| Age | Commit message (Collapse) | Author |
|---|
|
it are now unpadded
ok kettenis guenther
|
|
Make knote(9) lock the knote list internally, and add knote_locked(9)
for the typical situation where the list is already locked.
Remove the KNOTE(9) macro to simplify the API.
Manual page OK jmc@
OK mpi@ mvs@
|
|
Spoofed labels have zero duid and there is no reason not to allow them to
work with duid notation.
ok kn@
|
|
the vnode, to eliminate misordering of ktrace records.
problem noted by jrick@
ok deraadt@
|
|
Now that the clockintr switch is complete, cpu_initclocks() always
initializes stathz to a non-zero value. We don't call statclock()
from hardclock(9) anymore and, more broadly, we don't need to test
whether stathz is non-zero before using it.
With input from kettenis@.
Link: https://marc.info/?l=openbsd-tech&m=167434223309668&w=2
ok kettenis@ miod@
|
|
The timecounting code has had stubs for pulse-per-second (PPS) polling
since it was imported in 2004. At this point it seems unlikely that
anyone is going to finish adding PPS support, so let's remove the stubs:
- Delete the dead tc_poll_pps() call from tc_windup().
- Remove all tc_poll_pps symbols from the kernel.
Link: https://marc.info/?l=openbsd-tech&m=167519035723210&w=2
ok miod@
|
|
ok visa@
|
|
against classic BROP with a range-checking wrapper in front of copyin() and
copyinstr() which ensures the userland source doesn't overlap the main program
text, ld.so text, signal tramp text (it's mapping is hard to distinguish
so it comes along for the ride), or libc.so text. ld.so tells the kernel
libc.so text range with msyscall(2). The range checking for 2-4 elements is
done without locking (because all 4 ranges are immutable!) and is inexpensive.
write(sock, &open, 400) now fails with EFAULT. No programs have been
discovered which require reading their own text segments with a system call.
On a machine without mmu enforcement, a test program reports the following:
userland kernel
ld.so readable unreadable
mmap xz unreadable unreadable
mmap x readable readable
mmap nrx readable readable
mmap nwx readable readable
mmap xnwx readable readable
main readable unreadable
libc unmapped? readable unreadable
libc mapped readable unreadable
ok kettenis, additional help from miod
|
|
Also, some cases could be protected with solock_shared().
ok bluhm@
|
|
selinfo is just wrapper to klist. netstat(1) and libkvm use socket
structure, but don't touch so_{snd,rcv}.sb_sel.
ok visa@
|
|
alias mapping using uvm_map_extract. With xonly now operational, this
alias mapping is created with minprot, which for text will be xonly, and
the kernel cannot read it (unless the architecture has implied read for
exec from kernel pov).
Pass UVM_IO_FIXPROT to create the alias with maxprot instead.
ok kettenis
|
|
buffer as the SS_CANTSENDMORE flag.
ok bluhm@
|
|
readable. No functional changes.
Proposed by and ok bluhm@
|
|
receive buffer. As it was done for SS_CANTSENDMORE bit, the definition
kept as is, but now these bits belongs to the `sb_state' of receive
buffer. `sb_state' ored with `so_state' when socket data exporting to the
userland.
ok bluhm@
|
|
This time, socket's buffer lock requires solock() to be held. As a part of
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state.
Opposing the previous reverted diff, the SS_CANTSENDMORE definition left
as is, but it used only with `sb_state'. `sb_state' ored with original
`so_state' when socket's data exported to the userland, so the ABI kept as
it was.
Inputs from deraadt@.
ok bluhm@
|
|
preinit hook. Delete that and instead have the kernel disable kbind
at exec-time if the program doesn't have an ELF interpreter. For
now, permit userland calls to disable it when already disabled so
existing static programs continue to work.
prompted by deraadt@ questioning about the call in libc.a
ok deraadt@ miod@
|
|
|
|
into core dumps. As a result backtraces through signal handlers no
longer work in gdb and other debuggers.
Fix this by keeping a read-only mapping of the signal trampoline in the
kernel and writing it into the core dump at the virtual address where it
is mapped in the process.
ok deraadt@, tb@
|
|
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is still fine for
getsockname(2) and getpeername(2).
