Clean up more ancient history: since 2015 the libc stubs for
fork/vfork/__tfork haven't cared about the second return register.
So, stop setting retval[1] in kern_fork.c and stop setting the
second r

Clean up more ancient history: since 2015 the libc stubs for
fork/vfork/__tfork haven't cared about the second return register.
So, stop setting retval[1] in kern_fork.c and stop setting the
second return register in the MD child_return() routines.

With the above, we have no multi-register return values on LP64,
so stop touching that register in the trapframe on those archs.

testing miod@ and aoyama@
ok miod@

show more ...

remove unneeded includes in sys/kern
ok mpi@ miod@

kernel: remove global "randompid" toggle

Apparently, we used to created several kthreads before the kernel
random number generator was up and running. A toggle, "randompid",
was needed to tell allo

kernel: remove global "randompid" toggle

Apparently, we used to created several kthreads before the kernel
random number generator was up and running. A toggle, "randompid",
was needed to tell allocpid() whether it made sense to attempt to
allocate random PIDs.

However, these days we get e.g. arc4random(9) into a working state
before any kthreads are spawned, so the toggle is no longer needed.

Thread: https://marc.info/?l=openbsd-tech&m=165541052614453&w=2

Very nice historical context provided by miod@.

probably ok miod@ deraadt@

show more ...

Use the process ps_mtx to protect the process sigacts structure.
With this cursig(), postsig() and trapsignal() become safe to be called
without KERNEL_LOCK. As a side-effect sleep with PCATCH no lon

Use the process ps_mtx to protect the process sigacts structure.
With this cursig(), postsig() and trapsignal() become safe to be called
without KERNEL_LOCK. As a side-effect sleep with PCATCH no longer needs
the KERNEL_LOCK either. Since sending a signal can happen from interrupt
context raise the ps_mtx IPL to high.
Feedback from mpi@ and kettenis@
OK kettenis@

show more ...

Use the refcnt API with struct ucred.

OK bluhm@

Revert "kbind(2): disable system call if not initialized before
first __tfork(2)"

The immediate issue is that a process linked with -znow will still
perform lazy relocation on objects loaded with dl

Revert "kbind(2): disable system call if not initialized before
first __tfork(2)"

The immediate issue is that a process linked with -znow will still
perform lazy relocation on objects loaded with dlopen(), but there
are possibly other dark corners to plumb to find a better invariant.

Problem reported by thfr@

show more ...

kbind(2): disable system call if not initialized before first __tfork(2)

To unlock kbind(2) we need to protect ps_kbind_addr and
ps_kbind_cookie.

The simplest way to do this is to disallow kbind(2)

kbind(2): disable system call if not initialized before first __tfork(2)

To unlock kbind(2) we need to protect ps_kbind_addr and
ps_kbind_cookie.

The simplest way to do this is to disallow kbind(2) initialization
after the first __tfork(2) call. If the first thread does not
initialize the kbind(2) variables before __tfork(2) then we disable
kbind(2) during that first __tfork(2) call.

This is guenther@'s patch, I'm just committing it.

Discussed with guenther@, deraadt@, kettenis@, and mpi@.

ok kettenis@, positive response from mpi@, "I am busy" guenther@

show more ...

timeout(9): change argument order for timeout_set_kclock()

Move the kclock argument before the flags argument. XORing a bunch of
flags together may "sprawl", and I'd rather have any sprawl at the e

timeout(9): change argument order for timeout_set_kclock()

Move the kclock argument before the flags argument. XORing a bunch of
flags together may "sprawl", and I'd rather have any sprawl at the end
of the parameter list.

timeout_set_kclock() is undocumented and there is only one caller, so
no big refactor required.

Best to do this argument order shuffle before any bigger refactors of
e.g. timeout_set(9).

show more ...

Make a child execute fork_return() only if PTRACE_FORK has been specified.

fork_return() does an additional check to send a SIGTRAP (for a debugger)
but this signal might overwrite the SIGSTOP gener

Make a child execute fork_return() only if PTRACE_FORK has been specified.

fork_return() does an additional check to send a SIGTRAP (for a debugger)
but this signal might overwrite the SIGSTOP generated by the parent doing
a PT_ATTACH before the child has a change to execute any instruction.

Prevent a race visible only on SP system with regress/sys/kern/ptrace2.

ok kettenis@

show more ...

Move single_thread_set() out of KERNEL_LOCK().

Use the SCHED_LOCK() to ensure `ps_thread' isn't being modified by a sibling
when entering tsleep(9) w/o KERNEL_LOCK().

ok visa@

"proc: table is full" actually means thread table is full; ok mpi@ sthen@

Revert the convertion of per-process thread into a SMR_TAILQ.

