Age | Commit message (Collapse) | Author |
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
"exec" to call execve(2), potentially fork(2) beforehands if they
asked for "proc". Calling execve is what "shells" (ksh, tmux, etc)
have as their primary purpose. But meantime, if such a shell has a
nasty bug, we want to mitigate the process from opening a socket or
calling 100+ other system calls. Unfortunately silver bullets are in
short supply, so if our goal is to stay in a POSIX-y environment, we
have to let shells call execve(). POSIX ate the world, so choices do
we all have?
Warning for many: silver bullets are even more rare in other OS
ecosystems, so please accept this as a narrow lowering of the bar in a
very raised environment.
Commited from a machine running tame "proc exec" ksh, make, etc.
|
|
ok deraadt@ miod@
|
|
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
|
after discussions with beck deraadt kettenis.
|
|
Remember initprocess instead of initproc.
ok matthew@ blambert@
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's
thread data. This eliminates the need for the thread-level SDEAD state.
Change kvm_getprocs() (both the sysctl() and kvm backends) to report the
"most active" scheduler state for the process's threads.
tweaks kettenis@
feedback and ok matthew@
|
|
WNOHANG, in accordance with POSIX. Additionally, if rusage is
requested but the waited-on process did not terminate, return zero
bytes instead of kernel stack garbage.
ok deraadt, millert
|
|
the exiting thread instead of assuming that that's ps_mainproc.
Also, panic no matter which thread of init takes it down.
ok tedu@
|
|
to the process's vmspace and filedescs. struct proc continues to
keep copies of the pointers, copying them on fork, clearing them
on exit, and (for vmspace) refreshing on exec.
Also, make uvm_swapout_threads() thread aware, eliminating p_swtime
in kernel.
particular testing by ajacoutot@ and sebastia@
|
|
to avoid possible use-after-free references when swapping ids in threaded
processes. "Do I have the right creds?" checks are always made with the
threads creds.
Inspired by FreeBSD and NetBSD
"right time" deraadt@
|
|
completely detached from the process before letting it exit, so that
sleeping in systrace_exit() doesn't reorder them and lead to a panic.
Panic reported by Fabian Raetz (fabian.raetz (at) gmail.com)
ok tedu@
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.
ok deraadt@ millert@
|
|
testing help mpi@
|
|
Linux-compat clone() syscall when *not* using CLONE_THREAD. pirofti@
confirms Opera runs in compat without this, so out it goes; one less hair
to choke on in kern_exit.c
ok tedu@ pirofti@
|
|
multi-threaded processes when they receive a signal:
1. Make the parent of the process (the tracer) wait for all threads to be
stopped (in wait4(2)) instead of the thread that received the signal.
This prevents us from calling tsleep(9) recursively.
2. Assume that we already hold the kernel lock if the P_SINTR flag is set
(just like we already assumed we were holding the scheduler lock) and
don't try to grab it again.
This should fix the panic that many people reported when debugging
multi-threaded programs with gdb(1).
ok & lots of help from guenther@
|
|
and runtime to the process totals. Also, add ktracing of struct
rusage in wait4() and getrusage().
problem pointed out by tedu@
ok deraadt@
|
|
It was just for cleanliness, so be a little dirty
ok krw@, who managed to convince his clock to fire in the gap
|
|
make it a list of processes, and change P_NOZOMBIE and P_STOPPED from thread
flags to process flags. Add allprocess list for the code that just wants
to see processes.
ok tedu@
|
|
can be further simplified.
ok kettenis@
|
|
to sys/*.h headers so that the compat/linux code can use them.
Change dowait4() to not copyout() the status value, but rather leave
that for its caller, as compat/linux has to translate it, with the
side benefit of simplifying the native code.
Originally written months ago as part of the time_t work; long
memory, prodding, and ok from pirofti@
|
|
hardclock() set a flag on the running thread and force AST processing,
and then have the thread signal itself from userret().
idea and flag names from FreeBSD
ok jsing@
|
|
|
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
exited pids that won't get recycled.
ok deraadt
|
|
|
|
---------------------------
On the exit of the child process which parent either set SA_NOCLDWAIT
or ignored SIGCHLD, unconditionally wake up the parent instead of doing
this only when the child is a last child.
This brings us in line with other U**xes that support SA_NOCLDWAIT. If
the parent called waitpid(childpid), then exit of the child should wake
up the parent immediately instead of forcing it to wait for all children
to exit.
---------------------------
ok tedu@, millert@
|
|
ok deraadt guenther kettenis matthew
|
|
leaving us with a free type function that isn't atomic. deal with this
by erasing any reachable pointers to the vnode first, then free it.
ok deraadt guenther
|
|
.h files to pull it in, if needed
ok tedu
|
|
exiting. At that point ps_single may point to a proc that's already freed.
Since there is no point in killing a process that's already exiting, just
skip this step.
ok guenther@
|
|
profil() by moving P_PROFIL from proc->p_flag to process->ps_flags with
matching adjustment in fork1() and exit1()
ok matthew@
|
|
can be suspended and/or decrement pr->ps_singlecount if necessary.
With that added, the call the other direction needs to use its own
flag (EXIT_THREAD_NOCHECK) to avoid looping.
problem diagnosed from a hang naddy@ hit; ok kettenis@
|
|
before changing p_stat to SDEAD
ok pirofti@
|
|
traced processes to the active thread, otherwise we will deadlock resulting
in an unkillable stopped process.
ok guenther@
|
|
exit1() is wrong, since single_thread_check() already decrements it and may
call exit1() after that. I can't reproduce the hang that this was supposed
to fix anyway.
|
|
It implements a full-stop model where all threads are stopped before handing
over control to the debugger. Events are reported as before through wait(2);
you will have to call ptrace(PT_GET_PROCESS_STATE, ...) to find out which
thread hit the event. Since this changes the size of struct ptrace_state,
you will have to recompile gdb.
ok guenther@
|
|
ok guenther@
|
|
count processes instead of threads. New sysctl()s KERN_NTHREADS and
KERN_MAXTHREAD count and limit threads. The nprocs and maxproc kernel
variables are replaced by nprocess, maxprocess, nthreads, and maxthread.
ok tedu@ mikeb@
|
|
results in bogus total times, as reported by numerous ports people.
ok miod@
|
|
of per-rthread. Handling of per-thread tick and runtime counters
inspired by how FreeBSD does it.
ok kettenis@
|
|
the main thread exiting. c.f. regress/sys/kern/main-thread-exited/
|
|
- move the P_TRACED and P_INEXEC flags, and p_oppid, p_ptmask, and
p_ptstat member from struct proc to struct process
- sort the PT_* requests into those that take a PID vs those that
can also take a TID
- stub in PT_GET_THREAD_FIRST and PT_GET_THREAD_NEXT
ok kettenis@
|
|
particularly the "consume the signal you just sent" hang, and putting
the wait queues in userspace.
Do cancellation handling in pthread_cond_*wait(), pthread_join(),
and sem_wait().
Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add
'abort" argument to thrsleep to close cancellation race; make
thr{sleep,wakeup} return errno values via *retval to avoid touching
userspace errno.
|
|
struct process; KTRFAC_ACTIVE becomes P_INKTR. Also, save the credentials
used to open the file in sys_ktrace() and use them for all writes to the
vnode.
much feedback and ok jsing@
|