Reported-by: syzbot+00a4824cb1b6a214c7d6@syzkaller.appspotmail.com
ok kn@ claudio@
|
|
input is too long.
ok mpi@
|
|
|
|
exposed in a new field returned by sysctl(KERN_PROC). Update
pthread_{get,set}_name_np(3) to use the syscalls. Show them, when
set, in ps -H and top -H output.
libc and libpthread minor bumps
ok mpi@, mvs@, deraadt@
|
|
|
|
signal trampoline can now be PROT_EXEC (without PROT_READ) everywhere
ok kettenis
|
|
the process* that it should be part of. Use that in clock_get{time,res}(),
thrkill(), and ptrace().
ok jca@ miod@ mpi@ mvs@
|
|
|
|
I think "abs" ("absolute timeout") is a better mnemonic than
"at" ("at the given time").
The interface is undocumented and there are only two callers, so
renaming it is not a big deal.
probably ok kn@
|
|
|
|
waitid(2) and __thrsigdivert(2) and teach kdump(1) to handle them.
Also report more from the siginfo_t inside PSIG tracepoints.
ok mpi@
|
|
New warning -Warray-parameter is a bit overzealous.
ok millert@ tb@
|
|
ok millert@
|
|
|
|
process. Use this information to access the vector.
OK mpi@ mbuhl@ deraadt@
|
|
|
|
state changes are reported. That's the 6th bit, so switch to hex
constants. Adjust #if tests for consistency
ok kettenis@
|
|
|
|
struct uvm_map's .addr is protected by the map's lock and .{min,max}_offset
are immutable.
uvm_map_inherit() locks the VM map upon entry, sets the desired inheritance
mode for the given address range (validated outside the lock) and unlocks
the map itself.
fork(2), i.e. uvm_mapent_forkcopy(), first locks both old and new maps and
then copies entries over as per the inheritance type.
futex(2), another user of struct vm_map_entry's .inheritance member, also
locks the map accordingly.
OK mpi
|
|
The networking people want a fast, monotonic clock that only advances
while the system is not suspended. The runtime clock satisfies most
of these requirements, so introduce getnsecruntime() to provide a fast
means for reading it.
Based on patches from jca@ and claudio@.
ok yasuoka@
|
|
|
|
socket buffers standalone locking work, move socket state bits which
represent its buffers state to per buffer state. Introduce `sb_state' and
turn SS_CANTSENDMORE to SBS_CANTSENDMORE. This bit will be processed on
`so_snd' buffer only.
Move SS_CANTRCVMORE and SS_RCVATMARK bits with separate diff to make
review easier and exclude possible so_rcv/so_snd mistypes.
Also, don't adjust the remaining SS_* bits right now.
ok millert@
|
|
Inputs and ok bluhm@
|
|
reserved port to received secure-maps from the ypserver.
issue found by niklas, using a simpler diff i proposed
ok miod
|
|
|
|
This fixes evcount_list corruption that happened when evcount_percpu()
was called after evcount_init_percpu().
OK jca@ cheloha@ jmatthew@
|
|
so{,un}lock_shared() take the shared net lock for PF_INET and PF_INET6
while sticking to the exclusive rwlock elsewhere.
getsockopt(2), getsockname(2) and getpeername(2) (all UNLOCK) do not
write, so the exclusive net lock is overkill here.
OK mvs
|
|
|
|
protocol layer they follow the same (*pr_ctloutput)() handlers.
At sockets layer we touch only per-socket data, which is solock()
protected.
At protocol layer, udp(4), unix(4) and key management sockets have no
(*pr_ctloutput)() handlers. route_ctloutput() touches only per socket
data, which is solock() protected. inet{,6} globals are protected by
netlock, which is solock() backend for corresponding sockets.
ok bluhm@
|
|
ok guenther@ kn@
|
|
unp_bind() has the only uipc_bind() caller. In the uipc_usrreq() times,
it made sense to have dedicated unp_bind() for prevent tne code mess
within giant switch(), but now it doesn't.
ok bluhm@
|
|
copy on userland stack which points at an illicit region.
ok kettenis, deraadt
|
