| Age | Commit message (Collapse) | Author |
|---|
|
the following: a new pty is allocated in which the kernel console output is
redirected to, poll(2):ing from /dev/console at this point would be delegated to
the device with the major number taken from the pty due to the earlier
redirection. Since the pty does not have its correct device major assigned, the
wrong device ends up being used.
ok deraadt@ millert@
|
|
final directory in a name unveil was not being added with UNVEIL_INSPECT
if it was not already unveiled. Now passes just added regress test for
this case
|
|
thread basis instead of process. The decision to enable on process made
development easier initially but could lead to non-deterministic results for
processes with more than one thread. This behavior matches the implementation
found on both Linux and FreeBSD.
With help and ok mpi@ visa@
|
|
fdfree(). This fixes a resource leak with cyclic kqueue references and
prevents a kernel stack exhaustion scenario with long kqueue chains.
OK mpi@
|
|
pseudo-device, get rid of the option. Enabling kcov now requires the following
line to be added to the kernel config:
pseudo-device kcov 1
This is how pseudo devices are enabled in general. A side-effect of this change
is that dev/kcov.c will no longer be compiled by default.
Prodded by deraadt@; ok mpi@ visa@
|
|
OK mpi@
|
|
buffer together with an UDP packet, sosend(9) returned EWOULDBLOCK.
As it is an persistent problem, EMSGSIZE is the correct error code.
Split the AF_UNIX case into a separate condition and do not change
its logic. For atomic protocols, check that both data and control
message length fit into the socket buffer.
original bug report from Alexander Markert
discussed with jca@; OK vgross@
|
|
file operations mp-safe.
This change makes it clear that `f_offset' is only accessed in vn_read()
and vn_write(), which will help taking it out of the KERNEL_LOCK().
This refactoring uncovered a race in vn_read() which is now documented
and will be addressed in a later diff.
ok visa@
|
|
the API more logical.
OK kettenis@ mpi@
|
|
ok jsg@ (who pointed out the kern_pledge.c change was necessary as well)
|
|
with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and
fixed. This effort will continue.
kcov is limited to architectures using Clang as their default compiler and is
not enabled by default.
With help from mpi@, thanks!
ok kettenis@ mpi@ visa@
|
|
OK mpi@
|
|
a scenario where MP-unsafe code gets run without the kernel lock
as a consequence of an unlocked system call.
OK mpi@, kettenis@
|
|
KERNELPATH indicates this operation is being done on behalf of the kernel,
not a process, so ignore chroot of the current process context, start at /,
and skip unveil and pledge checks. Discussed with beck and semarie
|
|
argument, rather than manually |= afterwards. Observed by semarie
|
|
(the other cause is implausible, and crashes with a nice *NULL)
|
|
passing the main function directly to kthread_create(9). The start_*
functions are mere stepping stones nowadays and can be pruned.
They used to contain more logic in the pre-kthread era.
While here, set `cleanerproc' and `syncerproc' during the thread
creation rather than expect the threads to set the proc pointer.
Also, rename `sched_sync' to `syncer_thread' to reduce confusion
with the scheduler-related functions.
OK kettenis@, deraadt@, mpi@
|
|
- Update counters atomatically
- Use IPL_MPFLOOR for pipe's pool.
- Grab the KERNEL_LOCK() before calling km_alloc(9) & km_free(9)
Inputs from kettenis@, ok visa@
|
|
We use UNVEIL_INSPECT instead in the unveil flags for the same
purpose, and now add traversed vnodes of a path with UNVEIL_INSPECT
instead of with 0 flags and voodoo in unveil_flagmatch. This
allows us to uncontort the logic of unveil_flagmatch a bunch.
helpful review and ok from semarie@
|
|
Prior to r1.153 of kern_descrip.c, the kqueue descriptors were removed
using fdremove(), which reset fd_freefile as appropriate. The new code
simply avoids adding the descriptor to the new table, however this means
that fd_freefile can be left with an incorrect value, resulting in a file
descriptor allocation "hole". Restore the previous behavour by lowering
fd_freefile as appropriate when dropping descriptors.
Issue found via golang regress tests.
ok deraadt@ mpi@ visa@
|
|
kq_knlist are dedicated to a single kqueue instance, which makes
the filtering by kn_kq unnecessary.
OK kettenis@, mpi@
|
|
|
|
kqueue_close() does not take into account that the kqueue instance may
have queued knotes. This can cause a use-after-free if new knotes are
enqueued on the kqueue as a result of file closing.
Correct the error by dequeueing each knote before freeing it.
Since r1.93 of kern_event.c, each kqueue instance has its knotes
in nonshared lists kq_knhash and kq_knlist, so kqueue_close() does
not have to skip other kqueues' knotes any longer. The code can be
simplified by using knote_remove() for clearing the knote lists.
The function uses knote_drop() which takes care of knote dequeueing.
Found and initial analysis by anton@
OK anton@, mpi@
|
|
to the namei args. This fixes a bug where chmod would be allowed when
with only READ. This also allows some further cleanup of some awkward
things like PLEDGE_STAT that will follow
Lots of assistence from semarie@ - thanks!
ok semarie@
|
|
sane.
ok kettenis@
|
|
|
|
|
|
ok deraadt@
|
|
so unveil_check_final returns an error - in this case we can't
just VOP_UNLOCK the parent we have to know we are dealing with "."
found by anton@ - thanks
|
|
|
|
ok kettenis@, sthen@, deraadt@, visa@, krw@
|
|
permissions and the flags include O_TRUNC|O_SHLOCK.
ok deraadt@
|
|
|
|
man page change will follow
|
|
for sockets is non-blocking.
This allows us to G/C SS_NBIO. Having to keep the two flags in sync
in a mp-safe way is complicated.
This change introduce a behavior change in sosplice(), it can now
always block. However this should not matter much due to the socket
lock being taken beforhand.
ok bluhm@, benno@, visa@
|
|
|
|
if and only if we are unveil doing it. Fixes an issue noticed
by kn@ where unveil would fail with EROFS on a read only filesystem
|
|
ok kibbles and bits
|
|
|
|
the traversed vnodes - noticed and fixed by semarie@
|
|
as a descending match.
Noticed by Stuart Cassoff <3d0g@bell.net>
|
|
This is required by, for example, slaacd(8) (which has been pledged) to
set MTU on an interface.
OK florian@, deraadt@
|
|
|
|
to a cloned device.
ok kettenis@
|
|
a bad/corrupt binary not returning ENOEXEC but some other error.
ok guenther kettenis bluhm
|
|
later on, and it makes no sense for a binary to have such a segment.
ok bluhm@, guenther@
|
|
|
|
side effect pending signals specifically sent to the main thread
were handled by other threads. This made gcj in textproc/pdftk
port build stall.
Noticed and tested by espie@.
|
|
parameter should be declared uint64_t and not int.
From & for semarie@ who isn't committing at the moment and ok beck@
who is on the road.
|
|
by the unveil diff. Noticed at, and diff from semarie@
|
