summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_fork.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Use atomic operations to update ps_singlecount. This makesclaudio2020-03-201-2/+2
| | | | | | | single_thread_check() safe to be called without KERNEL_LOCK(). single_thread_wait() needs to use sleep_setup() and sleep_finish() instead of tsleep() to make sure no wakeup() is lost. Input kettenis@, with and OK visa@
* Keep track of traced child under a list of orphans while they are beingmpi2020-03-161-3/+3
| | | | | | | | | | | | | | reparented to a debugger process. Also re-parent exiting traced processes to their original parent, if it is still alive, after the debugger has seen the exit status. Logic comes from FreeBSD pointed out by guenther@. While here rename proc_reparent() into process_reparent() and get rid of superfluous checks. ok visa@
* Remove sigacts structure sharing. The only process that used sharing wasclaudio2020-02-211-7/+3
| | | | | | | proc0 which is used for kthreads and idle threads. proc0 and all those other kernel threads don't handle signals so there is no benefit in sharing. Simplifies the code a fair bit since the refcnt is gone. OK kettenis@
* Split `p_priority' into `p_runpri' and `p_slppri'.mpi2020-01-301-2/+3
| | | | | | | | | | | Using different fields to remember in which runqueue or sleepqueue threads currently are will make it easier to split the SCHED_LOCK(). With this change, the (potentially boosted) sleeping priority is no longer overwriting the thread priority. This let us get rids of the logic required to synchronize `p_priority' with `p_usrpri'. Tested by many, ok visa@
* Make __thrsleep(2) and __thrwakeup(2) MP-safevisa2020-01-211-1/+3
| | | | | | | | | | | | | | Threads in __thrsleep(2) are tracked using queues, one queue per each process for synchronization between threads of a process, and one system-wide queue for the special ident -1 handling. Each of these queues has an associated rwlock that serializes access. The queue lock is released when calling copyin() and copyout() in thrsleep(). This preserves the existing behaviour where a blocked copy operation does not prevent other threads from making progress. Tested by anton@, claudio@ OK anton@, claudio@, tedu@, mpi@
* Make kqlist part of filedesc and serialize access to it using fdplock.visa2020-01-061-2/+1
| | | | | | This choice of locking is guided by knote_fdclose(). OK mpi@, anton@
* Convert infinite sleeps to {m,t}sleep_nsec(9).mpi2019-12-191-2/+2
| | | | ok visa@
* Move p_sleeplocks and p_limit into the "zero on create" section of structguenther2019-11-291-6/+1
| | | | | | | proc, so they don't need to be explicitly initialized in thread_new() suggested by anton@ ok kettenis@
* Move kcov(4)'s p_kd into the "zero on create" section to simplify fork codeguenther2019-11-291-7/+1
| | | | ok anton@
* struct proc: change ps_start from utc time to uptimecheloha2019-10-221-2/+2
| | | | | | | | | Allows us to determine how long a process has been running, even if the UTC clock jumps. With help from bluhm@ and millert@, who squashed several bugs. ok bluhm@ millert@
* Move `p_estcpu' to the region copied during fork & kill scheduler_fork_hook().mpi2019-10-211-8/+1
| | | | | | While here reorder some fields in 'struct proc' to avoid size grow. ok bluhm@, visa@
* Reduce the number of places where `p_priority' and `p_stat' are set.mpi2019-10-151-4/+4
| | | | | | | | | This refactoring will help future scheduler locking, in particular to shrink the SCHED_LOCK(). No intended behavior change. ok visa@
* Make resource limit access MP-safe. So far, the copy-on-write sharingvisa2019-06-211-5/+6
| | | | | | | | | | of resource limit structs has been done between processes. By applying copy-on-write also between threads, threads can read rlimits in a nearly lock-free manner. Inspired by code in DragonFly BSD and FreeBSD. OK mpi@, agreement from jmatthew@ and anton@
