| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
We want this so that we can stop allowing readlink() on traversed
vnodes in unveil().
This includes all the kernel side and the system call.
This is not yet used in libc for realpath, so nothing calls this yet.
The libc wrapper will be committed later.
Testing by many, and ports build by naddy@
ok deraadt@
|
| |
|
|
| |
OK deraadt
|
| | |
|
| |
|
|
|
|
|
| |
Allows a subset of ioctls on video(4) devices, subset selected from
video(1) and firefox webrtc implementation.
ok semarie@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We will still be able to run i386 guests on amd64 vmm.
Reasons to delete i386 vmm:
- Been broken for a while, almost no one complained.
- Had been falling out of sync from amd64 while it worked.
- If your machine has vmx, you most probably can run amd64, so why not run that?
ok deraadt@ mlarkin@
|
| |
|
|
|
|
|
| |
tough (so that non-YP using developers don't break the tree for YP/LDAP
users). This check failed to handle the newish RPATH+UNVEIL_INSPECT namei
operation.
discovered by florian, ok beck
|
| |
|
|
| |
ok deraadt mestre
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Because of hw.smt we need a way to determine whether a given CPU is "online"
or "offline" from userspace. KERN_CPTIME2 is an array, and so cannot be
cleanly extended for this purpose, so add a new sysctl(2) KERN_CPUSTATS
with an extensible struct. At the moment it's just KERN_CPTIME2 with a
flags member, but it can grow as needed.
KERN_CPUSTATS appears to have been defined by BSDi long ago, but there are
few (if any) packages in the wild still using the symbol so breakage in ports
should be near zero. No other system inherited the symbol from BSDi, either.
Then, use the new sysctl(2) in systat(1) and top(1):
- systat(1) draws placeholder marks ('-') instead of percentages for
offline CPUs in the cpu view.
- systat(1) omits offline CPU ticks when drawing the "big bar" in
the vmstat view. The upshot is that the bar isn't half idle when
half your logical CPUs are disabled.
- top(1) does not draw lines for offline CPUs; if CPUs toggle on or
offline in interactive mode we redraw the display to expand/reduce
space for the new/missing CPUs. This is consistent with what some
top(1) implementations do on Linux.
- top(1) omits offline CPUs from the totals when CPU totals are
combined into a single line (the '-1' flag).
Originally prompted by deraadt@. Discussed endlessly with deraadt@,
ketennis@, and sthen@. Tested by jmc@ and jca@. Earlier versions also
discussed with jca@. Earlier versions tested by jmc@, tb@, and many
others.
docs ok jmc@, kernel bits ok ketennis@, everything ok sthen@,
"Is your stuff in yet?" deraadt@
|
| | |
|
| |
|
|
|
|
| |
here, this adds it back. Noticed by Coverity 1471854.
feedback from semarie@ OK deraadt@
|
| |
|
|
| |
ok jsg@ (who pointed out the kern_pledge.c change was necessary as well)
|
| |
|
|
| |
(the other cause is implausible, and crashes with a nice *NULL)
|
| |
|
|
|
|
|
|
| |
We use UNVEIL_INSPECT instead in the unveil flags for the same
purpose, and now add traversed vnodes of a path with UNVEIL_INSPECT
instead of with 0 flags and voodoo in unveil_flagmatch. This
allows us to uncontort the logic of unveil_flagmatch a bunch.
helpful review and ok from semarie@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
|
| |
This is required by, for example, slaacd(8) (which has been pledged) to
set MTU on an interface.
OK florian@, deraadt@
|
| |
|
|
| |
by the unveil diff. Noticed at, and diff from semarie@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The introduction of hw.smt means that logical CPUs can be disabled
after boot and prior to suspend/resume. If hw.smt=0 (the default),
there needs to be a way to count the number of hardware threads
available on the system at any given time.
So, import HW_NCPUONLINE/hw.ncpuonline from NetBSD and document it.
hw.ncpu becomes equal to the number of CPUs given to sched_init_cpu()
during boot, while hw.ncpuonline is equal to the number of CPUs available
to the scheduler in the cpuset "sched_all_cpus". Set_SC_NPROCESSORS_ONLN
equal to this new sysctl and keep _SC_NPROCESSORS_CONF equal to hw.ncpu.
This is preferable to adding a new sysctl to count the number of
configured CPUs and keeping hw.ncpu equal to the number of online
CPUs because such a change would break software in the ecosystem
that relies on HW_NCPU/hw.ncpu to measure CPU usage and the like.
Such software in base includes top(1), systat(1), and snmpd(8),
and perhaps others.
We don't need additional locking to count the cardinality of a cpuset
in this case because the only interfaces that can modify said cardinality
are sysctl(2) and ioctl(2), both of which are under the KERNEL_LOCK.
