Age | Commit message (Collapse) | Author |
|
ok deraadt@ krw@
|
|
sufficiently and at least one horrific security hole was the result.
ok deraadt@ beck@
|
|
libc and man page parts to come.
ok guenther
|
|
The distinction between preempt() and yield() stays as it is usueful
to know if a thread decided to yield by itself or if the kernel told
him to go away.
ok tedu@, guenther@
|
|
struct proc to struct process.
ok deraadt@ kettenis@
|
|
initial thread
ok jsing@ kettenis@
|
|
torture tested on amd64, i386 and macppc
ok beck mpi stefan
"the change looks right" deraadt
|
|
for generating and parsing them.
ok mpi@ naddy@ millert@ deraadt@
|
|
extensions). This change is exposed in ktrace.out files
ok semarie
|
|
|
|
only written to. (Will keep an eye out for NFS surprises)
ok guenther
|
|
pledgenote is used for annotate the policy for a namei context. So make it
tracking the nameidata.
It is expected for the caller to explicitly define the policy. It is a kernel
bug to not do so.
ok deraadt@
|
|
p_pledgenote as required.
XXX open question to guenther regarding FREAD to vnopen() / vnclose()
|
|
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
ok tedu@ deraadt@
|
|
necessary
ok deraadt@ jsing@
|
|
and doing VOP_WRITE() from inside tsleep/msleep makes the locking too
complicated, making it harder to move forward on MP changes.
ok deraadt@ kettenis@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
Eliminate the goto that I tripped on.
problem noted by Mark Latimer (mark.latimer (at) gmail.com)
ok miod@ millert@
|
|
retval on error, including a long long retval on successful lseek(),
and including a register_t retval for other successes. This fixes
lseek reporting on ILP32 archs.
While here, reworking internal kern_ktrace.c bits to be able to pass
two buffers to ktrwriteraw(), so we can avoid mallocing a buffer
in some cases and so that KTR_GENIO logs are split at PAGE_SIZE,
not PAGE_SIZE-sizeof(struct ktrgenio)
ok miod@
|
|
architectures.
|
|
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
|
|
|
doesn't need to hold an extra reference during the call
ok deraadt@ millert@
|
|
This adds a new assertion macro, KERNEL_ASSERT_LOCKED(), to assert that
kernel_lock is held. In the long process of removing kernel_lock, there will
be a lot (hundreds or thousands) of use of this; virtually almost all functions
in !MP-safe subsystems should have this assertion. Thus this assertion should
have a short, good name.
Not only that "KERNEL_ASSERT_LOCKED" is consistent with other KERNEL_* and
SCHED_ASSERT_LOCKED() macros.
Input from dlg@ guenther@ kettenis@.
OK dlg@ guenther@
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.
ok deraadt@ millert@
|
|
|
|
make it a list of processes, and change P_NOZOMBIE and P_STOPPED from thread
flags to process flags. Add allprocess list for the code that just wants
to see processes.
ok tedu@
|
|
by using size_t/ssize_t instead of int/u_int to handle I/O lengths in
uiomove(), vn_fsizechk(), and ktrgenio(). Eliminate the always-zero
'error' argument to ktrgenio() at the same time.
|
|
ok guenther matthew
|
|
records. From FreeBSD via otto@, with tweaks suggested by guenther@.
Commite on behalf of otto@ who is not around, to ride the libc minor bump.
Causes a librthread minor bump as well (new syscall).
|
|
to identify ktrace files. kdump(1) will now refuse to operate on
trace data without the start record and as a bonus will print only
PID, unless an -H flag is specified to print PID/TID pairs. Initial
diff, input from and ok deraadt, guenther.
|
|
structs timespec, timeval, sigaction, and rlimit.
ok otto@ jsing@
|
|
struct process; KTRFAC_ACTIVE becomes P_INKTR. Also, save the credentials
used to open the file in sys_ktrace() and use them for all writes to the
vnode.
much feedback and ok jsing@
|
|
not zero retval when returning an error, so don't copy it back to a
ktracer in this case.
dropped by R00T-DUDE in his "Unusual and Hilarious Vulnerabilities" talk
at Ruxcon 2011; ok guenther@ miod@
|
|
as it causes hangs in some ports, including libsigsegv's configure script
confirmed by krw@, landry@
|
|
struct sockaddress; mostly from freebsd. ok deraadt@ tedu@ nicm@
|
|
hold the kernel lock, but still need call one function that needs it.
Instead of grabbing the lock all over the place, move the locks into
the affected functions: trapsignal, scdebug*, ktrsyscall, ktrsysret,
systrace_redirect and ADDUPROF. In the cases we already hold the biglock
we'll just recurse.
kettenis@, beck@ ok
|
|
|
|
that you can't evade the checks by doing the dirty work in an rthread
ok blambert@, deraadt@
|
|
so that the process-level stuff is to/from struct process and not
struct proc. This fixes a bunch of problem cases in rthreads.
Based on earlier work by blambert and myself, but mostly written
at c2k10.
Tested by many: deraadt, sthen, krw, ray, and in snapshots
|
|
miod@ deraadt@ ok.
|
|
which is exactly what the macro does.
Macro's that are nothing more then:
#define FUNCTION(arg) function(arg)
are almost always pointless and should go away.
OK blambert@
Agreed by many.
|
|
global process list and calling ktrsettracevnode() in ktrwrite(), so
that we don't sleep in vrele(). Discussed with deraadt@, okay beck@,
tedu@ and thib@.
|
|
|