summaryrefslogtreecommitdiff
path: root/sys/kern/kern_exit.c
AgeCommit message (Collapse)Author
2015-10-09Rename tame() to pledge(). This fairly interface has evolved to be moreTheo de Raadt
strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
2015-10-07Add the tame "exec" request. This allows processes which requestTheo de Raadt
"exec" to call execve(2), potentially fork(2) beforehands if they asked for "proc". Calling execve is what "shells" (ksh, tmux, etc) have as their primary purpose. But meantime, if such a shell has a nasty bug, we want to mitigate the process from opening a socket or calling 100+ other system calls. Unfortunately silver bullets are in short supply, so if our goal is to stay in a POSIX-y environment, we have to let shells call execve(). POSIX ate the world, so choices do we all have? Warning for many: silver bullets are even more rare in other OS ecosystems, so please accept this as a narrow lowering of the bar in a very raised environment. Commited from a machine running tame "proc exec" ksh, make, etc.
2015-09-11Only include <sys/tame.h> in the .c files that need itPhilip Guenther
ok deraadt@ miod@
2015-08-28fairly simple sizes for free(); ok teduTheo de Raadt
2015-08-22Move to tame(int flags, char *paths[]) API/ABI.Theo de Raadt
The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
2015-03-14Remove some includes include-what-you-use claims don'tJonathan Gray
have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
2014-12-16primary change: move uvm_vnode out of vnode, keeping only a pointer.Ted Unangst
objective: vnode.h doesn't include uvm_extern.h anymore. followup changes: include uvm_extern.h or lock.h where necessary. ok and help from deraadt
2014-07-12add a size argument to free. will be used soon, but for now default to 0.Ted Unangst
after discussions with beck deraadt kettenis.
2014-07-11It's init as a process that's special, not init's original thread.Philip Guenther
Remember initprocess instead of initproc. ok matthew@ blambert@
2014-07-08decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.hTheo de Raadt
don't need to be married. ok guenther miod beck jsing kettenis
2014-07-04Track whether a process is a zombie or not yet fully built via flagsPhilip Guenther
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's thread data. This eliminates the need for the thread-level SDEAD state. Change kvm_getprocs() (both the sysctl() and kvm backends) to report the "most active" scheduler state for the process's threads. tweaks kettenis@ feedback and ok matthew@
2014-06-11Fix wait4 to not modify status or rusage if we return 0 because ofMatthew Dempsky
WNOHANG, in accordance with POSIX. Additionally, if rusage is requested but the waited-on process did not terminate, return zero bytes instead of kernel stack garbage. ok deraadt, millert
2014-05-15knote_processexit() needs the thread to pass down to FRELE(), so pass itPhilip Guenther
the exiting thread instead of assuming that that's ps_mainproc. Also, panic no matter which thread of init takes it down. ok tedu@
2014-05-15Move from struct proc to process the reference-count-holding pointersPhilip Guenther
to the process's vmspace and filedescs. struct proc continues to keep copies of the pointers, copying them on fork, clearing them on exit, and (for vmspace) refreshing on exec. Also, make uvm_swapout_threads() thread aware, eliminating p_swtime in kernel. particular testing by ajacoutot@ and sebastia@
2014-04-18Have each thread keeps its own (counted!) reference to the process's ucredsPhilip Guenther
to avoid possible use-after-free references when swapping ids in threaded processes. "Do I have the right creds?" checks are always made with the threads creds. Inspired by FreeBSD and NetBSD "right time" deraadt@
2014-04-17Make sure the original thread is blocked until any other threads arePhilip Guenther
completely detached from the process before letting it exit, so that sleeping in systrace_exit() doesn't reorder them and lead to a panic. Panic reported by Fabian Raetz (fabian.raetz (at) gmail.com) ok tedu@
2014-03-30Eliminates struct pcred by moving the real and saved ugids intoPhilip Guenther
struct ucred; struct process then directly links to the ucred Based on a discussion at c2k10 or so before noting that FreeBSD and NetBSD did this too. ok matthew@
2014-03-26Move p_emul and p_sigcode from proc to process.Philip Guenther
