CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: bouyer Date: Mon May 3 09:15:31 UTC 2021 Modified Files: src/sys/kern [netbsd-8]: kern_exec.c Log Message: Pull up following revision(s) (requested by martin in ticket #1677): sys/kern/kern_exec.c: revision 1.505 via patch Fix copy&pasto in handling of POSIX_SPAWN_RESETIDS in posix_spawn(3) To generate a diff of this commit: cvs rdiff -u -r1.442.4.7 -r1.442.4.8 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun Jun 7 17:08:12 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: subr_pcu.c Log Message: Pull up following revision(s) (requested by thorpej in ticket #949): sys/kern/subr_pcu.c: revision 1.22 Relax the KASSERT() in pcu_discard_all() to allow non-curlwp if it is in LSIDL state, which can happen if the new LWP is exiting before it's ever run, e.g. if an error occurs in _lwp_create(2). To generate a diff of this commit: cvs rdiff -u -r1.20.6.1 -r1.20.6.2 src/sys/kern/subr_pcu.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Apr 30 15:35:57 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: subr_cprng.c Log Message: Pull up following revision(s) (requested by riastradh in ticket #1543): sys/kern/subr_cprng.c: revision 1.34 Disable rngtest on output of cprng_strong. We already do a self-test for correctenss of Hash_DRBG output; applying rngtest to it does nothing but give everyone warning fatigue about spurious rngtest failures. To generate a diff of this commit: cvs rdiff -u -r1.27.10.2 -r1.27.10.3 src/sys/kern/subr_cprng.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun Mar 8 09:47:28 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: sys_select.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1515): sys/kern/sys_select.c: revision 1.42-1.45 PR/54158: Anthony Mallet: poll(2) does not allow polling all possible fds (hardcoded limit to 1000 + #). Changed to limit by the max of the resource limit of open descriptors and the above. Remove the slop code. Suggested by mrg@ Use the max limit (aka maxfiles or the moral equivalent of OPEN_MAX) which makes poll(2) align with the Posix documentation (which allows EINVAL if nfds > OPEN_MAX). From: Anthony Mallet Add slop of 1000 and explain why. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.40.2.1 src/sys/kern/sys_select.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Feb 25 19:12:14 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: uipc_socket.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1509): sys/kern/uipc_socket.c: revision 1.288 Zero out 'tv', to prevent uninitialized bytes in its padding from leaking to userland. Found by kMSan. To generate a diff of this commit: cvs rdiff -u -r1.255.2.4 -r1.255.2.5 src/sys/kern/uipc_socket.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Jan 21 16:59:57 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: files.kern Log Message: Apply patch, requested by pgoyette in ticket #1486: PR kern/54874: fix load failure of the exec_aout kernel module. To generate a diff of this commit: cvs rdiff -u -r1.15 -r1.15.2.1 src/sys/kern/files.kern Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Jan 7 11:59:49 UTC 2020 Modified Files: src/sys/kern [netbsd-8]: kern_ksyms.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #1482): sys/kern/kern_ksyms.c: revision 1.88 (patch) When reading from /dev/ksyms we need to skip over entries that have been marked as sd_gone. Otherwise we might try to uiomove() data from memory that has been unmapped, resulting in EFAULT. XXX This (along with other pre-existing checks st->sd_gone) is still racy, but it's an improvement over current code. Ideally we would make a complete copy of the symbol table when we open /dev/ksyms so we could ignore any changes that occur. ad@ says "good enough for now" XXX Pullup to -9 and -8 To generate a diff of this commit: cvs rdiff -u -r1.84 -r1.84.10.1 src/sys/kern/kern_ksyms.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Wed May 1 14:51:17 UTC 2019 Modified Files: src/sys/kern [netbsd-8]: sys_pipe.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1253): sys/kern/sys_pipe.c: revision 1.147 sys/kern/sys_pipe.c: revision 1.148 Clean up pipe structure before recycling it. Handle half-closed pipes in FIONWRITE and FIONSPACE. To generate a diff of this commit: cvs rdiff -u -r1.140 -r1.140.12.1 src/sys/kern/sys_pipe.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: msaitoh Date: Tue Apr 16 03:47:14 UTC 2019 Modified Files: src/sys/kern [netbsd-8]: sys_mqueue.c Log Message: Pull up following revision(s) (requested by martin in ticket #1230): sys/kern/sys_mqueue.c: revision 1.44 mq_send1: fix argument validation and reject too large lengths early. Discovered by Andy Nguyen. To generate a diff of this commit: cvs rdiff -u -r1.39 -r1.39.10.1 src/sys/kern/sys_mqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun Feb 24 10:49:53 UTC 2019 Modified Files: src/sys/kern [netbsd-8]: kern_time.