Software using HW_NCPU/hw.ncpu to determine optimal parallism will need
to be updated to use HW_NCPUONLINE/hw.ncpuonline. Until then, such software
may perform suboptimally. However, most changes will be similar to the
change included here for libcxx's std::thread:hardware_concurrency():
using HW_NCPUONLINE in lieu of HW_NCPU should be sufficient for determining
optimal parallelism for most software if the change to _SC_NPROCESSORS_ONLN
is insufficient.
Prompted by deraadt. Discussed at length with kettenis, deraadt, and sthen.
Lots of patch tweaks from kettenis.
ok kettenis, "proceed" deraadt
|
| |
|
|
|
|
|
|
| |
between processes using file descriptors. This provides an alternative to
eporting them with guesable 32-bit IDs. This implementation does not (yet)
allow sharing of graphics buffers between GPUs.
ok mpi@, visa@
|
| |
|
|
|
|
| |
This is required to run network syscall mostly without the KERNEL_LOCK().
ok visa@, kettenis@ as part of a larger diff.
|
| |
|
|
|
|
|
| |
For now this allows configuring an IPv6 address on an interface and
reading the net.inet6.ip6.soiikey sysctl. To be used by slaacd.
prodding & OK deraadt
|
| |
|
|
| |
that sysctl in pledge. Discovered by Stuart Cassoff
|
| |
|
|
|
|
|
| |
error is set by copyinstr(9) only and we return early if it is non-zero,
so the loop's last condition is always true.
OK deraadt, jca
|
| |
|
|
|
|
|
|
| |
protection cannot block the final SIGABRT.
While here apply the same logic to ddb(4)'s kill command.
From semarie@, ok deraadt@
|
| |
|
|
|
|
| |
be atomically read from any context.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
This will be soon be used to emulate BREAK commands in vmd(8).
ok nicm@, ccardenas@, deraadt@
|
| |
|
|
|
|
|
|
|
|
| |
pledge for a new execve image immediately upon start. Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon
|
| | |
|
| |
|
|
| |
OK deraadt@
|
| |
|
|
|
|
|
| |
This should make it easier to figure out what is going on. Note
that the pledgecode it shows is only a guess which pledge(2) might
help.
OK deraadt@ semarie@
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
being brewed.
ok beck
|
| |
|
|
|
|
|
|
|
|
|
| |
pledge("route"). These are read only and expose only minimal kernel
code.
slaacd(8) needs this on startup and when an interface gains the
autoconf6 flag to get lifetime and autoconf information about already
configured addresses.
OK deraadt
|
| |
|
|
| |
ok deraadt@ benno@
|
| |
|
|
|
|
|
|
| |
returns EIO. The base system has been cleaned of TIOCSTI uses (collaboration
between anton and I), and the ports tree appears mostly clean. A few
stragglers may be discovered and cleaned up later...
In a month or so, we should see if the #define can be removed entirely.
ok anton tedu, support from millert
|
| | |
|
| |
|
|
| |
found by regress/sys/kern/pledge/generic; OK deraadt@
|
| |
|
|
|
| |
calls. They'll be a little less visible, but still in the system logs.
ok bluhm
|
| |
|
|
|
|
|
| |
when something went wrong. This allows to monitor whether the
system is under attack and that the attack has been prevented by
OpenBSD pledge(2).
OK deraadt@ millert@ jmc@
|
| |
|
|
|
|
| |
prohibited sysctl.
ok deraadt
|
| | |
|
| |
|
|
|
|
| |
with the RS780E chipset.
OK kettenis@, jsg@
|
| | |
|
| |
|
|
| |
From semarie@, ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The syscall is marked NOLOCK and only FUTEX_WAIT grabs the KERNEL_LOCK()
because of PCATCH and the signal nightmare.
Serialization of threads is currently done with a global & exclusive
rwlock.
Note that the current implementation still use copyin(9) which is not
guaranteed to be atomic. Committing now such that remaining issues can
be addressed in-tree.
With inputs from guenther@, kettenis@ and visa@.
ok deraadt@, visa@
|
| |
|
|
|
| |
from Anton Lindqvist
ok semarie
|
| |
|
|
|
|
|
| |
because it tries MTIOCTOP against stdin, the tty. It is very inconvenient
to use isatty to distinguish this difference in userland, so return ENOTTY
for tty devices.
ok natano
|
| |
|
|
|
|
| |
and four libc major versions ago
ok sthen@ jsing@ deraadt@ jca@
|
beck
florian
deraadt
landry
pd
tedu
cheloha
otto
mestre
kettenis
rob
bket
mpi
kn
abieber
bluhm
tb
visa
natano
guenther