. Various testing, thanks.
* Intermediate cast of strio_offs -> uio_offset should be u_long not longmillert2005-04-171-2/+2
| | | | | since otherwise a very high kernel address would be stored as a negative offset. From NetBSD (christos).
* add a new message: inject. this allows the tracer to to inject buffers intomarius2004-11-071-12/+89
| | | | | | | the stackgap. this in turn allows for argument replacement with indirection. for example replacing an entire envp or struct pollfd. ok provos@ millert@
* fix an issue when scripts are exec'd under systrace wheremarius2004-07-071-31/+108
| | | | | | | | | the argv[0] would be normalized, and hence break scripts that depend on how they were called. this fixes an issue in the ports builds. ok provos@ deraadt@; lots of testing during hackathon sturm@ naddy@
* a few fixes to systracemarius2004-06-231-18/+61
| | | | | | | | | | | | - add an exec message so that whenever a set-uid/gid process exec's a new image which we may control, the exec does not go by unnoticed. - take special care to check for P_SUGIDEXEC as well as P_SUGID, corresponding to the same changes that were made in the ptrace code a while ago ok niels@, sturm@; thanks to naddy for testing
* typos from Tom Cosgrove;jmc2003-10-211-3/+3
|
* originally from cb@netbsd.org, adapted by provossturm2003-10-081-72/+144
| | | | | | | | | | | | | itojun@ ok fix a race condition between path resolution in userland and the subsequent namei(): inform the kernel portion of valid filenames and then disallow symlink lookups for those filenames by means of a hook in namei(). with suggestions from provos@ also, add (currently unused) seqnr field to struct systrace_replace, from provos@
* Replace select backends with poll backends. selscan() and pollscan()millert2003-09-231-14/+16
| | | | | | | now call the poll backend. With this change we implement greater poll(2) functionality instead of emulating it via the select backend. Adapted from NetBSD and including some changes from FreeBSD. Tested by many, deraadt@ OK
* change arguments to suser. suser now takes the process, and a flagstedu2003-08-151-3/+3
| | | | | | | | | argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
* - limited number of processes per systraceitojun2003-06-161-4/+43
| | | | | - escape fixes for special characters markus, sturm ok. from provos
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.