summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_descrip.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Introduce fd_iterfile() a new helper function to iterate over `filehead'.mpi2018-04-251-1/+23
| | | | | | | This turns `filehead' into a local variable, that will make it easier to protect it. ok visa@
* Do a FREF()/FRELE() dance after fd_getfile() in sys_fcntl().mpi2018-04-181-3/+8
| | | | ok visa@
* Use the current reference instead of incrementing `f_count' manually andmpi2018-04-121-5/+4
| | | | | | | | calling FRELE(9) in finishdup(). Update comments accordingly. ok bluhm@, visa@
* Call FREF(9) earlier instead of incrementing `f_count' directly inmpi2018-04-121-4/+8
| | | | | | dupfdopen(). ok bluhm@, visa@
* The pledge flag for file descriptors opened from /dev/fd was alwaysbluhm2018-04-111-3/+1
| | | | | | | set for pledged processes. dup(2) uses the flag from the old file descriptor. Make open /dev/fd consistent to duplicate and inherit the flag. OK deraadt@
* Revert previous, it introduced a bug found the hardway by landry@.mpi2018-04-091-16/+12
|
* Call finishdup() instead of rerolling it in dupfdopen().mpi2018-04-091-12/+16
| | | | | | While here call FREF() right after fd_getfile(). ok bluhm@, visa@
* Retain the UF_PLEDGED flag from the original fd during dup(2).bluhm2018-04-061-2/+2
| | | | | Nothing uses this fd-tracking part of pledge yet. OK deraadt@
* Call FREF() right after fd_getfile() in dodup3().mpi2018-04-031-3/+6
| | | | ok millert@, bluhm@
* Call FREF() right after fd_getfile() in sys_flock().mpi2018-03-281-3/+5
| | | | | | | This ensure that all operations manipulating a 'struct file *' do so with a properly refcounted element. ok visa@, bluhm@
* Remove almost unused `flags' argument of suser().mpi2018-02-191-2/+2
| | | | | | | The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
* Initialize a local variable to not leak kernel stack info to userlandmpi2017-07-201-1/+2
| | | | | | | | if TIOCGPGRP fail. Issue found by Ilja van Sprundel. ok bluhm@, millert@, deraadt@
* Add a flags argument to falloc() that lets it optionally set theguenther2017-02-111-6/+8
| | | | | | | close-on-exec flag on the newly allocated fd. Make falloc()'s return arguments non-optional: assert that they're not NULL. ok mpi@ millert@
* Track a per-fd flag UF_PLEDGED. This indicates the initial open was done by aderaadt2017-01-241-3/+10
| | | | | | | | | | | | | | | | pledged process. dup(2) and recvmsg(2) retain UF_PLEDGED from the original fd. In pledge "exec" circumstances, exceve clears UF_PLEDGED on all the process's fds. In a pledge'd process, ioctl(2) can use this additional information to grant access to ioctl's which are more sensitive or dive deeply into the kernel. Developers will be encouraged to open such sensitive resources before calling pledge(2), rather than afterwards. That matches the heading of privsep development practices. Future changes will introduce those ioctl(2) changes. Lots of discussions with semarie guenther and benno.
* Allocate all memory chunks, and potentially sleeping, before freeingmpi2017-01-231-6/+11
| | | | | | | | | the old array of open files. Fix a race for multi-threaded processes reported by cheeky.m@gmx.com on bugs@ and analyzed with bluhm@. ok deraadt@, bluhm@
* Avoid curproc dance in dupfdopen(), by passing a struct proc *deraadt2017-01-231-7/+9
| | | | ok guenther mpi
* move knhash size to event.h, use it for hashfree. from Mathieu -tedu2016-09-241-2/+2
| | | | ok guenther
* all pools have their ipl set via pool_setipl, so fold it into pool_init.dlg2016-09-151-7/+5
| | | | | | | | | | | | | | | | | | | | | | the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
* pool_setipldlg2016-08-251-1/+3
| | | | ok kettenis@
* rename nfiles to numfiles to avoid shadowing and stretch out the name.tedu2016-08-231-5/+5
| | | | ok deraadt
* Fix sizes passed to free() in fdfree(). This prevents a panic reportednatano2016-05-291-3/+3
| | | | | by sthen. ok semarie
* add sizes to free() calls for descrip tablestedu2016-05-281-7/+11
|
* remove systrace remnantstedu2016-04-251-4/+3
|
* Remove the unused flags argument from VOP_UNLOCK().natano2016-03-191-2/+2
| | | | | | torture tested on amd64, i386 and macppc ok beck mpi stefan "the change looks right" deraadt
* remove unnecessary casts where the incoming type is void *.tedu2016-01-061-8/+8
|
* no need to check null before freetedu2015-12-171-5/+3
|
* add size to free. from Mathieutedu2015-12-171-2/+2
|
* remove stale lint annotationstedu2015-12-051-7/+1
|
* refactor pledge_*_check and pledge_fail functionssemarie2015-11-011-6/+6
| | | | | | | | | | | | | | - rename _check function without suffix: a "pledge" function called from anywhere is a "check" function. - makes pledge_fail call the responsability to the _check function. remove it from caller. - make proper use of (potential) returned error of _check() functions. - adds pledge_kill() and pledge_protexec() with and OK deraadt@
* Prevent F_SETOWN, unless a "proc" pledge was made.deraadt2015-10-281-1/+5
|
* Setting fcntl(F_SETOWN) for a pipe failed with inappropriate ioctlbluhm2015-10-211-1/+11
