| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
| |
While here document prfind(9.
with and ok guenther@
|
| |
|
|
|
|
| |
struct proc to struct process.
ok deraadt@ kettenis@
|
| |
|
|
| |
ok mpi@ mikeb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
| |
ok kettenis@
|
| |
|
|
| |
ok tedu@
|
| |
|
|
|
|
|
|
| |
it's not enough to assign to an unsigned type because if the arithmetic
overflows the compiler may decide to do anything. so change all the
long long casts to uint64_t so that we start with the right type.
reported by Tim Newsham of NCC.
ok deraadt
|
| |
|
|
|
|
|
|
|
|
| |
kill(2) is supposed to find zombie processes, this probably got broken
when the process reaper was introduced. As a temporary(tm) workaround,
walk the list of zombie processes if we can't find the target pid in the
main process list.
Problem with zsh initially reported by Geoff Wozniak on misc@, analysis
done by naddy@. ok kettenis@ tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
By keeping both the new (sys_kill/sys_thrkill) and old (sys_o58_kill)
system calls for the OpenBSD 6.0 release, code that uses either of these
mechanisms will work on both of the supported OpenBSD releases. This
provides a clean transition for runtimes that make direct system calls
(namely the Go programming language).
This requires a minimal amount of non-intrusive code and does not block
development progress within OpenBSD.
ok deraadt@ guenther@
|
| |
|
|
|
|
| |
forever. noticed by Davin McCall.
while here, if the timeout actually is zero, return appropriate error.
ok guenther.
|
| |
|
|
| |
ok guenther sthen
|
| |
|
|
|
|
|
| |
Note that without locking a thread cannot claim that it is part
of a multi-threaded process using this macro.
Suggested by miod@, ok guenther@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
| |
torture tested on amd64, i386 and macppc
ok beck mpi stefan
"the change looks right" deraadt
|
| | |
|
| |
|
|
|
|
|
|
|
| |
The current code has already setted it by default since 1.74
any pledge failure tries to make a coredump (default rules for coredump still
applies: so setuid binaries don't create them locally).
ok deraadt@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
thrkill(2), rolling the kill(2) syscall number with the ABI change to
avoid breaking binaries during during the transition. thrkill(2) includes
a 'tcb' argument that eliminates the need for locking in pthread_kill()
and simplifies pthread_cancel(). Switch __stack_smash_handler() to use
thrkill(2) and explicitly unblock SIGABRT.
Minor bump to both libc and libpthread: make sure you install a new kernel!
ok semarie@
|
| |
|
|
|
|
|
|
|
|
| |
pledgenote is used for annotate the policy for a namei context. So make it
tracking the nameidata.
It is expected for the caller to explicitly define the policy. It is a kernel
bug to not do so.
ok deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther
|
| |
|
|
| |
a refactoring being done for the bc/dc relationship with otto.
|
| |
|
|
|
| |
and readpassphrase() in particular use this.
ok millert tedu semarie
|
| |
|
|
|
|
| |
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
| |
|
|
|
| |
a coredump is happening. This improves behaviour while threaded.
ok semarie
|
| |
|
|
| |
ok krw@ sthen@ comments from deraadt@, miod@
|
| |
|
|
|
|
| |
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
| |
|
|
|
|
|
|
|
|
|
| |
delete coredump_trad(), uvm_coredump(), cpu_coredump(), struct md_coredump,
and various #includes that are superfluous.
This leaves compat_linux processes without a coredump callback. If that
ability is desired, someone should update it to use coredump_elf32() and
verify the results...
ok kettenis@
|
| |
|
|
|
|
|
| |
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
| |
|
|
|
|
| |
Tests on a 4-core CPU show setjmp(3) run four times as fast under load.
discussed on tech@ some time ago, now by kettenis and guenther, ok deraadt
|
| |
|
|
| |
marker for which pools are not interrupt safe. ok dlg
|
| |
|
|
|
|
| |
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
| |
|
|
|
|
|
|
|
|
| |
in ptsignal(), which broke ptrace() in various circumstances, act more like
sigsuspend() by updating the signal mask and picking off waited for signals
when one occurs. Don't always restart when an unwaited-for-but-handled
signal occurs, as that screws with both timeout calculation and cancellation.
main problem noted by jmatthew@
ok tedu@
|
| |
|
|
|
|
| |
even if sysctl kern.nosuidcoredump has been set to 2 or 3. This
allows a regular user to debug his programs again.
OK guenther@ deraadt@
|
| |
|
|
|
|
|
| |
receiving broadcast signals (kill -1). The flag can be set via a new
sysctl KERN_PROC_NOBROADCASTKILL. This will be used by iscsid to survive
the mass killing by init(8) when terminating multi-user operations.
With and OK guenther@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This adds a new assertion macro, KERNEL_ASSERT_LOCKED(), to assert that
kernel_lock is held. In the long process of removing kernel_lock, there will
be a lot (hundreds or thousands) of use of this; virtually almost all functions
in !MP-safe subsystems should have this assertion. Thus this assertion should
have a short, good name.
Not only that "KERNEL_ASSERT_LOCKED" is consistent with other KERNEL_* and
SCHED_ASSERT_LOCKED() macros.
Input from dlg@ guenther@ kettenis@.
OK dlg@ guenther@
|
| |
|
|
| |
Discussed with guenther and kettenis
|
| |
|
|
|
|
| |
Remember initprocess instead of initproc.
ok matthew@ blambert@
|
| |
|
|
|
| |
don't need to be married.
ok guenther miod beck jsing kettenis
|
| |
|
|
|
|
|
|
|
|
|
| |
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's
thread data. This eliminates the need for the thread-level SDEAD state.
Change kvm_getprocs() (both the sysctl() and kvm backends) to report the
"most active" scheduler state for the process's threads.
tweaks kettenis@
feedback and ok matthew@
|
| |
|
|
|
|
|
|
|
| |
an untraced process but finds it blocking or ignoring it, just kill
the process instead of looping. It's undefined behavor in POSIX but
quite annoying when encountered in practice.
improvements from kettenis@
ok matthew@
|
| |
|
|
|
|
|
| |
and FORK_SYSTEM as a flag to set them. This eliminates needing to
peek into other processes threads in various places. Inspired by NetBSD
ok miod@ matthew@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/ # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core 23207.core 6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores. Careful you don't fill your /var.
Further tuneables are being considered.
Sorry to be picking on bgpd for this example. I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther
|
| |
|
|
|
|
|
|
|
| |
to avoid possible use-after-free references when swapping ids in threaded
processes. "Do I have the right creds?" checks are always made with the
threads creds.
Inspired by FreeBSD and NetBSD
"right time" deraadt@
|
| |
|
|
|
|
|
|
|
| |
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
| |
|
|
|
|
|
| |
dropping the pcred argument. Fix handling of kill(-1, sig) from a
thread other than the original thread.
ok deraadt@
|
| |
|
|
|
|
|
|
|
| |
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.
ok deraadt@ millert@
|
| |
|
|
| |
included there
|
| |
|
|
| |
testing help mpi@
|
mpi
guenther
dlg
jsing
tedu
jca
deraadt
beck
natano
semarie
jsg
pelikan
bluhm
claudio
uebayasi
matthew