| Age | Commit message (Collapse) | Author |
|---|
|
torture tested on amd64, i386 and macppc
ok beck mpi stefan
"the change looks right" deraadt
|
|
|
|
|
|
|
|
|
|
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
|
|
|
for device. In sys_fcntl() the ioctl(TIOCSPGRP) is called, but the
pipe expects SIOCSPGRP. Sockets have a specal case for the same
reason, so adapt the special code for pipes.
OK millert@
|
|
use pledge and file locking. OK deraadt@
|
|
option to fcntl(), so that isatty() can use this rather than than the bloated
ioctl() interface. Reducing uses of ioctl() by libc makes it easier to
constrain programs with various kinds of systrace sandboxes.
ok guenther, previously discussed as a concept with nicm
|
|
|
|
followed by a mode check. This will simplify the ref/unref dance as
soon as fd_getfile() will increment fp's reference counter.
Idea from and ok guenther@, ok millert@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
|
|
marker for which pools are not interrupt safe. ok dlg
|
|
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
|
when creating them: pipe2(), dup3(), accept4(), MSG_CMSG_CLOEXEC,
SOCK_CLOEXEC. Includes SOCK_NONBLOCK support.
ok matthew@
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
Pointed out by Jean-Philippe Ouellet.
|
|
to the process's vmspace and filedescs. struct proc continues to
keep copies of the pointers, copying them on fork, clearing them
on exit, and (for vmspace) refreshing on exec.
Also, make uvm_swapout_threads() thread aware, eliminating p_swtime
in kernel.
particular testing by ajacoutot@ and sebastia@
|
|
(race condition ?)
problem noticed by me, aja, sthen, brynet, rpe.
vanishing after this revert, okay aja@, sthen@
tedu, you probably want to look into re-checking the fcreate/fpublish addition
first, then if it's stable, see about tweaking doopenat ?
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
the first part is likely to fail, but we can generally prevent the second
part from failing.
use these two functions to drop the fdp lock around vn_open in sys_open,
but still maintain the original semantics of allocate then open.
the goal here is to fix the blocked fifo deadlock in a threaded program.
testing volunteers in short supply, resorting to conscription
|
|
|
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
f_count is long
ok kettenis@
Change esm_sensor_map.arg to int
ok deraadt@
|
|
ok kettenis
|
|
O_* flags and eliminating an XXX comment.
ok matthew@ deraadt@
|
|
shared between processes.
ok djm@
|
|
ref-count handling under handling, or blambert@ is messing with my head
|
|
Having done that, dupfdopen() has to handle a possible race.
ok matthew@ krw@
|
|
when opening /dev/fd/* (i.e., UF_EXCLOSE is now set iff O_CLOEXEC is
set, rather than copying UF_EXCLOSE from the file descriptor being
dup'd).
Also, add support for O_CLOEXEC and O_DIRECTORY to fhopen().
ok krw, guenther; feedback from millert; testing and bug finding by krw
|
|
was used by the now defunct portalfs. Zero out fd_ofileflags[fd]
when allocating an fd instead of when releasing it.
ok krw@ matthew@
|
|
at the top of closef() until all in-progress calls finish, just do the
advisory locking bits required of close() by POSIX and let whichever
thread has the last reference do the call to the file's fo_close()
method and the final cleanup.
lots of discussion with deraadt@ and others; worked out with and ok krw@
|
|
anticipation of further changes to closef(). No binary change.
ok krw@ miod@ deraadt@
|
|
selected fd is automatically fd_used(). We need to fd_unused() it,
because it will be fd_used() again in finishdup(). spotted by guenther
ok miod
|
|
descriptors the process currently has open.
ok guenther miod gilles ...
|
|
the dup and dup2 cases. with guenther
ok miod
|
|
or fd_{lo,hi}maps members, or when doing a read for a write. Fixes hangs
when an rthreaded processes sleeps while copying the fd table for fork()
and catches another thread with the lock.
ok jsing@ tedu@
|
|
"Sure" deraadt@
|
|
struct sockaddress; mostly from freebsd. ok deraadt@ tedu@ nicm@
|
|
that you can't evade the checks by doing the dirty work in an rthread
ok blambert@, deraadt@
|
|
so that the process-level stuff is to/from struct process and not
struct proc. This fixes a bunch of problem cases in rthreads.
Based on earlier work by blambert and myself, but mostly written
at c2k10.
Tested by many: deraadt, sthen, krw, ray, and in snapshots
|
|
rwlock, the thread will release biglock if it sleeps, means that
atomicity from before the rw_enter() to after it is not guaranteed.
The change didn't address those, so pulling it until it does.
"go for it" tedu@
|
|
list walkers in sysctl that can block. As a reward, no more vslock.
With some feedback from art, guenther, phessler. ok guenther.
|
|
which is exactly what the macro does.
Macro's that are nothing more then:
#define FUNCTION(arg) function(arg)
are almost always pointless and should go away.
OK blambert@
Agreed by many.
|
|
ok and improvements jmc@
|
|
- file descriptor table becomes the owner of the lock instead of the proc.
- When grabbing the lock, we check if the fd hasn't changed under our
feet, this is more or less impossible to solve without a hack like
this. I've banged my head against the wall, I figured out a solution,
but implementing it correctly would cost me 12 gray hairs. Screw it,
this is ugly, but it works.
- Wait until usecount drains before releasing the posix lock in closef.
- Add missing FREF/FRELE to sys_flock
- keep the pid in the flock struct instead of abusing the fact that we
used to use the proc as the lock owner.
Pointed out by and discussed with Al Viro, big thanks.
miod@ ok
|
