kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Fix early console probe when serial port does not exist

* Newer machines may ship without any legacy serial ports at all,
but our default sio0.flags (in the kernel config) are set to 0x10

kernel - Fix early console probe when serial port does not exist

* Newer machines may ship without any legacy serial ports at all,
but our default sio0.flags (in the kernel config) are set to 0x10
to enable console operation if syscons isn't available.

If the serial port does not actually exist, this will panic or
livelock the kernel in early boot.

* Fix in two ways. First, force sioN.disabled to TRUE if the sio
device probe fails. If the serial console probe is still reached,
the serial console probe will also ensure that he serial port is
able to drain before assigning it.

* Fixes Ryzen 7000 series headless booting. You can also workaround
the issue by setting sio0.flags=0 in /boot/loader.conf if you do
not have a fixed kernel.

show more ...

sio - Refactor some of the sio code

* Refactor some of the sio serial port code to reduce the amount of
time the com_lock() is held and to allow the siointr*() receive
buffer in the softc to pip

sio - Refactor some of the sio code

* Refactor some of the sio serial port code to reduce the amount of
time the com_lock() is held and to allow the siointr*() receive
buffer in the softc to pipeline.

show more ...

sio: Correct how DDB option is checked

kernel - Refactor tty clist code

* Remove all the old cruft, completely rewrite the clist code to use
a single linear buffer and a FIFO mechanism.

* The linear buffer just uses 16-bit elements in

kernel - Refactor tty clist code

* Remove all the old cruft, completely rewrite the clist code to use
a single linear buffer and a FIFO mechanism.

* The linear buffer just uses 16-bit elements in order to record
TTY_QUOTE along with the character.

* Fixes bug in last commit (lack of global locks around global clist
caches) by removing the cache entirely.

show more ...

kernel - Refactor tty_token, fix SMP performance issues

* Remove most uses of tty_token in favor of per-tty tp->t_token.
This is particularly important for removing bottlenecks related to PTYs,

kernel - Refactor tty_token, fix SMP performance issues

* Remove most uses of tty_token in favor of per-tty tp->t_token.
This is particularly important for removing bottlenecks related to PTYs,
which are used all over the place. tty_token remains in a few places
managing overall registration and global list manipulation.

* tty structures are now required to be persistent. Implement a sepearate
ttyinit() function. Continue to allow ttyregister() and ttyunregister()
calls, but these no longer presume destruction of the structure.

* Refactor ttymalloc() to take a **tty pointer and interlock allocations.
Allocations are intended to be one-time. ttymalloc() only requires the
tty_token for initial allocations.

* Remove all critical section use that was combined with tty_token and
tp->t_token. Leave only the tokens. The critical sections were
hold-overs going all the way back to pre-SMP days.

* syscons now gets its own token, vga_token. The ISA VGA code and
the framebuffer code also now use this token instead of tty_token.

* The keyboard subsystem now uses kbd_token instead of tty_token.

* A few remaining serial-like devices (snp, nmdm) also get their own
tokens, as well as use the now required tp->t_token.

* Remove use of tty_token in the session management code. This fixes
a niggling performance path since sessions almost universally go
hand-in-hand with fork/exec/exit sequences. Instead we use the
already-existing per-hash session token.

show more ...

kernel - Fix sio lockup

* Fix crit-v-com_lock order. Critical sections must be entered before
com_lock, and exited after com_unlock. This fixes an issue where
crit_exit() was executing complex

kernel - Fix sio lockup

* Fix crit-v-com_lock order. Critical sections must be entered before
com_lock, and exited after com_unlock. This fixes an issue where
crit_exit() was executing complex code with com_lock still held,
potentially deadlocking against sio when processing pending interrupts.

show more ...

kernel - Add support for MosChip PCIe serial com, and console support (2)

* Fix oops in last commit.

kernel - Add support for MosChip PCIe serial com, and console support

* Add support for the MosChip PCIe serial com (brand is typically
'StarTech' 'Natikve PCI Express RS232 serial adapter card wi

kernel - Add support for MosChip PCIe serial com, and console support

* Add support for the MosChip PCIe serial com (brand is typically
'StarTech' 'Natikve PCI Express RS232 serial adapter card with
16550 UART'.

* Add late console support. Console operation works the same
way, set it up in /boot/loader.conf. Typically:

sio0.flags=0x00
sio4.flags=0x30
sio4.baud=115200
#set boot_serial="YES" <-- commented out, do not set this

Note that at the point a late-configured serial port
wants to become the console, syscons is probably already
the console, so you have to use flags 0x30 instead of
0x10 to force it to change the console.

* Note, you do not have to set boot_serial="YES", because it
won't really help since the adapter isn't accessible to the
boot loader or to the kernel until the PCIe device probes
in the middle of the boot sequence.

* The kernel now retests for consoles at the end of its normal
configuration sequence, which allows the now-available
sioN devices from PCIe card(s) to become the console.

