| Age | Commit message (Collapse) | Author |
|---|
|
thread basis instead of process. The decision to enable on process made
development easier initially but could lead to non-deterministic results for
processes with more than one thread. This behavior matches the implementation
found on both Linux and FreeBSD.
With help and ok mpi@ visa@
|
|
|
|
This brings unveil into the tree, disabled by default - Currently
this will return EPERM on all attempts to use it until we are
fully certain it is ready for people to start using, but this
now allows for others to do more tweaking and experimentation.
Still needs to send the unveil's across forks and execs before
fully enabling.
Many thanks to robert@ and deraadt@ for extensive testing.
ok deraadt@
|
|
in knote_processexit() that can occur when the filedesc belonging to the process
already has been freed.
Similiar work has been done in:
- FreeBSD (commit bc1805c6e871c178d0b6516c3baa774ffd77224a)
- DragonFlyBSD (commit ccafe911a3aa55fd5262850ecfc5765cd31a56a2)
Thanks to tb@ for testing.
ok kettenis@ mpi@ visa@
|
|
ok millert@ krw@
|
|
pledge for a new execve image immediately upon start. Also introduces
"error" which makes violations return -1 ENOSYS instead of killing the
program ("error" may not be handed to a setuid/setgid program, which
may be missing/ignoring syscall return values and would continue with
inconsistant state)
Discussion with many
florian has used this to improve the strictness of a daemon
|
|
|
|
addresses will cause a fault on load by the kernel.
Problem observed by Maxime Villard
ok kettenis@ deraadt@
|
|
being brewed.
ok beck
|
|
Go-ahead from kettenis@, guenther@, deraadt@
|
|
in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB
macro can be unifdef'ed as always defined.
ok kettenis@ visa@ jsing@
|
|
- FORK_THREAD handling is a totally separate function, thread_fork(),
that is only used by sys___tfork() and which loses the flags, func,
arg, and newprocp parameters and gains tcb parameter to guarantee
the new thread's TCB is set before the creating thread returns
- fork1() loses its stack and tidptr parameters
Common bits factor out:
- struct proc allocation and initialization moves to thread_new()
- maxthread handling moves to fork_check_maxthread()
- setting the new thread running moves to fork_thread_start()
The MD cpu_fork() function swaps its unused stacksize parameter for
a tcb parameter.
luna88k testing by aoyama@, alpha testing by dlg@
ok mpi@
|
|
ok mpi@ dlg@
|
|
While here document prfind(9.
with and ok guenther@
|
|
initial thread
ok jsing@ kettenis@
|
|
ok jsing@ kettensi@
|
|
ispidtaken() can rely on pgfind() for all pgrp checks and can simply
use zombiefind() for the zombie check
ok jca@
|
|
Issue noticed when debugging lang/sbcl.
ok deraadt@ guenther@ tedu@
|
|
ok guenther@ mpi@
|
|
|
|
|
|
from Michal Mazurek
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
ok deraadt@ miod@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
setting up process0, 'cause I'm sick of forgetting to update main()
when touching process_new()
ok blambert@ miod@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
|
|
ok doug tedu
|
|
months that I broke it before the 5.5 release.
confirmed as not being required by ports by sthen@, ajacoutot@, dcoppa@
|
|
This adds a new assertion macro, KERNEL_ASSERT_LOCKED(), to assert that
kernel_lock is held. In the long process of removing kernel_lock, there will
be a lot (hundreds or thousands) of use of this; virtually almost all functions
in !MP-safe subsystems should have this assertion. Thus this assertion should
have a short, good name.
Not only that "KERNEL_ASSERT_LOCKED" is consistent with other KERNEL_* and
SCHED_ASSERT_LOCKED() macros.
Input from dlg@ guenther@ kettenis@.
OK dlg@ guenther@
|
|
after discussions with beck deraadt kettenis.
|
|
atomic_setbits_int()
ok kettenis@
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
Now that file descriptor tables have moved from a per-thread resource
to per-process, it's impossible to fork a thread without sharing the
file descriptor table.
ok guenther
|
|
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's
thread data. This eliminates the need for the thread-level SDEAD state.
Change kvm_getprocs() (both the sysctl() and kvm backends) to report the
"most active" scheduler state for the process's threads.
tweaks kettenis@
feedback and ok matthew@
|
|
to the process's vmspace and filedescs. struct proc continues to
keep copies of the pointers, copying them on fork, clearing them
on exit, and (for vmspace) refreshing on exec.
Also, make uvm_swapout_threads() thread aware, eliminating p_swtime
in kernel.
particular testing by ajacoutot@ and sebastia@
|
|
pulled by <uvm/uvm_extern.h> and turn uvm_total() into a private
function.
The preferred way to get memory stats is through the VM_UVMEXP
sysctl(3) since VM_METER is just a wrapper on top of it. In the
kernel, use `uvmexp' directly instead of uvm_total().
This change does not remove <sys/vmmeter.h> from <uvm/uvm_extern.h>
to give some more time to port maintainers to fix their ports.
ok guenther@ as part of a larger diff.
|
|
and FORK_SYSTEM as a flag to set them. This eliminates needing to
peek into other processes threads in various places. Inspired by NetBSD
ok miod@ matthew@
|
|
uvm_uarea_alloc()
function name from NetBSD; arm testing by miod@
|
|
to avoid possible use-after-free references when swapping ids in threaded
processes. "Do I have the right creds?" checks are always made with the
threads creds.
Inspired by FreeBSD and NetBSD
"right time" deraadt@
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
<uvm/uvm.h> if possible and remove double inclusions.
ok beck@, mlarkin@, deraadt@
|
|
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.
ok deraadt@ millert@
|
|
testing help mpi@
|
|
Linux-compat clone() syscall when *not* using CLONE_THREAD. pirofti@
confirms Opera runs in compat without this, so out it goes; one less hair
to choke on in kern_exit.c
ok tedu@ pirofti@
|
|
arithmetic so that PID_MAX can be reached.
ok otto@ zhuk@ miod@
|
