summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_sysctl.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Condition the new audio_record_enable pieces on NAUDIO > 0, fixingsthen2018-05-261-2/+9
| | | | kernel builds without audio (for example, ramdisks). ok florian@
* In addition to "on" and "off", allow the audio "record.enable" mixerratchov2018-05-261-1/+20
| | | | | | | | knob to take the new "sysctl" value, which is the default. In this case, the device behavior is determined by the new "kern.audio.record" sysctl(2), which defaults to zero. ok florian
* Add kern.witnesswatch sysctl for controlling witness(4). By default,visa2018-05-161-1/+6
| | | | | | | lock order checking is disabled but it can be enabled at runtime. Suggested by deraadt@ / mpi@ OK mpi@
* Use fd_getfile() in sysctl_file() instead of rewriting it.mpi2018-05-081-7/+5
| | | | | | This gives use refcounting for free which is what we need for MP. ok bluhm@, visa@
* Change fd_iterfile() to not return imature fps instead of skipping themmpi2018-05-081-4/+2
| | | | | | later. ok bluhm@, visa@
* Protect per-file counters and document which lock is used to protectmpi2018-05-081-1/+3
| | | | | | | | | the other fields. Once we no longer have any [k] (kernel lock) protections, we'll be able to unlock almost all network related syscalls. Inputs from and ok bluhm@, visa@
* Introduce fd_iterfile() a new helper function to iterate over `filehead'.mpi2018-04-251-18/+5
| | | | | | | This turns `filehead' into a local variable, that will make it easier to protect it. ok visa@
* Remove almost unused `flags' argument of suser().mpi2018-02-191-12/+12
| | | | | | | The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
* Stop assuming <sys/file.h> will pull in fcntl.h when _KERNEL is defined.guenther2018-01-021-1/+2
| | | | ok millert@ sthen@
* Remove NET_LOCK()'s argument.mpi2017-08-111-4/+3
| | | | Tested by Hrvoje Popovski, ok bluhm@
* Do not touch file pointers for which FILE_IS_USABLE() is false.gerhard2017-06-201-1/+2
| | | | | | They're might not be fully constructed. ok mpi@ deraadt@ bluhm@
* tweak sysctl_string and sysctl_tstring to use size_t for lengths, not intdlg2017-06-141-5/+6
| | | | | theyre both wrappers around sysctl__string, which is where half the fix is too.
* use size_t for the size of things in memory, not int.dlg2017-06-131-4/+5
| | | | | | | | | this tweaks the len argument to sysctl_rdstring, sysctl_struct, and sysctl_rdstruct. there's probably more to fix. ok millert@
* Do not export the protocol PCB pointer from kernel to non-root usersbluhm2017-05-061-2/+3
| | | | | | also in the IPv6 case. This fixes "netstat -An -f inet6 -p tcp" and shows 0x0. report and OK dhill@
* Enforce that sysctl kern.somaxconn and sominconn can only be setbluhm2017-04-271-5/+21
| | | | | to valid values. The so_qlimit is type short. report Dillon Jay Pena; OK deraadt@
* timeval has trailing padding on powerpc and m88k, so memset it beforeguenther2017-04-051-1/+2
| | | | | | copyout to avoid leaking kernel stack ok deraadt@
* Here at OpenBSD we change ABIs at the fling of a hat. Just in case aderaadt2017-04-051-3/+3
| | | | | future disk info sysctl has pads in the structures, use M_ZERO when allocating the storage to avoid leaking kernel memory.
* Enforce that tcbtable and udbtable must be accessed with the NET_LOCK().mpi2017-03-071-3/+3
| | | | | | | | Get rid of the old splnet()/splx() dances. What's protecting them right now is the KERNEL_LOCK(). but since pf(4) look at these tables we want to protect them in another way, hence the NET_LOCK(), at least as hint. ok bluhm@
* p_comm is the process's command and isn't per thread, so move it fromguenther2017-01-211-3/+2
| | | | | | struct proc to struct process. ok deraadt@ kettenis@
* Export p_cpuid via sysctl for all processes; ok guenthermikeb2016-11-111-2/+2
|
* Split PID from TID, giving processes a PID unrelated to the TID of theirguenther2016-11-071-3/+2
| | | | | | initial thread ok jsing@ kettenis@
* move the mbstat structure to percpu countersdlg2016-10-241-4/+20
| | | | | | | each cpus counters still have to be protected by splnet, but this is better thana single set of counters protected by a global mutex. ok bluhm@
* Factor out pr->ps_vmspace into a local variable for fill_kproc()guenther2016-10-221-4/+5
| | | | ok jsing@ kettenis@
* upon further review, port numbers go all the way up to ushort maxtedu2016-10-081-2/+2
|
* initialize the port variable before sysctl, since it's also read out.tedu2016-10-081-2/+2
|
* introduce a sysctl to hijack dns sockets. when set to a port number,tedu2016-10-071-1/+11
| | | | | | | all dns socket connections will be redirected to localhost:port. this could be a sockopt on the listening socket, but sysctl is an easier interface to work with right now. ok deraadt
* Add va_nlink information to struct kinfo_file (so bump the shlib minor)guenther2016-10-021-1/+2
| | | | from Sebastien Marie
* Make a move towards ending 4 decades of kernel snooping.deraadt2016-09-251-1/+9
