summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_sysctl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove usermount remnants. ok tedunatano2016-09-071-5/+1
|
* Introduce Dynamic Profiling, a ddb(4) based & gprof compatible kernelmpi2016-09-041-2/+2
| | | | | | | | | | | | | | | | profiling framework. Code patching is used to enable probes when entering functions. The probes will call a mcount()-like function to match the behavior of a GPROF kernel. Currently only available on amd64 and guarded under DDBPROF. Support for other archs will follow soon. A new sysctl knob, ddb.console, need to be set to 1 in securelevel 0 to be able to use this feature. Inputs and ok guenther@
* rename nfiles to numfiles to avoid shadowing and stretch out the name.tedu2016-08-231-2/+2
| | | | ok deraadt
* kern.usermount=1 is unsafe for everyone, since it allows any non-pledgedderaadt2016-07-141-4/+6
| | | | | | | program to call the mount/umount system calls. There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely. ok lots of people
* W^X violations are no longer permitted by default. A kernel log messagederaadt2016-05-271-1/+4
| | | | | | | | | | | | | | | | is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation. W^X violating programs can be permitted on a ffs/nfs filesystem-basis, using the "wxallowed" mount option. One day far in the future upstream software developers will understand that W^X violations are a tremendously risky practice and that style of programming will be banished outright. Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem. At least your other filesystems don't permit such programs. ok jca kettenis mlarkin natano
* remove the sysctl kern.random counters, since none of the remainingderaadt2016-05-231-4/+1
| | | | | ones are capable of giving valuable works vs does-not-work evidence. ok tedu
* Cleanup some of the DUID code and refactor for readability.jsing2016-05-211-15/+7
| | | | ok krw@ kettenis@
* Make KERN_FILE_BYPID return ESRCH when PID not found, both in sysctl andzhuk2016-05-041-2/+6
| | | | | | offline paths. More polishing to come. Input and okay bluhm@ & kettenis@.
* boom goes the dynamitetedu2016-04-251-8/+1
|
* delete the kern.emul/KERN_EMUL sysctl bits since there are nonaddy2016-02-291-41/+1
| | | | emulations left; ok millert@ deraadt@, jmc@ (man pages)
* Make sure we use the same cpu numbering for the kern.cptime2 sysctl as wekettenis2015-12-051-6/+6
| | | | | | | do for kern.proc. Fixes the issue in top(1) where a cpu would seem to be idle even though a thread was reported to be running on it. ok mpi@, tedu@, deraadt@
* refactor pledge_*_check and pledge_fail functionssemarie2015-11-011-3/+3
| | | | | | | | | | | | | | - rename _check function without suffix: a "pledge" function called from anywhere is a "check" function. - makes pledge_fail call the responsability to the _check function. remove it from caller. - make proper use of (potential) returned error of _check() functions. - adds pledge_kill() and pledge_protexec() with and OK deraadt@
* Fold "malloc" into "stdio" and -- recognizing that no program so far hasderaadt2015-10-251-3/+5
| | | | | | | | | | | | | | | used less than "stdio" -- include all the "self" operations. Instead of different defines, use regular PLEDGE_* in the "p_pledgenote" variable (which indicates the operation subtype a system call is performing). Many checks before easier to understand. p_pledgenote can often be passed directly to ktrace, so that kdump says: 15565 test CALL pledge(0xa9a3f804c51,0) 15565 test STRU pledge request="stdio" 15565 test RET pledge 0 15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>) 15565 test NAMI "/tmp/testfile" 15565 test PLDG open, "wpath", errno 1 Operation not permitted with help from semarie, ok guenther
* Rename tame() to pledge(). This fairly interface has evolved to be morederaadt2015-10-091-4/+4
| | | | | | strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
* track sizes for free in sysctl_diskinit(); ok krwderaadt2015-09-281-3/+7
|
* Rename __sysctl syscall to just sysctl, as the userland wrapper is no longerguenther2015-09-131-3/+3
| | | | | | necessary ok deraadt@ jsing@
* Convert _TM_ flags to TAME_ flags, collapsing the entire mappingderaadt2015-09-111-2/+2
| | | | | | layer because the strings select the right options. Mechanical conversion. ok guenther
* Only include <sys/tame.h> in the .c files that need itguenther2015-09-111-1/+2
| | | | ok deraadt@ miod@
* sizes for free(); ok sthenderaadt2015-09-101-4/+5
|
* Fix !INET6 build.mpi2015-09-031-2/+5
|
* Rework the UNIX domain socket garbage collector, including ideas fromguenther2015-08-281-2/+2
| | | | | | | | | | | | | {Free,Net}BSD - when a socket is closed with fds in its input, defer closing them to a task to avoid recursing. This eliminates the complicated extra reference taking which had a 37 line(!) comment explanation - move flags, counts, and links only needed for this from struct file to struct unpcb - document the flow of the mark/sweep collector much help from claudio@ who made me explain the GC to him until we trusted it ok claudio@ mpi@ deraadt@
* Move to tame(int flags, char *paths[]) API/ABI.deraadt2015-08-221-2/+1
| | | | | | | | | | | | The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
* Unfortunately netstat did not show sockets without file descriptorsbluhm2015-08-031-19/+59
| | | | | | | | | since it had been converted from kvm to sysctl. This was hiding a bunch of TCP states which are important for network debugging. Loop over the internet PCB tables to fill the network information into the KERN_FILE_BYFILE sysctl result. Skip internet sockets when looping over the file desciptors. From markus@; OK guenther@; Go for it deraadt@
* tame(2) is a subsystem which restricts programs into a "reduced featurederaadt2015-07-191-1/+5
| | | | | | operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
* For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),bluhm2015-05-181-9/+21
| | | | | | | | | | | | which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr(). If the node's attributes are not in NFS's cache, nfs_getattr() will invoke nfs_request() and the latter will sleep, allowing the file pointer to disappear while we traverse the list. This results in kernel crashes while running netstat or pstat -f. Grab a reference to the file descriptor before calling FILLIT(), and release it afterwards. This way the file descriptor cannot disappear while we sleep in nfs_getattr(). Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
* Replace the hand-crafted list of datagram unix domain sockets withbluhm2015-03-281-3/+5
| | | | | a SLIST. OK mpi@ benno@
* Extend struct kinfo_file a bit so that netstat has all the info it needs.claudio2015-02-111-1/+21
| | | | OK guenther@
* Prefer arg != 0 over arg for non-boolean. nitted kettenis@guenther2015-02-111-2/+2
|
* sysctl({CTL_KERN, KERN_FILE, KERN_FILE_BYFILE}) previously requiredguenther2015-02-111-6/+3
| | | | | | | the extra argument to be zero; instead, make it filter on the file type (DTYPE_*) when non-zero to make claudio's netstat work easier. ok claudio@
* Change the way stackgap_random is applied. Instead of applying it within themiod2015-02-091-2/+1
| | | | | | fixed stack area of the exec'd image, and risking hitting process limits, should we want to increase stackgap_random, the randomness is applied to the stack region in the process' vmspace.
