xref: /netbsd-src/sys/kern/kern_proc.c (revision b1c86f5f087524e68db12794ee9c3e3da1ab17a0)
1 /*	$NetBSD: kern_proc.c,v 1.168 2010/07/07 01:30:37 chs Exp $	*/
2 
3 /*-
4  * Copyright (c) 1999, 2006, 2007, 2008 The NetBSD Foundation, Inc.
5  * All rights reserved.
6  *
7  * This code is derived from software contributed to The NetBSD Foundation
8  * by Jason R. Thorpe of the Numerical Aerospace Simulation Facility,
9  * NASA Ames Research Center, and by Andrew Doran.
10  *
11  * Redistribution and use in source and binary forms, with or without
12  * modification, are permitted provided that the following conditions
13  * are met:
14  * 1. Redistributions of source code must retain the above copyright
15  *    notice, this list of conditions and the following disclaimer.
16  * 2. Redistributions in binary form must reproduce the above copyright
17  *    notice, this list of conditions and the following disclaimer in the
18  *    documentation and/or other materials provided with the distribution.
19  *
20  * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
21  * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
22  * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
23  * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
24  * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
25  * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
26  * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
27  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
28  * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
29  * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
30  * POSSIBILITY OF SUCH DAMAGE.
31  */
32 
33 /*
34  * Copyright (c) 1982, 1986, 1989, 1991, 1993
35  *	The Regents of the University of California.  All rights reserved.
36  *
37  * Redistribution and use in source and binary forms, with or without
38  * modification, are permitted provided that the following conditions
39  * are met:
40  * 1. Redistributions of source code must retain the above copyright
41  *    notice, this list of conditions and the following disclaimer.
42  * 2. Redistributions in binary form must reproduce the above copyright
43  *    notice, this list of conditions and the following disclaimer in the
44  *    documentation and/or other materials provided with the distribution.
45  * 3. Neither the name of the University nor the names of its contributors
46  *    may be used to endorse or promote products derived from this software
47  *    without specific prior written permission.
48  *
49  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
50  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
51  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
52  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
53  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
54  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
55  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
56  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
57  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
58  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
59  * SUCH DAMAGE.
60  *
61  *	@(#)kern_proc.c	8.7 (Berkeley) 2/14/95
62  */
63 
64 #include <sys/cdefs.h>
65 __KERNEL_RCSID(0, "$NetBSD: kern_proc.c,v 1.168 2010/07/07 01:30:37 chs Exp $");
66 
67 #ifdef _KERNEL_OPT
68 #include "opt_kstack.h"
69 #include "opt_maxuprc.h"
70 #include "opt_dtrace.h"
71 #endif
72 
73 #include <sys/param.h>
74 #include <sys/systm.h>
75 #include <sys/kernel.h>
76 #include <sys/proc.h>
77 #include <sys/resourcevar.h>
78 #include <sys/buf.h>
79 #include <sys/acct.h>
80 #include <sys/wait.h>
81 #include <sys/file.h>
82 #include <ufs/ufs/quota.h>
83 #include <sys/uio.h>
84 #include <sys/pool.h>
85 #include <sys/pset.h>
86 #include <sys/mbuf.h>
87 #include <sys/ioctl.h>
88 #include <sys/tty.h>
89 #include <sys/signalvar.h>
90 #include <sys/ras.h>
91 #include <sys/sa.h>
92 #include <sys/savar.h>
93 #include <sys/filedesc.h>
94 #include "sys/syscall_stats.h"
95 #include <sys/kauth.h>
96 #include <sys/sleepq.h>
97 #include <sys/atomic.h>
98 #include <sys/kmem.h>
99 #include <sys/dtrace_bsd.h>
100 
101 #include <uvm/uvm.h>
102 #include <uvm/uvm_extern.h>
103 
104 /*
105  * Other process lists
106  */
107 
108 struct proclist allproc;
109 struct proclist zombproc;	/* resources have been freed */
110 
111 kmutex_t	*proc_lock;
112 
113 /*
114  * pid to proc lookup is done by indexing the pid_table array.
115  * Since pid numbers are only allocated when an empty slot
116  * has been found, there is no need to search any lists ever.
117  * (an orphaned pgrp will lock the slot, a session will lock
118  * the pgrp with the same number.)
119  * If the table is too small it is reallocated with twice the
120  * previous size and the entries 'unzipped' into the two halves.
121  * A linked list of free entries is passed through the pt_proc
122  * field of 'free' items - set odd to be an invalid ptr.
123  */
124 
125 struct pid_table {
126 	struct proc	*pt_proc;
127 	struct pgrp	*pt_pgrp;
128 	pid_t		pt_pid;
129 };
130 #if 1	/* strongly typed cast - should be a noop */
131 static inline uint p2u(struct proc *p) { return (uint)(uintptr_t)p; }
132 #else
133 #define p2u(p) ((uint)p)
134 #endif
135 #define P_VALID(p) (!(p2u(p) & 1))
136 #define P_NEXT(p) (p2u(p) >> 1)
137 #define P_FREE(pid) ((struct proc *)(uintptr_t)((pid) << 1 | 1))
138 
139 #define INITIAL_PID_TABLE_SIZE	(1 << 5)
140 static struct pid_table *pid_table;
141 static uint pid_tbl_mask = INITIAL_PID_TABLE_SIZE - 1;
142 static uint pid_alloc_lim;	/* max we allocate before growing table */
143 static uint pid_alloc_cnt;	/* number of allocated pids */
144 
145 /* links through free slots - never empty! */
146 static uint next_free_pt, last_free_pt;
147 static pid_t pid_max = PID_MAX;		/* largest value we allocate */
148 
149 /* Components of the first process -- never freed. */
150 
151 extern struct emul emul_netbsd;	/* defined in kern_exec.c */
152 
153 struct session session0 = {
154 	.s_count = 1,
155 	.s_sid = 0,
156 };
157 struct pgrp pgrp0 = {
158 	.pg_members = LIST_HEAD_INITIALIZER(&pgrp0.pg_members),
159 	.pg_session = &session0,
160 };
161 filedesc_t filedesc0;
162 struct cwdinfo cwdi0 = {
163 	.cwdi_cmask = CMASK,		/* see cmask below */
164 	.cwdi_refcnt = 1,
165 };
166 struct plimit limit0;
167 struct pstats pstat0;
168 struct vmspace vmspace0;
169 struct sigacts sigacts0;
170 struct proc proc0 = {
171 	.p_lwps = LIST_HEAD_INITIALIZER(&proc0.p_lwps),
172 	.p_sigwaiters = LIST_HEAD_INITIALIZER(&proc0.p_sigwaiters),
173 	.p_nlwps = 1,
174 	.p_nrlwps = 1,
175 	.p_nlwpid = 1,		/* must match lwp0.l_lid */
176 	.p_pgrp = &pgrp0,
177 	.p_comm = "system",
178 	/*
179 	 * Set P_NOCLDWAIT so that kernel threads are reparented to init(8)
180 	 * when they exit.  init(8) can easily wait them out for us.