| | | | | | | | | | | | | | | Add sysctl kern.allowkmem (default 0) which controls the ability to open /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% of utilities in the tree to operate on sysctl-nodes (either by themselves or via code hiding in the guts of -lkvm). pstat -d and -v & procmap are affected and continued use of them will require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's buddy sendbug) are affected, but we'll work out a solution soon. There will be some impact in ports. ok kettenis guenther
* sysctl KERN_ARND is no longer used (in ports, it only occurs in fallbackderaadt2016-09-211-14/+1
| | | | | | paths of libevent). This interface was the first generation of what eventually became getentropy(2) and arc4random(3) -- june 1997! Ports scan by sthen, general agreement guenther
* option INSECURE is obsoletederaadt2016-09-181-5/+1
|
* Remove usermount remnants. ok tedunatano2016-09-071-5/+1
|
* Introduce Dynamic Profiling, a ddb(4) based & gprof compatible kernelmpi2016-09-041-2/+2
| | | | | | | | | | | | | | | | profiling framework. Code patching is used to enable probes when entering functions. The probes will call a mcount()-like function to match the behavior of a GPROF kernel. Currently only available on amd64 and guarded under DDBPROF. Support for other archs will follow soon. A new sysctl knob, ddb.console, need to be set to 1 in securelevel 0 to be able to use this feature. Inputs and ok guenther@
* rename nfiles to numfiles to avoid shadowing and stretch out the name.tedu2016-08-231-2/+2
| | | | ok deraadt
* kern.usermount=1 is unsafe for everyone, since it allows any non-pledgedderaadt2016-07-141-4/+6
| | | | | | | program to call the mount/umount system calls. There is no way any user can be expected to keep their system safe / reliable with this feature. Ignore setting to =1, and after release we'll delete the sysctl entirely. ok lots of people
* W^X violations are no longer permitted by default. A kernel log messagederaadt2016-05-271-1/+4
| | | | | | | | | | | | | | | | is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation. W^X violating programs can be permitted on a ffs/nfs filesystem-basis, using the "wxallowed" mount option. One day far in the future upstream software developers will understand that W^X violations are a tremendously risky practice and that style of programming will be banished outright. Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem. At least your other filesystems don't permit such programs. ok jca kettenis mlarkin natano
* remove the sysctl kern.random counters, since none of the remainingderaadt2016-05-231-4/+1
| | | | | ones are capable of giving valuable works vs does-not-work evidence. ok tedu
* Cleanup some of the DUID code and refactor for readability.jsing2016-05-211-15/+7
| | | | ok krw@ kettenis@
* Make KERN_FILE_BYPID return ESRCH when PID not found, both in sysctl andzhuk2016-05-041-2/+6
| | | | | | offline paths. More polishing to come. Input and okay bluhm@ & kettenis@.
* boom goes the dynamitetedu2016-04-251-8/+1
|
* delete the kern.emul/KERN_EMUL sysctl bits since there are nonaddy2016-02-291-41/+1
| | | | emulations left; ok millert@ deraadt@, jmc@ (man pages)
* Make sure we use the same cpu numbering for the kern.cptime2 sysctl as wekettenis2015-12-051-6/+6
| | | | | | | do for kern.proc. Fixes the issue in top(1) where a cpu would seem to be idle even though a thread was reported to be running on it. ok mpi@, tedu@, deraadt@
* refactor pledge_*_check and pledge_fail functionssemarie2015-11-011-3/+3
| | | | | | | | | | | | | | - rename _check function without suffix: a "pledge" function called from anywhere is a "check" function. - makes pledge_fail call the responsability to the _check function. remove it from caller. - make proper use of (potential) returned error of _check() functions. - adds pledge_kill() and pledge_protexec() with and OK deraadt@
* Fold "malloc" into "stdio" and -- recognizing that no program so far hasderaadt2015-10-251-3/+5
| | | | | | | | | | | | | | | used less than "stdio" -- include all the "self" operations. Instead of different defines, use regular PLEDGE_* in the "p_pledgenote" variable (which indicates the operation subtype a system call is performing). Many checks before easier to understand. p_pledgenote can often be passed directly to ktrace, so that kdump says: 15565 test CALL pledge(0xa9a3f804c51,0) 15565 test STRU pledge request="stdio" 15565 test RET pledge 0 15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>) 15565 test NAMI "/tmp/testfile" 15565 test PLDG open, "wpath", errno 1 Operation not permitted with help from semarie, ok guenther
* Rename tame() to pledge(). This fairly interface has evolved to be morederaadt2015-10-091-4/+4
| | | | | | strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
* track sizes for free in sysctl_diskinit(); ok krwderaadt2015-09-281-3/+7
|
* Rename __sysctl syscall to just sysctl, as the userland wrapper is no longerguenther2015-09-131-3/+3
| | | | | | necessary ok deraadt@ jsing@
* Convert _TM_ flags to TAME_ flags, collapsing the entire mappingderaadt2015-09-111-2/+2
| | | | | | layer because the strings select the right options. Mechanical conversion. ok guenther
* Only include <sys/tame.h> in the .c files that need itguenther2015-09-111-1/+2
| | | | ok deraadt@ miod@
* sizes for free(); ok sthenderaadt2015-09-101-4/+5
|
* Fix !INET6 build.mpi2015-09-031-2/+5
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.