| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
| |
This allows us to unlock getppid(2).
ok mpi@
|
| |
|
|
|
|
|
| |
groups as signed int. Do not use unsigned int within the kernel
for length calculations. Now getgroups(2) fails with EINVAL if
called with negative length value.
from Moritz Buhl; OK millert@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
to make crfree() and crhold() MP-safe. Make crhold() a proper function.
Put the definition into file kern_prot.c to constrain the need of the
<sys/atomic.h> header.
While there, adjust the IPL of ucred_pool to avoid lock order problems
with the kernel lock (pointed out by kettenis@).
OK mpi@
|
| |
|
|
|
|
|
| |
This code shuffling will ease the introduction of the proctree lock
in sys_setsid() and sys_setpgid().
Extracted from a larger diff from guenther@, ok visa@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| | |
|
| |
|
|
|
|
|
| |
addresses will cause a fault on load by the kernel.
Problem observed by Maxime Villard
ok kettenis@ deraadt@
|
| |
|
|
|
|
| |
and four libc major versions ago
ok sthen@ jsing@ deraadt@ jca@
|
| |
|
|
|
|
|
| |
in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB
macro can be unifdef'ed as always defined.
ok kettenis@ visa@ jsing@
|
| |
|
|
|
|
| |
initial thread
ok jsing@ kettenis@
|
| |
|
|
|
|
|
|
| |
the user and parent process are recorded. Later, this info may be tested
and used to bypass authorization requirements.
ie, doas won't ask for your password again.
Great idea from henning.
ok deraadt guenther henning
|
| |
|
|
|
|
| |
getlogin_r() API; keep existing syscall as getlogin59 for temporary compat.
ok kettenis@ deraadt@
|
| |
|
|
| |
ok deraadt@ krw@ zhuk@ jca@ millert@
|
| |
|
|
|
|
| |
than zero or greater than NGROUPS_MAX
Fixes panic seen by henning@
|
| | |
|
| |
|
|
|
| |
No functional change as pid_t is defined as int32_t.
OK miod@
|
| |
|
|
|
|
|
|
|
| |
to avoid possible use-after-free references when swapping ids in threaded
processes. "Do I have the right creds?" checks are always made with the
threads creds.
Inspired by FreeBSD and NetBSD
"right time" deraadt@
|
| |
|
|
|
|
|
|
|
| |
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
| |
|
|
| |
included there
|
| |
|
|
|
|
| |
struct xucred becomes the structure for syscalls (mount(2) and nfssvc(2)).
ok deraadt@ beck@
|
| |
|
|
| |
ok deraadt guenther kettenis matthew
|
| |
|
|
|
|
| |
consistent when the effective gid isn't also a supplementary group.
ok beck@
|
| | |
|
| |
|
|
|
|
|
|
| |
count processes instead of threads. New sysctl()s KERN_NTHREADS and
KERN_MAXTHREAD count and limit threads. The nprocs and maxproc kernel
variables are replaced by nprocess, maxprocess, nthreads, and maxthread.
ok tedu@ mikeb@
|
| |
|
|
|
|
|
|
|
|
| |
- move the P_TRACED and P_INEXEC flags, and p_oppid, p_ptmask, and
p_ptstat member from struct proc to struct process
- sort the PT_* requests into those that take a PID vs those that
can also take a TID
- stub in PT_GET_THREAD_FIRST and PT_GET_THREAD_NEXT
ok kettenis@
|
| |
|
|
|
|
|
|
|
|
|
| |
for pointing to the thread-control-block. Support for mapping this
to the correct hardware register can be added as it's finished;
start with support for amd64, sparc, and sparc64. Includes syscalls
for getting and setting it (for a portable __errno implementation) as
well as creating a new thread with an initial value for it.
discussed with miod@, kettenis@, deraadt@; committing to get the syscalls
in with the impending libc bump and do further refinements in tree
|
| | |
|
| |
|
|
| |
getpid is smp safe again. ok guenther
|
| |
|
|
|
|
| |
fail regardless of which rthread calls execve()
ok blambert@
|
| |
|
|
|
|
| |
that you can't evade the checks by doing the dirty work in an rthread
ok blambert@, deraadt@
|
| |
|
|
|
|
|
|
|
| |
so that the process-level stuff is to/from struct process and not
struct proc. This fixes a bunch of problem cases in rthreads.
Based on earlier work by blambert and myself, but mostly written
at c2k10.
Tested by many: deraadt, sthen, krw, ray, and in snapshots
|
| |
|
|
|
|
| |
way a kill() intended for a thread can result in a separate process
getting the signal.
ok tedu@ art@
|
| |
|
|
|
| |
in compat mode and there's no harm continuing that way.
ok dlg deraadt guenther miod thib
|
| |
|
|
|
| |
(not done) hasn't changed, but now it's less work to test things.
ok art deraadt
|
| |
|
|
|
| |
so stop including it in kernel .c files.
"sure" deraadt@
|
| |
|
|
|
|
|
|
| |
of a direct ancestor, closing a localhost DoS. As an exception,
do permit ptrace() of pid 1 and have inferiors() stop climbing if
it hits that.
ok tedu@ hpux_compat suggestion from miod@
|
| |
|
|
|
| |
from Brad Tilley <brad at 16systems dot com>;
ok oga@
|
| |
|
|
| |
noted by Jonathan ARMANI, ok blambert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
that takes an additional argument "type" that indicates whether the
signal is for the process, just a particular thread, or propagated
to a thread because it's not caught or blocked. psignal() becomes
a wrapper that does the first of those.
So that sys_kill() can tell apart signals for the process and signals
for the process's original thread, the tid of the original thread
is defined as its pid + THREAD_PID_OFFSET.
ok tedu@ art@ andreas@ kurt@ "better early than late" deraadt@
|
| |
|
|
|
|
| |
it might be needed later -- before calling pfind(), so that enterpgrp()
can operate without sleeping
ok tedu
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Put a reference count in struct process to prevent use-after-free
if the main thread reaches the reaper ahead of some other thread
in the process. Use the reference count to update the user process
count correctly when changin real uid.
"please re-commit before something else nasty comes in" deraadt@
|
| | |
|
| |
|
|
|
|
|
| |
for users by the correct amount when changing real UID on (r)threaded
processes.
ok art@ tedu@
|
| |
|
|
|
|
| |
after pool_get();
ok beck@
|
| |
|
|
|
|
|
|
|
|
|
| |
a new struct. Instead of doing a huge rename and deal with the fallout
for weeks, like other projects that need no mention, we will slowly and
carefully move things out of struct proc into a new struct process.
- Create struct process and the infrastructure to create and remove them.
- Move threads in a process into struct process.
deraadt@, tedu@ ok
|
| |
|
|
|
|
|
|
|
|
|
|
| |
it's a good idea to use atomic.h operations on it. This mechanic
change updates all bit operations on p_flag to atomic_{set,clear}bits_int.
Only exception is that P_OWEUPC is set by MI code before calling
need_proftick and it's automatically cleared by ADDUPC. There's
no reason for MD handling of that flag since everyone handles it the
same way.
kettenis@ ok
|
| |
|
|
|
|
|
|
| |
uses rfork(RFTHREAD) to create threads, which are presently processes
that are a little more tightly bound together. several new syscalls
added to facilitate a userland thread library.
all conditional on RTHREADS, currently disabled.
ok deraadt
|
mvs
bluhm
visa
mpi
deraadt
guenther
tedu
millert
mikeb
schwarze
thib
art