1 /* $NetBSD: kern_proc.c,v 1.168 2010/07/07 01:30:37 chs Exp $ */ 2 3 /*- 4 * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc. 5 * All rights reserved. 6 * 7 * This code is derived from software contributed to The NetBSD Foundation 8 * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility, 9 * NASA Ames Research Center, and by Andrew Doran. 10 * 11 * Redistribution and use in source and binary forms, with or without 12 * modification, are permitted provided that the following conditions 13 * are met: 14 * 1. Redistributions of source code must retain the above copyright 15 * notice, this list of conditions and the following disclaimer. 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in the 18 * documentation and/or other materials provided with the distribution. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 22 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 23 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 24 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 */ 32 33 /* 34 * Copyright (c) 1982, 1986, 1989, 1991, 1993 35 * The Regents of the University of California. All rights reserved. 36 * 37 * Redistribution and use in source and binary forms, with or without 38 * modification, are permitted provided that the following conditions 39 * are met: 40 * 1. Redistributions of source code must retain the above copyright 41 * notice, this list of conditions and the following disclaimer. 42 * 2. Redistributions in binary form must reproduce the above copyright 43 * notice, this list of conditions and the following disclaimer in the 44 * documentation and/or other materials provided with the distribution. 45 * 3. Neither the name of the University nor the names of its contributors 46 * may be used to endorse or promote products derived from this software 47 * without specific prior written permission. 48 * 49 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 50 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 51 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 52 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 53 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 54 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 55 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 56 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 57 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 58 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 59 * SUCH DAMAGE. 60 * 61 * @(#)kern_proc.c 8.7 (Berkeley) 2/14/95 62 */ 63 64 #include <sys/cdefs.h> 65 __KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.168 2010/07/07 01:30:37 chs Exp $"); 66 67 #ifdef _KERNEL_OPT 68 #include "opt_kstack.h" 69 #include "opt_maxuprc.h" 70 #include "opt_dtrace.h" 71 #endif 72 73 #include <sys/param.h> 74 #include <sys/systm.h> 75 #include <sys/kernel.h> 76 #include <sys/proc.h> 77 #include <sys/resourcevar.h> 78 #include <sys/buf.h> 79 #include <sys/acct.h> 80 #include <sys/wait.h> 81 #include <sys/file.h> 82 #include <ufs/ufs/quota.h> 83 #include <sys/uio.h> 84 #include <sys/pool.h> 85 #include <sys/pset.h> 86 #include <sys/mbuf.h> 87 #include <sys/ioctl.h> 88 #include <sys/tty.h> 89 #include <sys/signalvar.h> 90 #include <sys/ras.h> 91 #include <sys/sa.h> 92 #include <sys/savar.h> 93 #include <sys/filedesc.h> 94 #include "sys/syscall_stats.h" 95 #include <sys/kauth.h> 96 #include <sys/sleepq.h> 97 #include <sys/atomic.h> 98 #include <sys/kmem.h> 99 #include <sys/dtrace_bsd.h> 100 101 #include <uvm/uvm.h> 102 #include <uvm/uvm_extern.h> 103 104 /* 105 * Other process lists 106 */ 107 108 struct proclist allproc; 109 struct proclist zombproc; /* resources have been freed */ 110 111 kmutex_t *proc_lock; 112 113 /* 114 * pid to proc lookup is done by indexing the pid_table array. 115 * Since pid numbers are only allocated when an empty slot 116 * has been found, there is no need to search any lists ever. 117 * (an orphaned pgrp will lock the slot, a session will lock 118 * the pgrp with the same number.) 119 * If the table is too small it is reallocated with twice the 120 * previous size and the entries 'unzipped' into the two halves. 121 * A linked list of free entries is passed through the pt_proc 122 * field of 'free' items - set odd to be an invalid ptr. 123 */ 124 125 struct pid_table { 126 struct proc *pt_proc; 127 struct pgrp *pt_pgrp; 128 pid_t pt_pid; 129 }; 130 #if 1 /* strongly typed cast - should be a noop */ 131 static inline uint p2u(struct proc *p) { return (uint)(uintptr_t)p; } 132 #else 133 #define p2u(p) ((uint)p) 134 #endif 135 #define P_VALID(p) (!