* Revert to using the SCHED_LOCK() to protect time accounting.mpi2019-06-011-4/+1
| | | | | | | | | It currently creates a lock ordering problem because SCHED_LOCK() is taken by hardclock(). That means the "priorities" of a thread should be moved out of the SCHED_LOCK() first in order to make progress. Reported-by: syzbot+8e4863b3dde88eb706dc@syzkaller.appspotmail.com via anton@ as well as by kettenis@
* Use a per-process mutex to protect time accounting instead of SCHED_LOCK().mpi2019-05-311-1/+4
| | | | | | | Note that hardclock(9) still increments p_{u,s,i}ticks without holding a lock. ok visa@, cheloha@
* Rename struct plimit field p_refcnt to pl_refcnt to avoid confusionvisa2019-05-311-2/+2
| | | | | | | with the fields of struct proc. Make pl_refcnt unsigned for upcoming atomic updating. OK deraadt@ guenther@
* Fix unsafe use of ptsignal() in mi_switch().visa2019-01-061-1/+4
| | | | | | | | | | | | | | | | | | ptsignal() has to be called with the kernel lock held. As ensuring the locking in mi_switch() is not easy, and deferring the signaling using the task API is not possible because of lock order issues in mi_switch(), move the CPU time checking into a periodic timer where the kernel can be locked without issues. With this change, each process has a dedicated resource check timer. The timer gets activated only when a CPU time limit is set. Because the checking is not done as frequently as before, some precision is lost. Use of timers adapted from FreeBSD. OK tedu@ Reported-by: syzbot+2f5d62256e3280634623@syzkaller.appspotmail.com
* Add a mechanism for managing asynchronous IO signal registrations.visa2018-11-121-1/+2
| | | | | | | | | It centralizes IO signal privilege checking and makes possible to revoke a registration when the target process or process group is deleted. Adapted from FreeBSD. OK kettenis@ mpi@ guenther@
* Split the system-wide list of all futexes into process-specific listsvisa2018-08-301-1/+2
| | | | | | | | of private futexes and a shared list of shared futexes. This speeds up futex lookups. Tested by and OK krw@ OK mpi@
* Change kcov semantics, kernel code coverage tracing is now enabled on a peranton2018-08-251-1/+7
| | | | | | | | | thread basis instead of process. The decision to enable on process made development easier initially but could lead to non-deterministic results for processes with more than one thread. This behavior matches the implementation found on both Linux and FreeBSD. With help and ok mpi@ visa@
* Correctly copy across unveil's from parent to child process on fork().beck2018-07-201-13/+4
|
* Unveiling unveil(2).beck2018-07-131-1/+15
| | | | | | | | | | | | | This brings unveil into the tree, disabled by default - Currently this will return EPERM on all attempts to use it until we are fully certain it is ready for people to start using, but this now allows for others to do more tweaking and experimentation. Still needs to send the unveil's across forks and execs before fully enabling. Many thanks to robert@ and deraadt@ for extensive testing. ok deraadt@
* Move kqueue related fields from struct filedesc to struct kqueue. Solves a panicanton2018-06-171-1/+2
| | | | | | | | | | | | | in knote_processexit() that can occur when the filedesc belonging to the process already has been freed. Similiar work has been done in: - FreeBSD (commit bc1805c6e871c178d0b6516c3baa774ffd77224a) - DragonFlyBSD (commit ccafe911a3aa55fd5262850ecfc5765cd31a56a2) Thanks to tb@ for testing. ok kettenis@ mpi@ visa@
* Delete unnecessary <sys/file.h> includesguenther2017-12-301-2/+1
| | | | ok millert@ krw@
* pledge()'s 2nd argument becomes char *execpromises, which becomes thederaadt2017-12-121-2/+2
| | | | | | | | | | pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon
* guenther sleep-commited the version without #ifdefsderaadt2017-09-271-1/+3
|
* amd64 needs FS.base values (the TCB pointer) to be validated, as noncanonicalguenther2017-09-271-1/+3
