#
2b3f93ea |
| 13-Oct-2023 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restricti
kernel - Add per-process capability-based restrictions
* This new system allows userland to set capability restrictions which turns off numerous kernel features and root accesses. These restrictions are inherited by sub-processes recursively. Once set, restrictions cannot be removed.
Basic restrictions that mimic an unadorned jail can be enabled without creating a jail, but generally speaking real security also requires creating a chrooted filesystem topology, and a jail is still needed to really segregate processes from each other. If you do so, however, you can (for example) disable mount/umount and most global root-only features.
* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)
* Add sys/caps.h
* Add the "setcaps" userland utility and manual page.
* Remove priv.9 and the priv_check infrastructure, replacing it with a newly designed caps infrastructure.
* The intention is to add path restriction lists and similar features to improve jailess security in the near future, and to optimize the priv_check code.
show more ...
|
Revision tags: v6.4.0, v6.4.0rc1, v6.5.0, v6.2.2, v6.2.1, v6.2.0, v6.3.0, v6.0.1, v6.0.0, v6.0.0rc1, v6.1.0, v5.8.3, v5.8.2 |
|
#
ef866ef7 |
| 25-Jul-2020 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Remove P_SWAPPEDOUT flag and paging mode
* This code basically no longer functions in any worthwhile or useful manner, remove it.
The code harkens back to a time when machines had very
kernel - Remove P_SWAPPEDOUT flag and paging mode
* This code basically no longer functions in any worthwhile or useful manner, remove it.
The code harkens back to a time when machines had very little memory and had to time-share processes by actually descheduling them for long periods of time (like 20 seconds) and paging out the related memory.
In modern times the chooser algorithm just doesn't work well because we can no longer assume that programs with large memory footprints can be demoted.
* In modern times machines have sufficient memory to rely almost entirely on the VM fault and pageout scan. The latencies caused by fault-ins are usually sufficient to demote paging-intensive processes while allowing the machine to continue to function.
If functionality need to be added back in, it can be added back in on the fault path and not here.
show more ...
|
Revision tags: v5.8.1 |
|
#
eca1e48f |
| 28-Mar-2020 |
Sascha Wildner <saw@online.de> |
kernel: Remove <sys/mplock2.h> from all files that do not need it.
|
Revision tags: v5.8.0, v5.9.0, v5.8.0rc1, v5.6.3, v5.6.2, v5.6.1, v5.6.0, v5.6.0rc1, v5.7.0, v5.4.3, v5.4.2 |
|
#
fcf6efef |
| 02-Mar-2019 |
Sascha Wildner <saw@online.de> |
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to crit_enter()/crit_exit(), almost 14 years ago. We can now remove a good chunk of them agai
kernel: Remove numerous #include <sys/thread2.h>.
Most of them were added when we converted spl*() calls to crit_enter()/crit_exit(), almost 14 years ago. We can now remove a good chunk of them again for where crit_*() are no longer used.
I had to adjust some files that were relying on thread2.h or headers that it includes coming in via other headers that it was removed from.
show more ...
|
Revision tags: v5.4.1, v5.4.0, v5.5.0, v5.4.0rc1, v5.2.2, v5.2.1, v5.2.0, v5.3.0, v5.2.0rc, v5.0.2, v5.0.1, v5.0.0, v5.0.0rc2, v5.1.0, v5.0.0rc1, v4.8.1, v4.8.0, v4.6.2, v4.9.0, v4.8.0rc |
|
#
a094cc95 |
| 25-Jan-2017 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Optimize lwp-specific signaling.
* Optimize the signal code to remove most instances of needing proc->p_token when lwp-specific signals are sent.
* Add a CURSIG_LCK_TRACE() macro which c
kernel - Optimize lwp-specific signaling.
* Optimize the signal code to remove most instances of needing proc->p_token when lwp-specific signals are sent.
* Add a CURSIG_LCK_TRACE() macro which can now return with p_token held, and pass the status to postsig() which then consumes it.
* lwpsignal() now tries very hard to avoid acquiring proc->p_token.
* Significantly improves vkernel operation under heavy (vkernel) IPI loads.
show more ...
|
Revision tags: v4.6.1, v4.6.0, v4.6.0rc2, v4.6.0rc, v4.7.0, v4.4.3, v4.4.2, v4.4.1, v4.4.0, v4.5.0, v4.4.0rc, v4.2.4, v4.3.1, v4.2.3 |
|
#
f5b92db7 |
| 10-Jul-2015 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Fix panic during coredump
* multi-threaded coredumps were not stopping all other threads before attempting to scan the vm_map, resulting in numerous possible panics.