(p2u(p) & 1)) 136 #define P_NEXT(p) (p2u(p) >> 1) 137 #define P_FREE(pid) ((struct proc *)(uintptr_t)((pid) << 1 | 1)) 138 139 #define INITIAL_PID_TABLE_SIZE (1 << 5) 140 static struct pid_table *pid_table; 141 static uint pid_tbl_mask = INITIAL_PID_TABLE_SIZE - 1; 142 static uint pid_alloc_lim; /* max we allocate before growing table */ 143 static uint pid_alloc_cnt; /* number of allocated pids */ 144 145 /* links through free slots - never empty! */ 146 static uint next_free_pt, last_free_pt; 147 static pid_t pid_max = PID_MAX; /* largest value we allocate */ 148 149 /* Components of the first process -- never freed. */ 150 151 extern struct emul emul_netbsd; /* defined in kern_exec.c */ 152 153 struct session session0 = { 154 .s_count = 1, 155 .s_sid = 0, 156 }; 157 struct pgrp pgrp0 = { 158 .pg_members = LIST_HEAD_INITIALIZER(&pgrp0.pg_members), 159 .pg_session = &session0, 160 }; 161 filedesc_t filedesc0; 162 struct cwdinfo cwdi0 = { 163 .cwdi_cmask = CMASK, /* see cmask below */ 164 .cwdi_refcnt = 1, 165 }; 166 struct plimit limit0; 167 struct pstats pstat0; 168 struct vmspace vmspace0; 169 struct sigacts sigacts0; 170 struct proc proc0 = { 171 .p_lwps = LIST_HEAD_INITIALIZER(&proc0.p_lwps), 172 .p_sigwaiters = LIST_HEAD_INITIALIZER(&proc0.p_sigwaiters), 173 .p_nlwps = 1, 174 .p_nrlwps = 1, 175 .p_nlwpid = 1, /* must match lwp0.l_lid */ 176 .p_pgrp = &pgrp0, 177 .p_comm = "system", 178 /* 179 * Set P_NOCLDWAIT so that kernel threads are reparented to init(8) 180 * when they exit. init(8) can easily wait them out for us. 181 */ 182 .p_flag = PK_SYSTEM | PK_NOCLDWAIT, 183 .p_stat = SACTIVE, 184 .p_nice = NZERO, 185 .p_emul = &emul_netbsd, 186 .p_cwdi = &cwdi0, 187 .p_limit = &limit0, 188 .p_fd = &filedesc0, 189 .p_vmspace = &vmspace0, 190 .p_stats = &pstat0, 191 .p_sigacts = &sigacts0, 192 }; 193 kauth_cred_t cred0; 194 195 int nofile = NOFILE; 196 int maxuprc = MAXUPRC; 197 int cmask = CMASK; 198 199 MALLOC_DEFINE(M_EMULDATA, "emuldata", "Per-process emulation data"); 200 MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures"); 201 202 /* 203 * The process list descriptors, used during pid allocation and 204 * by sysctl. No locking on this data structure is needed since 205 * it is completely static. 206 */ 207 const struct proclist_desc proclists[] = { 208 { &allproc }, 209 { &zombproc }, 210 { NULL }, 211 }; 212 213 static struct pgrp * pg_remove(pid_t); 214 static void pg_delete(pid_t); 215 static void orphanpg(struct pgrp *); 216 217 static specificdata_domain_t proc_specificdata_domain; 218 219 static pool_cache_t proc_cache; 220 221 static kauth_listener_t proc_listener; 222 223 static int 224 proc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie, 225 void *arg0, void *arg1, void *arg2, void *arg3) 226 { 227 struct proc *p; 228 int result; 229 230 result = KAUTH_RESULT_DEFER; 231 p = arg0; 232 233 switch (action) { 234 case KAUTH_PROCESS_CANSEE: { 235 enum kauth_process_req req; 236 237 req = (enum kauth_process_req)arg1; 238 239 switch (req) { 240 case KAUTH_REQ_PROCESS_CANSEE_ARGS: 241 case KAUTH_REQ_PROCESS_CANSEE_ENTRY: 242 case KAUTH_REQ_PROCESS_CANSEE_OPENFILES: 243 result = KAUTH_RESULT_ALLOW; 244 245 break; 246 247 case KAUTH_REQ_PROCESS_CANSEE_ENV: 248 if (kauth_cred_getuid(cred) != 249 kauth_cred_getuid(p->p_cred) || 250 kauth_cred_getuid(cred) != 251 kauth_cred_getsvuid(p->p_cred)) 252 break; 253 254 result = KAUTH_RESULT_ALLOW; 255 256 break; 257 258 default: 259 break; 260 } 261 262 break; 263 } 264 265 case KAUTH_PROCESS_FORK: { 266 int lnprocs = (int)(unsigned long)arg2; 267 268 /* 269 * Don't allow a nonprivileged user to use the last few 270 * processes. The variable lnprocs is the current number of 271 * processes, maxproc is the limit. 272 */ 273 if (__predict_false((lnprocs >= maxproc - 5))) 274 break; 275 276 result = KAUTH_RESULT_ALLOW; 277 278 break; 279 } 280 281 case KAUTH_PROCESS_CORENAME: 282 case KAUTH_PROCESS_STOPFLAG: 283 if (proc_uidmatch(cred, p->p_cred) == 0) 284 result = KAUTH_RESULT_ALLOW; 285 286 break; 287 288 default: 289 break; 290 } 291 292 return result; 293 } 294 295 /* 296 * Initialize global process hashing structures. 297 */ 298 void 299 procinit(void) 300 { 301 const struct proclist_desc *pd; 302 u_int i; 303 #define LINK_EMPTY ((PID_MAX + INITIAL_PID_TABLE_SIZE) & ~(INITIAL_PID_TABLE_SIZE - 1)) 304 305 for (pd = proclists; pd->pd_list != NULL; pd++) 306 LIST_INIT(pd->pd_list); 307 308 proc_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE); 309 pid_table = kmem_alloc(INITIAL_PID_TABLE_SIZE 310 * sizeof(struct pid_table), KM_SLEEP); 311 312 /* Set free list running through table... 313 Preset 'use count' above PID_MAX so we allocate pid 1 next. */ 314 for (i = 0; i <= pid_tbl_mask; i++) { 315 pid_table[i].pt_proc = P_FREE(LINK_EMPTY + i + 1); 316 pid_table[i].pt_pgrp = 0; 317 pid_table[i].pt_pid = 0; 318 } 319 /* slot 0 is just grabbed */ 320 next_free_pt = 1; 321 /* Need to fix last entry. */ 322 last_free_pt = pid_tbl_mask; 323 pid_table[last_free_pt].pt_proc = P_FREE(LINK_EMPTY); 324 /* point at which we grow table - to avoid reusing pids too often */ 325 pid_alloc_lim = pid_tbl_mask - 1; 326 #undef LINK_EMPTY 327 328 proc_specificdata_domain = specificdata_domain_create(); 329 KASSERT(proc_specificdata_domain != NULL); 330 331 proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0, 332 "procpl", NULL, IPL_NONE, NULL, NULL, NULL); 333 334 proc_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS, 335 proc_listener_cb, NULL); 336 } 337 338 /* 339 * Initialize process 0. 