summaryrefslogtreecommitdiffstats
path: root/usr.sbin/procmap (follow)
Commit message (Collapse)AuthorAgeFilesLines
* correct order of region bits for -a case: rwxSepcderaadt2019-11-291-2/+2
|
* Repurpose the "syscalls must be on a writeable page" mechanism toderaadt2019-11-291-9/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | enforce a new policy: system calls must be in pre-registered regions. We have discussed more strict checks than this, but none satisfy the cost/benefit based upon our understanding of attack methods, anyways let's see what the next iteration looks like. This is intended to harden (translation: attackers must put extra effort into attacking) against a mixture of W^X failures and JIT bugs which allow syscall misinterpretation, especially in environments with polymorphic-instruction/variable-sized instructions. It fits in a bit with libc/libcrypto/ld.so random relink on boot and no-restart-at-crash behaviour, particularily for remote problems. Less effective once on-host since someone the libraries can be read. For static-executables the kernel registers the main program's PIE-mapped exec section valid, as well as the randomly-placed sigtramp page. For dynamic executables ELF ld.so's exec segment is also labelled valid; ld.so then has enough information to register libc's exec section as valid via call-once msyscall(2) For dynamic binaries, we continue to to permit the main program exec segment because "go" (and potentially a few other applications) have embedded system calls in the main program. Hopefully at least go gets fixed soon. We declare the concept of embedded syscalls a bad idea for numerous reasons, as we notice the ecosystem has many of static-syscall-in-base-binary which are dynamically linked against libraries which in turn use libc, which contains another set of syscall stubs. We've been concerned about adding even one additional syscall entry point... but go's approach tends to double the entry-point attack surface. This was started at a nano-hackathon in Bob Beck's basement 2 weeks ago during a long discussion with mortimer trying to hide from the SSL scream-conversations, and finished in more comfortable circumstances next to a wood-stove at Elk Lakes cabin with UVM scream-conversations. ok guenther kettenis mortimer, lots of feedback from others conversations about go with jsing tb sthen
* dev_t is signed to permit passing -1 as an invalid condition, but thederaadt2019-02-051-5/+5
| | | | | | decomposition into major and minor is unsigned, so we should print them with %u instead of %d. ok guenther
* Fix description of -v and implement -v for -a showing holes; ok deraadt@otto2018-03-312-4/+16
|
* port the RBT code to userland by making it part of libc.dlg2017-06-191-4/+1
| | | | | | | | | | | | | | src/lib/libc/gen/tree.c is a copy of src/sys/kern/subr_tree.c, but with annotations for symbol visibility. changes to one should be reflected in the other. the malloc debug code that uses RB code is ported to RBT. because libc provides the RBT code, procmap doesn't have to reach into the kernel and build subr_tree.c itself now. mild enthusiasm from many ok guenther@
* Make a move towards ending 4 decades of kernel snooping.deraadt2016-09-251-2/+9
| | | | | | | | | | | | | | | Add sysctl kern.allowkmem (default 0) which controls the ability to open /dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99% of utilities in the tree to operate on sysctl-nodes (either by themselves or via code hiding in the guts of -lkvm). pstat -d and -v & procmap are affected and continued use of them will require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's buddy sendbug) are affected, but we'll work out a solution soon. There will be some impact in ports. ok kettenis guenther
* procmap fumbles with uvm_map_addr structures, which are now in RBTsdlg2016-09-162-17/+35
| | | | | | | | | | | | | | | | | | it also does proper traversal of the tree (ie, it does FOREACH) which in turn uses MIN and NEXT operations to iterate over the whole tree. theyre complicated and need code. so for now this pulls in subr_tree.c from the kernel and builds it as part of procmap. that allows for traversal of the RBT using the same code that the kernel uses. it is a bit ugly though because procmap updates the pointers between items in the tree so they point at local copies instead of kernel addresses. its made worse because RBT code has pointers between rb_entry structs, not between the nodes. im putting this in now to unbreak the tree. it can be polished after coffee/naps.
* Re-introduce vnode-to-filename mappingstefan2016-05-262-6/+74
| | | | | | | | The name cache walking code got adapted to the new name cache layout. Along with the previous commit, procmap is now able to map a vnode to a filename as long as it is in the name cache. "nice stuff" deraadt@
* Must extract uvm_vnode from uvm_object first before reading the vnodestefan2016-05-251-3/+11
| | | | | | | | | Otherwise procmap interprets the uvm_vnode contents as a vnode, yielding bogus values. This should cure the "procmap: invalid address (ffffffffffffffff) == -1 vs. 656 @ ffffffffffffffff" error messages that appear sporadically. ok deraadt@
* Remove am_maxslot from amap.stefan2016-04-161-7/+2
| | | | | | | | | | am_maxslot represents the total number of slots an amap can be extended to. Since we do not extend amaps, this field as well as rounding the number of slots to the next malloc bucket is not useful. This also removes the corresponding output from procmap(1). ok kettenis@
* remove the first comma from constructs like ", and," and ", or,": you can usejmc2015-03-131-3/+3
| | | | | "and" and "or" to join sentence clauses, and you can use commas, but both hinders reading;
* Also print the fspace member of map entries when PRINT_VM_MAP_ENTRY iskettenis2015-01-191-2/+4
| | | | | | requested. ok deraadt@
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-2/+2
| | | | | | | | | possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
* Replace a plethora of historical protection options with justderaadt2014-11-162-25/+25
| | | | | | | PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h. PROT_MASK is introduced as the one true way of extracting those bits. Remove UVM_ADV_* wrapper, using the standard names. ok doug guenther kettenis
* Additional cleanup for procfs removaldoug2014-09-081-3/+2
| | | | ok guenther@
* Delete procfs; it's always had races and is now unused: no one noticed forguenther2014-09-081-2/+1
| | | | | | months that I broke it before the 5.5 release. confirmed as not being required by ports by sthen@, ajacoutot@, dcoppa@
* decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.hderaadt2014-07-081-1/+4
| | | | | don't need to be married. ok guenther miod beck jsing kettenis
* There really isn't a strict "heap" anymore, so just call everything likederaadt2014-07-081-4/+1
| | | | | that an anon. Useful change since BRKSIZ will soon leave the namespace. ok kettenis
* Use errc/warnc to simplify code.guenther2014-05-201-3/+2
| | | | | | Also, in 'ftp', always put the error message last, after the hostname/ipaddr. ok jsing@ krw@ millert@
* remove tendrils of namei dumping codetedu2014-02-132-8/+3
|
* use strtonumtedu2014-02-131-2/+5
|
* obvious .Pa fixes; found with mandocdb(8)schwarze2014-01-211-4/+4
|
* get ready for big ino_t; ok gunther@otto2013-08-121-3/+4
|
* use .Mt for email addresses; from Jan Stary <hans at stare dot cz>; ok jmc@schwarze2013-07-161-3/+3
|
* Since the "better kmem pointer hiding" commit, procmap does not workdcoppa2013-06-251-3/+1
| | | | | | | anymore for regular users. So remove the setgid kmem for the time being (until tedu@ fixes it). ok tedu@
* Don't bother printing vm_swrss of a process, the current uvm accountingmiod2013-05-141-1/+3
| | | | logic never sets this value.