* Add a new process
kernel - Fix panic during coredump
* multi-threaded coredumps were not stopping all other threads before attempting to scan the vm_map, resulting in numerous possible panics.
* Add a new process state, SCORE, indicating that a core dump is in progress and adjust proc_stop() and friends as well as any code which tests the SSTOP state. SCORE overrides SSTOP.
* The coredump code actively waits for all running threads to stop before proceeding.
* Prevent a deadlock between a SIGKILL and core dump in progress by temporarily counting the master exit thread as a stopped thread (which allows the coredump to proceed and finish).
Reported-by: marino
show more ...
|
Revision tags: v4.2.1, v4.2.0, v4.0.6, v4.3.0, v4.2.0rc, v4.0.5, v4.0.4, v4.0.3, v4.0.2, v4.0.1, v4.0.0, v4.0.0rc3, v4.0.0rc2, v4.0.0rc, v4.1.0, v3.8.2, v3.8.1, v3.6.3, v3.8.0, v3.8.0rc2, v3.9.0, v3.8.0rc, v3.6.2, v3.6.1, v3.6.0, v3.7.1, v3.6.0rc, v3.7.0 |
|
#
a8d3ab53 |
| 25-Oct-2013 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - proc_token removal pass stage 1/2
* Remove proc_token use from all subsystems except kern/kern_proc.c.
* The token had become mostly useless in these subsystems now that process locking
kernel - proc_token removal pass stage 1/2
* Remove proc_token use from all subsystems except kern/kern_proc.c.
* The token had become mostly useless in these subsystems now that process locking is more fine-grained. Do the final wipe of proc_token except for allproc/zombproc list use in kern_proc.c
show more ...
|
Revision tags: v3.4.3 |
|
#
dc71b7ab |
| 31-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadl
Correct BSD License clause numbering from 1-2-4 to 1-2-3.
Apparently everyone's doing it: http://svnweb.freebsd.org/base?view=revision&revision=251069
Submitted-by: "Eitan Adler" <lists at eitanadler.com>
show more ...
|
Revision tags: v3.4.2 |
|
#
2702099d |
| 06-May-2013 |
Justin C. Sherrill <justin@shiningsilence.com> |
Remove advertising clause from all that isn't contrib or userland bin.
By: Eitan Adler <lists@eitanadler.com>
|
Revision tags: v3.4.0, v3.4.1, v3.4.0rc, v3.5.0, v3.2.2, v3.2.1, v3.2.0, v3.3.0, v3.0.3, v3.0.2, v3.0.1, v3.1.0, v3.0.0 |
|
#
86d7f5d3 |
| 26-Nov-2011 |
John Marino <draco@marino.st> |
Initial import of binutils 2.22 on the new vendor branch
Future versions of binutils will also reside on this branch rather than continuing to create new binutils branches for each new version.
|
#
8db21154 |
| 16-Nov-2011 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Attempt to make procfs MPSAFE (3)
* More fixes to silly bugs. Well, I did say 'attempt' :-)
|
#
f44c73be |
| 16-Nov-2011 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Attempt to make procfs MPSAFE
* pfs_pfind() now acquires the p->p_token in addition to its PHOLD().
* Replace PRELE()'s with pfs_pdone() which releases the token along with PRELE()
* Do
kernel - Attempt to make procfs MPSAFE
* pfs_pfind() now acquires the p->p_token in addition to its PHOLD().
* Replace PRELE()'s with pfs_pdone() which releases the token along with PRELE()
* Double-check the validity of nch's passed to cache_fullpath(). This probably still needs work.
Reported-by: swildner
show more ...
|
#
4643740a |
| 15-Nov-2011 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel - Major signal path adjustments to fix races, tsleep race fixes, +more
* Refactor the signal code to properly hold the lp->lwp_token. In particular the ksignal() and lwp_signotify() paths.
kernel - Major signal path adjustments to fix races, tsleep race fixes, +more
* Refactor the signal code to properly hold the lp->lwp_token. In particular the ksignal() and lwp_signotify() paths.
* The tsleep() path must also hold lp->lwp_token to properly handle lp->lwp_stat states and interlocks.
* Refactor the timeout code in tsleep() to ensure that endtsleep() is only called from the proper context, and fix races between endtsleep() and lwkt_switch().