Tweak the handling of ktrace EMUL when changing ktracing: only generate one per process (not one per thread) and pass the correct proc pointer down to the VFS layer. Permit generating of NAMI and CSW records inside ktrace(2) itself. ok deraadt@ millert@
2014-03-22Move p_sigacts from struct proc to struct process.Philip Guenther
testing help mpi@
2014-02-12Eliminate the exit sig handling, which was only invokable via thePhilip Guenther
Linux-compat clone() syscall when *not* using CLONE_THREAD. pirofti@ confirms Opera runs in compat without this, so out it goes; one less hair to choke on in kern_exit.c ok tedu@ pirofti@
2014-02-09Fix the lock order reversal problem in the code that stops tracedMark Kettenis
multi-threaded processes when they receive a signal: 1. Make the parent of the process (the tracer) wait for all threads to be stopped (in wait4(2)) instead of the thread that received the signal. This prevents us from calling tsleep(9) recursively. 2. Assume that we already hold the kernel lock if the P_SINTR flag is set (just like we already assumed we were holding the scheduler lock) and don't try to grab it again. This should fix the panic that many people reported when debugging multi-threaded programs with gdb(1). ok & lots of help from guenther@
2014-01-24exit1() needs to do a final aggregation of the thread's [us]ticksPhilip Guenther
and runtime to the process totals. Also, add ktracing of struct rusage in wait4() and getrusage(). problem pointed out by tedu@ ok deraadt@
2014-01-21Setting p->p_p to NULL when it's still running isn't safe for statclock().Philip Guenther
It was just for cleanliness, so be a little dirty ok krw@, who managed to convince his clock to fire in the gap
2014-01-20Threads can't be zombies, only processes, so change zombproc to zombprocess,Philip Guenther
make it a list of processes, and change P_NOZOMBIE and P_STOPPED from thread flags to process flags. Add allprocess list for the code that just wants to see processes. ok tedu@
2014-01-20Move p_textvp from struct proc to struct process so that the exit codePhilip Guenther
can be further simplified. ok kettenis@
2013-10-25Move the declarations for dogetrusage(), itimerround(), and dowait4()Philip Guenther
to sys/*.h headers so that the compat/linux code can use them. Change dowait4() to not copyout() the status value, but rather leave that for its caller, as compat/linux has to translate it, with the side benefit of simplifying the native code. Originally written months ago as part of the time_t work; long memory, prodding, and ok from pirofti@
2013-10-08Fix delivery of SIGPROF and SIGVTALRM to threaded processes by havingPhilip Guenther
hardclock() set a flag on the running thread and force AST processing, and then have the thread signal itself from userret(). idea and flag names from FreeBSD ok jsing@
2013-09-14Snapshots for all archs have been built, so remove the T32 codePhilip Guenther
2013-08-13Switch time_t, ino_t, clock_t, and struct kevent's ident and dataPhilip Guenther
members to 64bit types. Assign new syscall numbers for (almost all) the syscalls that involve the affected types, including anything with time_t, timeval, itimerval, timespec, rusage, dirent, stat, or kevent arguments. Add a d_off member to struct dirent and replace getdirentries() with getdents(), thus immensely simplifying and accelerating telldir/seekdir. Build perl with -DBIG_TIME. Bump the major on every single base library: the compat bits included here are only good enough to make the transition; the T32 compat option will be burned as soon as we've reached the new world are are happy with the snapshots for all architectures. DANGER: ABI incompatibility. Updating to this kernel requires extra work or you won't be able to login: install a snapshot instead. Much assistance in fixing userland issues from deraadt@ and tedu@ and build assistance from todd@ and otto@
2013-06-05factor out pid allocation to functions. add a small cache of recentlyTed Unangst
exited pids that won't get recycled. ok deraadt
2013-06-01some small style changes that are distracting me from seeing a real bugTed Unangst
2013-05-07Merge from FreeBSD, r191313Philip Guenther
--------------------------- On the exit of the child process which parent either set SA_NOCLDWAIT or ignored SIGCHLD, unconditionally wake up the parent instead of doing this only when the child is a last child. This brings us in line with other U**xes that support SA_NOCLDWAIT. If the parent called waitpid(childpid), then exit of the child should wake up the parent immediately instead of forcing it to wait for all children to exit. --------------------------- ok tedu@, millert@
