summaryrefslogtreecommitdiffstats
path: root/sys/kern/kern_ktrace.c
Commit message (Collapse)AuthorAgeFilesLines
* Add KTR, a facility that logs kernel events in order to to facilitatejasone2000-09-071-8/+8
| | | | | | | debugging. Acquired from: BSDi (BSD/OS) Submitted by: dfr, grog, jake, jhb
* o Centralize inter-process access control, introducing:rwatson2000-08-301-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | int p_can(p1, p2, operation, privused) which allows specification of subject process, object process, inter-process operation, and an optional call-by-reference privused flag, allowing the caller to determine if privilege was required for the call to succeed. This allows jail, kern.ps_showallprocs and regular credential-based interaction checks to occur in one block of code. Possible operations are P_CAN_SEE, P_CAN_SCHED, P_CAN_KILL, and P_CAN_DEBUG. p_can currently breaks out as a wrapper to a series of static function checks in kern_prot, which should not be invoked directly. o Commented out capabilities entries are included for some checks. o Update most inter-process authorization to make use of p_can() instead of manual checks, PRISON_CHECK(), P_TRESPASS(), and kern.ps_showallprocs. o Modify suser{,_xxx} to use const arguments, as it no longer modifies process flags due to the disabling of ASU. o Modify some checks/errors in procfs so that ENOENT is returned instead of ESRCH, further improving concealment of processes that should not be visible to other processes. Also introduce new access checks to improve hiding of processes for procfs_lookup(), procfs_getattr(), procfs_readdir(). Correct a bug reported by bp concerning not handling the CREATE case in procfs_lookup(). Remove volatile flag in procfs that caused apparently spurious qualifier warnigns (approved by bde). o Add comment noting that ktrace() has not been updated, as its access control checks are different from ptrace(), whereas they should probably be the same. Further discussion should happen on this topic. Reviewed by: bde, green, phk, freebsd-security, others Approved by: bde Obtained from: TrustedBSD Project
* Add snapshots to the fast filesystem. Most of the changes supportmckusick2000-07-111-1/+4
| | | | | | | | | | | | | | | | | | | | the gating of system calls that cause modifications to the underlying filesystem. The gating can be enabled by any filesystem that needs to consistently suspend operations by adding the vop_stdgetwritemount to their set of vnops. Once gating is enabled, the function vfs_write_suspend stops all new write operations to a filesystem, allows any filesystem modifying system calls already in progress to complete, then sync's the filesystem to disk and returns. The function vfs_write_resume allows the suspended write operations to begin again. Gating is not added by default for all filesystems as for SMP systems it adds two extra locks to such critical kernel paths as the write system call. Thus, gating should only be added as needed. Details on the use and current status of snapshots in FFS can be found in /sys/ufs/ffs/README.snapshot so for brevity and timelyness is not included here. Unless and until you create a snapshot file, these changes should have no effect on your system (famous last words).
* Change that &@!$# UIO_READ to be UIO_WRITE. I tested the ktrace stuff,green2000-07-071-1/+1
| | | | but somehow... pass the pointy hat, again!