181 	 */
182 	.p_flag = PK_SYSTEM | PK_NOCLDWAIT,
183 	.p_stat = SACTIVE,
184 	.p_nice = NZERO,
185 	.p_emul = &emul_netbsd,
186 	.p_cwdi = &cwdi0,
187 	.p_limit = &limit0,
188 	.p_fd = &filedesc0,
189 	.p_vmspace = &vmspace0,
190 	.p_stats = &pstat0,
191 	.p_sigacts = &sigacts0,
192 };
193 kauth_cred_t cred0;
194 
195 int nofile = NOFILE;
196 int maxuprc = MAXUPRC;
197 int cmask = CMASK;
198 
199 MALLOC_DEFINE(M_EMULDATA, "emuldata", "Per-process emulation data");
200 MALLOC_DEFINE(M_SUBPROC, "subproc", "Proc sub-structures");
201 
202 /*
203  * The process list descriptors, used during pid allocation and
204  * by sysctl.  No locking on this data structure is needed since
205  * it is completely static.
206  */
207 const struct proclist_desc proclists[] = {
208 	{ &allproc	},
209 	{ &zombproc	},
210 	{ NULL		},
211 };
212 
213 static struct pgrp *	pg_remove(pid_t);
214 static void		pg_delete(pid_t);
215 static void		orphanpg(struct pgrp *);
216 
217 static specificdata_domain_t proc_specificdata_domain;
218 
219 static pool_cache_t proc_cache;
220 
221 static kauth_listener_t proc_listener;
222 
223 static int
224 proc_listener_cb(kauth_cred_t cred, kauth_action_t action, void *cookie,
225     void *arg0, void *arg1, void *arg2, void *arg3)
226 {
227 	struct proc *p;
228 	int result;
229 
230 	result = KAUTH_RESULT_DEFER;
231 	p = arg0;
232 
233 	switch (action) {
234 	case KAUTH_PROCESS_CANSEE: {
235 		enum kauth_process_req req;
236 
237 		req = (enum kauth_process_req)arg1;
238 
239 		switch (req) {
240 		case KAUTH_REQ_PROCESS_CANSEE_ARGS:
241 		case KAUTH_REQ_PROCESS_CANSEE_ENTRY:
242 		case KAUTH_REQ_PROCESS_CANSEE_OPENFILES:
243 			result = KAUTH_RESULT_ALLOW;
244 
245 			break;
246 
247 		case KAUTH_REQ_PROCESS_CANSEE_ENV:
248 			if (kauth_cred_getuid(cred) !=
249 			    kauth_cred_getuid(p->p_cred) ||
250 			    kauth_cred_getuid(cred) !=
251 			    kauth_cred_getsvuid(p->p_cred))
252 				break;
253 
254 			result = KAUTH_RESULT_ALLOW;
255 
256 			break;
257 
258 		default:
259 			break;
260 		}
261 
262 		break;
263 		}
264 
265 	case KAUTH_PROCESS_FORK: {
266 		int lnprocs = (int)(unsigned long)arg2;
267 
268 		/*
269 		 * Don't allow a nonprivileged user to use the last few
270 		 * processes. The variable lnprocs is the current number of
271 		 * processes, maxproc is the limit.
272 		 */
273 		if (__predict_false((lnprocs >= maxproc - 5)))
274 			break;
275 
276 		result = KAUTH_RESULT_ALLOW;
277 
278 		break;
279 		}
280 
281 	case KAUTH_PROCESS_CORENAME:
282 	case KAUTH_PROCESS_STOPFLAG:
283 		if (proc_uidmatch(cred, p->p_cred) == 0)
284 			result = KAUTH_RESULT_ALLOW;
285 
286 		break;
287 
288 	default:
289 		break;
290 	}
291 
292 	return result;
293 }
294 
295 /*
296  * Initialize global process hashing structures.
297  */
298 void
299 procinit(void)
300 {
301 	const struct proclist_desc *pd;
302 	u_int i;
303 #define	LINK_EMPTY ((PID_MAX + INITIAL_PID_TABLE_SIZE) & ~(INITIAL_PID_TABLE_SIZE - 1))
304 
305 	for (pd = proclists; pd->pd_list != NULL; pd++)
306 		LIST_INIT(pd->pd_list);
307 
308 	proc_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
309 	pid_table = kmem_alloc(INITIAL_PID_TABLE_SIZE
310 	    * sizeof(struct pid_table), KM_SLEEP);
311 
312 	/* Set free list running through table...
313 	   Preset 'use count' above PID_MAX so we allocate pid 1 next. */
314 	for (i = 0; i <= pid_tbl_mask; i++) {
315 		pid_table[i].pt_proc = P_FREE(LINK_EMPTY + i + 1);
316 		pid_table[i].pt_pgrp = 0;
317 		pid_table[i].pt_pid = 0;
318 	}
319 	/* slot 0 is just grabbed */
320 	next_free_pt = 1;
321 	/* Need to fix last entry. */
322 	last_free_pt = pid_tbl_mask;
323 	pid_table[last_free_pt].pt_proc = P_FREE(LINK_EMPTY);
324 	/* point at which we grow table - to avoid reusing pids too often */
325 	pid_alloc_lim = pid_tbl_mask - 1;
326 #undef LINK_EMPTY
327 
328 	proc_specificdata_domain = specificdata_domain_create();
329 	KASSERT(proc_specificdata_domain != NULL);
330 
331 	proc_cache = pool_cache_init(sizeof(struct proc), 0, 0, 0,
332 	    "procpl", NULL, IPL_NONE, NULL, NULL, NULL);
333 
334 	proc_listener = kauth_listen_scope(KAUTH_SCOPE_PROCESS,
335 	    proc_listener_cb, NULL);
336 }
337 
338 /*
339  * Initialize process 0.
