kern

Clone Tools
  • last updated a few seconds ago
Constraints
Constraints: committers
 
Constraints: files
Constraints: dates
When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

  1. … 2 more files in changeset.
When a process, such as jexec(8) or killall(1), calls jail_attach(2) to enter a jail, the jailed root can attach to it using ptrace(2) before the current working directory is changed.

  1. … 2 more files in changeset.
A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system.

Obtained from: FreeBSD

  1. … 1 more file in changeset.
A process running inside a jail can avoid being killed during jail termination. If a jail is subsequently started with the same root path, a lingering jailed process may be able to exploit the window during which a devfs filesystem is mounted but the jail's devfs ruleset has not been applied, to access device nodes which are ordinarily inaccessible. If the process is privileged, it may be able to escape the jail and gain full access to the system.

Obtained from: FreeBSD

  1. … 1 more file in changeset.
Callouts may be bound to a specific CPU, in which case that CPU is responsible for raising the timer interrupt which schedules execution of the callout.

A kernel thread may attempt to stop a callout while it is actively executing,

in which case the thread goes to sleep until execution has completed. In the

meantime the callout may be re-scheduled and re-executed on a different CPU.

In this scenario, when the sleeping thread finally completes removal of the

callout from some internal data structures, it may modify the wrong CPU's

data structures and thus leave them in an invalid state.

Obtained from: FreeBSD

Add a callout_func_t typedef for functions used with callout_*().

  1. … 2 more files in changeset.
getnextevent: put variable only used by KTR under ifdef KTR

Centralize compatability translation macros.

Copy the CP, PTRIN, etc macros from freebsd32.h into a sys/abi_compat.h

and replace existing definitation with includes where required. This

eliminates duplicate code and allows Linux and FreeBSD compatability

headers to be included in the same files.

Obtained from: CheriBSD

  1. … 10 more files in changeset.
Cast all ioctl command arguments through uint32_t internally.

ethersubr: Make the mac address generation more robust

If we create two (vnet) jails and create a bridge interface in each we end up

with the same mac address on both bridge interfaces.

These very often conflicts, resulting in same mac address in both jails.

Mitigate this problem by including the jail name in the mac address.

  1. … 2 more files in changeset.
|Remove bogus use of useracc() in (clock_)nanosleep. | |There's no point in pre-checking that we can access the user's rmtp |pointer before we do it in copyout(). | |While here, improve style(9) compliance.

Obtained from: FreeBSD

  1. … 1 more file in changeset.
use NULL for SYSINIT's last arg

  1. … 5 more files in changeset.
fix name

fix name

| kern_jail: missing \0 termination check on osrelease parameter | | If a user spplies a non-\0 terminated osrelease parameter reading it back | may disclose kernel memory. | This is a problem in case of nested jails (children.max > 0, which is not | the default). Otherwise root outside the jail has access to kernel memory | by other means and root inside a jail cannot create a child jail. | | Add the proper \0 check at the end of a supplied osrelease parameter and | make sure any copies of the field will be \0-terminated.

Fix build with INVARIANTS turned on.

sem_remove(): fix the loop that compacts sem array on semaphores removal.

sem_remove(): add some asserts.

Use designated initializers for seminfo.

consider changes to capabilities.conf

u_char -> vm_prot_t in a couple of places

  1. … 2 more files in changeset.
Provide O_SEARCH

O_SEARCH is defined by POSIX [0] to open a directory for searching, skipping

permissions checks on the directory itself after the initial open(). This is

close to the semantics we've historically applied for O_EXEC on a directory,

which is UB according to POSIX. Conveniently, O_SEARCH on a file is also

explicitly undefined behavior according to POSIX, so O_EXEC would be a fine

choice. The spec goes on to state that O_SEARCH and O_EXEC need not be

distinct values, but they're not defined to be the same value.

This was pointed out as an incompatibility with other systems that had made

its way into libarchive, which had assumed that O_EXEC was an alias for

O_SEARCH.

This defines compatibility O_SEARCH/FSEARCH (equivalent to O_EXEC and FEXEC

respectively) and expands our UB for O_EXEC on a directory. O_EXEC on a

directory is checked in vn_open_vnode already, so for completeness we add a

NOEXECCHECK when O_SEARCH has been specified on the top-level fd and do not

re-check that when descending in namei.

  1. … 9 more files in changeset.
Generally, it's preferred that an application fork/setsid if it doesn't want to keep its controlling TTY, but it could be that a debugger is trying to steal it instead -- so it would hook in, drop the controlling TTY, then do some magic to set things up again. In this case, TIOCNOTTY is quite handy and still respected by at least OpenBSD, NetBSD, and Linux as far as I can tell.

I've dropped the note about obsoletion, as I intend to support TIOCNOTTY as

long as it doesn't impose a major burden.

Obtained from: FreeBSD

  1. … 1 more file in changeset.
fix os checks

  1. … 7 more files in changeset.
define

refactor

Don't report stale signal information in ptrace_lwpinfo.

Once a signal's siginfo was copied to 'td_si' as part of the signal

exchange in issignal(), it was never cleared. This caused future

thread events that are reported as SIGTRAP events without signal

information to report the stale siginfo in 'td_si'. For example, if a

debugger created a new process and used SIGSTOP to stop it after

PT_ATTACH, future system call entry / exit events would set PL_FLAG_SI

with the SIGSTOP siginfo in pl_siginfo. This broke 'catch syscall' in

current versions of gdb as it assumed PL_FLAG_SI with SIGTRAP

indicates a breakpoint or single step trap.

Obtained from: FreeBSD svn rev 342704

  1. … 2 more files in changeset.
fix some more issues.

fix the elf def for freebsd binaries.

this patch isn't right for 1.2 branch. revert.