| #
3c1df2a4 |
| 03-Oct-2019 |
deraadt <deraadt@openbsd.org> |
sysctl global nosuidcoredump was being inspected twice inside coredump(),
with a sleep between. Reorganize the code for a single check.
ok anton beck florian mpi
|
| #
e2eb4f16 |
| 07-Aug-2019 |
deraadt <deraadt@openbsd.org> |
avoid large MAXPATHLEN object on the stack in coredump(), by allocating
it from the pool.
ok bluhm visa
|
| #
8b6fe72e |
| 10-Jul-2019 |
mpi <mpi@openbsd.org> |
Stop sleeping at PUSER.
This allows to enforce that sleeping priorities will now always be <
PUSER.
ok visa@, ratchov@
|
| #
edc99bcd |
| 21-Jun-2019 |
visa <visa@openbsd.org> |
Make resource limit access MP-safe. So far, the copy-on-write sharing
of resource limit structs has been done between processes. By applying
copy-on-write also between threads, threads can read rlimi
Make resource limit access MP-safe. So far, the copy-on-write sharing
of resource limit structs has been done between processes. By applying
copy-on-write also between threads, threads can read rlimits in
a nearly lock-free manner.
Inspired by code in DragonFly BSD and FreeBSD.
OK mpi@, agreement from jmatthew@ and anton@
show more ...
|
| #
788422d6 |
| 13-May-2019 |
bluhm <bluhm@openbsd.org> |
When killing a process, the signal is handled by any thread that
does not block the signal. If all threads block the signal, we
delivered it to the main thread. This does not conform to POSIX.
If a
When killing a process, the signal is handled by any thread that
does not block the signal. If all threads block the signal, we
delivered it to the main thread. This does not conform to POSIX.
If any thread unblocks the signal, it should be delivered immediately
to this thread.
Mark such signals pending at the process instead of a single thread.
Then any thread can handle it later.
OK kettenis@ guenther@
show more ...
|
| #
ef92b62d |
| 01-May-2019 |
dlg <dlg@openbsd.org> |
add a KERNEL_ASSERT_LOCKED() to ptsignal
it obviously needs to be called with the kernel lock held, so it
makes sense to check that so we can unlock more code without
introducing bugs that shoot us
add a KERNEL_ASSERT_LOCKED() to ptsignal
it obviously needs to be called with the kernel lock held, so it
makes sense to check that so we can unlock more code without
introducing bugs that shoot us in the face in the indeterminate
future.
csignal is basically a wrapper around ptsignal, so calls to that
without the kernel lock should be caught by this too.
discussed with mpi@ on bugs@
show more ...
|
| #
9bc5295b |
| 19-Feb-2019 |
tedu <tedu@openbsd.org> |
open the coredump file non-blocking. cheloha found it blocks with a fifo.
ok cheloha deraadt
|
| #
9448fb1b |
| 23-Jan-2019 |
cheloha <cheloha@openbsd.org> |
Sprinkle a pinch of timerisvalid/timespecisvalid over the rest of sys/kern
|
| #
dad4761d |
| 17-Dec-2018 |
visa <visa@openbsd.org> |
Remove unused function gsignal().
OK deraadt@ anton@
|
| #
e0e8a7c4 |
| 12-Nov-2018 |
visa <visa@openbsd.org> |
Add a mechanism for managing asynchronous IO signal registrations.
It centralizes IO signal privilege checking and makes possible to revoke
a registration when the target process or process group is
Add a mechanism for managing asynchronous IO signal registrations.
It centralizes IO signal privilege checking and makes possible to revoke
a registration when the target process or process group is deleted.
Adapted from FreeBSD.
OK kettenis@ mpi@ guenther@
show more ...
|
| #
ae7a84cb |
| 03-Aug-2018 |
deraadt <deraadt@openbsd.org> |
wrap long lines
|
| #
3df37035 |
| 18-Jul-2018 |
bluhm <bluhm@openbsd.org> |
Revert the change that delivers process signals to any threads. As
side effect pending signals specifically sent to the main thread
were handled by other threads. This made gcj in textproc/pdftk
po
Revert the change that delivers process signals to any threads. As
side effect pending signals specifically sent to the main thread
were handled by other threads. This made gcj in textproc/pdftk
port build stall.
