summaryrefslogtreecommitdiff
path: root/sys/kern
AgeCommit message (Collapse)Author
2018-05-22kevent: correctly check that timeout's nanoseconds are on [0, 1000000000)cheloha
Validate the input with timespecfix before truncating to a timeval. timespecfix does not round, so we need to to it by hand after validation. FreeBSD and NetBSD check the input with this range, we ought to as well. Also add a regression test for this case. ok tb@
2018-05-22nanosleep: ensure tv_nsec input is on [0, 1000000000)cheloha
Instead of converting timespec -> timeval and truncating the input, check with timespecfix and use tstohz(9) for the tsleep. All other contemporary systems check this correctly. Also add a regression test for this case. ok tb@
2018-05-22Prevent NET_LOCK() recursion when releasing the last `fp' reference.Martin Pieuchot
ok bluhm@, visa@
2018-05-16Fix misleading indentation.Visa Hankala
2018-05-16Print stack traces on lock order conflict.Visa Hankala
OK mpi@
2018-05-16Add kern.witnesswatch sysctl for controlling witness(4). By default,Visa Hankala
lock order checking is disabled but it can be enabled at runtime. Suggested by deraadt@ / mpi@ OK mpi@
2018-05-14Stopping counting and reporting CPU time spent spinning on a lock asMartin Pieuchot
system time. Introduce a new CP_SPIN "scheduler state" and modify userland tools to display the % of timer a CPU spents spinning. Based on a diff from jmatthew@, ok pirofti@, bluhm@, visa@, deraadt@
2018-05-09Remove witness_channel and always use console outputVisa Hankala
to simplify the code. OK mpi@
2018-05-08Socket splicing can delay operations by task or timeout. IntroduceAlexander Bluhm
soreaper() that is scheduled onto the timer thread. soput() is scheduled from there onto the sosplice task thread. After that it is save to pool_put() the socket and splicing data structures. OK mpi@ visa@
2018-05-08Use fd_getfile() in sysctl_file() instead of rewriting it.Martin Pieuchot
This gives use refcounting for free which is what we need for MP. ok bluhm@, visa@
2018-05-08When looping over mount points, the FOREACH SAVE macro is not save.Alexander Bluhm
The loop variable mp is protected by vfs_busy() so that it cannot be unmounted. But the next mount point nmp could be unmounted while VFS_SYNC() sleeps. As the loop in vfs_stall() does not destroy the mount point, TAILQ_FOREACH_REVERSE without _SAVE is the correct macro to use. OK deraadt@ visa@
2018-05-08Change fd_iterfile() to not return imature fps instead of skipping themMartin Pieuchot
later. ok bluhm@, visa@
2018-05-08Move the vfs stall "barrier" logic to a function. FREF() will soonMartin Pieuchot
change and this has nothing to do with it. ok visa@, bluhm@
2018-05-08Protect per-file counters and document which lock is used to protectMartin Pieuchot
the other fields. Once we no longer have any [k] (kernel lock) protections, we'll be able to unlock almost all network related syscalls. Inputs from and ok bluhm@, visa@
2018-05-07Zap two unused variables.Visa Hankala
2018-05-07Make the print function of db_print_stack_trace() configurable,Visa Hankala
and indicate if a saved stack trace is empty. OK guenther@
2018-05-07Grab the KERNEL_LOCK() for unix/routing/pfkey sockets in solock()...Martin Pieuchot
...and release it in sounlock(). This will allows us to progressively remove the KERNEL_LOCK() in syscalls. ok visa@ some time ago
2018-05-07Print the vp pointer in the vinvalbuf() panic strings.Alexander Bluhm
OK mpi@
2018-05-02Remove proc from the parameters of vn_lock(). The parameter isVisa Hankala
unnecessary because curproc always does the locking. OK mpi@
2018-05-02Record lock type even if witness is disabled. The value will be neededVisa Hankala
if the lock becomes watched later.
2018-04-30Treat all negative values of witness_watch equally for robustness.Visa Hankala
2018-04-29In hash{free,init}(), there's no need to calculate the size of the hash table ifanton
the given number of elements already is a power of 2. ok visa@, "seems like a good plan" deraadt@
2018-04-28replace add_*_randomness with enqueue_randomness()Jasper Lievisse Adriaanse
this gets rid of the source annotation which doesn't really add anything other than adding complexitiy. randomess is generally good enough that the few extra bits that the source type would add are not worth it. ok mikeb@ deraadt@
2018-04-28Remove redundant error checkkn
error is set by copyinstr(9) only and we return early if it is non-zero, so the loop's last condition is always true. OK deraadt, jca
2018-04-28Clean up the parameters of VOP_LOCK() and VOP_UNLOCK(). It is alwaysVisa Hankala
curproc that does the locking or unlocking, so the proc parameter is pointless and can be dropped. OK mpi@, deraadt@
2018-04-27Move FREF() inside fd_getfile().Martin Pieuchot
ok visa@
2018-04-26Remove solock() surrounding PRU_CONTROL in soo_ioctl().Paul Irofti
We do not need the lock there. Missed this in my former commit pushing NET_LOCK() down the stack. Found the hard way by naddy@, sorry! OK mpi@.