| | | | | | | for device. In sys_fcntl() the ioctl(TIOCSPGRP) is called, but the pipe expects SIOCSPGRP. Sockets have a specal case for the same reason, so adapt the special code for pipes. OK millert@
* Implement real "flock" request and add it to userland programs thatmillert2015-10-161-1/+10
| | | | use pledge and file locking. OK deraadt@
* isatty() is used by stdio to determine the buffering mode. Add a F_ISATTYderaadt2015-05-171-1/+11
| | | | | | | option to fcntl(), so that isatty() can use this rather than than the bloated ioctl() interface. Reducing uses of ioctl() by libc makes it easier to constrain programs with various kinds of systrace sandboxes. ok guenther, previously discussed as a concept with nicm
* Avoid NULL deref in fd_getfile_mode(); OK deraadt@millert2015-04-301-2/+2
|
* Indroduce fd_getfile_mode() and use it were fd_getfile() is directlympi2015-04-301-1/+16
| | | | | | | followed by a mode check. This will simplify the ref/unref dance as soon as fd_getfile() will increment fp's reference counter. Idea from and ok guenther@, ok millert@
* Remove some includes include-what-you-use claims don'tjsg2015-03-141-2/+1
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* unneccessary cmask variable; ok guentherderaadt2015-01-191-3/+2
|
* start retiring the nointr allocator. specify PR_WAITOK as a flag as atedu2014-12-191-5/+5
| | | | marker for which pools are not interrupt safe. ok dlg
* primary change: move uvm_vnode out of vnode, keeping only a pointer.tedu2014-12-161-1/+2
| | | | | | objective: vnode.h doesn't include uvm_extern.h anymore. followup changes: include uvm_extern.h or lock.h where necessary. ok and help from deraadt
* Add additional kernel interfaces for setting close-on-exec on fdsguenther2014-08-311-3/+28
| | | | | | | when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC, SOCK_CLOEXEC. Includes SOCK_NONBLOCK support. ok matthew@
* use mallocarray where arguments are multipled. ok deraadttedu2014-07-131-7/+7
|
* add a size argument to free. will be used soon, but for now default to 0.tedu2014-07-121-9/+9
| | | | after discussions with beck deraadt kettenis.
* decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.hderaadt2014-07-081-3/+1
| | | | | don't need to be married. ok guenther miod beck jsing kettenis
* Use sizeof(struct file *) consistently for memcpy()'ing fd_ofiles.matthew2014-06-151-2/+2
| | | | Pointed out by Jean-Philippe Ouellet.
* Move from struct proc to process the reference-count-holding pointersguenther2014-05-151-16/+7
| | | | | | | | | | to the process's vmspace and filedescs. struct proc continues to keep copies of the pointers, copying them on fork, clearing them on exit, and (for vmspace) refreshing on exec. Also, make uvm_swapout_threads() thread aware, eliminating p_swtime in kernel. particular testing by ajacoutot@ and sebastia@
* revert falloc change, as it causes all new processes to get stuck after a whileespie2014-04-121-43/+14
| | | | | | | | | | | (race condition ?) problem noticed by me, aja, sthen, brynet, rpe. vanishing after this revert, okay aja@, sthen@ tedu, you probably want to look into re-checking the fcreate/fpublish addition first, then if it's stable, see about tweaking doopenat ?
* Eliminates struct pcred by moving the real and saved ugids intoguenther2014-03-301-2/+2
| | | | | | | | | struct ucred; struct process then directly links to the ucred Based on a discussion at c2k10 or so before noting that FreeBSD and NetBSD did this too. ok matthew@
* split falloc into two functions, the allocation and the publication.tedu2014-03-081-14/+43
| | | | | | | | | | the first part is likely to fail, but we can generally prevent the second part from failing. use these two functions to drop the fdp lock around vn_open in sys_open, but still maintain the original semantics of allocate then open. the goal here is to fix the blocked fifo deadlock in a threaded program. testing volunteers in short supply, resorting to conscription
* Snapshots for all archs have been built, so remove the T32 codeguenther2013-09-141-27/+1
|
* Switch time_t, ino_t, clock_t, and struct kevent's ident and dataguenther2013-08-131-2/+27
| | | | | | | | | | | | | | | | | | | | members to 64bit types. Assign new syscall numbers for (almost all) the syscalls that involve the affected types, including anything with time_t, timeval, itimerval, timespec, rusage, dirent, stat, or kevent arguments. Add a d_off member to struct dirent and replace getdirentries() with getdents(), thus immensely simplifying and accelerating telldir/seekdir. Build perl with -DBIG_TIME. Bump the major on every single base library: the compat bits included here are only good enough to make the transition; the T32 compat option will be burned as soon as we've reached the new world are are happy with the snapshots for all architectures. DANGER: ABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Much assistance in fixing userland issues from deraadt@ and tedu@ and build assistance from todd@ and otto@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.