vfs/procfs: Whitespace and style fixes

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restricti

kernel - Add per-process capability-based restrictions

* This new system allows userland to set capability restrictions which
turns off numerous kernel features and root accesses. These restrictions
are inherited by sub-processes recursively. Once set, restrictions cannot
be removed.

Basic restrictions that mimic an unadorned jail can be enabled without
creating a jail, but generally speaking real security also requires
creating a chrooted filesystem topology, and a jail is still needed
to really segregate processes from each other. If you do so, however,
you can (for example) disable mount/umount and most global root-only
features.

* Add new system calls and a manual page for syscap_get(2) and syscap_set(2)

* Add sys/caps.h

* Add the "setcaps" userland utility and manual page.

* Remove priv.9 and the priv_check infrastructure, replacing it with
a newly designed caps infrastructure.

* The intention is to add path restriction lists and similar features to
improve jailess security in the near future, and to optimize the
priv_check code.

show more ...

kernel - Remove P_SWAPPEDOUT flag and paging mode

* This code basically no longer functions in any worthwhile or
useful manner, remove it.

The code harkens back to a time when machines had very

kernel - Remove P_SWAPPEDOUT flag and paging mode

* This code basically no longer functions in any worthwhile or
useful manner, remove it.

The code harkens back to a time when machines had very little
memory and had to time-share processes by actually descheduling
them for long periods of time (like 20 seconds) and paging out
the related memory.

In modern times the chooser algorithm just doesn't work well
because we can no longer assume that programs with large
memory footprints can be demoted.

* In modern times machines have sufficient memory to rely almost
entirely on the VM fault and pageout scan. The latencies caused
by fault-ins are usually sufficient to demote paging-intensive
processes while allowing the machine to continue to function.

If functionality need to be added back in, it can be added back
in on the fault path and not here.

show more ...

kernel: Remove <sys/mplock2.h> from all files that do not need it.

kernel: Remove numerous #include <sys/thread2.h>.

Most of them were added when we converted spl*() calls to
crit_enter()/crit_exit(), almost 14 years ago. We can now
remove a good chunk of them agai

kernel: Remove numerous #include <sys/thread2.h>.

Most of them were added when we converted spl*() calls to
crit_enter()/crit_exit(), almost 14 years ago. We can now
remove a good chunk of them again for where crit_*() are
no longer used.

I had to adjust some files that were relying on thread2.h
or headers that it includes coming in via other headers
that it was removed from.

show more ...

kernel - Optimize lwp-specific signaling.

* Optimize the signal code to remove most instances of needing proc->p_token
when lwp-specific signals are sent.

* Add a CURSIG_LCK_TRACE() macro which c

kernel - Optimize lwp-specific signaling.

* Optimize the signal code to remove most instances of needing proc->p_token
when lwp-specific signals are sent.

* Add a CURSIG_LCK_TRACE() macro which can now return with p_token held, and
pass the status to postsig() which then consumes it.

* lwpsignal() now tries very hard to avoid acquiring proc->p_token.

* Significantly improves vkernel operation under heavy (vkernel) IPI loads.

show more ...

kernel - Fix panic during coredump

* multi-threaded coredumps were not stopping all other threads before
attempting to scan the vm_map, resulting in numerous possible panics.

* Add a new process

kernel - Fix panic during coredump

* multi-threaded coredumps were not stopping all other threads before
attempting to scan the vm_map, resulting in numerous possible panics.

* Add a new process state, SCORE, indicating that a core dump is in progress
and adjust proc_stop() and friends as well as any code which tests the
SSTOP state. SCORE overrides SSTOP.

* The coredump code actively waits for all running threads to stop before
proceeding.

* Prevent a deadlock between a SIGKILL and core dump in progress by
temporarily counting the master exit thread as a stopped thread (which
allows the coredump to proceed and finish).

Reported-by: marino

show more ...

kernel - proc_token removal pass stage 1/2

* Remove proc_token use from all subsystems except kern/kern_proc.c.

* The token had become mostly useless in these subsystems now that process
locking

kernel - proc_token removal pass stage 1/2

* Remove proc_token use from all subsystems except kern/kern_proc.c.

* The token had become mostly useless in these subsystems now that process
locking is more fine-grained. Do the final wipe of proc_token except for
allproc/zombproc list use in kern_proc.c

show more ...

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadl

Correct BSD License clause numbering from 1-2-4 to 1-2-3.

Apparently everyone's doing it:
http://svnweb.freebsd.org/base?view=revision&revision=251069

Submitted-by: "Eitan Adler" <lists at eitanadler.com>

show more ...

Remove advertising clause from all that isn't contrib or userland bin.

By: Eitan Adler <lists@eitanadler.com>

Initial import of binutils 2.22 on the new vendor branch

Future versions of binutils will also reside on this branch rather
than continuing to create new binutils branches for each new version.

kernel - Attempt to make procfs MPSAFE (3)

* More fixes to silly bugs. Well, I did say 'attempt' :-)

kernel - Attempt to make procfs MPSAFE

* pfs_pfind() now acquires the p->p_token in addition to its PHOLD().

* Replace PRELE()'s with pfs_pdone() which releases the token along
with PRELE()

* Do

kernel - Attempt to make procfs MPSAFE

* pfs_pfind() now acquires the p->p_token in addition to its PHOLD().