2013-04-06rthreads are always enabled. remove the sysctl.Ted Unangst
ok deraadt guenther kettenis matthew
2013-03-30vrele() is a tricky beast. it can sleep if the refcount hits zero,Ted Unangst
leaving us with a free type function that isn't atomic. deal with this by erasing any reachable pointers to the vnode first, then free it. ok deraadt guenther
2013-03-28do not include machine/cpu.h from a .c file; it is the responsibility ofTheo de Raadt
.h files to pull it in, if needed ok tedu
2012-09-08Plug a race where we're trying to kill a traced process while it is aleadyMark Kettenis
exiting. At that point ps_single may point to a proc that's already freed. Since there is no point in killing a process that's already exiting, just skip this step. ok guenther@
2012-08-02Apply profiling to all threads instead of just the thread that calledPhilip Guenthe
profil() by moving P_PROFIL from proc->p_flag to process->ps_flags with matching adjustment in fork1() and exit1() ok matthew@
2012-07-11exit1(EXIT_THREAD) needs to call single_thread_check() so that itPhilip Guenthe
can be suspended and/or decrement pr->ps_singlecount if necessary. With that added, the call the other direction needs to use its own flag (EXIT_THREAD_NOCHECK) to avoid looping. problem diagnosed from a hang naddy@ hit; ok kettenis@
2012-07-09The linux emulation exit hook needs to be able to sleep, so call itPhilip Guenthe
before changing p_stat to SDEAD ok pirofti@
2012-04-14If single threading is active, drirect the SIGKILL signal we send to orphanedMark Kettenis
traced processes to the active thread, otherwise we will deadlock resulting in an unkillable stopped process. ok guenther@
2012-04-13Backout a tiny part of the previous commit. Decrementing ps_singlecount inMark Kettenis
exit1() is wrong, since single_thread_check() already decrements it and may call exit1() after that. I can't reproduce the hang that this was supposed to fix anyway.
2012-04-13First stab at making ptrace(2) usable for debugging multi-threaded programs.Mark Kettenis
It implements a full-stop model where all threads are stopped before handing over control to the debugger. Events are reported as before through wait(2); you will have to call ptrace(PT_GET_PROCESS_STATE, ...) to find out which thread hit the event. Since this changes the size of struct ptrace_state, you will have to recompile gdb. ok guenther@
2012-04-11Move the P_WAITED flag from struct proc to struct process.Mark Kettenis
ok guenther@
2012-04-10Make the KERN_NPROCS and KERN_MAXPROC sysctl()s and the RLIMIT_NPROC rlimitPhilip Guenthe
count processes instead of threads. New sysctl()s KERN_NTHREADS and KERN_MAXTHREAD count and limit threads. The nprocs and maxproc kernel variables are replaced by nprocess, maxprocess, nthreads, and maxthread. ok tedu@ mikeb@
2012-04-06ruadd() does the summing of system and user times, so doing so againPhilip Guenthe
results in bogus total times, as reported by numerous ports people. ok miod@
2012-03-23Make rusage totals, itimers, and profile settings per-process insteadPhilip Guenthe
of per-rthread. Handling of per-thread tick and runtime counters inspired by how FreeBSD does it. ok kettenis@
2012-03-10Add PS_EXITING to better differentiate between the process exiting andPhilip Guenthe
the main thread exiting. c.f. regress/sys/kern/main-thread-exited/
2012-02-20First steps for making ptrace work with rthreads:Philip Guenthe
- move the P_TRACED and P_INEXEC flags, and p_oppid, p_ptmask, and p_ptstat member from struct proc to struct process - sort the PT_* requests into those that take a PID vs those that can also take a TID - stub in PT_GET_THREAD_FIRST and PT_GET_THREAD_NEXT ok kettenis@
2012-01-17Reimplement mutexes, condvars, and rwlocks to eliminate bugs,Philip Guenthe
particularly the "consume the signal you just sent" hang, and putting the wait queues in userspace. Do cancellation handling in pthread_cond_*wait(), pthread_join(), and sem_wait(). Add __ prefix to thr{sleep,wakeup,exit,sigdivert}() syscalls; add 'abort" argument to thrsleep to close cancellation race; make thr{sleep,wakeup} return errno values via *retval to avoid touching userspace errno.
2011-12-14Handle rthreads consistently in ktrace by moving the flags and vnode intoPhilip Guenthe
struct process; KTRFAC_ACTIVE becomes P_INKTR. Also, save the credentials used to open the file in sys_ktrace() and use them for all writes to the vnode. much feedback and ok jsing@