summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_fork.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make a child execute fork_return() only if PTRACE_FORK has been specified.mpi2021-03-231-3/+6
| | | | | | | | | | fork_return() does an additional check to send a SIGTRAP (for a debugger) but this signal might overwrite the SIGSTOP generated by the parent doing a PT_ATTACH before the child has a change to execute any instruction. Prevent a race visible only on SP system with regress/sys/kern/ptrace2. ok kettenis@
* Move single_thread_set() out of KERNEL_LOCK().mpi2021-02-151-3/+3
| | | | | | | Use the SCHED_LOCK() to ensure `ps_thread' isn't being modified by a sibling when entering tsleep(9) w/o KERNEL_LOCK(). ok visa@
* "proc: table is full" actually means thread table is full; ok mpi@ sthen@otto2021-02-111-2/+2
|
* Revert the convertion of per-process thread into a SMR_TAILQ.mpi2021-02-081-5/+4
| | | | | We did not reach a consensus about using SMR to unlock single_thread_set() so there's no point in keeping this change.
* Cache parent's pid as `ps_ppid' and use it instead of `ps_pptr->ps_pid'.mvs2021-01-171-1/+2
| | | | | | This allows us to unlock getppid(2). ok mpi@
* Convert the per-process thread list into a SMR_TAILQ.mpi2020-12-071-4/+5
| | | | | | | Currently all iterations are done under KERNEL_LOCK() and therefor use the *_LOCKED() variant. From and ok claudio@
* Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.mpi2020-12-041-2/+4
| | | | | | | Make sure `ps_single' is set only once by checking then updating it without releasing the lock. Analyzed by and ok claudio@
* Revert previous extension of the SCHED_LOCK(), the state isn't passed down.mpi2020-12-021-4/+2
| | | | Panic reported by dhill@
* Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.mpi2020-12-021-2/+4
| | | | | | | Make sure `ps_single' is set only once by checking then updating it without releasing the lock. Analyzed by and ok claudio@
* setitimer(2): ITIMER_REAL: use kclock timeoutscheloha2020-10-251-2/+3
| | | | | | | | | | | | | | | Reimplement the ITIMER_REAL interval timer with a kclock timeout. Couple things of note: - We need to use the high-res nanouptime(9) call, not the low-res getnanouptime(9). - The code is simpler now that we aren't working with ticks. Misc. thoughts: - Still unsure if "kclock" is the right name for these things. - MP-safely cancelling a periodic timeout is very difficult.
* Use atomic operations to update ps_singlecount. This makesclaudio2020-03-201-2/+2
| | | | | | | single_thread_check() safe to be called without KERNEL_LOCK(). single_thread_wait() needs to use sleep_setup() and sleep_finish() instead of tsleep() to make sure no wakeup() is lost. Input kettenis@, with and OK visa@
* Keep track of traced child under a list of orphans while they are beingmpi2020-03-161-3/+3
| | | | | | | | | | | | | | reparented to a debugger process. Also re-parent exiting traced processes to their original parent, if it is still alive, after the debugger has seen the exit status. Logic comes from FreeBSD pointed out by guenther@. While here rename proc_reparent() into process_reparent() and get rid of superfluous checks. ok visa@
* Remove sigacts structure sharing. The only process that used sharing wasclaudio2020-02-211-7/+3
| | | | | | | proc0 which is used for kthreads and idle threads. proc0 and all those other kernel threads don't handle signals so there is no benefit in sharing. Simplifies the code a fair bit since the refcnt is gone. OK kettenis@
* Split `p_priority' into `p_runpri' and `p_slppri'.mpi2020-01-301-2/+3
| | | | | | | | | | | Using different fields to remember in which runqueue or sleepqueue threads currently are will make it easier to split the SCHED_LOCK(). With this change, the (potentially boosted) sleeping priority is no longer overwriting the thread priority. This let us get rids of the logic required to synchronize `p_priority' with `p_usrpri'. Tested by many, ok visa@
* Make __thrsleep(2) and __thrwakeup(2) MP-safevisa2020-01-211-1/+3
| | | | | | | | | | | | | | Threads in __thrsleep(2) are tracked using queues, one queue per each process for synchronization between threads of a process, and one system-wide queue for the special ident -1 handling. Each of these queues has an associated rwlock that serializes access. The queue lock is released when calling copyin() and copyout() in thrsleep(). This preserves the existing behaviour where a blocked copy operation does not prevent other threads from making progress. Tested by anton@, claudio@ OK anton@, claudio@, tedu@, mpi@