Noticed and tested by espie@.
show more ...
|
| #
3f0b5862 |
| 11-Jul-2018 |
bluhm <bluhm@openbsd.org> |
If no thread can immediately handle a signal, which has been sent
to the process, it is made pending at the main thread. There it
could hang forever. So also check the main thread for signal
delive
If no thread can immediately handle a signal, which has been sent
to the process, it is made pending at the main thread. There it
could hang forever. So also check the main thread for signal
delivery. This workaround fixes hung tests in posixtestsuite. The
proper solution would be to split pending signals for process and
threads.
input visa@; OK guenther@
show more ...
|
| #
4cf51ffb |
| 10-Jul-2018 |
guenther <guenther@openbsd.org> |
Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sends
Move from sendsig() to its callers the initsiginfo() calls and
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
show more ...
|
| #
36bb23f1 |
| 28-Apr-2018 |
visa <visa@openbsd.org> |
Clean up the parameters of VOP_LOCK() and VOP_UNLOCK(). It is always
curproc that does the locking or unlocking, so the proc parameter
is pointless and can be dropped.
OK mpi@, deraadt@
|
| #
003f5e42 |
| 12-Apr-2018 |
deraadt <deraadt@openbsd.org> |
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_att
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
show more ...
|
| #
e45e9f2c |
| 27-Mar-2018 |
mpi <mpi@openbsd.org> |
Exclude SIGKILL from ptrace(2) interception.
This can lead to a deadlock where the parent waits infinitely for the
traced process.
Original problem reported by tb@ and worked around by visa@ for re
Exclude SIGKILL from ptrace(2) interception.
This can lead to a deadlock where the parent waits infinitely for the
traced process.
Original problem reported by tb@ and worked around by visa@ for release
by not calling CURSIG() twice in userret().
ok tb@, visa@
show more ...
|
| #
b443dca0 |
| 24-Mar-2018 |
visa <visa@openbsd.org> |
Avoid calling issignal() twice on signal delivery in order not
to generate more than one ptrace(2) event. Do that by checking
pending signals first without altering any state. If there is
an unmasked
Avoid calling issignal() twice on signal delivery in order not
to generate more than one ptrace(2) event. Do that by checking
pending signals first without altering any state. If there is
an unmasked signal ready for delivery, acquire the kernel lock
and redo the checks in issignal().
This prevents gdb from blocking on exit when it attempts to kill
an attached process, issue reported by tb@.
OK mpi@, deraadt@
show more ...
|
| #
879edb36 |
| 26-Feb-2018 |
mpi <mpi@openbsd.org> |
Fix a TOCTOU race that causes signals to be delivered more than once.
The race is only triggerable if one of the threads of a multi-threaded
program is in the middle of a NOLOCK syscall when a signa
Fix a TOCTOU race that causes signals to be delivered more than once.
The race is only triggerable if one of the threads of a multi-threaded
program is in the middle of a NOLOCK syscall when a signal is received.
The problem is that `ps_sigact' is shared between threads so its access
should be serialized. In the case of SA_RESETHAND, the handler is reset
when a signal is delivered, so delivering the signal twice would put the
process in an "impossible" state where some threads were stopped and some
were waiting for the others to die.
Serialize signal checking & processing with the KERNEL_LOCK() for now,
and introduce postsig_done() gypped from FreeBSD, to make sure the lock
is held when resetting the handler.
Bug report from espie@, ok visa@
show more ...
|
| #
3e676399 |
| 19-Feb-2018 |
mpi <mpi@openbsd.org> |
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from mill
Remove almost unused `flags' argument of suser().
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
show more ...
|
| #
c0cd3489 |
| 30-Dec-2017 |
guenther <guenther@openbsd.org> |
Don't pull in <sys/file.h> just to get fcntl.h
ok deraadt@ krw@
|
| #
dd7eec12 |
| 27-Nov-2017 |
guenther <guenther@openbsd.org> |
Fix comment typo
|
| #
8788635f |
| 08-Jun-2017 |
bluhm <bluhm@openbsd.org> |
ASLR, W^X, and guard pages trigger processor traps that result in
SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible
in lastcomm(1). This also works if a programm tries to hide th
ASLR, W^X, and guard pages trigger processor traps that result in
SIGILL, SIGBUS, SIGSEGV signals. Make such memory violations visible
in lastcomm(1). This also works if a programm tries to hide them
with a signal handler. Manual kill -SEGV does not generate false
positives.
OK deraadt@
show more ...
|
| #
a7c28c92 |
| 20-Apr-2017 |
visa <visa@openbsd.org> |
Add a port of witness(4) lock validation tool from FreeBSD.
Go-ahead from kettenis@, guenther@, deraadt@
|
| #
e165cac9 |
| 14-Apr-2017 |
bluhm <bluhm@openbsd.org> |
Avoid some false positives with cppcheck. No binary change.
OK jsg@
|