340  */
341 void
342 proc0_init(void)
343 {
344 	struct proc *p;
345 	struct pgrp *pg;
346 	rlim_t lim;
347 	int i;
348 
349 	p = &proc0;
350 	pg = &pgrp0;
351 
352 	mutex_init(&p->p_stmutex, MUTEX_DEFAULT, IPL_HIGH);
353 	mutex_init(&p->p_auxlock, MUTEX_DEFAULT, IPL_NONE);
354 	p->p_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
355 
356 	rw_init(&p->p_reflock);
357 	cv_init(&p->p_waitcv, "wait");
358 	cv_init(&p->p_lwpcv, "lwpwait");
359 
360 	LIST_INSERT_HEAD(&p->p_lwps, &lwp0, l_sibling);
361 
362 	pid_table[0].pt_proc = p;
363 	LIST_INSERT_HEAD(&allproc, p, p_list);
364 
365 	pid_table[0].pt_pgrp = pg;
366 	LIST_INSERT_HEAD(&pg->pg_members, p, p_pglist);
367 
368 #ifdef __HAVE_SYSCALL_INTERN
369 	(*p->p_emul->e_syscall_intern)(p);
370 #endif
371 
372 	/* Create credentials. */
373 	cred0 = kauth_cred_alloc();
374 	p->p_cred = cred0;
375 
376 	/* Create the CWD info. */
377 	rw_init(&cwdi0.cwdi_lock);
378 
379 	/* Create the limits structures. */
380 	mutex_init(&limit0.pl_lock, MUTEX_DEFAULT, IPL_NONE);
381 	for (i = 0; i < __arraycount(limit0.pl_rlimit); i++)
382 		limit0.pl_rlimit[i].rlim_cur =
383 		    limit0.pl_rlimit[i].rlim_max = RLIM_INFINITY;
384 
385 	limit0.pl_rlimit[RLIMIT_NOFILE].rlim_max = maxfiles;
386 	limit0.pl_rlimit[RLIMIT_NOFILE].rlim_cur =
387 	    maxfiles < nofile ? maxfiles : nofile;
388 
389 	limit0.pl_rlimit[RLIMIT_NPROC].rlim_max = maxproc;
390 	limit0.pl_rlimit[RLIMIT_NPROC].rlim_cur =
391 	    maxproc < maxuprc ? maxproc : maxuprc;
392 
393 	lim = MIN(VM_MAXUSER_ADDRESS, ctob((rlim_t)uvmexp.free));
394 	limit0.pl_rlimit[RLIMIT_RSS].rlim_max = lim;
395 	limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_max = lim;
396 	limit0.pl_rlimit[RLIMIT_MEMLOCK].rlim_cur = lim / 3;
397 	limit0.pl_corename = defcorename;
398 	limit0.pl_refcnt = 1;
399 	limit0.pl_sv_limit = NULL;
400 
401 	/* Configure virtual memory system, set vm rlimits. */
402 	uvm_init_limits(p);
403 
404 	/* Initialize file descriptor table for proc0. */
405 	fd_init(&filedesc0);
406 
407 	/*
408 	 * Initialize proc0's vmspace, which uses the kernel pmap.
409 	 * All kernel processes (which never have user space mappings)
410 	 * share proc0's vmspace, and thus, the kernel pmap.
411 	 */
412 	uvmspace_init(&vmspace0, pmap_kernel(), round_page(VM_MIN_ADDRESS),
413 	    trunc_page(VM_MAX_ADDRESS));
414 
415 	/* Initialize signal state for proc0. XXX IPL_SCHED */
416 	mutex_init(&p->p_sigacts->sa_mutex, MUTEX_DEFAULT, IPL_SCHED);
417 	siginit(p);
418 
419 	proc_initspecific(p);
420 	kdtrace_proc_ctor(NULL, p);
421 }
422 
423 /*
424  * Session reference counting.
425  */
426 
427 void
428 proc_sesshold(struct session *ss)
429 {
430 
431 	KASSERT(mutex_owned(proc_lock));
432 	ss->s_count++;
433 }
434 
435 void
436 proc_sessrele(struct session *ss)
437 {
438 
439 	KASSERT(mutex_owned(proc_lock));
440 	/*
441 	 * We keep the pgrp with the same id as the session in order to
442 	 * stop a process being given the same pid.  Since the pgrp holds
443 	 * a reference to the session, it must be a 'zombie' pgrp by now.
444 	 */
445 	if (--ss->s_count == 0) {
446 		struct pgrp *pg;
447 
448 		pg = pg_remove(ss->s_sid);
449 		mutex_exit(proc_lock);
450 
451 		kmem_free(pg, sizeof(struct pgrp));
452 		kmem_free(ss, sizeof(struct session));
453 	} else {
454 		mutex_exit(proc_lock);
455 	}
456 }
457 
458 /*
459  * Check that the specified process group is in the session of the
460  * specified process.
461  * Treats -ve ids as process ids.
462  * Used to validate TIOCSPGRP requests.
463  */
464 int
465 pgid_in_session(struct proc *p, pid_t pg_id)
466 {
467 	struct pgrp *pgrp;
468 	struct session *session;
469 	int error;
470 
471 	mutex_enter(proc_lock);
472 	if (pg_id < 0) {
473 		struct proc *p1 = proc_find(-pg_id);
474 		if (p1 == NULL) {
475 			error = EINVAL;
476 			goto fail;
477 		}
478 		pgrp = p1->p_pgrp;
479 	} else {
480 		pgrp = pgrp_find(pg_id);
481 		if (pgrp == NULL) {
482 			error = EINVAL;
483 			goto fail;
484 		}
485 	}
486 	session = pgrp->pg_session;
487 	error = (session != p->p_pgrp->pg_session) ? EPERM : 0;
488 fail:
489 	mutex_exit(proc_lock);
490 	return error;
491 }
492 
493 /*
494  * p_inferior: is p an inferior of q?
495  */
496 static inline bool
497 p_inferior(struct proc *p, struct proc *q)
498 {
499 
500 	KASSERT(mutex_owned(proc_lock));
501 
502 	for (; p != q; p = p->p_pptr)
503 		if (p->p_pid == 0)
504 			return false;
505 	return true;
506 }
507 
508 /*
509  * proc_find: locate a process by the ID.
510  *
511  * => Must be called with proc_lock held.
512  */
513 proc_t *
514 proc_find_raw(pid_t pid)
515 {
516 	struct pid_table *pt;
517 	proc_t *p;
518 
519 	KASSERT(mutex_owned(proc_lock));
520 	pt = &pid_table[pid & pid_tbl_mask];
521 	p = pt->pt_proc;
522 	if (__predict_false(!P_VALID(p) || pt->pt_pid != pid)) {
523 		return NULL;
524 	}
525 	return p;
526 }
527 
528 proc_t *
529 proc_find(pid_t pid)
530 {
531 	proc_t *p;
532 
533 	p = proc_find_raw(pid);
534 	if (__predict_false(p == NULL)) {
535 		return NULL;
536 	}
537 
538 	/*
539 	 * Only allow live processes to be found by PID.
540 	 * XXX: p_stat might change, since unlocked.
541 	 */
542 	if (__predict_true(p->p_stat == SACTIVE || p->p_stat == SSTOP)) {
543 		return p;
544 	}
545 	return NULL;
546 }
547 
548 /*
549  * pgrp_find: locate a process group by the ID.
550  *
551  * => Must be called with proc_lock held.