340 */ 341 void 342 proc0_init(void) 343 { 344 struct proc *p; 345 struct pgrp *pg; 346 rlim_t lim; 347 int i; 348 349 p = &proc0; 350 pg = &pgrp0; 351 352 mutex_init(&p->p_stmutex, MUTEX_DEFAULT, IPL_HIGH); 353 mutex_init(&p->p_auxlock, MUTEX_DEFAULT, IPL_NONE); 354 p->p_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE); 355 356 rw_init(&p->p_reflock); 357 cv_init(&p->p_waitcv, "wait"); 358 cv_init(&p->p_lwpcv, "lwpwait"); 359 360 LIST_INSERT_HEAD(&p->p_lwps, &lwp0, l_sibling); 361 362 pid_table[0].pt_proc = p; 363 LIST_INSERT_HEAD(&allproc, p, p_list); 364 365 pid_table[0].pt_pgrp = pg; 366 LIST_INSERT_HEAD(&pg->pg_members, p, p_pglist); 367 368 #ifdef __HAVE_SYSCALL_INTERN 369 (*p->p_emul->e_syscall_intern)(p); 370 #endif 371 372 /* Create credentials. */ 373 cred0 = kauth_cred_alloc(); 374 p->p_cred = cred0; 375 376 /* Create the CWD info. */ 377 rw_init(&cwdi0.cwdi_lock); 378 379 /* Create the limits structures. */ 380 mutex_init(&limit0.pl_lock, MUTEX_DEFAULT, IPL_NONE); 381 for (i = 0; i < __arraycount(limit0.pl_rlimit); i++) 382 limit0.pl_rlimit[i].rlim_cur = 383 limit0.pl_rlimit[i].rlim_max = RLIM_INFINITY; 384 385 limit0.pl_rlimit[RLIMIT_NOFILE].rlim_max = maxfiles; 386 limit0.pl_rlimit[RLIMIT_NOFILE].rlim_cur = 387 maxfiles < nofile ? maxfiles : nofile; 388 389 limit0.pl_rlimit[RLIMIT_NPROC].rlim_max = maxproc; 390 limit0.pl_rlimit[RLIMIT_NPROC].rlim_cur = 391 maxproc < maxuprc ? maxproc : maxuprc; 392 393 lim = MIN(VM_MAXUSER_ADDRESS, ctob((rlim_t)uvmexp.free)); 394 limit0.pl_rlimit[RLIMIT_RSS].rlim_max = lim; 395 limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_max = lim; 396 limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_cur = lim / 3; 397 limit0.pl_corename = defcorename; 398 limit0.pl_refcnt = 1; 399 limit0.pl_sv_limit = NULL; 400 401 /* Configure virtual memory system, set vm rlimits. */ 402 uvm_init_limits(p); 403 404 /* Initialize file descriptor table for proc0. */ 405 fd_init(&filedesc0); 406 407 /* 408 * Initialize proc0's vmspace, which uses the kernel pmap. 409 * All kernel processes (which never have user space mappings) 410 * share proc0's vmspace, and thus, the kernel pmap. 411 */ 412 uvmspace_init(&vmspace0, pmap_kernel(), round_page(VM_MIN_ADDRESS), 413 trunc_page(VM_MAX_ADDRESS)); 414 415 /* Initialize signal state for proc0. XXX IPL_SCHED */ 416 mutex_init(&p->p_sigacts->sa_mutex, MUTEX_DEFAULT, IPL_SCHED); 417 siginit(p); 418 419 proc_initspecific(p); 420 kdtrace_proc_ctor(NULL, p); 421 } 422 423 /* 424 * Session reference counting. 425 */ 426 427 void 428 proc_sesshold(struct session *ss) 429 { 430 431 KASSERT(mutex_owned(proc_lock)); 432 ss->s_count++; 433 } 434 435 void 436 proc_sessrele(struct session *ss) 437 { 438 439 KASSERT(mutex_owned(proc_lock)); 440 /* 441 * We keep the pgrp with the same id as the session in order to 442 * stop a process being given the same pid. Since the pgrp holds 443 * a reference to the session, it must be a 'zombie' pgrp by now. 444 */ 445 if (--ss->s_count == 0) { 446 struct pgrp *pg; 447 448 pg = pg_remove(ss->s_sid); 449 mutex_exit(proc_lock); 450 451 kmem_free(pg, sizeof(struct pgrp)); 452 kmem_free(ss, sizeof(struct session)); 453 } else { 454 mutex_exit(proc_lock); 455 } 456 } 457 458 /* 459 * Check that the specified process group is in the session of the 460 * specified process. 461 * Treats -ve ids as process ids. 462 * Used to validate TIOCSPGRP requests. 463 */ 464 int 465 pgid_in_session(struct proc *p, pid_t pg_id) 466 { 467 struct pgrp *pgrp; 468 struct session *session; 469 int error; 470 471 mutex_enter(proc_lock); 472 if (pg_id < 0) { 473 struct proc *p1 = proc_find(-pg_id); 474 if (p1 == NULL) { 475 error = EINVAL; 476 goto fail; 477 } 478 pgrp = p1->p_pgrp; 479 } else { 480 pgrp = pgrp_find(pg_id); 481 if (pgrp == NULL) { 482 error = EINVAL; 483 goto fail; 484 } 485 } 486 session = pgrp->pg_session; 487 error = (session != p->p_pgrp->pg_session) ? EPERM : 0; 488 fail: 489 mutex_exit(proc_lock); 490 return error; 491 } 492 493 /* 494 * p_inferior: is p an inferior of q? 495 */ 496 static inline bool 497 p_inferior(struct proc *p, struct proc *q) 498 { 499 500 KASSERT(mutex_owned(proc_lock)); 501 502 for (; p != q; p = p->p_pptr) 503 if (p->p_pid == 0) 504 return false; 505 return true; 506 } 507 508 /* 509 * proc_find: locate a process by the ID. 510 * 511 * => Must be called with proc_lock held. 512 */ 513 proc_t * 514 proc_find_raw(pid_t pid) 515 { 516 struct pid_table *pt; 517 proc_t *p; 518 519 KASSERT(mutex_owned(proc_lock)); 520 pt = &pid_table[pid & pid_tbl_mask]; 521 p = pt->pt_proc; 522 if (__predict_false(!P_VALID(p) || pt->pt_pid != pid)) { 523 return NULL; 524 } 525 return p; 526 } 527 528 proc_t * 529 proc_find(pid_t pid) 530 { 531 proc_t *p; 532 533 p = proc_find_raw(pid); 534 if (__predict_false(p == NULL)) { 535 return NULL; 536 } 537 538 /* 539 * Only allow live processes to be found by PID. 540 * XXX: p_stat might change, since unlocked. 