kern - Make lseek(2) generic

* Extend fileops with fo_seek function allowing pluggable lseek(2)
implementations. Part of preparation for linux DMA-BUF compat API.

* Move current vnode lseek imple

kern - Make lseek(2) generic

* Extend fileops with fo_seek function allowing pluggable lseek(2)
implementations. Part of preparation for linux DMA-BUF compat API.

* Move current vnode lseek implementation into vnode and devfs fileops.
Code is exactly the same in both, note about duplication added.

* Set remaining fileops to badfo_seek.

Mentored-By: dillon

show more ...

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel: Staticize some variables.

<sys/sysent.h>: Remove the old SCARG() macro, de-SCARG() the mqueue code.

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-onl

kernel - Refactor in-kernel system call API to remove bcopy()

* Change the in-kernel system call prototype to take the
system call arguments as a separate pointer, and make the
contents read-only.

int sy_call_t (void *);
int sy_call_t (struct sysmsg *sysmsg, const void *);

* System calls with 6 arguments or less no longer need to copy
the arguments from the trapframe to a holding structure. Instead,
we simply point into the trapframe.

The L1 cache footprint will be a bit smaller, but in simple tests
the results are not noticably faster... maybe 1ns or so
(roughly 1%).

show more ...

<sys/time.h>: Add 3rd arg to timespecadd()/sub() and make them public.

* Switch to the three argument versions of the timespecadd() and
timespecsub() macros. These are now the predominant ones. Fr

<sys/time.h>: Add 3rd arg to timespecadd()/sub() and make them public.

* Switch to the three argument versions of the timespecadd() and
timespecsub() macros. These are now the predominant ones. FreeBSD,
OpenBSD, NetBSD, and Solaris (albeit only for the kernel) have them.

* Make those macros public too. This allows for a number of cleanups
where they were defined locally.

Pointed-out-by: zrj
Reviewed-by: dillon

show more ...

kernel - per-thread fd cache, p_fd lock bypass

* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's
in a held state (avoiding the need to fhold()/fdrop() the ref count),
and bypasse

kernel - per-thread fd cache, p_fd lock bypass

* Implement a per-thread (fd,fp) cache. Cache hits can keep fp's
in a held state (avoiding the need to fhold()/fdrop() the ref count),
and bypasses the p_fd spinlock. This allows the file pointer structure
to generally be shared across cpu caches.

* Can cache up to four descriptors in each thread, LRU. This is the common
case. Highly threaded programs tend to focus work on a distinct
file descriptors in each thread.

* One file descriptor can be cached in up to four threads. This is
a significant limitation, though relatively uncommon. On a cache miss
the code drops into the normal shared p_fd spinlock lookup.

show more ...

Remove <sys/stdbool.h>. The kernel has bool etc. in <sys/types.h> now.

kernel: Use <sys/stdbool.h> in kernel code, not <stdbool.h>.

kernel - Sanity-check getutimes().

* Sanity check getutimes() and getutimens()

* Also note futimes commit just before this one was also
Submitted-by: stateless.

Submitted-by: stateless

sys/kern: Adjust some function declaration vs. definition mismatches.

All these functions are declared static already, so no functional change.

kernel - proc_token removal pass stage 1/2

* Remove proc_token use from all subsystems except kern/kern_proc.c.

* The token had become mostly useless in these subsystems now that process
locking

kernel - proc_token removal pass stage 1/2

* Remove proc_token use from all subsystems except kern/kern_proc.c.

* The token had become mostly useless in these subsystems now that process
locking is more fine-grained. Do the final wipe of proc_token except for
allproc/zombproc list use in kern_proc.c

show more ...

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.

mqueues: Remove left-over commented out code.

mqueues: Remove left-over commented out code.

mqueues: Port POSIX message queues from NetBSD.

kernel -- Mark MQUEUE filterops MPSAFE.

MQ filterops use lockmgr locks to synchronize; don't need MPLOCK.

kernel -- POSIX Message Queues: Remove objcache for MQ messages.

The MQ code was using objcache for messages upto the default max size;
objcache was not really useful over kmalloc here, however. The

kernel -- POSIX Message Queues: Remove objcache for MQ messages.

The MQ code was using objcache for messages upto the default max size;
objcache was not really useful over kmalloc here, however. The messages did
not have any constructed object state to store and using kmalloc leads to using
appropriately sized message buffers each time.

show more ...

kernel -- Prevent POSIX MQ from overflowing malloc zones.

kernel - Make filters able to be marked MPSAFE

* Change struct filterops f_isfd field to f_flags, taking FILTEROP_ISFD and/or
FILTEROP_MPSAFE.

* Convert all existing filter definitions to use new

kernel - Make filters able to be marked MPSAFE

* Change struct filterops f_isfd field to f_flags, taking FILTEROP_ISFD and/or
FILTEROP_MPSAFE.

* Convert all existing filter definitions to use new flags.

* Create filter_attach/detach/event wrapper functions for calling through the
struct filterops vector that grab the MPLOCK as necessary.

* kern_event() uses kq->kq_count to determine whether or not to sleep,
kqueue_scan() removes events from the TAILQ and can possibly sleep, releasing
the global kq token, before updating kq->kq_count.

show more ...

kernel - Remove kevent subsystem from under mplock

* Create a global token for the kevent subsystem to operate under

* Push klist insertion and removal into knote_insert()/knote_remove()

* Rename

kernel - Remove kevent subsystem from under mplock

* Create a global token for the kevent subsystem to operate under

* Push klist insertion and removal into knote_insert()/knote_remove()

* Rename struct selinfo to struct kqinfo

show more ...

kern - Add kq support to mqueue

kernel - Tear out selwakeup()

kernel - Add missing KNOTE's

* Place a KNOTE call anywhere there is currently a call to selwakeup.

kernel - Tear out descriptor polling

* Remove existing (now legacy) code that implements descriptor polling, kq
filters are now the "One True (and only) Way"