| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
|
|
|
|
| |
family. Minor wording corrections.
Based on the suggestions by bde.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
This also follows r124335-r124336, r225827.
PR: 191382
MFC after: 1 week
Sponsored by: Nginx, Inc.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o Document PF_LOCAL as being an alias for PF_UNIX
o Document POSIX standardization of this interface using AF_*
constants rather than PF_* constants, and note the three particular
families which POSIX standardizes.
o Note anticipated POSIX standardization of SOCK_CLOEXEC.
o Delete from listing protocol families that FreeBSD doesn't support
(in some cases, like PF_PUP, has never supported).
o Add to listing some current protocol families that have been
introduced in the last decade or so.
o Document the correspondence of PF_* and AF_* constants.
We should probably change the documentation to make the AF_* constants
primary, but this commit does not do so.
Reviewed by: kevlo@
MFC after: 1 month
|
| | |
|
| |
|
|
|
| |
PR: 191174
Submitted by: Franco Fichtner <franco at lastsummer.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
and prevents the request from deleting existing mappings in the
region, failing instead.
Reviewed by: alc
Discussed with: jhb
Tested by: markj, pho (previous version, as part of the bigger patch)
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
instead for now. Remove spurious blank line, use C89 definition, wrap
long line.
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
| |
Submitted by: hrs
Approved by: hrs (mentor, implicit)
|
| |
|
|
|
|
|
|
|
| |
vm.max_wired is a system-wide limit, not per-process. Reword the
section to make this more clear.
PR: docs/189214
Submitted by: Lawrence Chen (original text)
Approved by: hrs (mentor)
|
| |
|
|
|
|
|
|
|
|
|
| |
allowed range or when one or more pages are not mapped. This according to
The Open Group Base Specifications Issue 7.
Discussed with: attilio, Bruce Evans
Reviewed by: alc, Garrett Cooper
Reported by: ATF
MFC after: 2 weeks
Sponsored by: EMC / Isilon storage division
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kqueue(2) already supports EVFILT_PROC. Add an EVFILT_PROCDESC that
behaves the same, but operates on a procdesc(4) instead. Only implement
NOTE_EXIT for now. The nice thing about NOTE_EXIT is that it also
returns the exit status of the process, meaning that we can now obtain
this value, even if pdwait4(2) is still unimplemented.
Notes:
- Simply reuse EVFILT_NETDEV for EVFILT_PROCDESC. As both of these will
be used on totally different descriptor types, this should not clash.
- Let procdesc_kqops_event() reuse the same structure as filt_proc().
The only difference is that procdesc_kqops_event() should also be able
to deal with the case where the process was already terminated after
registration. Simply test this when hint == 0.
- Fix some style(9) issues in filt_proc() to keep it consistent with the
newly added procdesc_kqops_event().
- Save the exit status of the process in pd->pd_xstat, as we cannot pick
up the proctree_lock from within procdesc_kqops_event().
Discussed on: arch@
Reviewed by: kib@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The pdfork(2) man page states:
"pdfork() returns a PID, 0 or -1, as fork(2) does."
As it returns a PID, the return type should obviously be pid_t. As int
and pid_t have the same size on all architectures, this change does not
affect the ABI in any way.
|
| | |
|
| |
|
|
| |
MFC after: 3 weeks
|
| |
|
|
|
|
|
|
|
|
|
| |
if not already defined. This allows building libc from outside of
lib/libc using a reach-over makefile.
A typical use-case is to build a standard ILP32 version and a COMPAT32
version in a single iteration by building the COMPAT32 version using a
reach-over makefile.
Obtained from: Juniper Networks, Inc.
|
| |
|
|
|
| |
Noticed by: Geoffrey Thomas <gthomas@mokafive.com>
Approved by: hrs (mentor)
|
| |
|
|
|
|
| |
PR: 121173
Submitted by: Thomas Mueller <tmueller at sysgo.com>
MFC after: 1 week
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
|
| |
failure, same as posix_fallocate(2).
Noted by: Bob Bishop <rb@gid.co.uk>
Discussed with: bde
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
| |
Found by: make manlint
|
| |
|
|
|
|
|
|
|
|
| |
without modifying errno.
Reported and tested by: Gennady Proskurin <gpr@mail.ru>
Reviewed by: mdf
PR: standards/186028
Sponsored by: The FreeBSD Foundation
MFC after: 1 week
|
| |
|
|
|
|
| |
This matches current POSIX standards and actual FreeBSD behavior.