541 */ 542 if (__predict_true(p->p_stat == SACTIVE || p->p_stat == SSTOP)) { 543 return p; 544 } 545 return NULL; 546 } 547 548 /* 549 * pgrp_find: locate a process group by the ID. 550 * 551 * => Must be called with proc_lock held. 552 */ 553 struct pgrp * 554 pgrp_find(pid_t pgid) 555 { 556 struct pgrp *pg; 557 558 KASSERT(mutex_owned(proc_lock)); 559 560 pg = pid_table[pgid & pid_tbl_mask].pt_pgrp; 561 562 /* 563 * Cannot look up a process group that only exists because the 564 * session has not died yet (traditional). 565 */ 566 if (pg == NULL || pg->pg_id != pgid || LIST_EMPTY(&pg->pg_members)) { 567 return NULL; 568 } 569 return pg; 570 } 571 572 static void 573 expand_pid_table(void) 574 { 575 size_t pt_size, tsz; 576 struct pid_table *n_pt, *new_pt; 577 struct proc *proc; 578 struct pgrp *pgrp; 579 pid_t pid, rpid; 580 u_int i; 581 uint new_pt_mask; 582 583 pt_size = pid_tbl_mask + 1; 584 tsz = pt_size * 2 * sizeof(struct pid_table); 585 new_pt = kmem_alloc(tsz, KM_SLEEP); 586 new_pt_mask = pt_size * 2 - 1; 587 588 mutex_enter(proc_lock); 589 if (pt_size != pid_tbl_mask + 1) { 590 /* Another process beat us to it... */ 591 mutex_exit(proc_lock); 592 kmem_free(new_pt, tsz); 593 return; 594 } 595 596 /* 597 * Copy entries from old table into new one. 598 * If 'pid' is 'odd' we need to place in the upper half, 599 * even pid's to the lower half. 600 * Free items stay in the low half so we don't have to 601 * fixup the reference to them. 602 * We stuff free items on the front of the freelist 603 * because we can't write to unmodified entries. 604 * Processing the table backwards maintains a semblance 605 * of issuing pid numbers that increase with time. 606 */ 607 i = pt_size - 1; 608 n_pt = new_pt + i; 609 for (; ; i--, n_pt--) { 610 proc = pid_table[i].pt_proc; 611 pgrp = pid_table[i].pt_pgrp; 612 if (!P_VALID(proc)) { 613 /* Up 'use count' so that link is valid */ 614 pid = (P_NEXT(proc) + pt_size) & ~pt_size; 615 rpid = 0; 616 proc = P_FREE(pid); 617 if (pgrp) 618 pid = pgrp->pg_id; 619 } else { 620 pid = pid_table[i].pt_pid; 621 rpid = pid; 622 } 623 624 /* Save entry in appropriate half of table */ 625 n_pt[pid & pt_size].pt_proc = proc; 626 n_pt[pid & pt_size].pt_pgrp = pgrp; 627 n_pt[pid & pt_size].pt_pid = rpid; 628 629 /* Put other piece on start of free list */ 630 pid = (pid ^ pt_size) & ~pid_tbl_mask; 631 n_pt[pid & pt_size].pt_proc = 632 P_FREE((pid & ~pt_size) | next_free_pt); 633 n_pt[pid & pt_size].pt_pgrp = 0; 634 n_pt[pid & pt_size].pt_pid = 0; 635 636 next_free_pt = i | (pid & pt_size); 637 if (i == 0) 638 break; 639 } 640 641 /* Save old table size and switch tables */ 642 tsz = pt_size * sizeof(struct pid_table); 643 n_pt = pid_table; 644 pid_table = new_pt; 645 pid_tbl_mask = new_pt_mask; 646 647 /* 648 * pid_max starts as PID_MAX (= 30000), once we have 16384 649 * allocated pids we need it to be larger! 650 */ 651 if (pid_tbl_mask > PID_MAX) { 652 pid_max = pid_tbl_mask * 2 + 1; 653 pid_alloc_lim |= pid_alloc_lim << 1; 654 } else 655 pid_alloc_lim <<= 1; /* doubles number of free slots... */ 656 657 mutex_exit(proc_lock); 658 kmem_free(n_pt, tsz); 659 } 660 661 struct proc * 662 proc_alloc(void) 663 { 664 struct proc *p; 665 666 p = pool_cache_get(proc_cache, PR_WAITOK); 667 p->p_stat = SIDL; /* protect against others */ 668 proc_initspecific(p); 669 kdtrace_proc_ctor(NULL, p); 670 p->p_pid = -1; 671 proc_alloc_pid(p); 672 return p; 673 } 674 675 pid_t 676 proc_alloc_pid(struct proc *p) 677 { 678 struct pid_table *pt; 679 pid_t pid; 680 int nxt; 681 682 for (;;expand_pid_table()) { 683 if (__predict_false(pid_alloc_cnt >= pid_alloc_lim)) 684 /* ensure pids cycle through 2000+ values */ 685 continue; 686 mutex_enter(proc_lock); 687 pt = &pid_table[next_free_pt]; 688 #ifdef DIAGNOSTIC 689 if (__predict_false(P_VALID(pt->pt_proc) || pt->pt_pgrp)) 690 panic("proc_alloc: slot busy"); 691 #endif 692 nxt = P_NEXT(pt->pt_proc); 693 if (nxt & pid_tbl_mask) 694 break; 695 /* Table full - expand (NB last entry not used....) */ 696 mutex_exit(proc_lock); 697 } 698 699 /* pid is 'saved use count' + 'size' + entry */ 700 pid = (nxt & ~pid_tbl_mask) + pid_tbl_mask + 1 + next_free_pt; 701 if ((uint)pid > (uint)pid_max) 702 pid &= pid_tbl_mask; 703 next_free_pt = nxt & pid_tbl_mask; 704 705 /* Grab table slot */ 706 pt->pt_proc = p; 707 708 KASSERT(pt->pt_pid == 0); 709 pt->pt_pid = pid; 710 if (p->p_pid == -1) { 711 p->p_pid = pid; 712 } 713 pid_alloc_cnt++; 714 mutex_exit(proc_lock); 715 716 return pid; 717 } 718 719 /* 720 * Free a process id - called from proc_free (in kern_exit.c) 721 * 722 * Called with the proc_lock held. 723 */ 724 void 725 proc_free_pid(pid_t pid) 726 { 727 struct