summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_exit.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Restart child process scan in dowait4() if single_thread_wait() sleeps.visa2020-03-181-2/+3
| | | | | | | | | | | | This ensures that the conditions checked are still in force. The sleep breaks atomicity, allowing another thread to alter the state. single_thread_set() should return immediately after sleep when called from dowait4() because there is no guarantee that the process pr still exists. When called from single_thread_set(), the process is that of the calling thread, which prevents process pr from disappearing. OK anton@, mpi@, claudio@
* Keep track of traced child under a list of orphans while they are beingmpi2020-03-161-8/+84
| | | | | | | | | | | | | | reparented to a debugger process. Also re-parent exiting traced processes to their original parent, if it is still alive, after the debugger has seen the exit status. Logic comes from FreeBSD pointed out by guenther@. While here rename proc_reparent() into process_reparent() and get rid of superfluous checks. ok visa@
* Rename "sigacts" flag field to avoid conflict with the "process" one.mpi2020-03-131-2/+2
| | | | | | | | | | This shows that atomic_* operations should not be necessery to write to this field unlike with the process one. The advantage of using a somewhat-unique prefix for struct member is moot when multiple definitions use the same prefix :o) From Amit Kulkarni, ok claudio@
* Do not reparent a traced child to ourself inside wait(2).mpi2020-03-011-2/+3
| | | | | | | | | | | | | | When a traced process _exit(2)s, its (tracing) parent tries to give it back to the old parent. In the case where the old parent is the same as the tracing parent, there's no need to do this dance, so simply remove it from the list of zombies and free its descriptors. Fix a double report via wait(2) exposed by recent changes in make and newly imported ptrace(2) regression from NetBSD & FreeBSD. Diagnosed with help from espie@ & guenther@. ok claudio@, visa@
* Revert previous, diff contains an obvious bug.mpi2020-02-281-3/+2
|
* Do not reparent a traced child to ourself inside wait(2).mpi2020-02-121-2/+3
| | | | | | | | | | | | When a traced process _exit(2)s, its (tracing) parent tries to give it back to the old parent. In the case where the old parent is the same as the tracing parent, there's no need to do this dance, so simply remove it from the list of zombies and free its descriptors. Fix a double report via wait(2) exposed by recent changes in make and newly imported ptrace(2) regression from NetBSD. Diagnosed with espie@ and guenther@, ok claudio@
* Convert infinite sleeps to {m,t}sleep_nsec(9).mpi2019-12-191-4/+5
| | | | ok visa@
* Replace p_xstat with ps_xexit and ps_xsigguenther2019-12-111-11/+11
| | | | | | | | | Convert those to a consolidated status when needed in wait4(), kevent(), and sysctl() Pass exit code and signal separately to exit1() (This also serves as prep for adding waitid(2)) ok mpi@
* Restore the old way of dispatching dead procs through idle proc.visa2019-11-041-17/+11
| | | | The new way needs more thought.
* Move dead procs to the reaper queue immediately after context switch.visa2019-11-021-11/+17
| | | | | | | | This eliminates a forced context switch to the idle proc. In addition, sched_exit() no longer needs to sum proc runtime because mi_switch() will do it. OK mpi@ a while ago
* Make resource limit access MP-safe. So far, the copy-on-write sharingvisa2019-06-211-2/+11
| | | | | | | | | | of resource limit structs has been done between processes. By applying copy-on-write also between threads, threads can read rlimits in a nearly lock-free manner. Inspired by code in DragonFly BSD and FreeBSD. OK mpi@, agreement from jmatthew@ and anton@
* Use PWAIT instead of PUSER in exit1().mpi2019-06-131-2/+2
| | | | | | | | When the main thread of a MT process dies, it doesn't matter at which priority it gets awaken to do the lasts cleanups. Not using PUSER makes it easier to understand the existing scheduler logic. ok visa@
* Revert to using the SCHED_LOCK() to protect time accounting.mpi2019-06-011-4/+2
| | | | | | | | | It currently creates a lock ordering problem because SCHED_LOCK() is taken by hardclock(). That means the "priorities" of a thread should be moved out of the SCHED_LOCK() first in order to make progress. Reported-by: syzbot+8e4863b3dde88eb706dc@syzkaller.appspotmail.com via anton@ as well as by kettenis@
* Use a per-process mutex to protect time accounting instead of SCHED_LOCK().mpi2019-05-311-2/+4
| | | | | | | Note that hardclock(9) still increments p_{u,s,i}ticks without holding a lock. ok visa@, cheloha@
* When killing a process, the signal is handled by any thread thatbluhm2019-05-131-1/+3
