summaryrefslogtreecommitdiffstats
path: root/usr.bin/kdump
Commit message (Collapse)AuthorAgeFilesLines
* MFC r291330:bdrewery2015-12-041-2/+1
| | | | Replace DPSRCS that work fine in SRCS.
* MFC r284289,r288267:bdrewery2015-12-041-1/+1
| | | | | | | r284289: Misc fixes from projects/bmake r288267: Remove redundant .NOPATH.
* MFH (r277695): allow tracing dlfunc() / dlsym() eventsdes2015-06-301-0/+9
|
* Merge an applicable subset of r263234 from HEAD to stable/10:rwatson2015-03-192-4/+4
| | | | | | | | | | | | | Update most userspace consumers of capability.h to use capsicum.h instead. auditdistd is not updated as I will make the change upstream and then do a vendor import sometime in the next week or two. Note that a significant fraction does not apply, as FreeBSD 10 doesn't contain a Capsicumised ping, casperd, libcasper, etc. When these features are merged, the capsicum.h change will need to be merged with them. Sponsored by: Google, Inc.
* MFC r278857:pluknet2015-02-231-1/+1
| | | | | | kdump: sendfile(2) "flags" argument needs casting on 64-bit platforms. Sponsored by: Nginx, Inc.
* MFC r273048 by jhb:dchagin2015-01-132-33/+41
| | | | | | | | Fix most of the warnings in kdump(1). r276758: Eliminate new clang warnings.
* MFC 273053:jhb2014-12-162-0/+81
| | | | | Decode the arguments passed to _umtx_op(). In particular, decode the opcode.
* MFC r269408, r269409:rpaulo2014-08-081-0/+8
| | | | shm_open()/shm_unlink() ktrace support.
* MFC r263879:bdrewery2014-04-112-11/+30
| | | | Add `-S' to display syscall numbers in the output as well.
* Bulk sync of pf changes from head, in attempt to fixup broken build Iglebius2014-03-122-1/+11
| | | | | | | | | made in r263029. Merge r257186,257215,257349,259736,261797. These changesets split pfvar.h into several smaller headers and make userland utilities to include only some of them.
* When displaying a struct stat, if the -r option was not specified,des2013-10-071-4/+9
| | | | | | | display the numeric rather than symbolic representation of st_mode. Approved by: re (glebius) MFC after: 1 week
* Extend the support for exempting processes from being killed when swap isjhb2013-09-192-0/+14
| | | | | | | | | | | | | | | | | | | | | | exhausted. - Add a new protect(1) command that can be used to set or revoke protection from arbitrary processes. Similar to ktrace it can apply a change to all existing descendants of a process as well as future descendants. - Add a new procctl(2) system call that provides a generic interface for control operations on processes (as opposed to the debugger-specific operations provided by ptrace(2)). procctl(2) uses a combination of idtype_t and an id to identify the set of processes on which to operate similar to wait6(). - Add a PROC_SPROTECT control operation to manage the protection status of a set of processes. MADV_PROTECT still works for backwards compatability. - Add a p_flag2 to struct proc (and a corresponding ki_flag2 to kinfo_proc) the first bit of which is used to track if P_PROTECT should be inherited by new child processes. Reviewed by: kib, jilles (earlier version) Approved by: re (delphij) MFC after: 1 month
* - Decode the idtype argument passed to wait6() in kdump and truss.jhb2013-09-122-2/+87
| | | | | | | | | | - Don't treat an options argument of 0 to wait4() as an error in kdump. - Decode the wait options passed to wait4() and wait6() in truss and decode the returned rusage and exit status. Approved by: re (kib) MFC after: 1 week
* Add a mmap flag (MAP_32BIT) on 64-bit platforms to request that a mapping usejhb2013-09-091-0/+4
| | | | | | | | | | | | | an address in the first 2GB of the process's address space. This flag should have the same semantics as the same flag on Linux. To facilitate this, add a new parameter to vm_map_find() that specifies an optional maximum virtual address. While here, fix several callers of vm_map_find() to use a VMFS_* constant for the findspace argument instead of TRUE and FALSE. Reviewed by: alc Approved by: re (kib)