pid_table *pt; 728 729 KASSERT(mutex_owned(proc_lock)); 730 731 pt = &pid_table[pid & pid_tbl_mask]; 732 733 /* save pid use count in slot */ 734 pt->pt_proc = P_FREE(pid & ~pid_tbl_mask); 735 KASSERT(pt->pt_pid == pid); 736 pt->pt_pid = 0; 737 738 if (pt->pt_pgrp == NULL) { 739 /* link last freed entry onto ours */ 740 pid &= pid_tbl_mask; 741 pt = &pid_table[last_free_pt]; 742 pt->pt_proc = P_FREE(P_NEXT(pt->pt_proc) | pid); 743 pt->pt_pid = 0; 744 last_free_pt = pid; 745 pid_alloc_cnt--; 746 } 747 748 atomic_dec_uint(&nprocs); 749 } 750 751 void 752 proc_free_mem(struct proc *p) 753 { 754 755 kdtrace_proc_dtor(NULL, p); 756 pool_cache_put(proc_cache, p); 757 } 758 759 /* 760 * proc_enterpgrp: move p to a new or existing process group (and session). 761 * 762 * If we are creating a new pgrp, the pgid should equal 763 * the calling process' pid. 764 * If is only valid to enter a process group that is in the session 765 * of the process. 766 * Also mksess should only be set if we are creating a process group 767 * 768 * Only called from sys_setsid and sys_setpgid. 769 */ 770 int 771 proc_enterpgrp(struct proc *curp, pid_t pid, pid_t pgid, bool mksess) 772 { 773 struct pgrp *new_pgrp, *pgrp; 774 struct session *sess; 775 struct proc *p; 776 int rval; 777 pid_t pg_id = NO_PGID; 778 779 sess = mksess ? kmem_alloc(sizeof(*sess), KM_SLEEP) : NULL; 780 781 /* Allocate data areas we might need before doing any validity checks */ 782 mutex_enter(proc_lock); /* Because pid_table might change */ 783 if (pid_table[pgid & pid_tbl_mask].pt_pgrp == 0) { 784 mutex_exit(proc_lock); 785 new_pgrp = kmem_alloc(sizeof(*new_pgrp), KM_SLEEP); 786 mutex_enter(proc_lock); 787 } else 788 new_pgrp = NULL; 789 rval = EPERM; /* most common error (to save typing) */ 790 791 /* Check pgrp exists or can be created */ 792 pgrp = pid_table[pgid & pid_tbl_mask].pt_pgrp; 793 if (pgrp != NULL && pgrp->pg_id != pgid) 794 goto done; 795 796 /* Can only set another process under restricted circumstances. */ 797 if (pid != curp->p_pid) { 798 /* Must exist and be one of our children... */ 799 p = proc_find(pid); 800 if (p == NULL || !p_inferior(p, curp)) { 801 rval = ESRCH; 802 goto done; 803 } 804 /* ... in the same session... */ 805 if (sess != NULL || p->p_session != curp->p_session) 806 goto done; 807 /* ... existing pgid must be in same session ... */ 808 if (pgrp != NULL && pgrp->pg_session != p->p_session) 809 goto done; 810 /* ... and not done an exec. */ 811 if (p->p_flag & PK_EXEC) { 812 rval = EACCES; 813 goto done; 814 } 815 } else { 816 /* ... setsid() cannot re-enter a pgrp */ 817 if (mksess && (curp->p_pgid == curp->p_pid || 818 pgrp_find(curp->p_pid))) 819 goto done; 820 p = curp; 821 } 822 823 /* Changing the process group/session of a session 824 leader is definitely off limits. */ 825 if (SESS_LEADER(p)) { 826 if (sess == NULL && p->p_pgrp == pgrp) 827 /* unless it's a definite noop */ 828 rval = 0; 829 goto done; 830 } 831 832 /* Can only create a process group with id of process */ 833 if (pgrp == NULL && pgid != pid) 834 goto done; 835 836 /* Can only create a session if creating pgrp */ 837 if (sess != NULL && pgrp != NULL) 838 goto done; 839 840 /* Check we allocated memory for a pgrp... */ 841 if (pgrp == NULL && new_pgrp == NULL) 842 goto done; 843 844 /* Don't attach to 'zombie' pgrp */ 845 if (pgrp != NULL && LIST_EMPTY(&pgrp->pg_members)) 846 goto done; 847 848 /* Expect to succeed now */ 849 rval = 0; 850 851 if (pgrp == p->p_pgrp) 852 /* nothing to do */ 853 goto done; 854 855 /* Ok all setup, link up required structures */ 856 857 if (pgrp == NULL) { 858 pgrp = new_pgrp; 859 new_pgrp = NULL; 860 if (sess != NULL) { 861 sess->s_sid = p->p_pid; 862 sess->s_leader = p; 863 sess->s_count = 1; 864 sess->s_ttyvp = NULL; 865 sess->s_ttyp = NULL; 866 sess->s_flags = p->p_session->s_flags & ~S_LOGIN_SET; 867 memcpy(sess->s_login, p->p_session->s_login, 868 sizeof(sess->s_login)); 869 p->p_lflag &= ~PL_CONTROLT; 870 } else { 871 sess = p->p_pgrp->pg_session; 872 proc_sesshold(sess); 873 } 874 pgrp->pg_session = sess; 875 sess = NULL; 876 877 pgrp->pg_id = pgid; 878 LIST_INIT(&pgrp->pg_members); 879 #ifdef DIAGNOSTIC 880 if (__predict_false(pid_table[pgid & pid_tbl_mask].pt_pgrp)) 881 panic("enterpgrp: pgrp table slot in use"); 882 if (__predict_false(mksess && p != curp)) 883 panic("enterpgrp: mksession and p != curproc"); 884 #endif 885 pid_table[pgid & pid_tbl_mask].pt_pgrp = pgrp; 886 pgrp->pg_jobc = 0; 887 } 888 889 /* 890 * Adjust eligibility of affected pgrps to participate in job control. 