* Replace PRELE()'s with pfs_pdone() which releases the token along
with PRELE()

* Double-check the validity of nch's passed to cache_fullpath(). This
probably still needs work.

Reported-by: swildner

show more ...

kernel - Major signal path adjustments to fix races, tsleep race fixes, +more

* Refactor the signal code to properly hold the lp->lwp_token. In
particular the ksignal() and lwp_signotify() paths.

kernel - Major signal path adjustments to fix races, tsleep race fixes, +more

* Refactor the signal code to properly hold the lp->lwp_token. In
particular the ksignal() and lwp_signotify() paths.

* The tsleep() path must also hold lp->lwp_token to properly handle
lp->lwp_stat states and interlocks.

* Refactor the timeout code in tsleep() to ensure that endtsleep() is only
called from the proper context, and fix races between endtsleep() and
lwkt_switch().

* Rename proc->p_flag to proc->p_flags

* Rename lwp->lwp_flag to lwp->lwp_flags

* Add lwp->lwp_mpflags and move flags which require atomic ops (are adjusted
when not the current thread) to the new field.

* Add td->td_mpflags and move flags which require atomic ops (are adjusted
when not the current thread) to the new field.

* Add some freeze testing code to the x86-64 trap code (default disabled).

show more ...

kernel = Fix tsleep(), remove MAILBOX signals, change signalset locks for LWPs

* tsleep() was improperly calling lwkt_gettoken() and potentially blocking
prior to sleeping, which it isn't supposed

kernel = Fix tsleep(), remove MAILBOX signals, change signalset locks for LWPs

* tsleep() was improperly calling lwkt_gettoken() and potentially blocking
prior to sleeping, which it isn't supposed to do.

This may have been the cause of several odd panics and corruption, though
no smoking gun was found.

* Change access to lp->lwp_siglist to use a spinlock instead of a token.
Add a per-LWP spinlock in addition to the per-LWP token.

* Remove MAILBOX signals (which require p->p_token). These are no longer
used.

show more ...

Merge branch 'master' of ssh://crater.dragonflybsd.org/repository/git/dragonfly into devel

Merge branch 'master' of git://chlamydia.fs.ei.tum.de/dragonfly

Merge branches 'master' and 'suser_to_priv'

Conflicts:

sys/netinet/ip_carp.c
sys/platform/pc64/amd64/machdep.c

Fix missing includes

Rework stopping of procs.

Before, proc_stop() would sleep until all running lwps stopped. This
break when a stop signal is actually coming from the console and is
executed in the context of the idl

Rework stopping of procs.

Before, proc_stop() would sleep until all running lwps stopped. This
break when a stop signal is actually coming from the console and is
executed in the context of the idle thread.

Now we count all sleeping threads as stopped and also set LWP_WSTOP to
indicate so. These threads will stop before return to userland.
Running threads (including the current one) will eventually stop when
returning to userland and will increase p_nstopped. The last thread
stopping will then send a signal to the parent process.

Discussed-with: Thomas E. Spanjaard <tgen@netphreax.net>

show more ...

Get rid of struct user/UAREA.

Merge procsig with sigacts and replace usage of procsig with
sigacts, like it used to be in 4.4BSD.

Put signal-related inline functions in sys/signal2.h.

Reviewed-by:

Get rid of struct user/UAREA.

Merge procsig with sigacts and replace usage of procsig with
sigacts, like it used to be in 4.4BSD.

Put signal-related inline functions in sys/signal2.h.

Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>

show more ...

1:1 Userland threading stage 4.2/4:

Make signal system fully lwp-aware by splitting ksignal() in appropriate
functions. Introduce lwpsignal(), which now contains the logic of
ksignal(), but can be

1:1 Userland threading stage 4.2/4:

Make signal system fully lwp-aware by splitting ksignal() in appropriate
functions. Introduce lwpsignal(), which now contains the logic of
ksignal(), but can be used to deliver a signal to a specific lwp.

Convert consumers of ksignal() to use lwpsignal() when they actually
generate a thread-specific signal.

Fully implement proc_stop() and proc_unstop().

Reviewed-by: Thomas E. Spanjaard <tgen@netphreax.net>

show more ...

1:1 Userland threading stage 2.20/4:

Unify access to pending threads with a new function, lwp_sigpend(), which
returns pending signals for the lwp, which includes both lwp-specific
signals and signa

1:1 Userland threading stage 2.20/4:

Unify access to pending threads with a new function, lwp_sigpend(), which
returns pending signals for the lwp, which includes both lwp-specific
signals and signals pending on the process. The new function lwp_delsig()
is used to remove a certain signal from the pending set of both process and
lwp.

Rework the places which access the pending signal list to either use those
two functions or, where not possibly, to work on both lwp and proc signal
lists.

show more ...

1:1 Userland threading stage 2.18/4:

Push lwp use a bit further by making some places lwp aware.
This commit deals with ddb, procfs/ptrace and various consumers of
allproc_scan.

1:1 Userland threading stage 2.13/4:

Move P_SINTR and P_BREAKTSLEEP into lwp_flag.

Introduce proc_stop and proc_unstop to handle the transition of a complete proc
to and from stopped state. This i

1:1 Userland threading stage 2.13/4:

Move P_SINTR and P_BREAKTSLEEP into lwp_flag.

Introduce proc_stop and proc_unstop to handle the transition of a complete proc
to and from stopped state. This is influenced by NetBSD.

show more ...