* Rename proc->p_flag to proc->p_flags
* Rename lwp->lwp_flag to lwp->lwp_flags
* Add lwp->lwp_mpflags and move flags which require atomic ops (are adjusted when not the current thread) to the new field.
* Add td->td_mpflags and move flags which require atomic ops (are adjusted when not the current thread) to the new field.
* Add some freeze testing code to the x86-64 trap code (default disabled).
show more ...
|
#
94f98873 |
| 12-Nov-2011 |
Matthew Dillon <dillon@apollo.backplane.com> |
kernel = Fix tsleep(), remove MAILBOX signals, change signalset locks for LWPs
* tsleep() was improperly calling lwkt_gettoken() and potentially blocking prior to sleeping, which it isn't supposed
kernel = Fix tsleep(), remove MAILBOX signals, change signalset locks for LWPs
* tsleep() was improperly calling lwkt_gettoken() and potentially blocking prior to sleeping, which it isn't supposed to do.
This may have been the cause of several odd panics and corruption, though no smoking gun was found.
* Change access to lp->lwp_siglist to use a spinlock instead of a token. Add a per-LWP spinlock in addition to the per-LWP token.
* Remove MAILBOX signals (which require p->p_token). These are no longer used.
show more ...
|
Revision tags: v2.12.0, v2.13.0, v2.10.1, v2.11.0, v2.10.0, v2.9.1, v2.8.2, v2.8.1, v2.8.0, v2.9.0, v2.6.3, v2.7.3, v2.6.2, v2.7.2, v2.7.1, v2.6.1, v2.7.0, v2.6.0, v2.5.1, v2.4.1, v2.5.0, v2.4.0, v2.3.2, v2.3.1, v2.2.1, v2.2.0, v2.3.0 |
|
#
75bda2d9 |
| 15-Dec-2008 |
Michael Neumann <mneumann@ntecs.de> |
Fix missing includes
|
Revision tags: v2.1.1, v2.0.1 |
|
#
f33e8653 |
| 12-Mar-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
Rework stopping of procs.
Before, proc_stop() would sleep until all running lwps stopped. This break when a stop signal is actually coming from the console and is executed in the context of the idl
Rework stopping of procs.
Before, proc_stop() would sleep until all running lwps stopped. This break when a stop signal is actually coming from the console and is executed in the context of the idle thread.
Now we count all sleeping threads as stopped and also set LWP_WSTOP to indicate so. These threads will stop before return to userland. Running threads (including the current one) will eventually stop when returning to userland and will increase p_nstopped. The last thread stopping will then send a signal to the parent process.
Discussed-with: Thomas E. Spanjaard <tgen@netphreax.net>
show more ...
|
#
b1b4e5a6 |
| 25-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
Get rid of struct user/UAREA.
Merge procsig with sigacts and replace usage of procsig with sigacts, like it used to be in 4.4BSD.
Put signal-related inline functions in sys/signal2.h.
Reviewed-by:
Get rid of struct user/UAREA.
Merge procsig with sigacts and replace usage of procsig with sigacts, like it used to be in 4.4BSD.
Put signal-related inline functions in sys/signal2.h.
Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>
show more ...
|
#
7278a846 |
| 22-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
1:1 Userland threading stage 4.2/4:
Make signal system fully lwp-aware by splitting ksignal() in appropriate functions. Introduce lwpsignal(), which now contains the logic of ksignal(), but can be
1:1 Userland threading stage 4.2/4:
Make signal system fully lwp-aware by splitting ksignal() in appropriate functions. Introduce lwpsignal(), which now contains the logic of ksignal(), but can be used to deliver a signal to a specific lwp.
Convert consumers of ksignal() to use lwpsignal() when they actually generate a thread-specific signal.
Fully implement proc_stop() and proc_unstop().
Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>
show more ...
|
#
aa6c3de6 |
| 21-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
1:1 Userland threading stage 2.20/4:
Unify access to pending threads with a new function, lwp_sigpend(), which returns pending signals for the lwp, which includes both lwp-specific signals and signa
1:1 Userland threading stage 2.20/4:
Unify access to pending threads with a new function, lwp_sigpend(), which returns pending signals for the lwp, which includes both lwp-specific signals and signals pending on the process. The new function lwp_delsig() is used to remove a certain signal from the pending set of both process and lwp.