* Move ps_strings "after" the random stackgap. This makes its location akettenis2015-01-201-3/+5
| | | | | | | | per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a per-process one as well. This gets rid of a pointer to the bottom of the stack at a fixed location. Also clears the road for unmapping the stackgap. ok deraadt@
* Add dmesg -s support, to view the output of rc(8) system startup messages.mpf2015-01-131-7/+18
| | | | | Help and feedback by Theo and Miod. OK deraadt@, manpage-ok jmc@
* sysctl kern.global_ptrace.tedu2014-12-121-1/+8
| | | | | | controls whether you can ptrace any process with appropriate privileges or only one own's children. ok deraadt
* sysctl_proc_vmmap(): Allow retrieving "self" VM mapping without privilege.uebayasi2014-12-121-7/+11
| | | | Previous version OK'ed by tedu@ deraadt@
* convert bcopy to memcpy. ok millerttedu2014-12-101-3/+3
|
* Allow only root to use KERN_PROC_VMMAP until it is really proven safe.uebayasi2014-12-051-1/+6
| | | | OK deraadt@
* Introduce a new sysctl to retrieve VM map entriesuebayasi2014-12-051-1/+101
| | | | | | | | | | | | | | | | This adds a new sysctl KERN_PROC_VMMAP, which returns an array of VM map entries of a specified process. This prevents debuggers from iterating vm_map_entry RB tree via kvm(3). The name KERN_PROC_VMMAP and struct kinfo_vmentry are chosen from the same function in FreeBSD. struct kinfo_vmentry is revised to reduce size, because OpenBSD does not keep track of filepaths. The semantic is also changed to return max buffer size as a hint, and start iteration at the specified base address. Much valuable input from deraadt@, guenther@, tedu@ OK tedu@ deraadt@
* missed a file when removing KERN_VNODE.tedu2014-11-191-3/+1
|
* delete the KERN_VNODE sysctl. it fails to provide any isolation from thetedu2014-11-191-3/+1
| | | | | | | kernel struct vnode defintion, and the only consumer (pstat) still needs kvm to read much of the required information. no great loss to always use kvm until there's a better replacement interface. ok deraadt millert uebayasi
* Replace a plethora of historical protection options with justderaadt2014-11-161-2/+2
| | | | | | | PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h. PROT_MASK is introduced as the one true way of extracting those bits. Remove UVM_ADV_* wrapper, using the standard names. ok doug guenther kettenis
* Put the socket splicing fields into a seperate struct sosplice thatbluhm2014-11-031-5/+6
| | | | | | | gets only allocated when needed. This way struct socket shrinks from 472 to 392 bytes on amd64. When splicing gets active, another 88 bytes are allocated for struct sosplice. OK dlg@
* add a few sizes to freetedu2014-11-011-7/+7
|
* redo the performance throttling in the kernel.tedu2014-10-171-20/+9
| | | | | | introduce a new sysctl, hw.perfpolicy, that governs the policy. when set to anything other than manual, hw.setperf then becomes read only. phessler was heading in this direction, but this is slightly different. :)
* back out; does not even compilederaadt2014-10-111-83/+9
|
* resurrect a many year old diff. move CPU throttling into the kernel,tedu2014-10-111-9/+83
| | | | | | enabled by setting hw.setperf=-1. some other bugs preventing this from going in before have been fixed. my thanks to phessler for keeping the diff alive in the mean time. tested by several to not regress.
* Remove non-standard <sys/dkstat.h> header. It has not contained anythingmiod2014-09-151-3/+2
| | | | | | | | | | related to disk stastics for almost 17 years, and the remaining userland-visible defines duplicate those found in <sys/sched.h>. Move the remaining _KERNEL defines to <sys/tty.h> where they belong, and update all users to cope with this. ok kettenis@
* Remove global cp_time[] array; no longer used now that all arches implementmiod2014-09-041-2/+2
| | | | cpu_info.
* Bye bye /dev/cryptomikeb2014-08-201-16/+1
| | | | | | | The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt
* dont rely on mbuf.h to provide pool.h.dlg2014-08-181-1/+2
| | | | | ok miod@, who has offerred to help with any MD fallout ok guenther@
* Fewer <netinet/in_systm.h> !mpi2014-07-221-2/+1
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.