552  */
553 struct pgrp *
554 pgrp_find(pid_t pgid)
555 {
556 	struct pgrp *pg;
557 
558 	KASSERT(mutex_owned(proc_lock));
559 
560 	pg = pid_table[pgid & pid_tbl_mask].pt_pgrp;
561 
562 	/*
563 	 * Cannot look up a process group that only exists because the
564 	 * session has not died yet (traditional).
565 	 */
566 	if (pg == NULL || pg->pg_id != pgid || LIST_EMPTY(&pg->pg_members)) {
567 		return NULL;
568 	}
569 	return pg;
570 }
571 
572 static void
573 expand_pid_table(void)
574 {
575 	size_t pt_size, tsz;
576 	struct pid_table *n_pt, *new_pt;
577 	struct proc *proc;
578 	struct pgrp *pgrp;
579 	pid_t pid, rpid;
580 	u_int i;
581 	uint new_pt_mask;
582 
583 	pt_size = pid_tbl_mask + 1;
584 	tsz = pt_size * 2 * sizeof(struct pid_table);
585 	new_pt = kmem_alloc(tsz, KM_SLEEP);
586 	new_pt_mask = pt_size * 2 - 1;
587 
588 	mutex_enter(proc_lock);
589 	if (pt_size != pid_tbl_mask + 1) {
590 		/* Another process beat us to it... */
591 		mutex_exit(proc_lock);
592 		kmem_free(new_pt, tsz);
593 		return;
594 	}
595 
596 	/*
597 	 * Copy entries from old table into new one.
598 	 * If 'pid' is 'odd' we need to place in the upper half,
599 	 * even pid's to the lower half.
600 	 * Free items stay in the low half so we don't have to
601 	 * fixup the reference to them.
602 	 * We stuff free items on the front of the freelist
603 	 * because we can't write to unmodified entries.
604 	 * Processing the table backwards maintains a semblance
605 	 * of issuing pid numbers that increase with time.
606 	 */
607 	i = pt_size - 1;
608 	n_pt = new_pt + i;
609 	for (; ; i--, n_pt--) {
610 		proc = pid_table[i].pt_proc;
611 		pgrp = pid_table[i].pt_pgrp;
612 		if (!P_VALID(proc)) {
613 			/* Up 'use count' so that link is valid */
614 			pid = (P_NEXT(proc) + pt_size) & ~pt_size;
615 			rpid = 0;
616 			proc = P_FREE(pid);
617 			if (pgrp)
618 				pid = pgrp->pg_id;
619 		} else {
620 			pid = pid_table[i].pt_pid;
621 			rpid = pid;
622 		}
623 
624 		/* Save entry in appropriate half of table */
625 		n_pt[pid & pt_size].pt_proc = proc;
626 		n_pt[pid & pt_size].pt_pgrp = pgrp;
627 		n_pt[pid & pt_size].pt_pid = rpid;
628 
629 		/* Put other piece on start of free list */
630 		pid = (pid ^ pt_size) & ~pid_tbl_mask;
631 		n_pt[pid & pt_size].pt_proc =
632 			P_FREE((pid & ~pt_size) | next_free_pt);
633 		n_pt[pid & pt_size].pt_pgrp = 0;
634 		n_pt[pid & pt_size].pt_pid = 0;
635 
636 		next_free_pt = i | (pid & pt_size);
637 		if (i == 0)
638 			break;
639 	}
640 
641 	/* Save old table size and switch tables */
642 	tsz = pt_size * sizeof(struct pid_table);
643 	n_pt = pid_table;
644 	pid_table = new_pt;
645 	pid_tbl_mask = new_pt_mask;
646 
647 	/*
648 	 * pid_max starts as PID_MAX (= 30000), once we have 16384
649 	 * allocated pids we need it to be larger!
650 	 */
651 	if (pid_tbl_mask > PID_MAX) {
652 		pid_max = pid_tbl_mask * 2 + 1;
653 		pid_alloc_lim |= pid_alloc_lim << 1;
654 	} else
655 		pid_alloc_lim <<= 1;	/* doubles number of free slots... */
656 
657 	mutex_exit(proc_lock);
658 	kmem_free(n_pt, tsz);
659 }
660 
661 struct proc *
662 proc_alloc(void)
663 {
664 	struct proc *p;
665 
666 	p = pool_cache_get(proc_cache, PR_WAITOK);
667 	p->p_stat = SIDL;			/* protect against others */
668 	proc_initspecific(p);
669 	kdtrace_proc_ctor(NULL, p);
670 	p->p_pid = -1;
671 	proc_alloc_pid(p);
672 	return p;
673 }
674 
675 pid_t
676 proc_alloc_pid(struct proc *p)
677 {
678 	struct pid_table *pt;
679 	pid_t pid;
680 	int nxt;
681 
682 	for (;;expand_pid_table()) {
683 		if (__predict_false(pid_alloc_cnt >= pid_alloc_lim))
684 			/* ensure pids cycle through 2000+ values */
685 			continue;
686 		mutex_enter(proc_lock);
687 		pt = &pid_table[next_free_pt];
688 #ifdef DIAGNOSTIC
689 		if (__predict_false(P_VALID(pt->pt_proc) || pt->pt_pgrp))
690 			panic("proc_alloc: slot busy");
691 #endif
692 		nxt = P_NEXT(pt->pt_proc);
693 		if (nxt & pid_tbl_mask)
694 			break;
695 		/* Table full - expand (NB last entry not used....) */
696 		mutex_exit(proc_lock);
697 	}
698 
699 	/* pid is 'saved use count' + 'size' + entry */
700 	pid = (nxt & ~pid_tbl_mask) + pid_tbl_mask + 1 + next_free_pt;
701 	if ((uint)pid > (uint)pid_max)
702 		pid &= pid_tbl_mask;
703 	next_free_pt = nxt & pid_tbl_mask;
704 
705 	/* Grab table slot */
706 	pt->pt_proc = p;
707 
708 	KASSERT(pt->pt_pid == 0);
709 	pt->pt_pid = pid;
710 	if (p->p_pid == -1) {
711 		p->p_pid = pid;
712 	}
713 	pid_alloc_cnt++;
714 	mutex_exit(proc_lock);
715 
716 	return pid;
717 }
718 
719 /*
720  * Free a process id - called from proc_free (in kern_exit.c)
721  *
722  * Called with the proc_lock held.
723  */
724 void
725 proc_free_pid(pid_t pid)
726 {
727 	struct pid_table *pt;
728 
729 	KASSERT(mutex_owned(proc_lock));
730 
731 	pt = &pid_table[pid & pid_tbl_mask];
732 
733 	/* save pid use count in slot */
734 	pt->pt_proc = P_FREE(pid & ~pid_tbl_mask);
735 	KASSERT(pt->pt_pid == pid);
736 	pt->pt_pid = 0;
737 
738 	if (pt->pt_pgrp == NULL) {
739 		/* link last freed entry onto ours */
740 		pid &= pid_tbl_mask;
741 		pt = &pid_table[last_free_pt];
742 		pt->pt_proc = P_FREE(P_NEXT(pt->pt_proc) | pid);
743 		pt->pt_pid = 0;
744 		last_free_pt = pid;
745 		pid_alloc_cnt--;
746 	}
747 
748 	atomic_dec_uint(&nprocs);
749 }
750 
751 void
752 proc_free_mem(struct proc *p)
753 {
754 
755 	kdtrace_proc_dtor(NULL, p);
756 	pool_cache_put(proc_cache, p);
757 }
758 
759 /*
760  * proc_enterpgrp: move p to a new or existing process group (and session).