* Make kqlist part of filedesc and serialize access to it using fdplock.visa2020-01-061-2/+1
| | | | | | This choice of locking is guided by knote_fdclose(). OK mpi@, anton@
* Convert infinite sleeps to {m,t}sleep_nsec(9).mpi2019-12-191-2/+2
| | | | ok visa@
* Move p_sleeplocks and p_limit into the "zero on create" section of structguenther2019-11-291-6/+1
| | | | | | | proc, so they don't need to be explicitly initialized in thread_new() suggested by anton@ ok kettenis@
* Move kcov(4)'s p_kd into the "zero on create" section to simplify fork codeguenther2019-11-291-7/+1
| | | | ok anton@
* struct proc: change ps_start from utc time to uptimecheloha2019-10-221-2/+2
| | | | | | | | | Allows us to determine how long a process has been running, even if the UTC clock jumps. With help from bluhm@ and millert@, who squashed several bugs. ok bluhm@ millert@
* Move `p_estcpu' to the region copied during fork & kill scheduler_fork_hook().mpi2019-10-211-8/+1
| | | | | | While here reorder some fields in 'struct proc' to avoid size grow. ok bluhm@, visa@
* Reduce the number of places where `p_priority' and `p_stat' are set.mpi2019-10-151-4/+4
| | | | | | | | | This refactoring will help future scheduler locking, in particular to shrink the SCHED_LOCK(). No intended behavior change. ok visa@
* Make resource limit access MP-safe. So far, the copy-on-write sharingvisa2019-06-211-5/+6
| | | | | | | | | | of resource limit structs has been done between processes. By applying copy-on-write also between threads, threads can read rlimits in a nearly lock-free manner. Inspired by code in DragonFly BSD and FreeBSD. OK mpi@, agreement from jmatthew@ and anton@
* Revert to using the SCHED_LOCK() to protect time accounting.mpi2019-06-011-4/+1
| | | | | | | | | It currently creates a lock ordering problem because SCHED_LOCK() is taken by hardclock(). That means the "priorities" of a thread should be moved out of the SCHED_LOCK() first in order to make progress. Reported-by: syzbot+8e4863b3dde88eb706dc@syzkaller.appspotmail.com via anton@ as well as by kettenis@
* Use a per-process mutex to protect time accounting instead of SCHED_LOCK().mpi2019-05-311-1/+4
| | | | | | | Note that hardclock(9) still increments p_{u,s,i}ticks without holding a lock. ok visa@, cheloha@
* Rename struct plimit field p_refcnt to pl_refcnt to avoid confusionvisa2019-05-311-2/+2
| | | | | | | with the fields of struct proc. Make pl_refcnt unsigned for upcoming atomic updating. OK deraadt@ guenther@
* Fix unsafe use of ptsignal() in mi_switch().visa2019-01-061-1/+4
| | | | | | | | | | | | | | | | | | ptsignal() has to be called with the kernel lock held. As ensuring the locking in mi_switch() is not easy, and deferring the signaling using the task API is not possible because of lock order issues in mi_switch(), move the CPU time checking into a periodic timer where the kernel can be locked without issues. With this change, each process has a dedicated resource check timer. The timer gets activated only when a CPU time limit is set. Because the checking is not done as frequently as before, some precision is lost. Use of timers adapted from FreeBSD. OK tedu@ Reported-by: syzbot+2f5d62256e3280634623@syzkaller.appspotmail.com
* Add a mechanism for managing asynchronous IO signal registrations.visa2018-11-121-1/+2
| | | | | | | | | It centralizes IO signal privilege checking and makes possible to revoke a registration when the target process or process group is deleted. Adapted from FreeBSD. OK kettenis@ mpi@ guenther@
* Split the system-wide list of all futexes into process-specific listsvisa2018-08-301-1/+2
| | | | | | | | of private futexes and a shared list of shared futexes. This speeds up futex lookups. Tested by and OK krw@ OK mpi@
* Change kcov semantics, kernel code coverage tracing is now enabled on a peranton2018-08-251-1/+7
| | | | | | | | | thread basis instead of process. The decision to enable on process made development easier initially but could lead to non-deterministic results for processes with more than one thread. This behavior matches the implementation found on both Linux and FreeBSD. With help and ok mpi@ visa@