* Change the cap_rights_t type from uint64_t to a structure that we can extendpjd2013-09-052-43/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | in the future in a backward compatible (API and ABI) way. The cap_rights_t represents capability rights. We used to use one bit to represent one right, but we are running out of spare bits. Currently the new structure provides place for 114 rights (so 50 more than the previous cap_rights_t), but it is possible to grow the structure to hold at least 285 rights, although we can make it even larger if 285 rights won't be enough. The structure definition looks like this: struct cap_rights { uint64_t cr_rights[CAP_RIGHTS_VERSION + 2]; }; The initial CAP_RIGHTS_VERSION is 0. The top two bits in the first element of the cr_rights[] array contain total number of elements in the array - 2. This means if those two bits are equal to 0, we have 2 array elements. The top two bits in all remaining array elements should be 0. The next five bits in all array elements contain array index. Only one bit is used and bit position in this five-bits range defines array index. This means there can be at most five array elements in the future. To define new right the CAPRIGHT() macro must be used. The macro takes two arguments - an array index and a bit to set, eg. #define CAP_PDKILL CAPRIGHT(1, 0x0000000000000800ULL) We still support aliases that combine few rights, but the rights have to belong to the same array element, eg: #define CAP_LOOKUP CAPRIGHT(0, 0x0000000000000400ULL) #define CAP_FCHMOD CAPRIGHT(0, 0x0000000000002000ULL) #define CAP_FCHMODAT (CAP_FCHMOD | CAP_LOOKUP) There is new API to manage the new cap_rights_t structure: cap_rights_t *cap_rights_init(cap_rights_t *rights, ...); void cap_rights_set(cap_rights_t *rights, ...); void cap_rights_clear(cap_rights_t *rights, ...); bool cap_rights_is_set(const cap_rights_t *rights, ...); bool cap_rights_is_valid(const cap_rights_t *rights); void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src); void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src); bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little); Capability rights to the cap_rights_init(), cap_rights_set(), cap_rights_clear() and cap_rights_is_set() functions are provided by separating them with commas, eg: cap_rights_t rights; cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT); There is no need to terminate the list of rights, as those functions are actually macros that take care of the termination, eg: #define cap_rights_set(rights, ...) \ __cap_rights_set((rights), __VA_ARGS__, 0ULL) void __cap_rights_set(cap_rights_t *rights, ...); Thanks to using one bit as an array index we can assert in those functions that there are no two rights belonging to different array elements provided together. For example this is illegal and will be detected, because CAP_LOOKUP belongs to element 0 and CAP_PDKILL to element 1: cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL); Providing several rights that belongs to the same array's element this way is correct, but is not advised. It should only be used for aliases definition. This commit also breaks compatibility with some existing Capsicum system calls, but I see no other way to do that. This should be fine as Capsicum is still experimental and this change is not going to 9.x. Sponsored by: The FreeBSD Foundation
* kdump: Decode SOCK_CLOEXEC and SOCK_NONBLOCK in socket() and socketpair().jilles2013-08-262-2/+15
|
* Add new mmap(2) flags to permit applications to request specific virtualjhb2013-08-161-1/+34
| | | | | | | | | | | | | | | | | | | | | | | | | address alignment of mappings. - MAP_ALIGNED(n) requests a mapping aligned on a boundary of (1 << n). Requests for n >= number of bits in a pointer or less than the size of a page fail with EINVAL. This matches the API provided by NetBSD. - MAP_ALIGNED_SUPER is a special case of MAP_ALIGNED. It can be used to optimize the chances of using large pages. By default it will align the mapping on a large page boundary (the system is free to choose any large page size to align to that seems best for the mapping request). However, if the object being mapped is already using large pages, then it will align the virtual mapping to match the existing large pages in the object instead. - Internally, VMFS_ALIGNED_SPACE is now renamed to VMFS_SUPER_SPACE, and VMFS_ALIGNED_SPACE(n) is repurposed for specifying a specific alignment. MAP_ALIGNED(n) maps to using VMFS_ALIGNED_SPACE(n), while MAP_ALIGNED_SUPER maps to VMFS_SUPER_SPACE. - mmap() of a device object now uses VMFS_OPTIMAL_SPACE rather than explicitly using VMFS_SUPER_SPACE. All device objects are forced to use a specific color on creation, so VMFS_OPTIMAL_SPACE is effectively equivalent. Reviewed by: alc MFC after: 1 month
* kdump: Decode AT_FDCWD in first argument of bindat() and connectat().jilles2013-08-131-0/+2
|
* kdump: Improve decoding of various *at calls:jilles2013-08-132-0/+47
| | | | | * Write AT_FDCWD where appropriate. * Decode the remaining arguments of openat() etc like open() etc.
