| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
and incorrectly return EBADF when n>curlim.
ok millert guenther tedu
|
| | |
|
| |
|
|
|
|
|
| |
fdfree(). This fixes a resource leak with cyclic kqueue references and
prevents a kernel stack exhaustion scenario with long kqueue chains.
OK mpi@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
| |
the API more logical.
OK kettenis@ mpi@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to r1.153 of kern_descrip.c, the kqueue descriptors were removed
using fdremove(), which reset fd_freefile as appropriate. The new code
simply avoids adding the descriptor to the new table, however this means
that fd_freefile can be left with an incorrect value, resulting in a file
descriptor allocation "hole". Restore the previous behavour by lowering
fd_freefile as appropriate when dropping descriptors.
Issue found via golang regress tests.
ok deraadt@ mpi@ visa@
|
| |
|
|
| |
ok visa@, tb@
|
| |
|
|
|
|
|
|
| |
to ioctl(TIOCSPGRP). The ioctl handlers expect a pointer to an int, so
read the argument into a local int variable and pass the variable's
address to the handler instead of referencing SCARG(uap, arg) directly.
OK guenther@, mpi@
|
| |
|
|
|
|
|
|
|
| |
instead of using a mutex for update serialization. Use a per-fdp mutex
to manage updating of file instance pointers in the `fd_ofiles' array
to let fd_getfile() acquire file references safely with concurrent file
reference releases.
OK mpi@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
|
|
| |
This prevents the array from being freed too early. In the function
unp_internalize(), the locking also ensures the per-fdp flags stay
coherent with the file instance.
OK mpi@
|
| |
|
|
|
|
| |
system calls.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to dupfdopen() has already been registered with fd_used() in fdalloc().
The duplicate call distorted the number of open file descriptors
returned by getdtablecount(2) if a file was opened via /dev/fd/.
While there, assert that the file instance should already be in the
file list.
OK mpi@
|
| |
|
|
|
|
|
|
| |
between processes using file descriptors. This provides an alternative to
eporting them with guesable 32-bit IDs. This implementation does not (yet)
allow sharing of graphics buffers between GPUs.
ok mpi@, visa@
|
| |
|
|
|
|
| |
Commiting now to help refactoring of DRI3 and diskmap rewrite.
ok visa@, kettenis@ as part of a larger diff.
|
| |
|
|
|
|
| |
tracking work without locks.
OK kettenis@, deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
These syscalls can now be executed w/o the KERNEL_LOCK() depending on
the kind of socket.
The current solution uses a single global mutex to serialize access to,
and reference count, 'struct file'.
ok visa@, kettenis@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setup, take 3.
LARVAL fd still exist, but they are no longer marked with a flag and no
longer reachable via `fd_ofiles[]' or the global linked list. This allows
us to simplifies a lot code grabbing new references to fds.
All of this is now possible because dup2(2) refuses to clone LARVAL fds.
Note that the `fdplock' could now be release in all open(2)-like syscalls,
just like it is done in accept(2).
With inputs from Mathieu Masson, visa@, guenther@ and art@
Previous version ok bluhm@, ok visa@, sthen@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
in knote_processexit() that can occur when the filedesc belonging to the process
already has been freed.
Similiar work has been done in:
- FreeBSD (commit bc1805c6e871c178d0b6516c3baa774ffd77224a)
- DragonFlyBSD (commit ccafe911a3aa55fd5262850ecfc5765cd31a56a2)
Thanks to tb@ for testing.
ok kettenis@ mpi@ visa@
|
| |
|
|
|
|
| |
closing a LARVAL file.
Found the hardway by sthen@.
|
| |
|
|
|
|
| |
an inserted fp.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
setup.
LARVAL fd still exist, but they are no longer marked with a flag and no
longer reachable via `fd_ofiles[]'. This allows us to simplifies a lot
code grabbing new references to fds.
All of this is now possible because dup2(2) refuses to clone LARVAL fds.
Note that the `fdplock' could now be release in all open(2)-like syscalls,
just like it is done in accept(2).
With inputs from Mathieu -, visa@, guenther@ and art@
ok visa@, bluhm@
|
| |
|
|
| |
From Mathieu <naabed at poolp.org>, ok visa@, tb@
|
| |
|
|
|
|
|
|
| |
KERNEL_LOCK().
Otherwise a deadlock can occur as found the hardway by tb@.
ok tb@, kettenis@, visa@
|
| |
|
|
|
|
|
|
|
|
|
| |
This prevents a panic due to a double free if a program exits after having
called accept(2) and dup2(2) on the same fd but without the corresponding
connect(5).
It will also allows us to simplify file descriptor locking. The error code
has been choosed to match Linux's behavior.
Pointed by Mathieu on tech@ after a discussion with guenther@. ok visa@
|
| |
|
|
|
|
| |
later.
ok bluhm@, visa@
|
| |
|
|
|
|
|
|
|
| |
the other fields.
Once we no longer have any [k] (kernel lock) protections, we'll be
able to unlock almost all network related syscalls.
Inputs from and ok bluhm@, visa@
|
| |
|
|
|
|
| |
unnecessary because curproc always does the locking.
OK mpi@
|
| |
|
|
|
|
|
| |
curproc that does the locking or unlocking, so the proc parameter
is pointless and can be dropped.
OK mpi@, deraadt@
|
| |
|
|
| |
ok visa@
|
| |
|
|
| |
With and ok visa@
|
| |
|
|
|
|
|
| |
This turns `filehead' into a local variable, that will make it easier
to protect it.
ok visa@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
|
|
| |
calling FRELE(9) in finishdup().
Update comments accordingly.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
dupfdopen().
ok bluhm@, visa@
|
| |
|
|
|
|
|
| |
set for pledged processes. dup(2) uses the flag from the old file
descriptor. Make open /dev/fd consistent to duplicate and inherit
the flag.
OK deraadt@
|
| | |
|
| |
|
|
|
|
| |
While here call FREF() right after fd_getfile().
ok bluhm@, visa@
|
| |
|
|
|
| |
Nothing uses this fd-tracking part of pledge yet.
OK deraadt@
|
| |
|
|
| |
ok millert@, bluhm@
|
| |
|
|
|
|
|
| |
This ensure that all operations manipulating a 'struct file *' do so
with a properly refcounted element.
ok visa@, bluhm@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
|
|
|
|
| |
if TIOCGPGRP fail.
Issue found by Ilja van Sprundel.
ok bluhm@, millert@, deraadt@
|
| |
|
|
|
|
|
| |
close-on-exec flag on the newly allocated fd. Make falloc()'s
return arguments non-optional: assert that they're not NULL.
ok mpi@ millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
pledged process. dup(2) and recvmsg(2) retain UF_PLEDGED from the original fd.
In pledge "exec" circumstances, exceve clears UF_PLEDGED on all the process's
fds.
In a pledge'd process, ioctl(2) can use this additional information to grant
access to ioctl's which are more sensitive or dive deeply into the kernel.
Developers will be encouraged to open such sensitive resources before calling
pledge(2), rather than afterwards. That matches the heading of privsep
development practices.
Future changes will introduce those ioctl(2) changes.
Lots of discussions with semarie guenther and benno.
|
| |
|
|
|
|
|
|
|
| |
the old array of open files.
Fix a race for multi-threaded processes reported by cheeky.m@gmx.com
on bugs@ and analyzed with bluhm@.
ok deraadt@, bluhm@
|
| |
|
|
| |
ok guenther mpi
|
| |
|
|
| |
ok guenther
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
deraadt
anton
visa
jsing
mpi
kettenis
bluhm
guenther
tedu
dlg