| Age | Commit message (Collapse) | Author |
|---|
|
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
|
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
|
|
necessary
ok deraadt@ jsing@
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
ok deraadt@ miod@
|
|
|
|
|
|
{Free,Net}BSD
- when a socket is closed with fds in its input, defer closing them to
a task to avoid recursing. This eliminates the complicated extra
reference taking which had a 37 line(!) comment explanation
- move flags, counts, and links only needed for this from struct file to
struct unpcb
- document the flow of the mark/sweep collector
much help from claudio@ who made me explain the GC to him until we trusted it
ok claudio@ mpi@ deraadt@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
since it had been converted from kvm to sysctl. This was hiding a
bunch of TCP states which are important for network debugging.
Loop over the internet PCB tables to fill the network information
into the KERN_FILE_BYFILE sysctl result. Skip internet sockets
when looping over the file desciptors.
From markus@; OK guenther@; Go for it deraadt@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
which calls VOP_GETATTR(). For NFS, that leads to nfs_getattr().
If the node's attributes are not in NFS's cache, nfs_getattr() will
invoke nfs_request() and the latter will sleep, allowing the file
pointer to disappear while we traverse the list.
This results in kernel crashes while running netstat or pstat -f.
Grab a reference to the file descriptor before calling FILLIT(),
and release it afterwards. This way the file descriptor cannot
disappear while we sleep in nfs_getattr().
Analysis and fix from Pedro Martelletto; input and OK guenther@ mpi@
|
|
a SLIST.
OK mpi@ benno@
|
|
OK guenther@
|
|
|
|
the extra argument to be zero; instead, make it filter on the file
type (DTYPE_*) when non-zero to make claudio's netstat work easier.
ok claudio@
|
|
fixed stack area of the exec'd image, and risking hitting process limits,
should we want to increase stackgap_random, the randomness is applied to the
stack region in the process' vmspace.
|
|
per-process value, and therefpore turns the VM_PSSTRINGS sysctl into a
per-process one as well. This gets rid of a pointer to the bottom of the
stack at a fixed location. Also clears the road for unmapping the stackgap.
ok deraadt@
|
|
Help and feedback by Theo and Miod.
OK deraadt@, manpage-ok jmc@
|
|
controls whether you can ptrace any process with appropriate privileges
or only one own's children.
ok deraadt
|
|
Previous version OK'ed by tedu@ deraadt@
|
|
|
|
OK deraadt@
|
|
This adds a new sysctl KERN_PROC_VMMAP, which returns an array of VM map
entries of a specified process. This prevents debuggers from iterating
vm_map_entry RB tree via kvm(3).
The name KERN_PROC_VMMAP and struct kinfo_vmentry are chosen from the same
function in FreeBSD. struct kinfo_vmentry is revised to reduce size, because
OpenBSD does not keep track of filepaths. The semantic is also changed to
return max buffer size as a hint, and start iteration at the specified base
address.
Much valuable input from deraadt@, guenther@, tedu@
OK tedu@ deraadt@
|
|
|
|
kernel struct vnode defintion, and the only consumer (pstat) still needs
kvm to read much of the required information. no great loss to always use
kvm until there's a better replacement interface.
ok deraadt millert uebayasi
|
|
PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h.
PROT_MASK is introduced as the one true way of extracting those bits.
Remove UVM_ADV_* wrapper, using the standard names.
ok doug guenther kettenis
|
|
gets only allocated when needed. This way struct socket shrinks
from 472 to 392 bytes on amd64. When splicing gets active, another
88 bytes are allocated for struct sosplice.
OK dlg@
|
|
|
|
introduce a new sysctl, hw.perfpolicy, that governs the policy.
when set to anything other than manual, hw.setperf then becomes read only.
phessler was heading in this direction, but this is slightly different. :)
|
|
|
|
enabled by setting hw.setperf=-1. some other bugs preventing this from
going in before have been fixed. my thanks to phessler for keeping the
diff alive in the mean time. tested by several to not regress.
|
|
related to disk stastics for almost 17 years, and the remaining
userland-visible defines duplicate those found in <sys/sched.h>.
Move the remaining _KERNEL defines to <sys/tty.h> where they belong, and
update all users to cope with this.
ok kettenis@
|
|
cpu_info.
|
|
The interface has been disabled by default for about 4 years and
currently there's not much value in having it around at all.
ok deraadt
|
|
ok miod@, who has offerred to help with any MD fallout
ok guenther@
|
|
|
|
|
|
receiving broadcast signals (kill -1). The flag can be set via a new
sysctl KERN_PROC_NOBROADCASTKILL. This will be used by iscsid to survive
the mass killing by init(8) when terminating multi-user operations.
With and OK guenther@
|
|
|
|
after discussions with beck deraadt kettenis.
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
via if_rxring things. this effectively deprecates the third argument
for MCLGETI and m_clget and makes the mbuf layer no longer care about
interfaces and simplifies the allocation paths.
the timeout used to measure livelock has been moved to net/if.c.
ok mpi@
|
|
PS_{ZOMBIE,EMBRYO} on the process instead of peeking into the process's
thread data. This eliminates the need for the thread-level SDEAD state.
Change kvm_getprocs() (both the sysctl() and kvm backends) to report the
"most active" scheduler state for the process's threads.
tweaks kettenis@
feedback and ok matthew@
|
|
ok miod
|
|
to 512, to make it easier for people to build to -current.
ok miod
|
|
|
|
instead of peeking into the thread level
ok tedu@
|