891 * Increment eligibility counts before decrementing, otherwise we 892 * could reach 0 spuriously during the first call. 893 */ 894 fixjobc(p, pgrp, 1); 895 fixjobc(p, p->p_pgrp, 0); 896 897 /* Interlock with ttread(). */ 898 mutex_spin_enter(&tty_lock); 899 900 /* Move process to requested group. */ 901 LIST_REMOVE(p, p_pglist); 902 if (LIST_EMPTY(&p->p_pgrp->pg_members)) 903 /* defer delete until we've dumped the lock */ 904 pg_id = p->p_pgrp->pg_id; 905 p->p_pgrp = pgrp; 906 LIST_INSERT_HEAD(&pgrp->pg_members, p, p_pglist); 907 908 /* Done with the swap; we can release the tty mutex. */ 909 mutex_spin_exit(&tty_lock); 910 911 done: 912 if (pg_id != NO_PGID) { 913 /* Releases proc_lock. */ 914 pg_delete(pg_id); 915 } else { 916 mutex_exit(proc_lock); 917 } 918 if (sess != NULL) 919 kmem_free(sess, sizeof(*sess)); 920 if (new_pgrp != NULL) 921 kmem_free(new_pgrp, sizeof(*new_pgrp)); 922 #ifdef DEBUG_PGRP 923 if (__predict_false(rval)) 924 printf("enterpgrp(%d,%d,%d), curproc %d, rval %d\n", 925 pid, pgid, mksess, curp->p_pid, rval); 926 #endif 927 return rval; 928 } 929 930 /* 931 * proc_leavepgrp: remove a process from its process group. 932 * => must be called with the proc_lock held, which will be released; 933 */ 934 void 935 proc_leavepgrp(struct proc *p) 936 { 937 struct pgrp *pgrp; 938 939 KASSERT(mutex_owned(proc_lock)); 940 941 /* Interlock with ttread() */ 942 mutex_spin_enter(&tty_lock); 943 pgrp = p->p_pgrp; 944 LIST_REMOVE(p, p_pglist); 945 p->p_pgrp = NULL; 946 mutex_spin_exit(&tty_lock); 947 948 if (LIST_EMPTY(&pgrp->pg_members)) { 949 /* Releases proc_lock. */ 950 pg_delete(pgrp->pg_id); 951 } else { 952 mutex_exit(proc_lock); 953 } 954 } 955 956 /* 957 * pg_remove: remove a process group from the table. 958 * => must be called with the proc_lock held; 959 * => returns process group to free; 960 */ 961 static struct pgrp * 962 pg_remove(pid_t pg_id) 963 { 964 struct pgrp *pgrp; 965 struct pid_table *pt; 966 967 KASSERT(mutex_owned(proc_lock)); 968 969 pt = &pid_table[pg_id & pid_tbl_mask]; 970 pgrp = pt->pt_pgrp; 971 972 KASSERT(pgrp != NULL); 973 KASSERT(pgrp->pg_id == pg_id); 974 KASSERT(LIST_EMPTY(&pgrp->pg_members)); 975 976 pt->pt_pgrp = NULL; 977 978 if (!P_VALID(pt->pt_proc)) { 979 /* Orphaned pgrp, put slot onto free list. */ 980 KASSERT((P_NEXT(pt->pt_proc) & pid_tbl_mask) == 0); 981 pg_id &= pid_tbl_mask; 982 pt = &pid_table[last_free_pt]; 983 pt->pt_proc = P_FREE(P_NEXT(pt->pt_proc) | pg_id); 984 KASSERT(pt->pt_pid == 0); 985 last_free_pt = pg_id; 986 pid_alloc_cnt--; 987 } 988 return pgrp; 989 } 990 991 /* 992 * pg_delete: delete and free a process group. 993 * => must be called with the proc_lock held, which will be released. 994 */ 995 static void 996 pg_delete(pid_t pg_id) 997 { 998 struct pgrp *pg; 999 struct tty *ttyp; 1000 struct session *ss; 1001 1002 KASSERT(mutex_owned(proc_lock)); 1003 1004 pg = pid_table[pg_id & pid_tbl_mask].pt_pgrp; 1005 if (pg == NULL || pg->pg_id != pg_id || !LIST_EMPTY(&pg->pg_members)) { 1006 mutex_exit(proc_lock); 1007 return; 1008 } 1009 1010 ss = pg->pg_session; 1011 1012 /* Remove reference (if any) from tty to this process group */ 1013 mutex_spin_enter(&tty_lock); 1014 ttyp = ss->s_ttyp; 1015 if (ttyp != NULL && ttyp->t_pgrp == pg) { 1016 ttyp->t_pgrp = NULL; 1017 KASSERT(ttyp->t_session == ss); 1018 } 1019 mutex_spin_exit(&tty_lock); 1020 1021 /* 1022 * The leading process group in a session is freed by proc_sessrele(), 1023 * if last reference. Note: proc_sessrele() releases proc_lock. 1024 */ 1025 pg = (ss->s_sid != pg->pg_id) ? pg_remove(pg_id) : NULL; 1026 proc_sessrele(ss); 1027 1028 if (pg != NULL) { 1029 /* Free it, if was not done by proc_sessrele(). */ 1030 kmem_free(pg, sizeof(struct pgrp)); 1031 } 1032 } 1033 1034 /* 1035 * Adjust pgrp jobc counters when specified process changes process group. 1036 * We count the number of processes in each process group that "qualify" 1037 * the group for terminal job control (those with a parent in a different 1038 * process group of the same session). If that count reaches zero, the 1039 * process group becomes orphaned. Check both the specified process' 1040 * process group and that of its children. 1041 * entering == 0 => p is leaving specified group. 1042 * entering == 1 => p is entering specified group. 1043 * 1044 * Call with proc_lock held. 1045 */ 1046 void 1047 fixjobc(struct proc *p, struct pgrp *pgrp, int entering) 1048 { 1049 struct pgrp *hispgrp; 1050 struct session *mysession = pgrp->pg_session; 1051 struct proc *child; 1052 1053 KASSERT(mutex_owned(proc_lock)); 1054 1055 /* 1056 * Check p's parent to see whether p qualifies its own process 1057 * group; if so, adjust count for p's process group. 1058 */ 1059 hispgrp = p->p_pptr->p_pgrp; 1060 if (hispgrp != pgrp && hispgrp->pg_session == mysession) { 1061 if (entering) { 1062 pgrp->pg_jobc++; 1063 p->p_lflag &= ~PL_ORPHANPG; 1064 } else if (--pgrp->pg_jobc == 0) 1065 orphanpg(pgrp); 1066 } 1067 1068 /* 1069 * Check this process' children to see whether they qualify 1070 * their process groups; if so, adjust counts for children's 1071 * process groups. 