* Move the truncation code out of vn_open and into the open system callmckusick2000-07-041-2/+3
| | | | | | | | | | after the acquisition of any advisory locks. This fix corrects a case in which a process tries to open a file with a non-blocking exclusive lock. Even if it fails to get the lock it would still truncate the file even though its open failed. With this change, the truncation is done only after the lock is successfully acquired. Obtained from: BSD/OS
* Modify ktrace's general I/O tracing, ktrgenio(), to use a struct uio *green2000-07-021-35/+29
| | | | | | | | | | | | | instead of a struct iovec * array and int len. Get rid of stupidly trying to allocate all of the memory and copyin()ing the entire iovec[], and instead just do the proper VOP_WRITE() in ktrwrite() using a copy of the struct uio that the syscall originally used. This solves the DoS which could easily be performed; to work around the DoS, one could also remove "options KTRACE" from the kernel. This is a very strong MFC candidate for 4.1. Found by: art@OpenBSD.org
* Remove unneeded #include <vm/vm_zone.h>phk2000-04-301-1/+0
| | | | Generated by: src/tools/tools/kerninclude
* Introduce NDFREE (and remove VOP_ABORTOP)eivind1999-12-151-0/+3
|
* This is a partial commit of the patch from PR 14914:phk1999-11-161-7/+7
| | | | | | | | | | | | | Alot of the code in sys/kern directly accesses the *Q_HEAD and *Q_ENTRY structures for list operations. This patch makes all list operations in sys/kern use the queue(3) macros, rather than directly accessing the *Q_{HEAD,ENTRY} structures. This batch of changes compile to the same object files. Reviewed by: phk Submitted by: Jake Burkholder <jake@checker.org> PR: 14914
* Fix style bug.marcel1999-10-041-1/+2
| | | | Submitted by: bde
* sigset_t change (part 2 of 5)marcel1999-09-291-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ----------------------------- The core of the signalling code has been rewritten to operate on the new sigset_t. No methodological changes have been made. Most references to a sigset_t object are through macros (see signalvar.h) to create a level of abstraction and to provide a basis for further improvements. The NSIG constant has not been changed to reflect the maximum number of signals possible. The reason is that it breaks programs (especially shells) which assume that all signals have a non-null name in sys_signame. See src/bin/sh/trap.c for an example. Instead _SIG_MAXSIG has been introduced to hold the maximum signal possible with the new sigset_t. struct sigprop has been moved from signalvar.h to kern_sig.c because a) it is only used there, and b) access must be done though function sigprop(). The latter because the table doesn't holds properties for all signals, but only for the first NSIG signals. signal.h has been reorganized to make reading easier and to add the new and/or modified structures. The "old" structures are moved to signalvar.h to prevent namespace polution. Especially the coda filesystem suffers from the change, because it contained lines like (p->p_sigmask == SIGIO), which is easy to do for integral types, but not for compound types. NOTE: kdump (and port linux_kdump) must be recompiled. Thanks to Garrett Wollman and Daniel Eischen for pressing the importance of changing sigreturn as well.
* Kill some spammage that seems to have gotten in through diffs from marcel'sgreen1999-09-211-3/+3
| | | | local tree (which happens to have some things we don't :)
* When bcopying the program name into the ktrace header, make sure we includemarcel1999-09-201-4/+4
| | | | | | the terminating zero by copying MAXCOMLEN + 1 bytes. This fixes the garbage that occasionally appeared behind the programname when it is at least MAXCOMLEN bytes long (such as communicator-4.61-bin).
* ktrace should not follow symlinks either.dima1999-08-301-2/+2
| | | | Suggested by: bde
* $Id$ -> $FreeBSD$peter1999-08-281-1/+1
|
* Make sure syscall arguments properly aligned in ktrace records.dt1999-06-161-6/+12
| | | | | | | Make syscall return value a register_t. Based on a patch from Hidetoshi Shimokawa. Mostly reviewed by: Hidetoshi Shimokawa and Bruce Evans.
* This Implements the mumbled about "Jail" feature.phk1999-04-281-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a seriously beefed up chroot kind of thing. The process is jailed along the same lines as a chroot does it, but with additional tough restrictions imposed on what the superuser can do. For all I know, it is safe to hand over the root bit inside a prison to the customer living in that prison, this is what it was developed for in fact: "real virtual servers". Each prison has an ip number associated with it, which all IP communications will be coerced to use and each prison has its own hostname. Needless to say, you need more RAM this way, but the advantage is that each customer can run their own particular version of apache and not stomp on the toes of their neighbors. It generally does what one would expect, but setting up a jail still takes a little knowledge. A few notes: I have no scripts for setting up a jail, don't ask me for them. The IP number should be an alias on one of the interfaces. mount a /proc in each jail, it will make ps more useable. /proc/<pid>/status tells the hostname of the prison for jailed processes. Quotas are only sensible if you have a mountpoint per prison. There are no privisions for stopping resource-hogging. Some "#ifdef INET" and similar may be missing (send patches!) If somebody wants to take it from here and develop it into more of a "virtual machine" they should be most welcome! Tools, comments, patches & documentation most welcome. Have fun... Sponsored by: http://www.rndassociates.com/ Run for almost a year by: http://www.servetheweb.com/
* In ktrwrite, use uio_procp = curproc vs 0rvb1998-12-101-2/+2
|
* add #include <sys/kernel.h> where it's needed by MALLOC_DEFINE()peter1998-11-101-1/+2
|
* Don't depend on "implicit int".bde1998-02-201-2/+2
|
* Don't include <sys/lock.h> in headers when only `struct simplelock' isbde1997-12-051-1/+2
| | | | required. Fixed everything that depended on the pollution.
