| Age | Commit message (Collapse) | Author |
|---|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
They're might not be fully constructed.
ok mpi@ deraadt@ bluhm@
|
|
theyre both wrappers around sysctl__string, which is where half the
fix is too.
|
|
this tweaks the len argument to sysctl_rdstring, sysctl_struct, and
sysctl_rdstruct.
there's probably more to fix.
ok millert@
|
|
also in the IPv6 case. This fixes "netstat -An -f inet6 -p tcp"
and shows 0x0.
report and OK dhill@
|
|
to valid values. The so_qlimit is type short.
report Dillon Jay Pena; OK deraadt@
|
|
copyout to avoid leaking kernel stack
ok deraadt@
|
|
future disk info sysctl has pads in the structures, use M_ZERO when
allocating the storage to avoid leaking kernel memory.
|
|
Get rid of the old splnet()/splx() dances. What's protecting them right
now is the KERNEL_LOCK(). but since pf(4) look at these tables we want
to protect them in another way, hence the NET_LOCK(), at least as hint.
ok bluhm@
|
|
struct proc to struct process.
ok deraadt@ kettenis@
|
|
|
|
initial thread
ok jsing@ kettenis@
|
|
each cpus counters still have to be protected by splnet, but this
is better thana single set of counters protected by a global mutex.
ok bluhm@
|
|
ok jsing@ kettenis@
|
|
|
|
|
|
all dns socket connections will be redirected to localhost:port.
this could be a sockopt on the listening socket, but sysctl is
an easier interface to work with right now.
ok deraadt
|
|
from Sebastien Marie
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
paths of libevent). This interface was the first generation of what
eventually became getentropy(2) and arc4random(3) -- june 1997!
Ports scan by sthen, general agreement guenther
|
|
|
|
|
|
profiling framework.
Code patching is used to enable probes when entering functions. The
probes will call a mcount()-like function to match the behavior of a
GPROF kernel.
Currently only available on amd64 and guarded under DDBPROF. Support
for other archs will follow soon.
A new sysctl knob, ddb.console, need to be set to 1 in securelevel 0
to be able to use this feature.
Inputs and ok guenther@
|
|
ok deraadt
|
|
program to call the mount/umount system calls. There is no way any user
can be expected to keep their system safe / reliable with this feature.
Ignore setting to =1, and after release we'll delete the sysctl entirely.
ok lots of people
|
|
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag
kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump
creation.
W^X violating programs can be permitted on a ffs/nfs filesystem-basis,
using the "wxallowed" mount option. One day far in the future
upstream software developers will understand that W^X violations are a
tremendously risky practice and that style of programming will be
banished outright. Until then, we recommend most users need to use the
wxallowed option on their /usr/local filesystem. At least your other
filesystems don't permit such programs.
ok jca kettenis mlarkin natano
|
|
ones are capable of giving valuable works vs does-not-work evidence.
ok tedu
|
|
ok krw@ kettenis@
|
|
offline paths. More polishing to come.
Input and okay bluhm@ & kettenis@.
|
|
|
|
emulations left; ok millert@ deraadt@, jmc@ (man pages)
|
|
do for kern.proc. Fixes the issue in top(1) where a cpu would seem to be idle
even though a thread was reported to be running on it.
ok mpi@, tedu@, deraadt@
|
|
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
|
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
|
|
necessary
ok deraadt@ jsing@
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
ok deraadt@ miod@
|
|
|
|
|
|
{Free,Net}BSD
- when a socket is closed with fds in its input, defer closing them to
a task to avoid recursing. This eliminates the complicated extra
reference taking which had a 37 line(!) comment explanation
- move flags, counts, and links only needed for this from struct file to
struct unpcb
- document the flow of the mark/sweep collector
much help from claudio@ who made me explain the GC to him until we trusted it
ok claudio@ mpi@ deraadt@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
since it had been converted from kvm to sysctl. This was hiding a
bunch of TCP states which are important for network debugging.
Loop over the internet PCB tables to fill the network information
into the KERN_FILE_BYFILE sysctl result. Skip internet sockets
when looping over the file desciptors.
From markus@; OK guenther@; Go for it deraadt@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr().
If the node's attributes are not in NFS's cache, nfs_getattr() will
invoke nfs_request() and the latter will sleep, allowing the file
pointer to disappear while we traverse the list.
This results in kernel crashes while running netstat or pstat -f.
Grab a reference to the file descriptor before calling FILLIT(),
and release it afterwards. This way the file descriptor cannot
disappear while we sleep in nfs_getattr().
Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
|
|
a SLIST.
OK mpi@ benno@
|
|
OK guenther@
|
|
|
|
the extra argument to be zero; instead, make it filter on the file
type (DTYPE_*) when non-zero to make claudio's netstat work easier.
ok claudio@
|
