| Age | Commit message (Collapse) | Author |
|---|
|
ok visa@
|
|
then ran into the messaging being poor. Then I fixed the messages. But
there are two sub-cases of sp-not-MAP_STACK -- one at syscall time, and
another at regular userland trap (on some architectures), and I bungled
that messaging. Correct that now, while I look for yet another better way...
discovered by millert, who ran an pre-MAP_STACK binary.
|
|
from miod
|
|
Reduce code clutter by removing the file name and line number output
from witness(4). Typically it is easy enough to locate offending locks
using the stack traces that are shown in lock order conflict reports.
Tricky cases can be tracked using sysctl kern.witness.locktrace=1 .
This patch additionally removes the witness(4) wrapper for mutexes.
Now each mutex implementation has to invoke the WITNESS_*() macros
in order to utilize the checker.
Discussed with and OK dlg@, OK mpi@
|
|
including cpu.h machine/intr.h etc without first including param.h when
MULTIPROCESSOR is defined.
ok visa@
|
|
ok guenther@ tb@ deraadt@
|
|
4MB which is far too low especially when the platform is able to run MP.
New limits are, amd64 = 256M; arm64, mips64, sparc64 = 64M; alpha, arm,
hppa, i386, powerpc = 32M; m88k, sh = 8M
Still rather conservative numbers but much better than before. At least
some hangs of arm64 build boxes was caused by this.
OK kettenis@, visa@
|
|
The src/lib/libc/thread/rthread.c 1.8 change adds #include
<sys/atomic.h> in userland code.
Current m88k atomic.h contents are inside of #if defined(_KERNEL)
guard, then, nothing is defined for userland program.
So we need adding some defines to compile it on m88k.
The original diff is suggested from Miod Vallat, modified by the
advice from mpi@ and kettenis@.
ok kettenis@
|
|
OK deraadt@ mpi@
|
|
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
(forget to remove from repository)
ok visa@
|
|
ok visa@
|
|
needs (looking at you sgi, but others required this before). This is for
the circumstances we need pagesize known at compile time, not getpagesize()
runtime. Use it for malloc storage sizes, for shm, and to set pthread stack
default sizes. The stack sizes were a mess, and pushing them towards
page-aligned is healthy move (which will also be needed by the coming
stack register checker)
ok guenther kettenis, discussion with stefan
|
|
ok kettenis@, visa@
|
|
Remove `mtx_lock' from i386, add volatile before `mtx_owner' where it
was missing.
Inputs from kettenis@, ok visa@
|
|
the memory devices (/dev/null, /dev/zero, etc) need to permit them.
problem noted, tweak, and testing by jeremy@
ok deraadt@
|
|
extend ddb(4) "ps /o" output to print which CPU is currently holding the
KERNEL_LOCK().
Tested by dhill@, ok visa@
|
|
|
|
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
|
ok miod@
|
|
ok deraadt@, kettenis@, jasper@
|
|
ok visa@, kettenis@
|
|
ok kettenis@
|
|
Using a name with the 'db_' prefix makes it invisible from the dynamic
profiler.
ok deraadt@, kettenis@, visa@
|
|
|
|
in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB
macro can be unifdef'ed as always defined.
ok kettenis@ visa@ jsing@
|
|
struct, rather than fetching them from arrays every time they are needed.
ok aoyama@
|
|
|
|
- FORK_THREAD handling is a totally separate function, thread_fork(),
that is only used by sys___tfork() and which loses the flags, func,
arg, and newprocp parameters and gains tcb parameter to guarantee
the new thread's TCB is set before the creating thread returns
- fork1() loses its stack and tidptr parameters
Common bits factor out:
- struct proc allocation and initialization moves to thread_new()
- maxthread handling moves to fork_check_maxthread()
- setting the new thread running moves to fork_thread_start()
The MD cpu_fork() function swaps its unused stacksize parameter for
a tcb parameter.
luna88k testing by aoyama@, alpha testing by dlg@
ok mpi@
|
|
leaving out the size, so that
ELFNAME2(exec,makecmds)
becomes
exec_elf_makecmds
instead of
exec_elf{32,64}_makecmds
and then delete the ELFNAME2() and ELFNAMEEND() macros.
Move the prototypes for functions local to exec_elf.c to there from
exec_elf.h.
Simplify the SMALL_KERNEL conditionals around the ELF coredump code.
Change exec_conf.c to use the size-generic names and macros
Remove exec_elf{32,64}.c and just build exec_elf.c; delete the
_KERN_DO_ELF and _KERN_DO_ELF64 #defines.
ok jca@, encouragement from deraadt@ and tom@
|
|
Make process_auxv_offset() take and release a reference of the vmspace like
process_domem() does.
ok kettenis@
|
|
powerpc: rename second argument of pmap_proc_iflush() to match other archs
ok kettenis@
|
|
while it's not 100% correct, it's okay
tested by aoyama@
|
|
Same thought from kettenis@, ok krw@ phessler@ millert@
|
|
tested by aoyama@
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
ok guenther@ millert@
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
|
|
on a guess how much memory a typical machine has. If the value is
too high, users may run out of kernel memory. Then we will have
to adjust this again.
OK claudio@ deraadt@
|
|
|
|
From Miod Vallat, tested by him and me.
ok deraadt@
|
|
another step toward making splraise an MI api.
ok aoyama@
|
|
this is a step toward making ipls unconditionaly on pools.
ok deraadt@ kettenis@
|
|
ok millert
|
|
ok guenther kettenis
|
|
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
|
|
|
|
all the local ones to ``nticks''.
ok stefan@, deraadt@
|