761  *
762  * If we are creating a new pgrp, the pgid should equal
763  * the calling process' pid.
764  * If is only valid to enter a process group that is in the session
765  * of the process.
766  * Also mksess should only be set if we are creating a process group
767  *
768  * Only called from sys_setsid and sys_setpgid.
769  */
770 int
771 proc_enterpgrp(struct proc *curp, pid_t pid, pid_t pgid, bool mksess)
772 {
773 	struct pgrp *new_pgrp, *pgrp;
774 	struct session *sess;
775 	struct proc *p;
776 	int rval;
777 	pid_t pg_id = NO_PGID;
778 
779 	sess = mksess ? kmem_alloc(sizeof(*sess), KM_SLEEP) : NULL;
780 
781 	/* Allocate data areas we might need before doing any validity checks */
782 	mutex_enter(proc_lock);		/* Because pid_table might change */
783 	if (pid_table[pgid & pid_tbl_mask].pt_pgrp == 0) {
784 		mutex_exit(proc_lock);
785 		new_pgrp = kmem_alloc(sizeof(*new_pgrp), KM_SLEEP);
786 		mutex_enter(proc_lock);
787 	} else
788 		new_pgrp = NULL;
789 	rval = EPERM;	/* most common error (to save typing) */
790 
791 	/* Check pgrp exists or can be created */
792 	pgrp = pid_table[pgid & pid_tbl_mask].pt_pgrp;
793 	if (pgrp != NULL && pgrp->pg_id != pgid)
794 		goto done;
795 
796 	/* Can only set another process under restricted circumstances. */
797 	if (pid != curp->p_pid) {
798 		/* Must exist and be one of our children... */
799 		p = proc_find(pid);
800 		if (p == NULL || !p_inferior(p, curp)) {
801 			rval = ESRCH;
802 			goto done;
803 		}
804 		/* ... in the same session... */
805 		if (sess != NULL || p->p_session != curp->p_session)
806 			goto done;
807 		/* ... existing pgid must be in same session ... */
808 		if (pgrp != NULL && pgrp->pg_session != p->p_session)
809 			goto done;
810 		/* ... and not done an exec. */
811 		if (p->p_flag & PK_EXEC) {
812 			rval = EACCES;
813 			goto done;
814 		}
815 	} else {
816 		/* ... setsid() cannot re-enter a pgrp */
817 		if (mksess && (curp->p_pgid == curp->p_pid ||
818 		    pgrp_find(curp->p_pid)))
819 			goto done;
820 		p = curp;
821 	}
822 
823 	/* Changing the process group/session of a session
824 	   leader is definitely off limits. */
825 	if (SESS_LEADER(p)) {
826 		if (sess == NULL && p->p_pgrp == pgrp)
827 			/* unless it's a definite noop */
828 			rval = 0;
829 		goto done;
830 	}
831 
832 	/* Can only create a process group with id of process */
833 	if (pgrp == NULL && pgid != pid)
834 		goto done;
835 
836 	/* Can only create a session if creating pgrp */
837 	if (sess != NULL && pgrp != NULL)
838 		goto done;
839 
840 	/* Check we allocated memory for a pgrp... */
841 	if (pgrp == NULL && new_pgrp == NULL)
842 		goto done;
843 
844 	/* Don't attach to 'zombie' pgrp */
845 	if (pgrp != NULL && LIST_EMPTY(&pgrp->pg_members))
846 		goto done;
847 
848 	/* Expect to succeed now */
849 	rval = 0;
850 
851 	if (pgrp == p->p_pgrp)
852 		/* nothing to do */
853 		goto done;
854 
855 	/* Ok all setup, link up required structures */
856 
857 	if (pgrp == NULL) {
858 		pgrp = new_pgrp;
859 		new_pgrp = NULL;
860 		if (sess != NULL) {
861 			sess->s_sid = p->p_pid;
862 			sess->s_leader = p;
863 			sess->s_count = 1;
864 			sess->s_ttyvp = NULL;
865 			sess->s_ttyp = NULL;
866 			sess->s_flags = p->p_session->s_flags & ~S_LOGIN_SET;
867 			memcpy(sess->s_login, p->p_session->s_login,
868 			    sizeof(sess->s_login));
869 			p->p_lflag &= ~PL_CONTROLT;
870 		} else {
871 			sess = p->p_pgrp->pg_session;
872 			proc_sesshold(sess);
873 		}
874 		pgrp->pg_session = sess;
875 		sess = NULL;
876 
877 		pgrp->pg_id = pgid;
878 		LIST_INIT(&pgrp->pg_members);
879 #ifdef DIAGNOSTIC
880 		if (__predict_false(pid_table[pgid & pid_tbl_mask].pt_pgrp))
881 			panic("enterpgrp: pgrp table slot in use");
882 		if (__predict_false(mksess && p != curp))
883 			panic("enterpgrp: mksession and p != curproc");
884 #endif
885 		pid_table[pgid & pid_tbl_mask].pt_pgrp = pgrp;
886 		pgrp->pg_jobc = 0;
887 	}
888 
889 	/*
890 	 * Adjust eligibility of affected pgrps to participate in job control.
891 	 * Increment eligibility counts before decrementing, otherwise we
892 	 * could reach 0 spuriously during the first call.
893 	 */
894 	fixjobc(p, pgrp, 1);
895 	fixjobc(p, p->p_pgrp, 0);
896 
897 	/* Interlock with ttread(). */
898 	mutex_spin_enter(&tty_lock);
899 
900 	/* Move process to requested group. */
901 	LIST_REMOVE(p, p_pglist);
902 	if (LIST_EMPTY(&p->p_pgrp->pg_members))
903 		/* defer delete until we've dumped the lock */
904 		pg_id = p->p_pgrp->pg_id;
905 	p->p_pgrp = pgrp;
906 	LIST_INSERT_HEAD(&pgrp->pg_members, p, p_pglist);
907 
908 	/* Done with the swap; we can release the tty mutex. */
909 	mutex_spin_exit(&tty_lock);
910 
911     done:
912 	if (pg_id != NO_PGID) {
913 		/* Releases proc_lock. */
914 		pg_delete(pg_id);
915 	} else {
916 		mutex_exit(proc_lock);
917 	}
918 	if (sess != NULL)
919 		kmem_free(sess, sizeof(*sess));
920 	if (new_pgrp != NULL)
921 		kmem_free(new_pgrp, sizeof(*new_pgrp));
922 #ifdef DEBUG_PGRP
923 	if (__predict_false(rval))
924 		printf("enterpgrp(%d,%d,%d), curproc %d, rval %d\n",
925 			pid, pgid, mksess, curp->p_pid, rval);
926 #endif
927 	return rval;
928 }
929 
930 /*
931  * proc_leavepgrp: remove a process from its process group.