1072 */ 1073 LIST_FOREACH(child, &p->p_children, p_sibling) { 1074 hispgrp = child->p_pgrp; 1075 if (hispgrp != pgrp && hispgrp->pg_session == mysession && 1076 !P_ZOMBIE(child)) { 1077 if (entering) { 1078 child->p_lflag &= ~PL_ORPHANPG; 1079 hispgrp->pg_jobc++; 1080 } else if (--hispgrp->pg_jobc == 0) 1081 orphanpg(hispgrp); 1082 } 1083 } 1084 } 1085 1086 /* 1087 * A process group has become orphaned; 1088 * if there are any stopped processes in the group, 1089 * hang-up all process in that group. 1090 * 1091 * Call with proc_lock held. 1092 */ 1093 static void 1094 orphanpg(struct pgrp *pg) 1095 { 1096 struct proc *p; 1097 1098 KASSERT(mutex_owned(proc_lock)); 1099 1100 LIST_FOREACH(p, &pg->pg_members, p_pglist) { 1101 if (p->p_stat == SSTOP) { 1102 p->p_lflag |= PL_ORPHANPG; 1103 psignal(p, SIGHUP); 1104 psignal(p, SIGCONT); 1105 } 1106 } 1107 } 1108 1109 #ifdef DDB 1110 #include <ddb/db_output.h> 1111 void pidtbl_dump(void); 1112 void 1113 pidtbl_dump(void) 1114 { 1115 struct pid_table *pt; 1116 struct proc *p; 1117 struct pgrp *pgrp; 1118 int id; 1119 1120 db_printf("pid table %p size %x, next %x, last %x\n", 1121 pid_table, pid_tbl_mask+1, 1122 next_free_pt, last_free_pt); 1123 for (pt = pid_table, id = 0; id <= pid_tbl_mask; id++, pt++) { 1124 p = pt->pt_proc; 1125 if (!P_VALID(p) && !pt->pt_pgrp) 1126 continue; 1127 db_printf(" id %x: ", id); 1128 if (P_VALID(p)) 1129 db_printf("slotpid %d proc %p id %d (0x%x) %s\n", 1130 pt->pt_pid, p, p->p_pid, p->p_pid, p->p_comm); 1131 else 1132 db_printf("next %x use %x\n", 1133 P_NEXT(p) & pid_tbl_mask, 1134 P_NEXT(p) & ~pid_tbl_mask); 1135 if ((pgrp = pt->pt_pgrp)) { 1136 db_printf("\tsession %p, sid %d, count %d, login %s\n", 1137 pgrp->pg_session, pgrp->pg_session->s_sid, 1138 pgrp->pg_session->s_count, 1139 pgrp->pg_session->s_login); 1140 db_printf("\tpgrp %p, pg_id %d, pg_jobc %d, members %p\n", 1141 pgrp, pgrp->pg_id, pgrp->pg_jobc, 1142 LIST_FIRST(&pgrp->pg_members)); 1143 LIST_FOREACH(p, &pgrp->pg_members, p_pglist) { 1144 db_printf("\t\tpid %d addr %p pgrp %p %s\n", 1145 p->p_pid, p, p->p_pgrp, p->p_comm); 1146 } 1147 } 1148 } 1149 } 1150 #endif /* DDB */ 1151 1152 #ifdef KSTACK_CHECK_MAGIC 1153 1154 #define KSTACK_MAGIC 0xdeadbeaf 1155 1156 /* XXX should be per process basis? */ 1157 static int kstackleftmin = KSTACK_SIZE; 1158 static int kstackleftthres = KSTACK_SIZE / 8; 1159 1160 void 1161 kstack_setup_magic(const struct lwp *l) 1162 { 1163 uint32_t *ip; 1164 uint32_t const *end; 1165 1166 KASSERT(l != NULL); 1167 KASSERT(l != &lwp0); 1168 1169 /* 1170 * fill all the stack with magic number 1171 * so that later modification on it can be detected. 1172 */ 1173 ip = (uint32_t *)KSTACK_LOWEST_ADDR(l); 1174 end = (uint32_t *)((char *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE); 1175 for (; ip < end; ip++) { 1176 *ip = KSTACK_MAGIC; 1177 } 1178 } 1179 1180 void 1181 kstack_check_magic(const struct lwp *l) 1182 { 1183 uint32_t const *ip, *end; 1184 int stackleft; 1185 1186 KASSERT(l != NULL); 1187 1188 /* don't check proc0 */ /*XXX*/ 1189 if (l == &lwp0) 1190 return; 1191 1192 #ifdef __MACHINE_STACK_GROWS_UP 1193 /* stack grows upwards (eg. hppa) */ 1194 ip = (uint32_t *)((void *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE); 1195 end = (uint32_t *)KSTACK_LOWEST_ADDR(l); 1196 for (ip--; ip >= end; ip--) 1197 if (*ip != KSTACK_MAGIC) 1198 break; 1199 1200 stackleft = (void *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE - (void *)ip; 1201 #else /* __MACHINE_STACK_GROWS_UP */ 1202 /* stack grows downwards (eg. i386) */ 1203 ip = (uint32_t *)KSTACK_LOWEST_ADDR(l); 1204 end = (uint32_t *)((char *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE); 1205 for (; ip < end; ip++) 1206 if (*ip != KSTACK_MAGIC) 1207 break; 1208 1209 stackleft = ((const char *)ip) - (const char *)KSTACK_LOWEST_ADDR(l); 1210 #endif /* __MACHINE_STACK_GROWS_UP */ 1211 1212 if (kstackleftmin > stackleft) { 1213 kstackleftmin = stackleft; 1214 if (stackleft < kstackleftthres) 1215 printf("warning: kernel stack left %d bytes" 1216 "(pid %u:lid %u)\n", stackleft, 1217 (u_int)l->l_proc->p_pid, (u_int)l->l_lid); 1218 } 1219 1220 if (stackleft <= 0) { 1221 panic("magic on the top of kernel stack changed for " 1222 "pid %u, lid %u: maybe kernel stack overflow", 1223 (u_int)l->l_proc->p_pid, (u_int)l->l_lid); 1224 } 1225 } 1226 #endif /* KSTACK_CHECK_MAGIC */ 1227 1228 int 1229 proclist_foreach_call(struct proclist *list, 1230 int (*callback)(struct proc *, void *arg), void *arg) 1231 { 1232 struct proc marker; 1233 struct proc *p; 1234 int ret = 0; 1235 1236 marker.p_flag = PK_MARKER; 1237 mutex_enter(proc_lock); 1238 for (p = LIST_FIRST(list); ret == 0 && p != NULL;) { 1239 if (p->p_flag & PK_MARKER) { 1240 p = LIST_NEXT(p, p_list); 1241 continue; 1242 } 1243 LIST_INSERT_AFTER(p, &marker, p_list); 1244 ret = (*callback)(p, arg); 1245 KASSERT(mutex_owned(proc_lock)); 1246 p = LIST_NEXT(&marker, p_list); 1247 LIST_REMOVE(&marker, p_list); 1248 } 1249 mutex_exit(proc_lock); 1250 1251 return ret; 1252 } 1253 1254 int 1255 proc_vmspace_getref(struct proc *p, struct vmspace **vm) 1256 { 1257 1258 /* XXXCDC: how should locking work here? */ 1259 1260 /* curproc exception is for coredump. */ 1261 1262 if ((p != curproc && (p->p_sflag & PS_WEXIT) != 0) || 1263 (p->p_vmspace->vm_refcnt < 1)) { /* XXX */ 1264 return EFAULT; 1265 } 1266 1267 uvmspace_addref(p->p_vmspace); 1268 *vm = p->p_vmspace; 1269 1270 return 0; 1271 } 1272 1273 /* 1274 * Acquire a write lock on the process credential. 