| Age | Commit message (Collapse) | Author |
|---|
|
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther
|
|
a refactoring being done for the bc/dc relationship with otto.
|
|
and readpassphrase() in particular use this.
ok millert tedu semarie
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
a coredump is happening. This improves behaviour while threaded.
ok semarie
|
|
ok krw@ sthen@ comments from deraadt@, miod@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
delete coredump_trad(), uvm_coredump(), cpu_coredump(), struct md_coredump,
and various #includes that are superfluous.
This leaves compat_linux processes without a coredump callback. If that
ability is desired, someone should update it to use coredump_elf32() and
verify the results...
ok kettenis@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
Tests on a 4-core CPU show setjmp(3) run four times as fast under load.
discussed on tech@ some time ago, now by kettenis and guenther, ok deraadt
|
|
marker for which pools are not interrupt safe. ok dlg
|
|
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
|
in ptsignal(), which broke ptrace() in various circumstances, act more like
sigsuspend() by updating the signal mask and picking off waited for signals
when one occurs. Don't always restart when an unwaited-for-but-handled
signal occurs, as that screws with both timeout calculation and cancellation.
main problem noted by jmatthew@
ok tedu@
|
|
even if sysctl kern.nosuidcoredump has been set to 2 or 3. This
allows a regular user to debug his programs again.
OK guenther@ deraadt@
|
|
receiving broadcast signals (kill -1). The flag can be set via a new
sysctl KERN_PROC_NOBROADCASTKILL. This will be used by iscsid to survive
the mass killing by init(8) when terminating multi-user operations.
With and OK guenther@
|
|
This adds a new assertion macro, KERNEL_ASSERT_LOCKED(), to assert that
kernel_lock is held. In the long process of removing kernel_lock, there will
be a lot (hundreds or thousands) of use of this; virtually almost all functions
in !MP-safe subsystems should have this assertion. Thus this assertion should
have a short, good name.
Not only that "KERNEL_ASSERT_LOCKED" is consistent with other KERNEL_* and
SCHED_ASSERT_LOCKED() macros.
Input from dlg@ guenther@ kettenis@.
OK dlg@ guenther@
|
|
Discussed with guenther and kettenis
|
|
Remember initprocess instead of initproc.
ok matthew@ blambert@
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's
thread data. This eliminates the need for the thread-level SDEAD state.
Change kvm_getprocs() (both the sysctl() and kvm backends) to report the
"most active" scheduler state for the process's threads.
tweaks kettenis@
feedback and ok matthew@
|
|
an untraced process but finds it blocking or ignoring it, just kill
the process instead of looping. It's undefined behavor in POSIX but
quite annoying when encountered in practice.
improvements from kettenis@
ok matthew@
|
|
and FORK_SYSTEM as a flag to set them. This eliminates needing to
peek into other processes threads in various places. Inspired by NetBSD
ok miod@ matthew@
|
|
the /var/crash/programname/ directory, as root. For instance,
# mkdir /var/crash/bgpd/
# chmod 700 /var/crash/bgpd/ # If you skip this step, you are a moron
# sysctl kern.nosuidcoredump=3
# bgpd
# pkill -ABRT bgpd
# ls /var/crash/bgpd/
14764.core 23207.core 6423.core
Of course, in real life the idea is that you don't kill the daemon but it
crashes and you collect parallel cores. Careful you don't fill your /var.
Further tuneables are being considered.
Sorry to be picking on bgpd for this example. I've watched the "too
difficult to debug privsep code" angst for far too long.
ok guenther
|
|
to avoid possible use-after-free references when swapping ids in threaded
processes. "Do I have the right creds?" checks are always made with the
threads creds.
Inspired by FreeBSD and NetBSD
"right time" deraadt@
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
dropping the pcred argument. Fix handling of kill(-1, sig) from a
thread other than the original thread.
ok deraadt@
|
|
Tweak the handling of ktrace EMUL when changing ktracing: only
generate one per process (not one per thread) and pass the correct
proc pointer down to the VFS layer. Permit generating of NAMI and
CSW records inside ktrace(2) itself.
ok deraadt@ millert@
|
|
included there
|
|
testing help mpi@
|
|
multi-threaded processes when they receive a signal:
1. Make the parent of the process (the tracer) wait for all threads to be
stopped (in wait4(2)) instead of the thread that received the signal.
This prevents us from calling tsleep(9) recursively.
2. Assume that we already hold the kernel lock if the P_SINTR flag is set
(just like we already assumed we were holding the scheduler lock) and
don't try to grab it again.
This should fix the panic that many people reported when debugging
multi-threaded programs with gdb(1).
ok & lots of help from guenther@
|
|
|
|
make it a list of processes, and change P_NOZOMBIE and P_STOPPED from thread
flags to process flags. Add allprocess list for the code that just wants
to see processes.
ok tedu@
|
|
hardclock() set a flag on the running thread and force AST processing,
and then have the thread signal itself from userret().
idea and flag names from FreeBSD
ok jsing@
|
|
take the signal by preference if it's eligible (unblocked or sigwaiting).
ok jsing@
|
|
|
|
|
|
sigmask even if there are no pending signals under the temporary
sigmask.
Refactor existing select() and poll() system calls to introduce the
pselect() and ppoll() system calls.
Add rthread wrappers for pselect() and ppoll(). While there, update
cancellation point comments to reflect recent fdatasync() addition.
Minor bumps for libc and librthread due to new symbols.
ok guenther, millert, deraadt, jmc
|
|
|
|
.h files to pull it in, if needed
ok tedu
|
|
up the VFS calls in the error paths in coredump()
Pointed out by armani@, ok beck@
|
|
with kettenis guenther and beck.
ok guenther
|
|
yield between operations. Re-grab the vnode every operation,
so that multiple coredumps can be saved at the same time.
ok guenther beck etc
|
|
dynamically, by comparing the stack pointer against the altstack
base and size, so that you get the correct answer if you longjmp
out of the signal handler, as tested by regress/sys/kern/stackjmp/.
Also, fix alt stack handling on vax, where it was completely broken.
Testing and corrections by miod@, krw@, tobiasu@, pirofti@
|
|
thread coredumps, the former thread needs to be released by the
later single_thread_set(SINGLE_EXIT) call, even though its P_WEXIT
flag is set.
ok kettenis@
|
|
can be suspended and/or decrement pr->ps_singlecount if necessary.
With that added, the call the other direction needs to use its own
flag (EXIT_THREAD_NOCHECK) to avoid looping.
problem diagnosed from a hang naddy@ hit; ok kettenis@
|
|
attached to and not just the thread, which can go away.
Problem observed by jsg@; ok jsg@ matthew@
|
|
It implements a full-stop model where all threads are stopped before handing
over control to the debugger. Events are reported as before through wait(2);
you will have to call ptrace(PT_GET_PROCESS_STATE, ...) to find out which
thread hit the event. Since this changes the size of struct ptrace_state,
you will have to recompile gdb.
ok guenther@
|
|
|
|
ok guenther@
|
|
of per-rthread. Handling of per-thread tick and runtime counters
inspired by how FreeBSD does it.
ok kettenis@
|