We did not reach a consensus about using SMR to unlock single_thread_set()
so there's no point in keeping this change.

Cache parent's pid as `ps_ppid' and use it instead of `ps_pptr->ps_pid'.
This allows us to unlock getppid(2).

ok mpi@

Convert the per-process thread list into a SMR_TAILQ.

Currently all iterations are done under KERNEL_LOCK() and therefor use
the *_LOCKED() variant.

From and ok claudio@

Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.

Make sure `ps_single' is set only once by checking then updating it without
releasing the lock.

Analyzed by and ok c

Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.

Make sure `ps_single' is set only once by checking then updating it without
releasing the lock.

Analyzed by and ok claudio@

show more ...

Revert previous extension of the SCHED_LOCK(), the state isn't passed down.

Panic reported by dhill@

Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.

Make sure `ps_single' is set only once by checking then updating it without
releasing the lock.

Analyzed by and ok c

Prevent a TOCTOU race in single_thread_set() by extending the scope of the lock.

Make sure `ps_single' is set only once by checking then updating it without
releasing the lock.

Analyzed by and ok claudio@

show more ...

setitimer(2): ITIMER_REAL: use kclock timeouts

Reimplement the ITIMER_REAL interval timer with a kclock timeout.

Couple things of note:

- We need to use the high-res nanouptime(9) call, not the lo

setitimer(2): ITIMER_REAL: use kclock timeouts

Reimplement the ITIMER_REAL interval timer with a kclock timeout.

Couple things of note:

- We need to use the high-res nanouptime(9) call, not the low-res
getnanouptime(9).
- The code is simpler now that we aren't working with ticks.

Misc. thoughts:

- Still unsure if "kclock" is the right name for these things.
- MP-safely cancelling a periodic timeout is very difficult.

show more ...

Use atomic operations to update ps_singlecount. This makes
single_thread_check() safe to be called without KERNEL_LOCK().
single_thread_wait() needs to use sleep_setup() and sleep_finish()
instead of

Use atomic operations to update ps_singlecount. This makes
single_thread_check() safe to be called without KERNEL_LOCK().
single_thread_wait() needs to use sleep_setup() and sleep_finish()
instead of tsleep() to make sure no wakeup() is lost.
Input kettenis@, with and OK visa@

show more ...

Keep track of traced child under a list of orphans while they are being
reparented to a debugger process.

Also re-parent exiting traced processes to their original parent, if it
is still alive, afte

Keep track of traced child under a list of orphans while they are being
reparented to a debugger process.

Also re-parent exiting traced processes to their original parent, if it
is still alive, after the debugger has seen the exit status.

Logic comes from FreeBSD pointed out by guenther@.

While here rename proc_reparent() into process_reparent() and get rid of
superfluous checks.

ok visa@

show more ...

Remove sigacts structure sharing. The only process that used sharing was
proc0 which is used for kthreads and idle threads. proc0 and all those
other kernel threads don't handle signals so there is n

Remove sigacts structure sharing. The only process that used sharing was
proc0 which is used for kthreads and idle threads. proc0 and all those
other kernel threads don't handle signals so there is no benefit in sharing.
Simplifies the code a fair bit since the refcnt is gone.
OK kettenis@

show more ...

Split `p_priority' into `p_runpri' and `p_slppri'.

Using different fields to remember in which runqueue or sleepqueue
threads currently are will make it easier to split the SCHED_LOCK().

With this

Split `p_priority' into `p_runpri' and `p_slppri'.

Using different fields to remember in which runqueue or sleepqueue
threads currently are will make it easier to split the SCHED_LOCK().

With this change, the (potentially boosted) sleeping priority is no
longer overwriting the thread priority. This let us get rids of the
logic required to synchronize `p_priority' with `p_usrpri'.

Tested by many, ok visa@

show more ...

Make __thrsleep(2) and __thrwakeup(2) MP-safe

Threads in __thrsleep(2) are tracked using queues, one queue per each
process for synchronization between threads of a process, and one
system-wide queu

Make __thrsleep(2) and __thrwakeup(2) MP-safe

Threads in __thrsleep(2) are tracked using queues, one queue per each
process for synchronization between threads of a process, and one
system-wide queue for the special ident -1 handling. Each of these
queues has an associated rwlock that serializes access.

The queue lock is released when calling copyin() and copyout() in
thrsleep(). This preserves the existing behaviour where a blocked copy
operation does not prevent other threads from making progress.

Tested by anton@, claudio@
OK anton@, claudio@, tedu@, mpi@

show more ...

Make kqlist part of filedesc and serialize access to it using fdplock.
This choice of locking is guided by knote_fdclose().

OK mpi@, anton@

Convert infinite sleeps to {m,t}sleep_nsec(9).

ok visa@