| | | | | | | addresses will cause a fault on load by the kernel. Problem observed by Maxime Villard ok kettenis@ deraadt@
* Remove old deactivated pledge path code. A replacement mechanism isderaadt2017-08-291-4/+1
| | | | | being brewed. ok beck
* Add a port of witness(4) lock validation tool from FreeBSD.visa2017-04-201-1/+5
| | | | Go-ahead from kettenis@, guenther@, deraadt@
* Provide mips64 with kernel-facing TCB_{GET,SET} macros that store itguenther2017-04-131-5/+2
| | | | | | | in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB macro can be unifdef'ed as always defined. ok kettenis@ visa@ jsing@
* Split up fork1():guenther2017-02-121-177/+224
| | | | | | | | | | | | | | | | | - FORK_THREAD handling is a totally separate function, thread_fork(), that is only used by sys___tfork() and which loses the flags, func, arg, and newprocp parameters and gains tcb parameter to guarantee the new thread's TCB is set before the creating thread returns - fork1() loses its stack and tidptr parameters Common bits factor out: - struct proc allocation and initialization moves to thread_new() - maxthread handling moves to fork_check_maxthread() - setting the new thread running moves to fork_thread_start() The MD cpu_fork() function swaps its unused stacksize parameter for a tcb parameter. luna88k testing by aoyama@, alpha testing by dlg@ ok mpi@
* Delete the obsolete fork/exec/exit emulation hooks.guenther2017-02-081-7/+1
| | | | ok mpi@ dlg@
* Rename pfind(9) into tfind(9) to reflect that it deals with threads.mpi2017-01-241-2/+2
| | | | | | While here document prfind(9. with and ok guenther@
* Split PID from TID, giving processes a PID unrelated to the TID of theirguenther2016-11-071-10/+28
| | | | | | initial thread ok jsing@ kettenis@
* Adjust allocpid() to take into account lastpidguenther2016-10-221-3/+5
| | | | ok jsing@ kettensi@
* Process groups can't be removed if a zombie process is in them, soguenther2016-10-151-7/+3
| | | | | | | ispidtaken() can rely on pgfind() for all pgrp checks and can simply use zombiefind() for the zombie check ok jca@
* Inherit PS_WXNEEDED in forked processes.jca2016-09-031-2/+3
| | | | | | Issue noticed when debugging lang/sbcl. ok deraadt@ guenther@ tedu@
* proc_trampoline_mp hasn't needed curproc since 2011tom2016-08-311-5/+1
| | | | ok guenther@ mpi@
* remove systrace remnantstedu2016-04-251-4/+1
|
* boom goes the dynamitetedu2016-04-251-13/+1
|
* increase size of oldpids to 128 to prevent mod bias when idx wraps.tedu2016-03-111-2/+2
| | | | from Michal Mazurek
* Rename tame() to pledge(). This fairly interface has evolved to be morederaadt2015-10-091-5/+5
| | | | | | strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
* Only include <sys/tame.h> in the .c files that need itguenther2015-09-111-1/+2
| | | | ok deraadt@ miod@
* Move to tame(int flags, char *paths[]) API/ABI.deraadt2015-08-221-1/+4
| | | | | | | | | | | | The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
* tame(2) is a subsystem which restricts programs into a "reduced featurederaadt2015-07-191-2/+2
| | | | | | operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
* add sys/atomic.h back for membar_* needed for at least armv7jsg2015-03-141-1/+2
|
* Remove some includes include-what-you-use claims don'tjsg2015-03-141-2/+1
| | | | | | | have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
* Factor out the common bits of process_new() and main()'s code forguenther2015-02-101-17/+28
| | | | | | | setting up process0, 'cause I'm sick of forgetting to update main() when touching process_new() ok blambert@ miod@
* move arc4random prototype to systm.h. more appropriate for most codetedu2014-11-181-2/+1
| | | | to include that than rdnvar.h. ok deraadt dlg
* include sys/unistd.h where needed instead of indirect reliance. ok jsgtedu2014-11-031-1/+2
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.