| Age | Commit message (Collapse) | Author |
|---|
|
|
|
ok guenther
|
|
|
|
- rename _check function without suffix: a "pledge" function called from
anywhere is a "check" function.
- makes pledge_fail call the responsability to the _check function. remove it
from caller.
- make proper use of (potential) returned error of _check() functions.
- adds pledge_kill() and pledge_protexec()
with and OK deraadt@
|
|
this check has nothing to do with pledge(2). make it lives in sys_ioctl() call.
while here, move the (fp == NULL) check early and remove duplicate check from
pledge_ioctl_check().
ok guenther@ deraadt@
|
|
that is an errno to pass up to the calling system call instead. test
case is "who < /dev/null", via ttyname().
|
|
|
|
be called against a non-tty fd, so as to test "is this a tty". Discovered
by sthen and rob pierce at the same time.
|
|
strict than anticipated. It allows a programmer to pledge/promise/covenant
that their program will operate within an easily defined subset of the
Unix environment, or it pays the price.
|
|
layer because the strings select the right options. Mechanical
conversion.
ok guenther
|
|
ok deraadt@ miod@
|
|
The pathlist is a whitelist of dirs and files; anything else returns ENOENT.
Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which
permits explicit change operations against "struct stat" fields. Some
other TAME_ flags are refined slightly.
Not cranking libc now, since nothing commited in base uses this and the
timing is uncomfortable for others. Discussed with many; thanks for a
few bug fixes from semarie, doug, guenther.
ok guenther
|
|
sendmsg(), and recvmsg(). For cmsghdr, the len, level, and type are always
shown, and for SOL_SOCKET,SCM_RIGHTS the fd numbers being passed are shown.
ok millert@ deraadt@
|
|
operating model". This is the kernel component; various changes should
proceed in-tree for a while before userland programs start using it.
ok miod, discussions and help from many
|
|
Since we use the poll backend for select(2), care must be taken not
to set the fd's bit in writefds in this case. A kernel-only flag,
POLLNOHUP, is used by selscan() to tell the poll backend not to
return POLLHUP on EOF. This is currently only used by fifo_poll().
The fifofs regress now passes. OK guenther@
|
|
followed by a mode check. This will simplify the ref/unref dance as
soon as fd_getfile() will increment fp's reference counter.
Idea from and ok guenther@, ok millert@
|
|
OK guenther@
|
|
|
|
ok doug tedu
|
|
tweaks and ok millert@ deraadt@
|
|
|
|
|
|
Discussed with guenther and kettenis
|
|
after discussions with beck deraadt kettenis.
|
|
not compile-time-known page size platforms.
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
struct ucred; struct process then directly links to the ucred
Based on a discussion at c2k10 or so before noting that FreeBSD and
NetBSD did this too.
ok matthew@
|
|
|
|
by using size_t/ssize_t instead of int/u_int to handle I/O lengths in
uiomove(), vn_fsizechk(), and ktrgenio(). Eliminate the always-zero
'error' argument to ktrgenio() at the same time.
|
|
|
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
ok guenther matthew
|
|
ok matthew@
|
|
sigmask even if there are no pending signals under the temporary
sigmask.
Refactor existing select() and poll() system calls to introduce the
pselect() and ppoll() system calls.
Add rthread wrappers for pselect() and ppoll(). While there, update
cancellation point comments to reflect recent fdatasync() addition.
Minor bumps for libc and librthread due to new symbols.
ok guenther, millert, deraadt, jmc
|
|
OK guenther@ and deraadt@
|
|
not against the number bit / number of fds in the select set.
ok guenther@
|
|
anticipation of further changes to closef(). No binary change.
ok krw@ miod@ deraadt@
|
|
structs timespec, timeval, sigaction, and rlimit.
ok otto@ jsing@
|
|
or fd_{lo,hi}maps members, or when doing a read for a write. Fixes hangs
when an rthreaded processes sleeps while copying the fd table for fork()
and catches another thread with the lock.
ok jsing@ tedu@
|
|
Discussed with deraadt@
|
|
argument, we need to make sure this buffer has 64-bit alignment, even
on 32-bit architectures. Fixes the alignment trap triggered by
vnconfig(8) on sparc for kernels compiled with gcc4.
ok miod@
|
|
|
|
so that the process-level stuff is to/from struct process and not
struct proc. This fixes a bunch of problem cases in rthreads.
Based on earlier work by blambert and myself, but mostly written
at c2k10.
Tested by many: deraadt, sthen, krw, ray, and in snapshots
|
|
enodev to poll, because this returns an errno of 19 in revents. Oops.
Use seltrue where needed, and use a new selfalse function for those which
don't know if the next op will be non-blocking
Mostly discussed with guenther and miod
|
|
properly aligned. Otherwise we lose on strict alignment architectures if
the compiler happens to give it a smaller alignment. Fixes another gcc4
problem on sparc64.
ok miod@
|
|
supported it doesn't do any harm), so put the KNOTE() in selwakeup() itself and
remove it from any occurences where both are used, except one for kqueue itself
and one in sys_pipe.c (where the selwakeup is under a PIPE_SEL flag).
Based on a diff from tedu.
ok deraadt
|
|
and it is pretty critical so commiting it now. Any more fallout from
the code 'simplication'?
|
|
Special thanks to ckuethe's ntpd for noticing the problem.
ok deraadt@
|
|
deadlock for ckuethe@
"if you have to revert, you have to revert" deraadt@
|
|
does not cause us to call free if we never malloced.
crash found by & OK marco@
|
