| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
The list can be accessed from interrupt context if a signal is sent
from an interrupt handler.
OK anton@ cheloha@ mpi@
|
| |
|
|
| |
subsystem and ps_klist handling still run under the kernel lock.
|
| |
|
|
|
|
| |
for example, with locking assertions.
OK mpi@, anton@
|
| |
|
|
|
|
|
| |
single_thread_check() safe to be called without KERNEL_LOCK().
single_thread_wait() needs to use sleep_setup() and sleep_finish()
instead of tsleep() to make sure no wakeup() is lost.
Input kettenis@, with and OK visa@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This ensures that the conditions checked are still in force. The sleep
breaks atomicity, allowing another thread to alter the state.
single_thread_set() should return immediately after sleep when called
from dowait4() because there is no guarantee that the process pr still
exists. When called from single_thread_set(), the process is that of
the calling thread, which prevents process pr from disappearing.
OK anton@, mpi@, claudio@
|
| |
|
|
|
|
|
|
|
|
| |
This shows that atomic_* operations should not be necessery to write
to this field unlike with the process one.
The advantage of using a somewhat-unique prefix for struct member is
moot when multiple definitions use the same prefix :o)
From Amit Kulkarni, ok claudio@
|
| |
|
|
|
|
| |
kern_sig.c where they are currently added by the include. While doing
that mark the sigprop array as const.
OK mpi@ anton@ millert@
|
| |
|
|
|
|
|
| |
proc0 which is used for kthreads and idle threads. proc0 and all those
other kernel threads don't handle signals so there is no benefit in sharing.
Simplifies the code a fair bit since the refcnt is gone.
OK kettenis@
|
| | |
|
| |
|
|
|
|
| |
adding more filter properties without cluttering the struct.
OK mpi@, anton@
|
| |
|
|
|
|
|
|
| |
interrupt is enough to defer the signal handling. This is a leftover
from the times where not all archs had generic soft interrupts.
It is possible that the defer signal handling to a soft interrupt will
be removed at a later stage.
Input anton@, mpi@ OK kettenis@
|
| |
|
|
|
|
| |
process.
ok bluhm@ claudio@ visa@
|
| |
|
|
|
|
|
|
|
|
|
| |
The 3 subsystems: signal, poll/select and kqueue can now be addressed
separatly.
Note that bpf(4) and audio(4) currently delay the wakeups to a separate
context in order to respect the KERNEL_LOCK() requirement. Sockets (UDP,
TCP) and pipes spin to grab the lock for the sames reasons.
ok anton@, visa@
|
| |
|
|
| |
asked for more oks; my bad!
|
| |
|
|
|
|
|
|
|
|
| |
operating on the process structure and issuing signals. This is similar
to what sigio_setown() already does.
With this in place, the pipe subsystem is no longer required to grab the
kernel lock before calling pgsigio().
ok visa@
|
| |
|
|
|
|
|
|
|
|
|
| |
Using different fields to remember in which runqueue or sleepqueue
threads currently are will make it easier to split the SCHED_LOCK().
With this change, the (potentially boosted) sleeping priority is no
longer overwriting the thread priority. This let us get rids of the
logic required to synchronize `p_priority' with `p_usrpri'.
Tested by many, ok visa@
|
| |
|
|
|
|
|
| |
This moves most of the SCHED_LOCK() related to protecting the sleepqueue
and its states to kern/kern_sync.c
Name suggestion from jsg@, ok kettenis@, visa@
|
| |
|
|
|
|
| |
tsleep(9) to tsleep_nsec(9).
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
FIOGETOWN/SIOCGPGRP/TIOCGPGRP. Do this by determining the meaning of
the ID parameter inside the sigio code. Also add cases for FIOSETOWN
and FIOGETOWN where there have been TIOCSPGRP and TIOCGPGRP before.
These changes allow removing the ID translation from sys_fcntl() and
sys_ioctl().
Idea from NetBSD
OK mpi@, claudio@
|
| |
|
|
| |
OK visa@ anton@
|
| |
|
|
|
|
| |
make the structs const so that the data are put in .rodata.