MFC after: 1 week
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
| |
actually implements.
- Improve grammar: use more preferred "can", not "could".
Submitted by: jilles
|
| |
|
|
| |
MFC after: 3 days
|
| |
|
|
|
| |
Reviewed by: davidxu
MFC after: 1 week
|
| |
|
|
|
|
|
| |
As such, remove the EINVAL error saying so. Currently the vm.nswapdev sysctl
just represents the number of added swap devices.
MFC after: 1 week
|
| |
|
|
|
|
| |
While here, sort xrefs.
Reviewed by: jhb
|
| | |
|
| |
|
|
|
|
| |
PR: docs/183904
Submitted by: Michael Galassi <michaelgalassi@gmail.com>
Reviewed by: kib, wblock (earlier version)
|
| |
|
|
|
|
| |
S_ISTXT is non-standard.
While here, also update fchmodat() standards entry to POSIX.1-2008.
|
| |
|
|
| |
Userland should get these definitions by including <signal.h>.
|
| |
|
|
|
|
|
|
| |
requires process descriptors to work and having PROCDESC in GENERIC
seems not enough, especially that we hope to have more and more consumers
in the base.
MFC after: 3 days
|
| |
|
|
| |
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
family of functions and cap_rights_get(3) function.
- Update remaining Capsicum-related manual pages.
Reviewed by: bdrewery
MFC after: 3 days
|
| |
|
|
|
|
| |
this error condition in the kqueue(2) manual page.
Discussed with: kib
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
user. Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.
Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process. Limit
allows administrator to prevent the abuse.
This is kernel-mode side of the change, with the user-mode enabling
commit following.
Reported and tested by: pho
Discussed with: jmg
Sponsored by: The FreeBSD Foundation
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
|
|
| |
The accept(2) man page warns that O_NONBLOCK and other properties on the
new socket may vary across implementations. However, this issue only
applies to accept() and not to accept4(). On the other hand, accept4()
is not commonly available yet.
Reported by: pluknet
Reviewed by: bjk
Approved by: re (kib)
|
| |
|
|
| |
Approved by: re (blanket)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
exhausted.
- Add a new protect(1) command that can be used to set or revoke protection
from arbitrary processes. Similar to ktrace it can apply a change to all
existing descendants of a process as well as future descendants.
- Add a new procctl(2) system call that provides a generic interface for
control operations on processes (as opposed to the debugger-specific
operations provided by ptrace(2)). procctl(2) uses a combination of
idtype_t and an id to identify the set of processes on which to operate
similar to wait6().
- Add a PROC_SPROTECT control operation to manage the protection status
of a set of processes. MADV_PROTECT still works for backwards
compatability.
- Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc)
the first bit of which is used to track if P_PROTECT should be inherited
by new child processes.
Reviewed by: kib, jilles (earlier version)
Approved by: re (delphij)
MFC after: 1 month
|
| |
|
|
|
|
|
|
| |
used "fd", while these used "d" and "filedes".
MFC after: 1 week
Approved by: gjb
Approved by: re (delphij)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
an address in the first 2GB of the process's address space. This flag should
have the same semantics as the same flag on Linux.
To facilitate this, add a new parameter to vm_map_find() that specifies an
optional maximum virtual address. While here, fix several callers of
vm_map_find() to use a VMFS_* constant for the findspace argument instead of
TRUE and FALSE.
Reviewed by: alc
Approved by: re (kib)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
in the future in a backward compatible (API and ABI) way.
The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.
The structure definition looks like this:
struct cap_rights {
uint64_t cr_rights[CAP_RIGHTS_VERSION + 2];
};
The initial CAP_RIGHTS_VERSION is 0.
The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.
The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.
To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.
#define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL)
We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:
#define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL)
#define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL)
#define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP)
There is new API to manage the new cap_rights_t structure:
cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
void cap_rights_set(cap_rights_t *rights, ...);
void cap_rights_clear(cap_rights_t *rights, ...);
bool cap_rights_is_set(const cap_rights_t *rights, ...);
bool cap_rights_is_valid(const cap_rights_t *rights);
void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);
Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:
cap_rights_t rights;
cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);
There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:
#define cap_rights_set(rights, ...) \
__cap_rights_set((rights), __VA_ARGS__, 0ULL)
void __cap_rights_set(cap_rights_t *rights, ...);
Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:
cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);
Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.
This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.
Sponsored by: The FreeBSD Foundation
|
| |
|
|
|
| |
Suggested by: sbruno
MFC after: 3 days
|