* - Make localtime(3) to work in sandbox.pjd2013-07-181-5/+28
| | | | - Move strerror(3) initialization to its own function.
* - Trim an unused and bogus Makefile for mount_smbfs.davide2013-06-281-0/+2
| | | | | | - Reconnect with some minor modifications, in particular now selsocket() internals are adapted to use sbintime units after recent'ish calloutng switch.
* Use getnameinfo(3) instead of inet_ntop(3) to make printable versions ofae2013-06-071-1/+3
| | | | | | | sockaddr_in6 structures. getnameinfo(3) does the same thing, but it is also able to represent a scope zone id as described in the RFC 4007. MFC after: 2 weeks
* If the -r option is given we cannot enter capability mode.pjd2013-05-301-2/+4
| | | | | | The option tells kdump to convert numeric UIDs and GIDs into user and group names plus to convert times and dates into locallized versions. This all needs opening various files at various occasions.
* MFp4 @229086:pjd2013-05-281-0/+50
| | | | | | | | | | | | | | | | | | | | | Make use of Capsicum to protect kdump(1), as it might be used to parse data from untrusted sources: - Sandbox kdump(1) using capability mode. - Limit stdin descriptor (where opened file is moved to) to only CAP_READ and CAP_FSTAT rights. - Limit stdout descriptor to only CAP_WRITE, CAP_FSTAT and CAP_IOCTL. Plus limit allowed ioctls to TIOCGETA only, which is needed for isatty() to work. - Limit stderr descriptor to only CAP_WRITE and CAP_FSTAT. In addition if the -s option is not given, grant CAP_IOCTL right, but allow for TIOCGWINSZ ioctl only, as we need screen width to dump the data. - Before entering capability mode call catopen("libc", NL_CAT_LOCALE), which opens message catalogs and caches data, so that strerror(3) and strsignal(3) can work in a sandbox. Sponsored by: The FreeBSD Foundation Discussed with: rwatson
* MFp4 @229085:pjd2013-05-281-5/+5
| | | | | | | Rearrange the code so we don't call ioctl(TIOCGWINSZ) if the -s option is given, as the result won't be used then. Sponsored by: The FreeBSD Foundation
* Merge Capsicum overhaul:pjd2013-03-022-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Capability is no longer separate descriptor type. Now every descriptor has set of its own capability rights. - The cap_new(2) system call is left, but it is no longer documented and should not be used in new code. - The new syscall cap_rights_limit(2) should be used instead of cap_new(2), which limits capability rights of the given descriptor without creating a new one. - The cap_getrights(2) syscall is renamed to cap_rights_get(2). - If CAP_IOCTL capability right is present we can further reduce allowed ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed ioctls can be retrived with cap_ioctls_get(2) syscall. - If CAP_FCNTL capability right is present we can further reduce fcntls that can be used with the new cap_fcntls_limit(2) syscall and retrive them with cap_fcntls_get(2). - To support ioctl and fcntl white-listing the filedesc structure was heavly modified. - The audit subsystem, kdump and procstat tools were updated to recognize new syscalls. - Capability rights were revised and eventhough I tried hard to provide backward API and ABI compatibility there are some incompatible changes that are described in detail below: CAP_CREATE old behaviour: - Allow for openat(2)+O_CREAT. - Allow for linkat(2). - Allow for symlinkat(2). CAP_CREATE new behaviour: - Allow for openat(2)+O_CREAT. Added CAP_LINKAT: - Allow for linkat(2). ABI: Reuses CAP_RMDIR bit. - Allow to be target for renameat(2). Added CAP_SYMLINKAT: - Allow for symlinkat(2). Removed CAP_DELETE. Old behaviour: - Allow for unlinkat(2) when removing non-directory object. - Allow to be source for renameat(2). Removed CAP_RMDIR. Old behaviour: - Allow for unlinkat(2) when removing directory. Added CAP_RENAMEAT: - Required for source directory for the renameat(2) syscall. Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR): - Allow for unlinkat(2) on any object. - Required if target of renameat(2) exists and will be removed by this call. Removed CAP_MAPEXEC. CAP_MMAP old behaviour: - Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and PROT_WRITE. CAP_MMAP new behaviour: - Allow for mmap(2)+PROT_NONE. Added CAP_MMAP_R: - Allow for mmap(PROT_READ). Added CAP_MMAP_W: - Allow for mmap(PROT_WRITE). Added CAP_MMAP_X: - Allow for mmap(PROT_EXEC). Added CAP_MMAP_RW: - Allow for mmap(PROT_READ | PROT_WRITE). Added CAP_MMAP_RX: - Allow for mmap(PROT_READ | PROT_EXEC). Added CAP_MMAP_WX: - Allow for mmap(PROT_WRITE | PROT_EXEC). Added CAP_MMAP_RWX: - Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC). Renamed CAP_MKDIR to CAP_MKDIRAT. Renamed CAP_MKFIFO to CAP_MKFIFOAT. Renamed CAP_MKNODE to CAP_MKNODEAT. CAP_READ old behaviour: - Allow pread(2). - Disallow read(2), readv(2) (if there is no CAP_SEEK). CAP_READ new behaviour: - Allow read(2), readv(2). - Disallow pread(2) (CAP_SEEK was also required). CAP_WRITE old behaviour: - Allow pwrite(2). - Disallow write(2), writev(2) (if there is no CAP_SEEK). CAP_WRITE new behaviour: - Allow write(2), writev(2). - Disallow pwrite(2) (CAP_SEEK was also required). Added convinient defines: #define CAP_PREAD (CAP_SEEK | CAP_READ) #define CAP_PWRITE (CAP_SEEK | CAP_WRITE) #define CAP_MMAP_R (CAP_MMAP | CAP_SEEK | CAP_READ) #define CAP_MMAP_W (CAP_MMAP | CAP_SEEK | CAP_WRITE) #define CAP_MMAP_X (CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL) #define CAP_MMAP_RW (CAP_MMAP_R | CAP_MMAP_W) #define CAP_MMAP_RX (CAP_MMAP_R | CAP_MMAP_X) #define CAP_MMAP_WX (CAP_MMAP_W | CAP_MMAP_X) #define CAP_MMAP_RWX (CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X) #define CAP_RECV CAP_READ #define CAP_SEND CAP_WRITE #define CAP_SOCK_CLIENT \ (CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \ CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN) #define CAP_SOCK_SERVER \ (CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \ CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \ CAP_SETSOCKOPT | CAP_SHUTDOWN) Added defines for backward API compatibility: #define CAP_MAPEXEC CAP_MMAP_X #define CAP_DELETE CAP_UNLINKAT #define CAP_MKDIR CAP_MKDIRAT #define CAP_RMDIR CAP_UNLINKAT #define CAP_MKFIFO CAP_MKFIFOAT #define CAP_MKNOD CAP_MKNODAT #define CAP_SOCK_ALL (CAP_SOCK_CLIENT | CAP_SOCK_SERVER) Sponsored by: The FreeBSD Foundation Reviewed by: Christoph Mallon <christoph.mallon@gmx.de> Many aspects discussed with: rwatson, benl, jonathan ABI compatibility discussed with: kib
* - Make actually printing path of AF_LOCAL socket types.zont2013-02-121-3/+1
| | | | MFC after: 1 week
* - Use correct size of copying different socket structures.zont2013-02-121-5/+5
| | | | MFC after: 1 week
* o Bring in sync decoding the first nfssvc(2) parameter (flags) withpluknet2013-02-121-1/+1
| | | | | | | the current definitions location. o Respect numbers in NFSSVC_* (e.g. NFSSVC_V4ROOTEXPORT). MFC after: 1 week
* kdump: Also decode fcntl commands containing underscores and digits.jilles2012-11-021-1/+1
| | | | | The commands F_SETLK_REMOTE, F_DUPFD_CLOEXEC and F_DUP2FD_CLOEXEC were not decoded.
* Disconnect non-MPSAFE SMBFS from the build in preparation for droppingattilio2012-10-181-2/+0
| | | | | | | | | | | | | GIANT from VFS. In addition, disconnect also netsmb, which is a base requirement for SMBFS. In the while SMBFS regular users can use FUSE interface and smbnetfs port to work with their SMBFS partitions. Also, there are ongoing efforts by vendor to support in-kernel smbfs, so there are good chances that it will get relinked once properly locked. This is not targeted for MFC.