OK mpi@, deraadt@, anton@, bluhm@
|
| |
|
|
| |
ok visa@
|
| |
|
|
|
|
|
|
|
| |
Convert those to a consolidated status when needed in wait4(), kevent(),
and sysctl()
Pass exit code and signal separately to exit1()
(This also serves as prep for adding waitid(2))
ok mpi@
|
| |
|
|
|
|
|
|
| |
sweep tree to correct NDIINT op and flags ahead of time. document
the requirement. This allows KERNELPATH to be used to bypass
unveil for crash dumps with nosuidcoredump=2 or 3
ok visa@ deraadt@ florian@
|
| |
|
|
|
| |
with a sleep between. Reorganize the code for a single check.
ok anton beck florian mpi
|
| |
|
|
|
| |
it from the pool.
ok bluhm visa
|
| |
|
|
|
|
|
| |
This allows to enforce that sleeping priorities will now always be <
PUSER.
ok visa@, ratchov@
|
| |
|
|
|
|
|
|
|
|
| |
of resource limit structs has been done between processes. By applying
copy-on-write also between threads, threads can read rlimits in
a nearly lock-free manner.
Inspired by code in DragonFly BSD and FreeBSD.
OK mpi@, agreement from jmatthew@ and anton@
|
| |
|
|
|
|
|
|
|
|
| |
does not block the signal. If all threads block the signal, we
delivered it to the main thread. This does not conform to POSIX.
If any thread unblocks the signal, it should be delivered immediately
to this thread.
Mark such signals pending at the process instead of a single thread.
Then any thread can handle it later.
OK kettenis@ guenther@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
it obviously needs to be called with the kernel lock held, so it
makes sense to check that so we can unlock more code without
introducing bugs that shoot us in the face in the indeterminate
future.
csignal is basically a wrapper around ptsignal, so calls to that
without the kernel lock should be caught by this too.
discussed with mpi@ on bugs@
|
| |
|
|
| |
ok cheloha deraadt
|
| | |
|
| |
|
|
| |
OK deraadt@ anton@
|
| |
|
|
|
|
|
|
|
| |
It centralizes IO signal privilege checking and makes possible to revoke
a registration when the target process or process group is deleted.
Adapted from FreeBSD.
OK kettenis@ mpi@ guenther@
|
| | |
|
| |
|
|
|
|
|
| |
side effect pending signals specifically sent to the main thread
were handled by other threads. This made gcj in textproc/pdftk
port build stall.
Noticed and tested by espie@.
|
| |
|
|
|
|
|
|
|
| |
to the process, it is made pending at the main thread. There it
could hang forever. So also check the main thread for signal
delivery. This workaround fixes hung tests in posixtestsuite. The
proper solution would be to split pending signals for process and
threads.
input visa@; OK guenther@
|
| |
|
|
|
|
|
|
| |
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
|
| |
|
|
|
|
|
| |
curproc that does the locking or unlocking, so the proc parameter
is pointless and can be dropped.
OK mpi@, deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
| |
|
|
|
|
|
|
|
|
| |
This can lead to a deadlock where the parent waits infinitely for the
traced process.
Original problem reported by tb@ and worked around by visa@ for release
by not calling CURSIG() twice in userret().
ok tb@, visa@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
to generate more than one ptrace(2) event. Do that by checking
pending signals first without altering any state. If there is
an unmasked signal ready for delivery, acquire the kernel lock
and redo the checks in issignal().
This prevents gdb from blocking on exit when it attempts to kill
an attached process, issue reported by tb@.
OK mpi@, deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The race is only triggerable if one of the threads of a multi-threaded
program is in the middle of a NOLOCK syscall when a signal is received.
The problem is that `ps_sigact' is shared between threads so its access
should be serialized. In the case of SA_RESETHAND, the handler is reset
when a signal is delivered, so delivering the signal twice would put the
process in an "impossible" state where some threads were stopped and some
were waiting for the others to die.
Serialize signal checking & processing with the KERNEL_LOCK() for now,
and introduce postsig_done() gypped from FreeBSD, to make sure the lock
is held when resetting the handler.
Bug report from espie@, ok visa@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
| |
ok deraadt@ krw@
|
| | |
|
| |
|
|
|
|
|
|
| |
SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible
in lastcomm(1). This also works if a programm tries to hide them
with a signal handler. Manual kill -SEGV does not generate false
positives.
OK deraadt@
|
| |
|
|
| |
Go-ahead from kettenis@, guenther@, deraadt@
|
| |
|
|
| |
OK jsg@
|
| |
|
|
|
|
|
| |
in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB
macro can be unifdef'ed as always defined.
ok kettenis@ visa@ jsing@
|
visa
claudio
mpi
anton
guenther
beck
deraadt
bluhm
dlg
tedu
cheloha