932  *  => must be called with the proc_lock held, which will be released;
933  */
934 void
935 proc_leavepgrp(struct proc *p)
936 {
937 	struct pgrp *pgrp;
938 
939 	KASSERT(mutex_owned(proc_lock));
940 
941 	/* Interlock with ttread() */
942 	mutex_spin_enter(&tty_lock);
943 	pgrp = p->p_pgrp;
944 	LIST_REMOVE(p, p_pglist);
945 	p->p_pgrp = NULL;
946 	mutex_spin_exit(&tty_lock);
947 
948 	if (LIST_EMPTY(&pgrp->pg_members)) {
949 		/* Releases proc_lock. */
950 		pg_delete(pgrp->pg_id);
951 	} else {
952 		mutex_exit(proc_lock);
953 	}
954 }
955 
956 /*
957  * pg_remove: remove a process group from the table.
958  *  => must be called with the proc_lock held;
959  *  => returns process group to free;
960  */
961 static struct pgrp *
962 pg_remove(pid_t pg_id)
963 {
964 	struct pgrp *pgrp;
965 	struct pid_table *pt;
966 
967 	KASSERT(mutex_owned(proc_lock));
968 
969 	pt = &pid_table[pg_id & pid_tbl_mask];
970 	pgrp = pt->pt_pgrp;
971 
972 	KASSERT(pgrp != NULL);
973 	KASSERT(pgrp->pg_id == pg_id);
974 	KASSERT(LIST_EMPTY(&pgrp->pg_members));
975 
976 	pt->pt_pgrp = NULL;
977 
978 	if (!P_VALID(pt->pt_proc)) {
979 		/* Orphaned pgrp, put slot onto free list. */
980 		KASSERT((P_NEXT(pt->pt_proc) & pid_tbl_mask) == 0);
981 		pg_id &= pid_tbl_mask;
982 		pt = &pid_table[last_free_pt];
983 		pt->pt_proc = P_FREE(P_NEXT(pt->pt_proc) | pg_id);
984 		KASSERT(pt->pt_pid == 0);
985 		last_free_pt = pg_id;
986 		pid_alloc_cnt--;
987 	}
988 	return pgrp;
989 }
990 
991 /*
992  * pg_delete: delete and free a process group.
993  *  => must be called with the proc_lock held, which will be released.
994  */
995 static void
996 pg_delete(pid_t pg_id)
997 {
998 	struct pgrp *pg;
999 	struct tty *ttyp;
1000 	struct session *ss;
1001 
1002 	KASSERT(mutex_owned(proc_lock));
1003 
1004 	pg = pid_table[pg_id & pid_tbl_mask].pt_pgrp;
1005 	if (pg == NULL || pg->pg_id != pg_id || !LIST_EMPTY(&pg->pg_members)) {
1006 		mutex_exit(proc_lock);
1007 		return;
1008 	}
1009 
1010 	ss = pg->pg_session;
1011 
1012 	/* Remove reference (if any) from tty to this process group */
1013 	mutex_spin_enter(&tty_lock);
1014 	ttyp = ss->s_ttyp;
1015 	if (ttyp != NULL && ttyp->t_pgrp == pg) {
1016 		ttyp->t_pgrp = NULL;
1017 		KASSERT(ttyp->t_session == ss);
1018 	}
1019 	mutex_spin_exit(&tty_lock);
1020 
1021 	/*
1022 	 * The leading process group in a session is freed by proc_sessrele(),
1023 	 * if last reference.  Note: proc_sessrele() releases proc_lock.
1024 	 */
1025 	pg = (ss->s_sid != pg->pg_id) ? pg_remove(pg_id) : NULL;
1026 	proc_sessrele(ss);
1027 
1028 	if (pg != NULL) {
1029 		/* Free it, if was not done by proc_sessrele(). */
1030 		kmem_free(pg, sizeof(struct pgrp));
1031 	}
1032 }
1033 
1034 /*
1035  * Adjust pgrp jobc counters when specified process changes process group.
1036  * We count the number of processes in each process group that "qualify"
1037  * the group for terminal job control (those with a parent in a different
1038  * process group of the same session).  If that count reaches zero, the
1039  * process group becomes orphaned.  Check both the specified process'
1040  * process group and that of its children.
1041  * entering == 0 => p is leaving specified group.
1042  * entering == 1 => p is entering specified group.
1043  *
1044  * Call with proc_lock held.
1045  */
1046 void
1047 fixjobc(struct proc *p, struct pgrp *pgrp, int entering)
1048 {
1049 	struct pgrp *hispgrp;
1050 	struct session *mysession = pgrp->pg_session;
1051 	struct proc *child;
1052 
1053 	KASSERT(mutex_owned(proc_lock));
1054 
1055 	/*
1056 	 * Check p's parent to see whether p qualifies its own process
1057 	 * group; if so, adjust count for p's process group.
1058 	 */
1059 	hispgrp = p->p_pptr->p_pgrp;
1060 	if (hispgrp != pgrp && hispgrp->pg_session == mysession) {
1061 		if (entering) {
1062 			pgrp->pg_jobc++;
1063 			p->p_lflag &= ~PL_ORPHANPG;
1064 		} else if (--pgrp->pg_jobc == 0)
1065 			orphanpg(pgrp);
1066 	}
1067 
1068 	/*
1069 	 * Check this process' children to see whether they qualify
1070 	 * their process groups; if so, adjust counts for children's
1071 	 * process groups.
1072 	 */
1073 	LIST_FOREACH(child, &p->p_children, p_sibling) {
1074 		hispgrp = child->p_pgrp;
1075 		if (hispgrp != pgrp && hispgrp->pg_session == mysession &&
1076 		    !P_ZOMBIE(child)) {
1077 			if (entering) {
1078 				child->p_lflag &= ~PL_ORPHANPG;
1079 				hispgrp->pg_jobc++;
1080 			} else if (--hispgrp->pg_jobc == 0)
1081 				orphanpg(hispgrp);
1082 		}
1083 	}
1084 }
1085 
1086 /*
1087  * A process group has become orphaned;
1088  * if there are any stopped processes in the group,
1089  * hang-up all process in that group.
1090  *
1091  * Call with proc_lock held.