* kdump: Pretty-print signal codes.jilles2012-09-222-5/+57
| | | | MFC after: 1 week
* Allow the -p argument to kdump to accept either a PID or a thread ID.jhb2012-06-042-5/+7
| | | | | Submitted by: Dmitry Banschikov d.banschikov hostcomm ru MFC after: 1 week
* MFprojects/zfsd:mav2012-05-241-0/+2
| | | | | | | | | | | Revamp the CAM enclosure services driver. This updated driver uses an in-kernel daemon to track state changes and publishes physical path location information\for disk elements into the CAM device database. Sponsored by: Spectra Logic Corporation Sponsored by: iXsystems, Inc. Submitted by: gibbs, will, mav
* Include the associated wait channel message for context switch ktracejhb2012-04-202-4/+15
| | | | | | | records. kdump supports both the old and new messages. Submitted by: Andrey Zonov andrey zonov org MFC after: 1 week
* In kdump's mkioctls script, use '${CPP}' instead of hardcodedly usingdim2012-04-092-2/+2
| | | | | | | 'gcc -E'. This fixes building when WITH_CLANG_IS_CC is in effect. Report by: Niclas Zeising <zeising@daemonic.se> MFC after: 1 week
* Add new ktrace records for the start and end of VM faults. This givesjhb2012-04-053-1/+59
| | | | | | | | | | a pair of records similar to syscall entry and return that a user can use to determine how long page faults take. The new ktrace records are enabled via the 'p' trace type, and are enabled in the default set of trace points. Reviewed by: kib MFC after: 2 weeks
* Fix style in previous commit.jhb2012-02-241-3/+3
| | | | Submitted by: bde
* Pretty-print the advice constants passed to posix_fadvise(2).jhb2012-02-232-0/+10
| | | | MFC after: 2 weeks
* It turns out that truss also used kdump's mkioctls script, and expecteddes2011-10-212-18/+35
| | | | | | | | | | | | ioctlname() to return a pointer to the name rather than print it. This did not show up in testing because truss had its own prototype for ioctlname(), so it would build fine and run fine as long as the program being traced did not issue an ioctl. Teach mkioctls to generate different versions of ioctlname() based on its first command-line argument. Pointed out by: Garrett Cooper <yanegomi@gmail.com>
* Fix copy-pasto in CAPFAIL_INCREASE case.des2011-10-181-2/+2
| | | | Noticed by: pjd
* Revisit the capability failure trace points. The initial implementationdes2011-10-181-4/+30
| | | | | | | | only logged instances where an operation on a file descriptor required capabilities which the file descriptor did not have. By adding a type enum to struct ktr_cap_fail, we can catch other types of capability failures as well, such as disallowed system calls or attempts to wrap a file descriptor with more capabilities than it had to begin with.
* Clean up mkioctls a bit, and fix cross-building by checking ${MACHINE}des2011-10-132-5/+7
| | | | | | instead of $(uname -m). Pointed out by: nyan@
* Make kdump compile cleanly at WARNS level 6, with one exception: thedes2011-10-123-28/+44
| | | | | | | | | | ipfilter headers contain a duplicated function declaration. Turn off -Werror to allow kdump to compile in spite of this. It would be neat to be able to turn off -Werror on a file-by-file basis... PR: bin/161478 Submitted by: Garrett Cooper <yanegomi@gmail.com>
* Add a new trace point, KTRFAC_CAPFAIL, which traces capability checkdes2011-10-111-6/+43
| | | | failures. It is included in the default set for ktrace(1) and kdump(1).
* The previous commit did not fix the issue since it did not prevent signdes2011-10-111-8/+8
| | | | | | extension. Cast to u_register_t first, then to uintmax_t. Submitted by: bde@
* Cast to unsigned for %#jx.des2011-10-111-1/+1
| | | | Noticed by: jh@
* Address some of bde@'s concerns with the new code.des2011-10-081-72/+71
|
* Teach kdump(1) to decode capability bitmasks.des2011-10-082-0/+9
| | | | MFC after: 3 weeks
* Fix the dependency issue properly by a) moving kdump_subr.c to the frontdes2011-10-081-6/+2
| | | | of the SRCS list and b) listing kdump_subr.h in DPSRCS.
OpenPOWER on IntegriCloud