| | | | | | | | | | does not block the signal. If all threads block the signal, we delivered it to the main thread. This does not conform to POSIX. If any thread unblocks the signal, it should be delivered immediately to this thread. Mark such signals pending at the process instead of a single thread. Then any thread can handle it later. OK kettenis@ guenther@
* eliminate a ?: in witness mtx initializer by pushing the default onetedu2019-01-231-2/+2
| | | | | level up. ok guenther mpi visa
* Fix unsafe use of ptsignal() in mi_switch().visa2019-01-061-1/+2
| | | | | | | | | | | | | | | | | | ptsignal() has to be called with the kernel lock held. As ensuring the locking in mi_switch() is not easy, and deferring the signaling using the task API is not possible because of lock order issues in mi_switch(), move the CPU time checking into a periodic timer where the kernel can be locked without issues. With this change, each process has a dedicated resource check timer. The timer gets activated only when a CPU time limit is set. Because the checking is not done as frequently as before, some precision is lost. Use of timers adapted from FreeBSD. OK tedu@ Reported-by: syzbot+2f5d62256e3280634623@syzkaller.appspotmail.com
* Add a mechanism for managing asynchronous IO signal registrations.visa2018-11-121-1/+3
| | | | | | | | | It centralizes IO signal privilege checking and makes possible to revoke a registration when the target process or process group is deleted. Adapted from FreeBSD. OK kettenis@ mpi@ guenther@
* Call unveil_destroy() from exit1() instead of from the reaper. Fixes akettenis2018-10-041-3/+3
| | | | | | | race between the reaper and unveil_removevnode() that would trigger a KASSERT. At least as far as I can tell. Pointed out by semarie@ ok beck@, deraadt@
* Change kcov semantics, kernel code coverage tracing is now enabled on a peranton2018-08-251-5/+5
| | | | | | | | | thread basis instead of process. The decision to enable on process made development easier initially but could lead to non-deterministic results for processes with more than one thread. This behavior matches the implementation found on both Linux and FreeBSD. With help and ok mpi@ visa@
* Rework kcov kernel config. Instead of treating kcov as both an option and aanton2018-08-211-3/+7
| | | | | | | | | | | | pseudo-device, get rid of the option. Enabling kcov now requires the following line to be added to the kernel config: pseudo-device kcov 1 This is how pseudo devices are enabled in general. A side-effect of this change is that dev/kcov.c will no longer be compiled by default. Prodded by deraadt@; ok mpi@ visa@
* Add kcov(4), a kernel code coverage tracing driver. It's used in conjunctionanton2018-08-191-1/+6
| | | | | | | | | | | | with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and fixed. This effort will continue. kcov is limited to architectures using Clang as their default compiler and is not enabled by default. With help from mpi@, thanks! ok kettenis@ mpi@ visa@
* Simplify the startup of the cleaner, reaper and update threads byvisa2018-08-131-2/+2
| | | | | | | | | | | | | passing the main function directly to kthread_create(9). The start_* functions are mere stepping stones nowadays and can be pruned. They used to contain more logic in the pre-kthread era. While here, set `cleanerproc' and `syncerproc' during the thread creation rather than expect the threads to set the proc pointer. Also, rename `sched_sync' to `syncer_thread' to reduce confusion with the scheduler-related functions. OK kettenis@, deraadt@, mpi@
* Unveiling unveil(2).beck2018-07-131-1/+4
| | | | | | | | | | | | | This brings unveil into the tree, disabled by default - Currently this will return EPERM on all attempts to use it until we are fully certain it is ready for people to start using, but this now allows for others to do more tweaking and experimentation. Still needs to send the unveil's across forks and execs before fully enabling. Many thanks to robert@ and deraadt@ for extensive testing. ok deraadt@
* Move cleanup job control bits to their own function.mpi2018-02-101-41/+3
| | | | | | Part of the larger 'proctreelk' diff from guenther@ No functional change, ok benno@, tedu@
* Delete unnecessary <sys/file.h> includesguenther2017-12-301-2/+1
| | | | ok millert@ krw@
* deadproc_mutex is only taken _before_ kernel_lock; exclude it fromguenther2017-11-281-2/+3
| | | | | | WITNESS checking as (our) witness code isn't smart enough to let that by. ok visa@
* Remove old deactivated pledge path code. A replacement mechanism isderaadt2017-08-291-3/+1
| | | | | being brewed. ok beck
* Add a port of witness(4) lock validation tool from FreeBSD.visa2017-04-201-1/+4
| | | | Go-ahead from kettenis@, guenther@, deraadt@
* Delete the obsolete fork/exec/exit emulation hooks.guenther2017-02-081-7/+1
| | | | ok mpi@ dlg@
* Split PID from TID, giving processes a PID unrelated to the TID of theirguenther2016-11-071-9/+11
