summaryrefslogtreecommitdiffstats
path: root/sys/kern (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Slam signal handlers harder in tame_fail(), found by semarie.deraadt2015-07-221-20/+9
| | | | | Also delete some prototype KTRACE code which is not headed in the right direction.
* memory leak in execve with systrace, plus some unreachable codederaadt2015-07-221-3/+3
| | | | | spotted by Maxime Villard ok guenther millert
* Always permit kbind (for dynamic linking) and add __thrsigdivert to theguenther2015-07-211-2/+4
| | | | | | SELF list like the other threading calls ok deraadt@
* hookup octeonjasper2015-07-211-2/+2
| | | | ok deraadt@
* Move `ticks' declaration to sys/kernel.h.uebayasi2015-07-202-5/+2
|
* Fix tty hiwat handling a bitsf2015-07-201-14/+5
| | | | | | | | | | | | | - Introduce new defines TTHIWATMINSPACE, TTMINHIWAT for some magic values that are used in tty.c. - Remove hiwat adjustments in ttwrite(). This fixes this codepath not being interrupt safe. - Change ttysetwater() to keep at least TTHIWATMINSPACE space above the high water mark. This makes it consistent with ttycheckoutq(). Without this change, the hiwat adjustment change above causes deadlocks in pty. ok kspillner@ commit it now deraadt@
* crudely canonicalize paths before taming them. ok deraadt dougtedu2015-07-201-2/+72
|
* Move the construction of p_tamenote from sys_open() to doopenat(), so thatderaadt2015-07-201-11/+10
| | | | it also applies to sys_openat().
* Allow the sched_yield, __thrsleep, __thrwakeup, and __threxit syscallsjeremy2015-07-201-1/+7
| | | | | | when using tame(2). This allows threaded programs to work. OK deraadt@
* In _TM_SELF, permit uname(3); OK deraadt@.schwarze2015-07-201-3/+18
|
* Be more paranoid and don't let any ioctls through with invalid filenicm2015-07-201-3/+4
| | | | descriptors.
* Don't try to dereference fp if it is NULL, ok deraadtnicm2015-07-201-2/+5
|
* tame_cmsg_send and tame_cmsg_recv are called with the data set to a filenicm2015-07-201-7/+16
| | | | descriptor, so call fd_getfile to get a struct file *. ok deraadt
* getpagesize() may occur late in programs; permit itderaadt2015-07-201-2/+6
|
* Add setgroups(2) to TAME_PROC, ok deraadtnicm2015-07-201-1/+2
|
* In TAME_IOCTL, permit BIOCGSTATS on a vnode. We don't drill down deeperderaadt2015-07-201-1/+7
| | | | yet to verify it is a bpf node. Will be used by tcpdump privsep side.
* rebuildguenther2015-07-202-7/+7
|
* Add kbind, a syscall for ld.so to use to securely and efficiently updateguenther2015-07-202-3/+6
| | | | | | memory for lazy binding ok deraadt@
* Fix annoying console spew when we can't write the core file. use log instead.beck2015-07-201-6/+8
| | | | ok krw@ sthen@ comments from deraadt@, miod@
* Repair various strncmp lengths, noticed by Brandon Caseyderaadt2015-07-191-6/+9
|
* Change uvm_page[re]alloc_multi to actually use the flags passed in, and returnbeck2015-07-191-2/+2
| | | | | a value so that they may be called with UVM_PLA_NOWAIT ok kettenis@
* Use two 2q caches for the buffer cache, moving previously warm buffers from thebeck2015-07-192-53/+167
| | | | | | | first queue to the second. Mark the first queue as DMA in preparation for being able to use more memory by flipping. Flipper code currently only sets and clears the flag. ok tedu@ guenther@
* Make KTR_SYSRET records variables variables sized, leaving out theguenther2015-07-191-70/+85
| | | | | | | | | | | | | retval on error, including a long long retval on successful lseek(), and including a register_t retval for other successes. This fixes lseek reporting on ILP32 archs. While here, reworking internal kern_ktrace.c bits to be able to pass two buffers to ktrwriteraw(), so we can avoid mallocing a buffer in some cases and so that KTR_GENIO logs are split at PAGE_SIZE, not PAGE_SIZE-sizeof(struct ktrgenio) ok miod@
* syncderaadt2015-07-192-7/+7
|
* tame(2) is a subsystem which restricts programs into a "reduced featurederaadt2015-07-1910-14/+880
| | | | | | operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
* Change unp_scan() and its callbacks to pass the array of struct file **guenther2015-07-182-41/+37
| | | | | | | | and a count instead of calling the callback on each one, while also renders the 'dispose' argument superfluous. Move unp_*() prototypes from <sys/un.h> to <sys/unpcb.h> ok claudio@ mpi@
* Kill emul left-over.mpi2015-07-181-2/+2
| | | | From Martin Natano
* manage spd entries by using the radix api directly instead ofblambert2015-07-171-13/+4
| | | | | | | | reaching around through the routing table original diff by myself, much improved by mikeb@ and mpi@ ok and testing mikeb@ mpi@
* In socketpair(), need to mask the type argument when testing for dgram.guenther2015-07-171-2/+2
| | | | | based on jeremy@'s diff ok jeremy@ deraadt@
* Fix rn_match and there for the expoerted lookup functions in radix.cclaudio2015-07-161-3/+1
| | | | | | to never return the internal RNF_ROOT nodes. This removes the checks in the callee to verify that not an RNF_ROOT node was returned. OK mpi@
* m_free() can now accept NULL, as a normal free() function. This makesderaadt2015-07-151-1/+4
| | | | | calling code simpler. ok stsp mpi
* Disable pool_gc on m88k if MULTIPROCESSOR; we don't have enough volunteersmiod2015-07-091-1/+3
| | | | | for human sacrifices to get this fixed in a reasonably near future, and the tree must build.
