summaryrefslogtreecommitdiff
path: root/sys/kern/kern_sysctl.c
AgeCommit message (Collapse)Author
2016-05-27W^X violations are no longer permitted by default. A kernel log messageTheo de Raadt
is generated, and mprotect/mmap return ENOTSUP. If the sysctl(8) flag kern.wxabort is set then a SIGABRT occurs instead, for gdb use or coredump creation. W^X violating programs can be permitted on a ffs/nfs filesystem-basis, using the "wxallowed" mount option. One day far in the future upstream software developers will understand that W^X violations are a tremendously risky practice and that style of programming will be banished outright. Until then, we recommend most users need to use the wxallowed option on their /usr/local filesystem. At least your other filesystems don't permit such programs. ok jca kettenis mlarkin natano
2016-05-23remove the sysctl kern.random counters, since none of the remainingTheo de Raadt
ones are capable of giving valuable works vs does-not-work evidence. ok tedu
2016-05-21Cleanup some of the DUID code and refactor for readability.Joel Sing
ok krw@ kettenis@
2016-05-04Make KERN_FILE_BYPID return ESRCH when PID not found, both in sysctl andVadim Zhukov
offline paths. More polishing to come. Input and okay bluhm@ & kettenis@.
2016-04-25boom goes the dynamiteTed Unangst
2016-02-29delete the kern.emul/KERN_EMUL sysctl bits since there are noChristian Weisgerber
emulations left; ok millert@ deraadt@, jmc@ (man pages)
2015-12-05Make sure we use the same cpu numbering for the kern.cptime2 sysctl as weMark Kettenis
do for kern.proc. Fixes the issue in top(1) where a cpu would seem to be idle even though a thread was reported to be running on it. ok mpi@, tedu@, deraadt@
2015-11-01refactor pledge_*_check and pledge_fail functionsSebastien Marie
- rename _check function without suffix: a "pledge" function called from anywhere is a "check" function. - makes pledge_fail call the responsability to the _check function. remove it from caller. - make proper use of (potential) returned error of _check() functions. - adds pledge_kill() and pledge_protexec() with and OK deraadt@
2015-10-25Fold "malloc" into "stdio" and -- recognizing that no program so far hasTheo de Raadt
used less than "stdio" -- include all the "self" operations. Instead of different defines, use regular PLEDGE_* in the "p_pledgenote" variable (which indicates the operation subtype a system call is performing). Many checks before easier to understand. p_pledgenote can often be passed directly to ktrace, so that kdump says: 15565 test CALL pledge(0xa9a3f804c51,0) 15565 test STRU pledge request="stdio" 15565 test RET pledge 0 15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>) 15565 test NAMI "/tmp/testfile" 15565 test PLDG open, "wpath", errno 1 Operation not permitted with help from semarie, ok guenther
2015-10-09Rename tame() to pledge(). This fairly interface has evolved to be moreTheo de Raadt
strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
2015-09-28track sizes for free in sysctl_diskinit(); ok krwTheo de Raadt
2015-09-13Rename __sysctl syscall to just sysctl, as the userland wrapper is no longerPhilip Guenther
necessary ok deraadt@ jsing@
2015-09-11Convert _TM_ flags to TAME_ flags, collapsing the entire mappingTheo de Raadt
layer because the strings select the right options. Mechanical conversion. ok guenther
2015-09-11Only include <sys/tame.h> in the .c files that need itPhilip Guenther
ok deraadt@ miod@
2015-09-10sizes for free(); ok sthenTheo de Raadt
2015-09-03Fix !INET6 build.Martin Pieuchot
2015-08-28Rework the UNIX domain socket garbage collector, including ideas fromPhilip Guenther
{Free,Net}BSD - when a socket is closed with fds in its input, defer closing them to a task to avoid recursing. This eliminates the complicated extra reference taking which had a 37 line(!) comment explanation - move flags, counts, and links only needed for this from struct file to struct unpcb - document the flow of the mark/sweep collector much help from claudio@ who made me explain the GC to him until we trusted it ok claudio@ mpi@ deraadt@
2015-08-22Move to tame(int flags, char *paths[]) API/ABI.Theo de Raadt
The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
2015-08-03Unfortunately netstat did not show sockets without file descriptorsAlexander Bluhm
since it had been converted from kvm to sysctl. This was hiding a bunch of TCP states which are important for network debugging. Loop over the internet PCB tables to fill the network information into the KERN_FILE_BYFILE sysctl result. Skip internet sockets when looping over the file desciptors. From markus@; OK guenther@; Go for it deraadt@
2015-07-19tame(2) is a subsystem which restricts programs into a "reduced featureTheo de Raadt
operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
2015-05-18For each file in sysctl(KERN_FILE_BYFILE), FILLIT() calls fill_file(),Alexander Bluhm
which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr(). If the node's attributes are not in NFS's cache, nfs_getattr() will invoke nfs_request() and the latter will sleep, allowing the file pointer to disappear while we traverse the list. This results in kernel crashes while running netstat or pstat -f. Grab a reference to the file descriptor before calling FILLIT(), and release it afterwards. This way the file descriptor cannot disappear while we sleep in nfs_getattr(). Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
2015-03-28Replace the hand-crafted list of datagram unix domain sockets withAlexander Bluhm
a SLIST. OK mpi@ benno@
2015-02-11Extend struct kinfo_file a bit so that netstat has all the info it needs.Claudio Jeker
OK guenther@
2015-02-11Prefer arg != 0 over arg for non-boolean. nitted kettenis@Philip Guenther
2015-02-11sysctl({CTL_KERN, KERN_FILE, KERN_FILE_BYFILE}) previously requiredPhilip Guenther
the extra argument to be zero; instead, make it filter on the file type (DTYPE_*) when non-zero to make claudio's netstat work easier. ok claudio@
2015-02-09Change the way stackgap_random is applied. Instead of applying it within theMiod Vallat
fixed stack area of the exec'd image, and risking hitting process limits, should we want to increase stackgap_random, the randomness is applied to the stack region in the process' vmspace.