| | | | | | initial thread ok jsing@ kettenis@
* boom goes the dynamitetedu2016-04-251-9/+1
|
* Use a macro to check if a thread has a sibling.mpi2016-03-291-3/+2
| | | | | | | Note that without locking a thread cannot claim that it is part of a multi-threaded process using this macro. Suggested by miod@, ok guenther@
* Localize some declarations to kern_exit.c: the last good reason to putguenther2016-03-061-1/+5
| | | | | | them in sys/proc.h has been removed with compat_linux diff from Michal Mazurek (akfaew (at) jasminek.net)
* Rename tame() to pledge(). This fairly interface has evolved to be morederaadt2015-10-091-3/+3
| | | | | | strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
* Add the tame "exec" request. This allows processes which requestderaadt2015-10-071-10/+2
| | | | | | | | | | | | | | | "exec" to call execve(2), potentially fork(2) beforehands if they asked for "proc". Calling execve is what "shells" (ksh, tmux, etc) have as their primary purpose. But meantime, if such a shell has a nasty bug, we want to mitigate the process from opening a socket or calling 100+ other system calls. Unfortunately silver bullets are in short supply, so if our goal is to stay in a POSIX-y environment, we have to let shells call execve(). POSIX ate the world, so choices do we all have? Warning for many: silver bullets are even more rare in other OS ecosystems, so please accept this as a narrow lowering of the bar in a very raised environment. Commited from a machine running tame "proc exec" ksh, make, etc.
* Only include <sys/tame.h> in the .c files that need itguenther2015-09-111-1/+2
| | | | ok deraadt@ miod@
* fairly simple sizes for free(); ok teduderaadt2015-08-281-2/+2
|
* Move to tame(int flags, char *paths[]) API/ABI.deraadt2015-08-221-1/+11
| | | | | | | | | | | | The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
* Remove some includes include-what-you-use claims don'tjsg2015-03-141-2/+1
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* primary change: move uvm_vnode out of vnode, keeping only a pointer.tedu2014-12-161-1/+3
| | | | | | objective: vnode.h doesn't include uvm_extern.h anymore. followup changes: include uvm_extern.h or lock.h where necessary. ok and help from deraadt
* add a size argument to free. will be used soon, but for now default to 0.tedu2014-07-121-2/+2
| | | | after discussions with beck deraadt kettenis.
* It's init as a process that's special, not init's original thread.guenther2014-07-111-4/+4
| | | | | | Remember initprocess instead of initproc. ok matthew@ blambert@
* decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.hderaadt2014-07-081-4/+2
| | | | | don't need to be married. ok guenther miod beck jsing kettenis
* Track whether a process is a zombie or not yet fully built via flagsguenther2014-07-041-3/+3
| | | | | | | | | | | PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's thread data. This eliminates the need for the thread-level SDEAD state. Change kvm_getprocs() (both the sysctl() and kvm backends) to report the "most active" scheduler state for the process's threads. tweaks kettenis@ feedback and ok matthew@
* Fix wait4 to not modify status or rusage if we return 0 because ofmatthew2014-06-111-3/+9
| | | | | | | | WNOHANG, in accordance with POSIX. Additionally, if rusage is requested but the waited-on process did not terminate, return zero bytes instead of kernel stack garbage. ok deraadt, millert
* knote_processexit() needs the thread to pass down to FRELE(), so pass itguenther2014-05-151-6/+6
| | | | | | | the exiting thread instead of assuming that that's ps_mainproc. Also, panic no matter which thread of init takes it down. ok tedu@
* Move from struct proc to process the reference-count-holding pointersguenther2014-05-151-7/+11
| | | | | | | | | | to the process's vmspace and filedescs. struct proc continues to keep copies of the pointers, copying them on fork, clearing them on exit, and (for vmspace) refreshing on exec. Also, make uvm_swapout_threads() thread aware, eliminating p_swtime in kernel. particular testing by ajacoutot@ and sebastia@
* Have each thread keeps its own (counted!) reference to the process's ucredsguenther2014-04-181-1/+2
| | | | | | | | | to avoid possible use-after-free references when swapping ids in threaded processes. "Do I have the right creds?" checks are always made with the threads creds. Inspired by FreeBSD and NetBSD "right time" deraadt@
* Make sure the original thread is blocked until any other threads areguenther2014-04-171-5/+4
| | | | | | | | completely detached from the process before letting it exit, so that sleeping in systrace_exit() doesn't reorder them and lead to a panic. Panic reported by Fabian Raetz (fabian.raetz (at) gmail.com) ok tedu@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.