* Move the "retval" (3rd) parameter from all syscall functions and putphk1997-11-061-5/+3
| | | | | | | | | | | | it in struct proc instead. This fixes a boatload of compiler warning, and removes a lot of cruft from the sources. I have not removed the /*ARGSUSED*/, they will require some looking at. libkvm, ps and other userland struct proc frobbing programs will need recompiled.
* Last major round (Unless Bruce thinks of somthing :-) of malloc changes.phk1997-10-121-2/+2
| | | | | | | | Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them. A couple of finer points by: bde
* Distribute and statizice a lot of the malloc M_* types.phk1997-10-111-1/+3
| | | | Substantial input from: bde
* Don't #include <sys/fcntl.h> in <sys/file.h> if KERNEL is defined.bde1997-03-231-2/+2
| | | | | Fixed everything that depended on getting fcntl.h stuff from the wrong place. Most things don't depend on file.h stuff at all.
* Back out part 1 of the MCFH that changed $Id$ to $FreeBSD$. We are notpeter1997-02-221-1/+1
| | | | ready for it yet.
* This is the kernel Lite/2 commit. There are some requisite userlanddyson1997-02-101-3/+3
| | | | | | | | | | | | | | | changes, so don't expect to be able to run the kernel as-is (very well) without the appropriate Lite/2 userland changes. The system boots and can mount UFS filesystems. Untested: ext2fs, msdosfs, NFS Known problems: Incorrect Berkeley ID strings in some files. Mount_std mounts will not work until the getfsent library routine is changed. Reviewed by: various people Submitted by: Jeffery Hsu <hsu@freebsd.org>
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-141-1/+1
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Remove the extra length field from the utrace entries. It's redundant.phk1996-09-221-9/+5
|
* Add the utrace(caddr_t addr,size_t len) syscall, that will store thephk1996-09-191-1/+40
| | | | | | | | data pointed at in a ktrace file, if this process is being ktrace'ed. I'm using this to profile malloc usage. The advantage is that there is no context around this call, ie, no open file or socket, so it will work in any process, and you can decide if you want it to collect data or not.
* Add separate kmalloc classes for BIO buffers and Ktrace info.phk1996-08-041-12/+12
|
* From Lite2: proc LIST changes.hsu1996-03-111-13/+9
| | | | Reviewed by: david & bde
* Converted two options over to the new scheme: USER_LDT and KTRACE.wollman1996-01-031-3/+10
|
* A Major staticize sweep. Generates a couple of warnings that I'll dealphk1995-12-141-7/+12
| | | | | | with later. A number of unused vars removed. A number of unused procs removed or #ifdefed.
* Completed function declarations and/or added prototypes.bde1995-12-021-1/+3
|
* Included <sys/sysproto.h> to get central declarations for syscall argsbde1995-11-121-1/+4
| | | | | | | | | | structs and prototypes for syscalls. Ifdefed duplicated decentralized declarations of args structs. It's convenient to have this visible but they are hard to maintain. Some are already different from the central declarations. 4.4lite2 puts them in comments in the function headers but I wanted to avoid the large changes for that.
* Remove trailing whitespace.rgrimes1995-05-301-9/+9
|
* All of this is cosmetic. prototypes, #includes, printfs and so on. Makesphk1994-10-021-4/+3
| | | | GCC a lot more silent.
* Fix up some sloppy coding practices:wollman1994-08-181-1/+2
| | | | | | | | | | | | - Delete redundant declarations. - Add -Wredundant-declarations to Makefile.i386 so they don't come back. - Delete sloppy COMMON-style declarations of uninitialized data in header files. - Add a few prototypes. - Clean up warnings resulting from the above. NB: ioconf.c will still generate a redundant-declaration warning, which is unavoidable unless somebody volunteers to make `config' smarter.
* Added $Id$dg1994-08-021-0/+1
|
* The big 4.4BSD Lite to FreeBSD 2.0.0 (Development) patch.rgrimes1994-05-251-0/+12
| | | | | Reviewed by: Rodney W. Grimes Submitted by: John Dyson and David Greenman
* BSD 4.4 Lite Kernel Sourcesrgrimes1994-05-241-0/+466
OpenPOWER on IntegriCloud