1275 */ 1276 void 1277 proc_crmod_enter(void) 1278 { 1279 struct lwp *l = curlwp; 1280 struct proc *p = l->l_proc; 1281 struct plimit *lim; 1282 kauth_cred_t oc; 1283 char *cn; 1284 1285 /* Reset what needs to be reset in plimit. */ 1286 if (p->p_limit->pl_corename != defcorename) { 1287 lim_privatise(p, false); 1288 lim = p->p_limit; 1289 mutex_enter(&lim->pl_lock); 1290 cn = lim->pl_corename; 1291 lim->pl_corename = defcorename; 1292 mutex_exit(&lim->pl_lock); 1293 if (cn != defcorename) 1294 free(cn, M_TEMP); 1295 } 1296 1297 mutex_enter(p->p_lock); 1298 1299 /* Ensure the LWP cached credentials are up to date. */ 1300 if ((oc = l->l_cred) != p->p_cred) { 1301 kauth_cred_hold(p->p_cred); 1302 l->l_cred = p->p_cred; 1303 kauth_cred_free(oc); 1304 } 1305 1306 } 1307 1308 /* 1309 * Set in a new process credential, and drop the write lock. The credential 1310 * must have a reference already. Optionally, free a no-longer required 1311 * credential. The scheduler also needs to inspect p_cred, so we also 1312 * briefly acquire the sched state mutex. 1313 */ 1314 void 1315 proc_crmod_leave(kauth_cred_t scred, kauth_cred_t fcred, bool sugid) 1316 { 1317 struct lwp *l = curlwp, *l2; 1318 struct proc *p = l->l_proc; 1319 kauth_cred_t oc; 1320 1321 KASSERT(mutex_owned(p->p_lock)); 1322 1323 /* Is there a new credential to set in? */ 1324 if (scred != NULL) { 1325 p->p_cred = scred; 1326 LIST_FOREACH(l2, &p->p_lwps, l_sibling) { 1327 if (l2 != l) 1328 l2->l_prflag |= LPR_CRMOD; 1329 } 1330 1331 /* Ensure the LWP cached credentials are up to date. */ 1332 if ((oc = l->l_cred) != scred) { 1333 kauth_cred_hold(scred); 1334 l->l_cred = scred; 1335 } 1336 } else 1337 oc = NULL; /* XXXgcc */ 1338 1339 if (sugid) { 1340 /* 1341 * Mark process as having changed credentials, stops 1342 * tracing etc. 1343 */ 1344 p->p_flag |= PK_SUGID; 1345 } 1346 1347 mutex_exit(p->p_lock); 1348 1349 /* If there is a credential to be released, free it now. */ 1350 if (fcred != NULL) { 1351 KASSERT(scred != NULL); 1352 kauth_cred_free(fcred); 1353 if (oc != scred) 1354 kauth_cred_free(oc); 1355 } 1356 } 1357 1358 /* 1359 * proc_specific_key_create -- 1360 * Create a key for subsystem proc-specific data. 1361 */ 1362 int 1363 proc_specific_key_create(specificdata_key_t *keyp, specificdata_dtor_t dtor) 1364 { 1365 1366 return (specificdata_key_create(proc_specificdata_domain, keyp, dtor)); 1367 } 1368 1369 /* 1370 * proc_specific_key_delete -- 1371 * Delete a key for subsystem proc-specific data. 1372 */ 1373 void 1374 proc_specific_key_delete(specificdata_key_t key) 1375 { 1376 1377 specificdata_key_delete(proc_specificdata_domain, key); 1378 } 1379 1380 /* 1381 * proc_initspecific -- 1382 * Initialize a proc's specificdata container. 1383 */ 1384 void 1385 proc_initspecific(struct proc *p) 1386 { 1387 int error; 1388 1389 error = specificdata_init(proc_specificdata_domain, &p->p_specdataref); 1390 KASSERT(error == 0); 1391 } 1392 1393 /* 1394 * proc_finispecific -- 1395 * Finalize a proc's specificdata container. 1396 */ 1397 void 1398 proc_finispecific(struct proc *p) 1399 { 1400 1401 specificdata_fini(proc_specificdata_domain, &p->p_specdataref); 1402 } 1403 1404 /* 1405 * proc_getspecific -- 1406 * Return proc-specific data corresponding to the specified key. 1407 */ 1408 void * 1409 proc_getspecific(struct proc *p, specificdata_key_t key) 1410 { 1411 1412 return (specificdata_getspecific(proc_specificdata_domain, 1413 &p->p_specdataref, key)); 1414 } 1415 1416 /* 1417 * proc_setspecific -- 1418 * Set proc-specific data corresponding to the specified key. 1419 */ 1420 void 1421 proc_setspecific(struct proc *p, specificdata_key_t key, void *data) 1422 { 1423 1424 specificdata_setspecific(proc_specificdata_domain, 1425 &p->p_specdataref, key, data); 1426 } 1427 1428 int 1429 proc_uidmatch(kauth_cred_t cred, kauth_cred_t target) 1430 { 1431 int r = 0; 1432 1433 if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) || 1434 kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) { 1435 /* 1436 * suid proc of ours or proc not ours 1437 */ 1438 r = EPERM; 1439 } else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) { 1440 /* 1441 * sgid proc has sgid back to us temporarily 1442 */ 1443 r = EPERM; 1444 } else { 1445 /* 1446 * our rgid must be in target's group list (ie, 1447 * sub-processes started by a sgid process) 1448 */ 1449 int ismember = 0; 1450 1451 if (kauth_cred_ismember_gid(cred, 1452 kauth_cred_getgid(target), &ismember) != 0 || 1453 !ismember) 1454 r = EPERM; 1455 } 1456 1457 return (r); 1458 } 1459