* MFREE(9) is dead, long live m_freem(9)!mpi2015-07-082-9/+9
| | | | ok bluhm@, claudio@, dlg@
* introduce srp, which according to the manpage i wrote is short fordlg2015-07-022-1/+269
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "shared reference pointers". srp allows concurrent access to a data structure by multiple cpus while avoiding interlocking cpu opcodes. it manages its own reference counts and the garbage collection of those data structure to avoid use after frees. internally srp is a twisted version of hazard pointers, which are a relative of RCU. jmatthew wrote the bulk of a hazard pointer implementation and changed bpf to use it to allow mpsafe access to bpfilters. however, at s2k15 we were trying to apply it to other data structures but the memory overhead of every hazard pointer would have blown out significantly in several uses cases. a bulk of our time at s2k15 was spent reworking hazard pointers into srp. this diff adds the srp api and adds the necessary metadata to struct cpuinfo on our MP architectures. srp on uniprocessor platforms has alternate code that is optimised because it knows there'll be no concurrent access to data by multiple cpus. srp is made available to the system via param.h, so it should be available everywhere in the kernel. the docs likely need improvement cos im too close to the implementation. ok mpi@
* Get rid of the undocumented & temporary* m_copy() macro added formpi2015-06-304-9/+9
| | | | | | | | compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
* reenable the pool gc task.dlg2015-06-241-3/+1
| | | | | | | | the problems it tickled by working outside the biglock on archs with mutex and clock interaction have been fixed, as evidenced by the softnet taskq. ok deraadt@
* Store a unique ID, an interface index, rather than a pointer to thempi2015-06-162-5/+5
| | | | | | | | | | | | | | | receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
* Move hzto(9) to the attic; OK dlgmikeb2015-06-111-54/+1
|
* If the first list was empty, ml_join() did not not clear the secondbluhm2015-05-311-5/+6
| | | | | | | list after transferring all elements away. Reorder the conditionals to make sure that ml_init() is always called for a non empty second list. This makes all cases consistent and is less surprising. OK dlg@
* Rename caddr_t p to cp in an inner block to avoid aliasing the outernicm2015-05-211-5/+5
| | | | struct proc *p, ok deraadt
* For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),bluhm2015-05-181-9/+21
| | | | | | | | | | | | which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr(). If the node's attributes are not in NFS's cache, nfs_getattr() will invoke nfs_request() and the latter will sleep, allowing the file pointer to disappear while we traverse the list. This results in kernel crashes while running netstat or pstat -f. Grab a reference to the file descriptor before calling FILLIT(), and release it afterwards. This way the file descriptor cannot disappear while we sleep in nfs_getattr(). Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
* Reenable the page zeroing thread on MP m88k kernels.miod2015-05-181-3/+2
|
* isatty() is used by stdio to determine the buffering mode. Add a F_ISATTYderaadt2015-05-171-1/+11
| | | | | | | option to fcntl(), so that isatty() can use this rather than than the bloated ioctl() interface. Reducing uses of ioctl() by libc makes it easier to constrain programs with various kinds of systrace sandboxes. ok guenther, previously discussed as a concept with nicm
* test mbuf pointers against NULL not 0jsg2015-05-131-6/+6
| | | | ok krw@ miod@
* Drop and reacquire the kernel lock in the vfs_shutdown and "cold"mikeb2015-05-122-2/+33
| | | | | | | portions of msleep and tsleep to give interrupts a chance to run on other CPUs. Tweak and OK kettenis
* Set POLLHUP even if no valid events were specified as per POSIX.millert2015-05-101-3/+5
| | | | | | | | Since we use the poll backend for select(2), care must be taken not to set the fd's bit in writefds in this case. A kernel-only flag, POLLNOHUP, is used by selscan() to tell the poll backend not to return POLLHUP on EOF. This is currently only used by fifo_poll(). The fifofs regress now passes. OK guenther@
* Cleanup/rejig GPT code to be more readable, support different endiankrw2015-05-091-192/+253
| | | | | | | | | archs and different sized disk sectors. Make MBR have higher priority than GPT. Add many paranoia checks and associated DPRINTF's to make further development easier. Keep everything hidden behind #ifdef GPT. Tested and ok doug@ mpi@. Nothing bad seen by millert@.
* msleep(9) must prevent kernel from attempting a context switchmikeb2015-05-071-3/+21
| | | | | | during autoconf and after panics. Tweak and OK guenther, OK miod
* Pass a thread pointer instead of its file descriptor table to getvnode(9).mpi2015-05-071-11/+11
| | | | Input and ok millert@
* regenjsg2015-05-062-4/+4
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.