1092  */
1093 static void
1094 orphanpg(struct pgrp *pg)
1095 {
1096 	struct proc *p;
1097 
1098 	KASSERT(mutex_owned(proc_lock));
1099 
1100 	LIST_FOREACH(p, &pg->pg_members, p_pglist) {
1101 		if (p->p_stat == SSTOP) {
1102 			p->p_lflag |= PL_ORPHANPG;
1103 			psignal(p, SIGHUP);
1104 			psignal(p, SIGCONT);
1105 		}
1106 	}
1107 }
1108 
1109 #ifdef DDB
1110 #include <ddb/db_output.h>
1111 void pidtbl_dump(void);
1112 void
1113 pidtbl_dump(void)
1114 {
1115 	struct pid_table *pt;
1116 	struct proc *p;
1117 	struct pgrp *pgrp;
1118 	int id;
1119 
1120 	db_printf("pid table %p size %x, next %x, last %x\n",
1121 		pid_table, pid_tbl_mask+1,
1122 		next_free_pt, last_free_pt);
1123 	for (pt = pid_table, id = 0; id <= pid_tbl_mask; id++, pt++) {
1124 		p = pt->pt_proc;
1125 		if (!P_VALID(p) && !pt->pt_pgrp)
1126 			continue;
1127 		db_printf("  id %x: ", id);
1128 		if (P_VALID(p))
1129 			db_printf("slotpid %d proc %p id %d (0x%x) %s\n",
1130 				pt->pt_pid, p, p->p_pid, p->p_pid, p->p_comm);
1131 		else
1132 			db_printf("next %x use %x\n",
1133 				P_NEXT(p) & pid_tbl_mask,
1134 				P_NEXT(p) & ~pid_tbl_mask);
1135 		if ((pgrp = pt->pt_pgrp)) {
1136 			db_printf("\tsession %p, sid %d, count %d, login %s\n",
1137 			    pgrp->pg_session, pgrp->pg_session->s_sid,
1138 			    pgrp->pg_session->s_count,
1139 			    pgrp->pg_session->s_login);
1140 			db_printf("\tpgrp %p, pg_id %d, pg_jobc %d, members %p\n",
1141 			    pgrp, pgrp->pg_id, pgrp->pg_jobc,
1142 			    LIST_FIRST(&pgrp->pg_members));
1143 			LIST_FOREACH(p, &pgrp->pg_members, p_pglist) {
1144 				db_printf("\t\tpid %d addr %p pgrp %p %s\n",
1145 				    p->p_pid, p, p->p_pgrp, p->p_comm);
1146 			}
1147 		}
1148 	}
1149 }
1150 #endif /* DDB */
1151 
1152 #ifdef KSTACK_CHECK_MAGIC
1153 
1154 #define	KSTACK_MAGIC	0xdeadbeaf
1155 
1156 /* XXX should be per process basis? */
1157 static int	kstackleftmin = KSTACK_SIZE;
1158 static int	kstackleftthres = KSTACK_SIZE / 8;
1159 
1160 void
1161 kstack_setup_magic(const struct lwp *l)
1162 {
1163 	uint32_t *ip;
1164 	uint32_t const *end;
1165 
1166 	KASSERT(l != NULL);
1167 	KASSERT(l != &lwp0);
1168 
1169 	/*
1170 	 * fill all the stack with magic number
1171 	 * so that later modification on it can be detected.
1172 	 */
1173 	ip = (uint32_t *)KSTACK_LOWEST_ADDR(l);
1174 	end = (uint32_t *)((char *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE);
1175 	for (; ip < end; ip++) {
1176 		*ip = KSTACK_MAGIC;
1177 	}
1178 }
1179 
1180 void
1181 kstack_check_magic(const struct lwp *l)
1182 {
1183 	uint32_t const *ip, *end;
1184 	int stackleft;
1185 
1186 	KASSERT(l != NULL);
1187 
1188 	/* don't check proc0 */ /*XXX*/
1189 	if (l == &lwp0)
1190 		return;
1191 
1192 #ifdef __MACHINE_STACK_GROWS_UP
1193 	/* stack grows upwards (eg. hppa) */
1194 	ip = (uint32_t *)((void *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE);
1195 	end = (uint32_t *)KSTACK_LOWEST_ADDR(l);
1196 	for (ip--; ip >= end; ip--)
1197 		if (*ip != KSTACK_MAGIC)
1198 			break;
1199 
1200 	stackleft = (void *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE - (void *)ip;
1201 #else /* __MACHINE_STACK_GROWS_UP */
1202 	/* stack grows downwards (eg. i386) */
1203 	ip = (uint32_t *)KSTACK_LOWEST_ADDR(l);
1204 	end = (uint32_t *)((char *)KSTACK_LOWEST_ADDR(l) + KSTACK_SIZE);
1205 	for (; ip < end; ip++)
1206 		if (*ip != KSTACK_MAGIC)
1207 			break;
1208 
1209 	stackleft = ((const char *)ip) - (const char *)KSTACK_LOWEST_ADDR(l);
1210 #endif /* __MACHINE_STACK_GROWS_UP */
1211 
1212 	if (kstackleftmin > stackleft) {
1213 		kstackleftmin = stackleft;
1214 		if (stackleft < kstackleftthres)
1215 			printf("warning: kernel stack left %d bytes"
1216 			    "(pid %u:lid %u)\n", stackleft,
1217 			    (u_int)l->l_proc->p_pid, (u_int)l->l_lid);
1218 	}
1219 
1220 	if (stackleft <= 0) {
1221 		panic("magic on the top of kernel stack changed for "
1222 		    "pid %u, lid %u: maybe kernel stack overflow",
1223 		    (u_int)l->l_proc->p_pid, (u_int)l->l_lid);
1224 	}
1225 }
1226 #endif /* KSTACK_CHECK_MAGIC */
1227 
1228 int
1229 proclist_foreach_call(struct proclist *list,
1230     int (*callback)(struct proc *, void *arg), void *arg)
1231 {
1232 	struct proc marker;
1233 	struct proc *p;
1234 	int ret = 0;
1235 
1236 	marker.p_flag = PK_MARKER;
1237 	mutex_enter(proc_lock);
1238 	for (p = LIST_FIRST(list); ret == 0 && p != NULL;) {
1239 		if (p->p_flag & PK_MARKER) {
1240 			p = LIST_NEXT(p, p_list);
1241 			continue;
1242 		}
1243 		LIST_INSERT_AFTER(p, &marker, p_list);
1244 		ret = (*callback)(p, arg);
1245 		KASSERT(mutex_owned(proc_lock));
1246 		p = LIST_NEXT(&marker, p_list);
1247 		LIST_REMOVE(&marker, p_list);
1248 	}
1249 	mutex_exit(proc_lock);
1250 
1251 	return ret;
1252 }
1253 
1254 int
1255 proc_vmspace_getref(struct proc *p, struct vmspace **vm)
1256 {
1257 
1258 	/* XXXCDC: how should locking work here? */
1259 
1260 	/* curproc exception is for coredump. */
1261 
1262 	if ((p != curproc && (p->p_sflag & PS_WEXIT) != 0) ||
1263 	    (p->p_vmspace->vm_refcnt < 1)) { /* XXX */
1264 		return EFAULT;
1265 	}
1266 
1267 	uvmspace_addref(p->p_vmspace);
1268 	*vm = p->p_vmspace;
1269 
1270 	return 0;
1271 }
1272 
1273 /*
1274  * Acquire a write lock on the process credential.