Rework the places which access the pending signal list to either use those two functions or, where not possibly, to work on both lwp and proc signal lists.
show more ...
|
#
c7e98b2f |
| 19-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
1:1 Userland threading stage 2.18/4:
Push lwp use a bit further by making some places lwp aware. This commit deals with ddb, procfs/ptrace and various consumers of allproc_scan.
|
#
9a379a4a |
| 18-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
1:1 Userland threading stage 2.13/4:
Move P_SINTR and P_BREAKTSLEEP into lwp_flag.
Introduce proc_stop and proc_unstop to handle the transition of a complete proc to and from stopped state. This i
1:1 Userland threading stage 2.13/4:
Move P_SINTR and P_BREAKTSLEEP into lwp_flag.
Introduce proc_stop and proc_unstop to handle the transition of a complete proc to and from stopped state. This is influenced by NetBSD.
show more ...
|
#
164b8401 |
| 16-Feb-2007 |
Simon Schubert <corecode@dragonflybsd.org> |
1:1 Userland threading stage 2.12/4:
Factor out lwp_stat and move P_STOPPED into p_stat.
Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>
|
#
84204577 |
| 03-Sep-2006 |
Matthew Dillon <dillon@dragonflybsd.org> |
Rename functions to avoid conflicts with libc.
|
#
344ad853 |
| 14-Nov-2005 |
Matthew Dillon <dillon@dragonflybsd.org> |
Make tsleep/wakeup() MP SAFE for kernel threads and get us closer to making it MP SAFE for user processes. Currently the code is operating under the rule that access to a thread structure requires c
Make tsleep/wakeup() MP SAFE for kernel threads and get us closer to making it MP SAFE for user processes. Currently the code is operating under the rule that access to a thread structure requires cpu locality of reference, and access to a proc structure requires the Big Giant Lock. The two are not mutually exclusive so, for example, tsleep/wakeup on a proc needs both cpu locality of reference *AND* the BGL. This was true with the old tsleep/wakeup and has now been documented.
The new tsleep/wakeup algorithm is quite simple in concept. Each cpu has its own ident based hash table and each hash slot has a cpu mask which tells wakeup() which cpu's might have the ident. A wakeup iterates through all candidate cpus simply by chaining the IPI message through them until either all candidate cpus have been serviced, or (with wakeup_one()) the requested number of threads have been woken up.
Other changes made in this patch set:
* The sense of P_INMEM has been reversed. It is now P_SWAPPEDOUT. Also, P_SWAPPING, P_SWAPINREQ are not longer relevant and have been removed.
* The swapping code has been cleaned up and seriously revamped. The new swapin code staggers swapins to give the VM system a chance to respond to new conditions. Also some lwp-related fixes were made (more p_rtprio vs lwp_rtprio confusion).
* As mentioned above, tsleep/wakeup have been rewritten. The process p_stat no longer does crazy transitions from SSLEEP to SSTOP. There is now only SSLEEP and SSTOP is synthesized from P_SWAPPEDOUT for userland consumpion. Additionally, tsleep() with PCATCH will NO LONGER STOP THE PROCESS IN THE TSLEEP CALL. Instead, the actual stop is deferred until the process tries to return to userland. This removes all remaining cases where a stopped process can hold a locked kernel resource.
* A P_BREAKTSLEEP flag has been added. This flag indicates when an event occurs that is allowed to break a tsleep with PCATCH. All the weird undocumented setrunnable() rules have been removed and replaced with a very simple algorithm based on this flag.
* Since the UAREA is no longer swapped, we no longer faultin() on PHOLD(). This also incidently fixes the 'ps' command's tendancy to try to swap all processes back into memory.
* speedup_syncer() no longer does hackish checks on proc0's tsleep channel (td_wchan).
* Userland scheduler acquisition and release has now been tightened up and KKASSERT's have been added (one of the bugs Stefan found was related to an improper lwkt_schedule() that was found by one of the new assertions). We also have added other assertions related to expected conditions.
* A serious race in pmap_release_free_page() has been corrected. We no longer couple the object generation check with a failed pmap_release_free_page() call. Instead the two conditions are checked independantly. We no longer loop when pmap_release_free_page() succeeds (it is unclear how that could ever have worked properly).
Major testing by: Stefan Krueger <skrueger@meinberlikomm.de>
show more ...
|
#
ac424f9b |
| 02-May-2004 |
Chris Pressey <cpressey@dragonflybsd.org> |
Style(9) cleanup to src/sys/vfs, stage 15/21: procfs.
- Convert K&R-style function definitions to ANSI style.
Submitted-by: Andre Nathan <andre@digirati.com.br> Additional-reformatting-by: cpressey
|