2018-04-26Drop into ddb(4) if pmap_tlb_shoot*() take too much time in MP_LOCKDEBUGMartin Pieuchot
kernels. While here sync all MP_LOCKDEBUG/while loops. ok mlarkin@, visa@
2018-04-26Rewrite fdcopy() to avoid memcpy()s.Martin Pieuchot
With and ok visa@
2018-04-25Teach mtx_enter_try(9) to avoid deadlocks after a panic.Martin Pieuchot
ok deraadt@
2018-04-25Introduce fd_iterfile() a new helper function to iterate over `filehead'.Martin Pieuchot
This turns `filehead' into a local variable, that will make it easier to protect it. ok visa@
2018-04-24Make futex(2) also return ECANCELED in case SA_RESTART was set.Paul Irofti
Prodded by and ok mpi@
2018-04-24Validate timespec and return ECANCELED when interrupted with SA_RESTART.Paul Irofti
Discussing with mpi@ and guenther@, we decided to first fix the existing semaphore implementation with regards to SA_RESTART and POSIX compliant returns in the case where we deal with restartable signals. Currently we return EINTR everywhere which is mostly incorrect as the user can not know if she needs to recall the syscall or not. Return ECANCELED to signal that SA_RESTART was set and EINTR otherwise. Regression tests pass and so does the posixsuite. Timespec validation bits are needed to pass the later. OK mpi@, guenther@
2018-04-18Do a FREF()/FRELE() dance after fd_getfile() in sys_fcntl().Martin Pieuchot
ok visa@
2018-04-18Call FREF(9) earlier instead of incrementing `f_count' by hand.Martin Pieuchot
ok millert@, visa@
2018-04-12Implement MAP_STACK option for mmap(). Synchronous faults (pagefault andTheo de Raadt
syscall) confirm the stack register points at MAP_STACK memory, otherwise SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified to create a MAP_STACK sub-region which satisfies alignment requirements. Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the contents of the region -- there is no mprotect() equivalent operation, so there is no MAP_STACK-adding gadget. This opportunistic software-emulation of a stack protection bit makes stack-pivot operations during ROPchain fragile (kind of like removing a tool from the toolbox). original discussion with tedu, uvm work by stefan, testing by mortimer ok kettenis
2018-04-12Restore the original BSDI $Id$ strings. Those were mangled by CVSVisa Hankala
by my mistake. Pointed out by Christian Ludwig. Thank you!
2018-04-12Use the current reference instead of incrementing `f_count' manually andMartin Pieuchot
calling FRELE(9) in finishdup(). Update comments accordingly. ok bluhm@, visa@
2018-04-12Call FREF(9) earlier instead of incrementing `f_count' directly inMartin Pieuchot
dupfdopen(). ok bluhm@, visa@
2018-04-11The pledge flag for file descriptors opened from /dev/fd was alwaysAlexander Bluhm
set for pledged processes. dup(2) uses the flag from the old file descriptor. Make open /dev/fd consistent to duplicate and inherit the flag. OK deraadt@
2018-04-10Do not call logwakeup(), ending in wakeup_n(), while holding a mutex.Martin Pieuchot
Prevents a lock ordering issue between SCHED_LOCK() and printf(9)'s mutex. While here protect all kprintf() calls ending on the console with the mutex. ok kettenis@, visa@
2018-04-10Convert 'struct fileops' definitions to C99.Martin Pieuchot
ok millert@, deraadt@, florian@
2018-04-09Revert previous, it introduced a bug found the hardway by landry@.Martin Pieuchot
2018-04-09Do a FREF()/FRELE() dance after fd_getfile() and before calling vref(9)Martin Pieuchot
in namei(9). So we're sure the 'struct file *' won't disapear behind our back when we go parrallel. ok visa@, bluhm@
2018-04-09Call finishdup() instead of rerolling it in dupfdopen().Martin Pieuchot
While here call FREF() right after fd_getfile(). ok bluhm@, visa@
2018-04-09Call FREF() right after fd_getfile_mode() in sys_ioctl().Martin Pieuchot
ok visa@, bluhm@
2018-04-08AF_LOCAL was a failed attempt (by POSIX?) to seem less UNIX-specific, butPhilip Guenther
AF_UNIX is both the historical _and_ standard name, so prefer and recommend it in the headers, manpages, and kernel. ok miller@ deraadt@ schwarze@
2018-04-08Test for preexisting conditions when re-enabling eventsMike Belopuhov
When an event that was disabled by EV_DISABLE or EV_DISPATCH is registered again, an associated filter must be ran to mark it active if a preexisting condition is present. The issue was reported and fix tested by Lukas Larsson <lukas at erlang.org>, thanks! ok mpi
2018-04-06Retain the UF_PLEDGED flag from the original fd during dup(2).Alexander Bluhm
Nothing uses this fd-tracking part of pledge yet. OK deraadt@
2018-04-03Move FREF()s just after fd_getfile() in sys_kevent(), sys_lseek() andMartin Pieuchot
getvnode(). ok millert@