2015-01-20Move ps_strings "after" the random stackgap. This makes its location aMark Kettenis
per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a per-process one as well. This gets rid of a pointer to the bottom of the stack at a fixed location. Also clears the road for unmapping the stackgap. ok deraadt@
2015-01-13Add dmesg -s support, to view the output of rc(8) system startup messages.Marco Pfatschbacher
Help and feedback by Theo and Miod. OK deraadt@, manpage-ok jmc@
2014-12-12sysctl kern.global_ptrace.Ted Unangst
controls whether you can ptrace any process with appropriate privileges or only one own's children. ok deraadt
2014-12-12sysctl_proc_vmmap(): Allow retrieving "self" VM mapping without privilege.Masao Uebayashi
Previous version OK'ed by tedu@ deraadt@
2014-12-10convert bcopy to memcpy. ok millertTed Unangst
2014-12-05Allow only root to use KERN_PROC_VMMAP until it is really proven safe.Masao Uebayashi
OK deraadt@
2014-12-05Introduce a new sysctl to retrieve VM map entriesMasao Uebayashi
This adds a new sysctl KERN_PROC_VMMAP, which returns an array of VM map entries of a specified process. This prevents debuggers from iterating vm_map_entry RB tree via kvm(3). The name KERN_PROC_VMMAP and struct kinfo_vmentry are chosen from the same function in FreeBSD. struct kinfo_vmentry is revised to reduce size, because OpenBSD does not keep track of filepaths. The semantic is also changed to return max buffer size as a hint, and start iteration at the specified base address. Much valuable input from deraadt@, guenther@, tedu@ OK tedu@ deraadt@
2014-11-19missed a file when removing KERN_VNODE.Ted Unangst
2014-11-19delete the KERN_VNODE sysctl. it fails to provide any isolation from theTed Unangst
kernel struct vnode defintion, and the only consumer (pstat) still needs kvm to read much of the required information. no great loss to always use kvm until there's a better replacement interface. ok deraadt millert uebayasi
2014-11-16Replace a plethora of historical protection options with justTheo de Raadt
PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h. PROT_MASK is introduced as the one true way of extracting those bits. Remove UVM_ADV_* wrapper, using the standard names. ok doug guenther kettenis
2014-11-03Put the socket splicing fields into a seperate struct sosplice thatAlexander Bluhm
gets only allocated when needed. This way struct socket shrinks from 472 to 392 bytes on amd64. When splicing gets active, another 88 bytes are allocated for struct sosplice. OK dlg@
2014-11-01add a few sizes to freeTed Unangst
2014-10-17redo the performance throttling in the kernel.Ted Unangst
introduce a new sysctl, hw.perfpolicy, that governs the policy. when set to anything other than manual, hw.setperf then becomes read only. phessler was heading in this direction, but this is slightly different. :)
2014-10-11back out; does not even compileTheo de Raadt
2014-10-11resurrect a many year old diff. move CPU throttling into the kernel,Ted Unangst
enabled by setting hw.setperf=-1. some other bugs preventing this from going in before have been fixed. my thanks to phessler for keeping the diff alive in the mean time. tested by several to not regress.
2014-09-15Remove non-standard <sys/dkstat.h> header. It has not contained anythingMiod Vallat
related to disk stastics for almost 17 years, and the remaining userland-visible defines duplicate those found in <sys/sched.h>. Move the remaining _KERNEL defines to <sys/tty.h> where they belong, and update all users to cope with this. ok kettenis@
2014-09-04Remove global cp_time[] array; no longer used now that all arches implementMiod Vallat
cpu_info.
2014-08-20Bye bye /dev/cryptoMike Belopuhov
The interface has been disabled by default for about 4 years and currently there's not much value in having it around at all. ok deraadt
2014-08-18dont rely on mbuf.h to provide pool.h.David Gwynne
ok miod@, who has offerred to help with any MD fallout ok guenther@
2014-07-22Fewer <netinet/in_systm.h> !Martin Pieuchot
2014-07-17zero random buf for sysctl too, just in caseTed Unangst
2014-07-13Introduce PS_NOBROADCASTKILL a process flag that excludes processes fromClaudio Jeker
receiving broadcast signals (kill -1). The flag can be set via a new sysctl KERN_PROC_NOBROADCASTKILL. This will be used by iscsid to survive the mass killing by init(8) when terminating multi-user operations. With and OK guenther@
2014-07-13use mallocarray where arguments are multipled. ok deraadtTed Unangst
2014-07-12add a size argument to free. will be used soon, but for now default to 0.Ted Unangst
after discussions with beck deraadt kettenis.