* Correctly copy across unveil's from parent to child process on fork().beck2018-07-201-13/+4
|
* Unveiling unveil(2).beck2018-07-131-1/+15
| | | | | | | | | | | | | This brings unveil into the tree, disabled by default - Currently this will return EPERM on all attempts to use it until we are fully certain it is ready for people to start using, but this now allows for others to do more tweaking and experimentation. Still needs to send the unveil's across forks and execs before fully enabling. Many thanks to robert@ and deraadt@ for extensive testing. ok deraadt@
* Move kqueue related fields from struct filedesc to struct kqueue. Solves a panicanton2018-06-171-1/+2
| | | | | | | | | | | | | in knote_processexit() that can occur when the filedesc belonging to the process already has been freed. Similiar work has been done in: - FreeBSD (commit bc1805c6e871c178d0b6516c3baa774ffd77224a) - DragonFlyBSD (commit ccafe911a3aa55fd5262850ecfc5765cd31a56a2) Thanks to tb@ for testing. ok kettenis@ mpi@ visa@
* Delete unnecessary <sys/file.h> includesguenther2017-12-301-2/+1
| | | | ok millert@ krw@
* pledge()'s 2nd argument becomes char *execpromises, which becomes thederaadt2017-12-121-2/+2
| | | | | | | | | | pledge for a new execve image immediately upon start. Also introduces "error" which makes violations return -1 ENOSYS instead of killing the program ("error" may not be handed to a setuid/setgid program, which may be missing/ignoring syscall return values and would continue with inconsistant state) Discussion with many florian has used this to improve the strictness of a daemon
* guenther sleep-commited the version without #ifdefsderaadt2017-09-271-1/+3
|
* amd64 needs FS.base values (the TCB pointer) to be validated, as noncanonicalguenther2017-09-271-1/+3
| | | | | | | addresses will cause a fault on load by the kernel. Problem observed by Maxime Villard ok kettenis@ deraadt@
* Remove old deactivated pledge path code. A replacement mechanism isderaadt2017-08-291-4/+1
| | | | | being brewed. ok beck
* Add a port of witness(4) lock validation tool from FreeBSD.visa2017-04-201-1/+5
| | | | Go-ahead from kettenis@, guenther@, deraadt@
* Provide mips64 with kernel-facing TCB_{GET,SET} macros that store itguenther2017-04-131-5/+2
| | | | | | | in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB macro can be unifdef'ed as always defined. ok kettenis@ visa@ jsing@
* Split up fork1():guenther2017-02-121-177/+224
| | | | | | | | | | | | | | | | | - FORK_THREAD handling is a totally separate function, thread_fork(), that is only used by sys___tfork() and which loses the flags, func, arg, and newprocp parameters and gains tcb parameter to guarantee the new thread's TCB is set before the creating thread returns - fork1() loses its stack and tidptr parameters Common bits factor out: - struct proc allocation and initialization moves to thread_new() - maxthread handling moves to fork_check_maxthread() - setting the new thread running moves to fork_thread_start() The MD cpu_fork() function swaps its unused stacksize parameter for a tcb parameter. luna88k testing by aoyama@, alpha testing by dlg@ ok mpi@
* Delete the obsolete fork/exec/exit emulation hooks.guenther2017-02-081-7/+1
| | | | ok mpi@ dlg@
* Rename pfind(9) into tfind(9) to reflect that it deals with threads.mpi2017-01-241-2/+2
| | | | | | While here document prfind(9. with and ok guenther@
* Split PID from TID, giving processes a PID unrelated to the TID of theirguenther2016-11-071-10/+28
| | | | | | initial thread ok jsing@ kettenis@
* Adjust allocpid() to take into account lastpidguenther2016-10-221-3/+5
| | | | ok jsing@ kettensi@
* Process groups can't be removed if a zombie process is in them, soguenther2016-10-151-7/+3
| | | | | | | ispidtaken() can rely on pgfind() for all pgrp checks and can simply use zombiefind() for the zombie check ok jca@
* Inherit PS_WXNEEDED in forked processes.jca2016-09-031-2/+3
| | | | | | Issue noticed when debugging lang/sbcl. ok deraadt@ guenther@ tedu@
* proc_trampoline_mp hasn't needed curproc since 2011tom2016-08-311-5/+1
| | | | ok guenther@ mpi@
* remove systrace remnantstedu2016-04-251-4/+1
|
* boom goes the dynamitetedu2016-04-251-13/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.