1275  */
1276 void
1277 proc_crmod_enter(void)
1278 {
1279 	struct lwp *l = curlwp;
1280 	struct proc *p = l->l_proc;
1281 	struct plimit *lim;
1282 	kauth_cred_t oc;
1283 	char *cn;
1284 
1285 	/* Reset what needs to be reset in plimit. */
1286 	if (p->p_limit->pl_corename != defcorename) {
1287 		lim_privatise(p, false);
1288 		lim = p->p_limit;
1289 		mutex_enter(&lim->pl_lock);
1290 		cn = lim->pl_corename;
1291 		lim->pl_corename = defcorename;
1292 		mutex_exit(&lim->pl_lock);
1293 		if (cn != defcorename)
1294 			free(cn, M_TEMP);
1295 	}
1296 
1297 	mutex_enter(p->p_lock);
1298 
1299 	/* Ensure the LWP cached credentials are up to date. */
1300 	if ((oc = l->l_cred) != p->p_cred) {
1301 		kauth_cred_hold(p->p_cred);
1302 		l->l_cred = p->p_cred;
1303 		kauth_cred_free(oc);
1304 	}
1305 
1306 }
1307 
1308 /*
1309  * Set in a new process credential, and drop the write lock.  The credential
1310  * must have a reference already.  Optionally, free a no-longer required
1311  * credential.  The scheduler also needs to inspect p_cred, so we also
1312  * briefly acquire the sched state mutex.
1313  */
1314 void
1315 proc_crmod_leave(kauth_cred_t scred, kauth_cred_t fcred, bool sugid)
1316 {
1317 	struct lwp *l = curlwp, *l2;
1318 	struct proc *p = l->l_proc;
1319 	kauth_cred_t oc;
1320 
1321 	KASSERT(mutex_owned(p->p_lock));
1322 
1323 	/* Is there a new credential to set in? */
1324 	if (scred != NULL) {
1325 		p->p_cred = scred;
1326 		LIST_FOREACH(l2, &p->p_lwps, l_sibling) {
1327 			if (l2 != l)
1328 				l2->l_prflag |= LPR_CRMOD;
1329 		}
1330 
1331 		/* Ensure the LWP cached credentials are up to date. */
1332 		if ((oc = l->l_cred) != scred) {
1333 			kauth_cred_hold(scred);
1334 			l->l_cred = scred;
1335 		}
1336 	} else
1337 		oc = NULL;	/* XXXgcc */
1338 
1339 	if (sugid) {
1340 		/*
1341 		 * Mark process as having changed credentials, stops
1342 		 * tracing etc.
1343 		 */
1344 		p->p_flag |= PK_SUGID;
1345 	}
1346 
1347 	mutex_exit(p->p_lock);
1348 
1349 	/* If there is a credential to be released, free it now. */
1350 	if (fcred != NULL) {
1351 		KASSERT(scred != NULL);
1352 		kauth_cred_free(fcred);
1353 		if (oc != scred)
1354 			kauth_cred_free(oc);
1355 	}
1356 }
1357 
1358 /*
1359  * proc_specific_key_create --
1360  *	Create a key for subsystem proc-specific data.
1361  */
1362 int
1363 proc_specific_key_create(specificdata_key_t *keyp, specificdata_dtor_t dtor)
1364 {
1365 
1366 	return (specificdata_key_create(proc_specificdata_domain, keyp, dtor));
1367 }
1368 
1369 /*
1370  * proc_specific_key_delete --
1371  *	Delete a key for subsystem proc-specific data.
1372  */
1373 void
1374 proc_specific_key_delete(specificdata_key_t key)
1375 {
1376 
1377 	specificdata_key_delete(proc_specificdata_domain, key);
1378 }
1379 
1380 /*
1381  * proc_initspecific --
1382  *	Initialize a proc's specificdata container.
1383  */
1384 void
1385 proc_initspecific(struct proc *p)
1386 {
1387 	int error;
1388 
1389 	error = specificdata_init(proc_specificdata_domain, &p->p_specdataref);
1390 	KASSERT(error == 0);
1391 }
1392 
1393 /*
1394  * proc_finispecific --
1395  *	Finalize a proc's specificdata container.
1396  */
1397 void
1398 proc_finispecific(struct proc *p)
1399 {
1400 
1401 	specificdata_fini(proc_specificdata_domain, &p->p_specdataref);
1402 }
1403 
1404 /*
1405  * proc_getspecific --
1406  *	Return proc-specific data corresponding to the specified key.
1407  */
1408 void *
1409 proc_getspecific(struct proc *p, specificdata_key_t key)
1410 {
1411 
1412 	return (specificdata_getspecific(proc_specificdata_domain,
1413 					 &p->p_specdataref, key));
1414 }
1415 
1416 /*
1417  * proc_setspecific --
1418  *	Set proc-specific data corresponding to the specified key.
1419  */
1420 void
1421 proc_setspecific(struct proc *p, specificdata_key_t key, void *data)
1422 {
1423 
1424 	specificdata_setspecific(proc_specificdata_domain,
1425 				 &p->p_specdataref, key, data);
1426 }
1427 
1428 int
1429 proc_uidmatch(kauth_cred_t cred, kauth_cred_t target)
1430 {
1431 	int r = 0;
1432 
1433 	if (kauth_cred_getuid(cred) != kauth_cred_getuid(target) ||
1434 	    kauth_cred_getuid(cred) != kauth_cred_getsvuid(target)) {
1435 		/*
1436 		 * suid proc of ours or proc not ours
1437 		 */
1438 		r = EPERM;
1439 	} else if (kauth_cred_getgid(target) != kauth_cred_getsvgid(target)) {
1440 		/*
1441 		 * sgid proc has sgid back to us temporarily
1442 		 */
1443 		r = EPERM;
1444 	} else {
1445 		/*
1446 		 * our rgid must be in target's group list (ie,
1447 		 * sub-processes started by a sgid process)
1448 		 */
1449 		int ismember = 0;
1450 
1451 		if (kauth_cred_ismember_gid(cred,
1452 		    kauth_cred_getgid(target), &ismember) != 0 ||
1453 		    !ismember)
1454 			r = EPERM;
1455 	}
1456 
1457 	return (r);
1458 }
1459