* Remove syscons sccnterm() code that tried to undo the syscons
console designation. This code was never called in the past
because the system console couldn't actually change once
selected. But now it can, and the code completely blows up
syscons for numerous reasons. Just leave the console
designation intact from syscons's point of view (the main
system will be vectored elsewhere so syscons will simply
not receive new kernel console reads and writes).

* Add a siocntxwait() call before changing com parameters,
since we are potentially changing the baud rate here.

* Change how the SIO driver assigns baud rates for the console
to handle late-console configurations. Also, allow sio*.baud
variables in loader.conf to override the default com rate.

* Add entries for com5 and com6 to /etc/remote, and default to
a more reasonable baud rate of 115200.

show more ...

kernel: Include <sys/ttydefaults.h> where appropriate.

This is in preparation for moving <sys/termios.h> to <termios.h>.

kernel: Remove use of deprecated "%r" radix format.

sys: Some whitespace cleanup.

While there, fix indentation and few typos a bit.
No functional change.

kernel: Add 'static' to some function definitions.

The declarations already have it, so no functional difference.

kernel - Incidental MPLOCK removal (non-performance)

* Remove the MPLOCK in a ton of places that don't need it or can be
trivially tokenized or locked.

* Mostly non-performance adjustments, thoug

kernel - Incidental MPLOCK removal (non-performance)

* Remove the MPLOCK in a ton of places that don't need it or can be
trivially tokenized or locked.

* Mostly non-performance adjustments, though the X server does use
scmouse or sysmouse.

show more ...

kernel: Remove the COMPAT_43 kernel option along with all related code.

It is commented out in our default kernel config files for almost five
years now, since 9466f37df5258f3bc3d99ae43627a71c1c085e

kernel: Remove the COMPAT_43 kernel option along with all related code.

It is commented out in our default kernel config files for almost five
years now, since 9466f37df5258f3bc3d99ae43627a71c1c085e7d.

Approved-by: dillon
Dragonfly-bug: <https://bugs.dragonflybsd.org/issues/2946>

show more ...

Remove advertising header from sys/

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Some less clear cases taken as it was done of FreeBSD.

sio: Add pci-ids for Haswell and Broadwell vPro CPUs' SoL support.

kernel - Fix live lock in vfs_conf.c mountroot>

* The mountroot> prompt calls cngetc() to process user input. However, this
function hard loops and can prevent other kernel threads from running o

kernel - Fix live lock in vfs_conf.c mountroot>

* The mountroot> prompt calls cngetc() to process user input. However, this
function hard loops and can prevent other kernel threads from running on
the current cpu.

* Rearrange the code to use cncheckc() and a 1/25 second tsleep().

* Fix a bug in the syscons code where NOKEY was not being properly returned
as documented. Modify all use cases to handle NOKEY. This allows us to
differentiate between a keyboard present but not key pressed and a keyboard
not present.

* Pull the automatic polling mode code out of cncheckc() (or more precisely,
out of sccncheckc()) and add a new cnpoll() API function to set it manually.

This fixes issues in vfs_conf when normal keyboard processing interrupts
are operational and cncheckc() is used with a tsleep() delay. The normal
processing interrupt wound up eating the keystrokes so the cncheckc()
basically always failed.

cncheckc() in general also always had a small window of opportunity where
a keystroke could be lost due loops on it.

* Call cnpoll() in various places, such as when entering the debugger,
asking for input in vfs_conf, and a few other places.

show more ...

kernel: Add a number of missing crit_exit, lwkt_reltoken, rel_mplock, etc.

kernel - work around ipmi serial port bug

* On our supermicro blade server the ipmi can get confused when the
host initializes the 16550A and may fail to clear the RXRDY interrupt
status, result

kernel - work around ipmi serial port bug

* On our supermicro blade server the ipmi can get confused when the
host initializes the 16550A and may fail to clear the RXRDY interrupt
status, resulting in an endless loop.

This appears to only occur when interrupts are enabled early to support
kern.alt_break_to_debugger on a serial console.

* Issuing a dummy read of the RXDATA register appears to unstick the ipmi.
Go figure.

show more ...

boot - Add loader.conf variable sioX.baud for console operation

* We already have 'comconsole' and 'sioX.flags=0x10' to set the
serial port to use as the console, which the kernel boot uses.
Add

boot - Add loader.conf variable sioX.baud for console operation

* We already have 'comconsole' and 'sioX.flags=0x10' to set the
serial port to use as the console, which the kernel boot uses.
Add in 'sioX.baud' to set the baud rate, so we don't have to
compile a custom kernel.

* Useful for IPMI setups.

show more ...

sio: Use sysclock_t to save value from sys_cputimer->count()

kernel: Remove 'options COMPAT_SUNOS'.

It was supposed to provide binary compatibility with SunOS 4.x for the
sparc32 port of 4.4BSD.

kernel: Use DEVMETHOD_END in the drivers.

kernel: Remove some unused variables in the serial drivers.