Age | Commit message (Collapse) | Author |
|
one that is not a duplicate and not a zero DUID.
ok krw@
|
|
ok krw@ kettenis@
|
|
|
|
a boot disk has not been selected by its caller.
ok jsing@, millert@
|
|
OK deraadt@ natano@
|
|
|
|
makes console redirection with senssyslog(2) and LOG_CONS work
again. Also merge the two if else if else blocks into one.
OK deraadt@
|
|
|
|
the srp_ref struct is used to track the location of the callers
hazard pointer so later calls to srp_follow and srp_enter already
know what to clear. this in turn means most of the caveats around
using srps go away. specifically, you can now:
- switch cpus while holding an srp ref
- ie, you can sleep while holding an srp ref
- you can take and release srp refs in any order
the original intent was to simplify use of the api when dealing
with complicated data structures. the caller now no longer has to
track the location of the srp a value was fetched from, the srp_ref
effectively does that for you.
srp lists have been refactored to use srp_refs instead of srpl_iter
structs.
this is in preparation of using srps inside the ART code. ART is a
complicated data structure, and lookups require overlapping holds
of srp references.
ok mpi@ jmatthew@
|
|
missed when buflen was promoted to size_t. OK tedu@
|
|
been opened during init(8). Only log with cnwrite() if cn_devvp
exists, otherwise use cnputc() as fallback. While there move extern
declarations to dev/cons.h.
input and OK deraadt@
|
|
Permanently holding /dev/console open in the kernel works only until
init(8) calls revoke(2). After that the console device vnode cannot
be used anymore. It still resulted in a hanging init(8) if it tried
to syslog(3) something. With the backout also dmesg -s works again.
|
|
|
|
please note that chrooted process are still possible with pledge(2), but only
if the chroot(2) is done *before* calling pledge(2). Once pledged, no more
chroot(2) call are permitted.
|
|
a process from watching other users' procs. but there are no secrets here.
remove that check.
at the same time, note that as far as pledge is concerned, while most of
kevent is a "stdio" type operation, process monitoring belongs to the
"proc" family, so add an additional check here.
ok deraadt millert
|
|
hppa reverse-stack gives us a valuable test case, but most developers don't
have a 2nd one to proceed further with this.
ok kettenis
|
|
started and before init(8) has opened the console, the kernel could
crash as the console device has not been initialized. Open
/dev/console in the kernel before starting init(8) and keep it open.
This way sendsyslog(2) can be called early in the system.
OK beck@ deraadt@
|
|
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
|
|
offline paths. More polishing to come.
Input and okay bluhm@ & kettenis@.
|
|
Use a new task that runs holding the KERNEL_LOCK to execute mp-unsafe
code. Our current goal is to progressively move input functions to the
unlocked task.
This gives a small performance boost confirmed by Hrvoje Popovski's
IPv4 forwarding measurement:
before: after:
send receive send receive
400kpps 400kpps 400kpps 400kpps
500kpps 500kpps 500kpps 500kpps
600kpps 600kpps 600kpps 600kpps
650kpps 650kpps 650kpps 640kpps
700kpps 700kpps 700kpps 700kpps
720kpps 640kpps 720kpps 710kpps
800kpps 640kpps 800kpps 650kpps
1.4Mpps 570kpps 1.4Mpps 590kpps
14Mpps 570kpps 14Mpps 590kpps
ok kettenis@, bluhm@, dlg@
|
|
1) turn NDINITAT into a function and make the macros point to it
with the later goal of getting rid of them.
2) Sweep the kernel for places where people make a struct nameidata manually
on the stack and fill in what they hope are the required fields and count
on prayer and clean living to always get them right. Instead use NDINIT
everywhere. NFS was especially bad for this and there have likely
been things lurking there for a while.
3) Add a couple of strategic KASSERT's to catch future offenders.
ok krw@ sthen@ deraadt@
|
|
oversized timespecs should be clamped, not rejected.
ok millert
|
|
pledge_namei_wlpath(). Call the wlpath check only at the end of namei
after the namei lookup would otherwise succeed.
2) Add support to namei to keep the path that was looked up, without the
symlinks in it, and use that path for whitelist path lookups. This
means that paths in pledge whitelists will need to always be the
real path to an intended file to whitelist, without symlinks. Any
symlinks to the "real" file will then be allowed
ok deraadt@ semarie@
|
|
noticed by miod@
|
|
so make sure that all members of mp->mnt_stat.mount_info are copied.
ok stefan
|
|
ok deraadt@, krw@
|
|
|
|
|
|
reductions.
ok deraadt@
|
|
bitflags)
ok deraadt@ jca@
|
|
theyre currently unused, so no functional change.
|
|
this tweaks m_freem so it returns the m_nextpkt from the mbuf it freed,
like how m_free returns the m_next from the mbuf it frees.
ok mpi@
|
|
instance numbers being handed out for the same minor device.
ok mikeb
|
|
|
|
tested this with fuse _and_ drm on amd64 and macppc. Also tested with
cloning bpf (not in the tree) on macppc.
ok mikeb
"looks correct to me" millert
The original commit message is as follows:
Increase size of the clone bitmap. A limit of only 64 device clones
turned out to be too low for the upcoming work on cloning bpf. The new
limit is 1024 device clones. As part of the size increase, the bitmap
has been changed to be allocated separately to avoid bloating all device
nodes, as suggested by guenther, millert and deraadt.
ok millert mikeb
|
|
|
|
turned out to be too low for the upcoming work on cloning bpf. The new
limit is 1024 device clones. As part of the size increase, the bitmap
has been changed to be allocated separately to avoid bloating all device
nodes, as suggested by guenther, millert and deraadt.
ok millert mikeb
|
|
|
|
getlogin_r() API; keep existing syscall as getlogin59 for temporary compat.
ok kettenis@ deraadt@
|
|
ok deraadt@ krw@ zhuk@ jca@ millert@
|
|
this is the second attempt to get it in, the first
attempt got backed out on Jan 31 2016
the change also contains fixes contributed by Stefan Kempf
in earlier iteration.
OK srhen@
|
|
Note that without locking a thread cannot claim that it is part
of a multi-threaded process using this macro.
Suggested by miod@, ok guenther@
|
|
|
|
|
|
behind all other threads in the process by temporarily lowering its priority.
This isn't optimal but it is the easiest way to guarantee that we make
progress when we're waiting on an other thread to release a lock. This
results in significant improvements for processes that suffer from lock
contention, most notably firefox. Unfortunately this means that sched_yield(2)
needs to grab the kernel lock again.
All the hard work was done by mpi@, based on observations of the behaviour
of the BFS scheduler diff by Michal Mazurek.
ok deraadt@
|
|
could end up in an inconsistent state. The fstype dependent
mp->mnt_data was NULL, but the general mp was still listed as a
valid mount point. Next access to the file system would crash with
a NULL pointer dereference.
If closing the device fails, the mount point must go away anyway.
There is nothing we can do about it. Remove the workaround for the
EIO error in the general unmount code, but do not generate any error
in the file system specific unmount functions.
OK natano@ beck@
|
|
ok deraadt@
|
|
of three unused FS-related functions.
okay mpi@ and beck@
|
|
are passed uninitialized to free(9) only when pointers are NULL.
found by jsg@
ok deraadt@
|
|
this helps us identify issues around ticks wrap in 15 minutes instead
of 240ish days. the change is inspired by something freebsd did as
a result of a ticks change they made that went horribly wrong.
lots of people said they wanted this
|