* pretty-print bigger ino_t variablesderaadt2013-04-241-7/+9
|
* revert 1.45. it depended on a kernel change we will not be making, andtedu2013-04-211-47/+21
| | | | the old code was cleaner
* for the sake of argument, let's pretend this #if 0 code isn't wantedtedu2013-03-261-79/+1
|
* rework the main loop so we can drop kmem privs a little later,tedu2013-03-231-21/+47
| | | | | | prepping for a coming kernel change. we need to call sysctl for all the procs to get their vmspace pointer, then we drop, then we go grovelling. ok deraadt
* revert, that restriction is already enforced the right waytedu2013-03-201-4/+1
|
* Only root can look at the kernel address space.deraadt2013-03-201-1/+4
|
* document a safe cast, which should be (unsigned int) instead of simplyderaadt2013-01-161-2/+3
| | | | (unsigned)
* Userspace counterpart of new vmmap.ariane2012-03-091-70/+107
| | | | Allows memory walks to function.
* make -column lists pretty again;jmc2011-09-031-14/+14
| | | | | | | | | | specifically, rewrite them to permit some markup in the column headers, and use "Ta" instead of literal tabs; mandoc does not currently match groff 100%, but a mandoc fix may be some time off, and we've gone enough releases with poorly formatting column lists. in some cases i have rewritten the lists as -tag, where -column made little sense.
* Userland counterpart of the vmmap backout; cranks major version of libkvm.ariane2011-06-061-107/+70
|
* Reimplement uvm/uvm_map.ariane2011-05-241-70/+107
| | | | | | | | | | | | | vmmap is designed to perform address space randomized allocations, without letting fragmentation of the address space go through the roof. Some highlights: - kernel address space randomization - proper implementation of guardpages - roughly 10% system time reduction during kernel build Tested by alot of people on tech@ and developers. Theo's machines are still happy.
* BRKSIZ is the right constant now, so I don't get lots of teeny tiny heapstedu2011-04-231-2/+2
| | | | mixed up in my address space.
* Switch back from KERN_PROC2/kinfo_proc2 to KERN_PROC/kinfo_proc nowguenther2011-04-101-6/+6
| | | | | | that we've got name we want for the API we want "ZAP!" deraadt@
* Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'miod2011-04-061-7/+3
| | | | for chars.
* Remove portalfs.thib2011-04-051-4/+1
| | | | | | | | | While it is a terribly cool idea, it's just awful and since noone has stepped up to the plate to keep it up with the current vop state, retire it to the attic. ok krw@, deraadt@, guenther@, miod@. comments from jmc@
* add an EXIT STATUS section for /usr/sbin;jmc2010-09-031-3/+3
|
* Update nlist array and uncomment a few things to pave the way for upcomingmiod2009-08-121-14/+7
| | | | new name cache information gathering code.
* Namecache revamp.beck2009-08-121-1/+9
| | | | | | | | | | | | | | | This eliminates the large single namecache hash table, and implements the name cache as a global lru of entires, and a redblack tree in each vnode. It makes cache_purge actually purge the namecache entries associated with a vnode when a vnode is recycled (very important for later on actually being able to resize the vnode pool) This commit does #if 0 out a bunch of procmap code that was already broken before this change, but needs to be redone completely. Tested by many, including in thib's nfs test setup. ok oga@,art@,thib@,miod@
* No longer consider kernel pointers invalid if pointing under the kernelmiod2009-06-041-28/+2
| | | | | | load address (hello, PMAP_DIRECT architectures). Makes procmap walk the kernel name cache correctly. ok art@
* replace standardized text concerning the exit values of applicationssobrado2009-01-191-4/+3
| | | | with the right mdoc macros.
* add -A to SYNOPSIS;jmc2008-09-181-2/+2
|
* document -A and include in usageotto2008-09-182-4/+6
|
* Add a flag to print amap usage.art2008-09-181-11/+72
| | | | otto@ ok
* First pass at removing clauses 3 and 4 from NetBSD licenses.ray2008-06-262-17/+3
| | | | | | | | | Not sure what's more surprising: how long it took for NetBSD to catch up to the rest of the BSDs (including UCB), or the amount of code that NetBSD has claimed for itself without attributing to the actual authors. OK deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.