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1196): sys/kern/kern_time.c: revision 1.196 The callout is used by any nonvirtual timer including CLOCK_MONOTONIC and needs to be initialized. Detected by [syzkaller]. To generate a diff of this commit: cvs rdiff -u -r1.189.8.4 -r1.189.8.5 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Fri Feb 1 11:21:30 UTC 2019 Modified Files: src/sys/kern [netbsd-8]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1180): sys/kern/kern_time.c: revision 1.190 sys/kern/kern_time.c: revision 1.194 Fix stack info leak. There are 4 bytes of padding in struct timeval. Looks like there are other leaks related to timeval in this file. [ 133.414352] kleak: Possible leak in copyout: [len=16, leaked=4] [ 133.414352] #0 0x80224d0a in kleak_note [ 133.424360] #1 0x80224d8a in kleak_copyout [ 133.434361] #2 0x80b5fd79 in sys___gettimeofday50 [ 133.434361] #3 0x8025a89c in sy_call [ 133.444351] #4 0x8025aace in sy_invoke [ 133.454365] #5 0x8025ab54 in syscall - Fix kernel info leaks. To generate a diff of this commit: cvs rdiff -u -r1.189.8.3 -r1.189.8.4 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Jan 24 15:35:14 UTC 2019 Modified Files: src/sys/kern [netbsd-8]: kern_ntptime.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1168): sys/kern/kern_ntptime.c: revision 1.60 Zero out the ntptimeval structure to prevent a 4 byte kernel stack disclosure. Reported by Thomas Barabosch. To generate a diff of this commit: cvs rdiff -u -r1.57 -r1.57.10.1 src/sys/kern/kern_ntptime.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Dec 27 12:19:45 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1147): sys/kern/kern_time.c: revision 1.191 Fix kernel info leak. There are 2x4 bytes of padding in struct itimerval. [ 738.451860] kleak: Possible leak in copyout: [len=32, leaked=8] [ 738.481840] #0 0x80b7c42a in kleak_note [ 738.491821] #1 0x80b7c4aa in kleak_copyout [ 738.501806] #2 0x80b6154e in sys___getitimer50 [ 738.511778] #3 0x80b61e39 in sys___setitimer50 [ 738.521781] #4 0x8025ab3c in sy_call [ 738.521781] #5 0x8025ad6e in sy_invoke [ 738.531808] #6 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.189.8.2 -r1.189.8.3 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Wed Dec 12 11:33:29 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: sys_sig.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1134): sys/kern/sys_sig.c: revision 1.47 Fix kernel info leak, 4 bytes of padding in struct _ksiginfo. Maybe we should just set _pad to zero on LP64? + Possible info leak: [len=40, leaked=4] | #0 0x80baf397 in kleak_copyout | #1 0x80bda817 in sigtimedwait1 | #2 0x80bdab95 in sys_sigtimedwait50 | #3 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.46 -r1.46.8.1 src/sys/kern/sys_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Fri Nov 30 10:32:22 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_exit.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1114): sys/kern/kern_exit.c: revision 1.273 Fix info leak. There is one branch where 'status' is not initialized at all. + Possible info leak: [len=4, leaked=4] | #0 0x80baf397 in kleak_copyout | #1 0x80b56d0c in sys_wait6 | #2 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.268.8.1 -r1.268.8.2 src/sys/kern/kern_exit.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Nov 29 14:59:56 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_sig.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1113): sys/kern/kern_sig.c: revision 1.350 Fix kernel info leak, 4 bytes of padding at the end of struct sigaction. + Possible info leak: [len=32, leaked=4] | #0 0x80baf327 in kleak_copyout | #1 0x80bd9ca8 in sys___sigaction_sigtramp | #2 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.336.4.2 -r1.336.4.3 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Nov 29 14:58:25 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: sys_ptrace_common.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1112): sys/kern/sys_ptrace_common.c: revision 1.46 Fix stack info leak. + Possible info leak: [len=136, leaked=92] | #0 0x80baf397 in kleak_copyout | #1 0x80bd4155 in ptrace_copyout_siginfo | #2 0x80bd5348 in do_ptrace | #3 0x80bd40fe in sys_ptrace | #4 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.22.2.3 -r1.22.2.4 src/sys/kern/sys_ptrace_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Nov 29 08:48:38 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_time.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1110): sys/kern/kern_time.c: revision 1.192 Fix kernel info leak. + Possible info leak: [len=32, leaked=16] | #0 0x80baf3a7 in kleak_copyout | #1 0x80b940f8 in sys___timer_settime50 | #2 0x80259c42 in syscall To generate a diff of this commit: cvs rdiff -u -r1.189 -r1.189.8.1 src/sys/kern/kern_time.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Mon Nov 26 17:19:46 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: subr_evcnt.c Log Message: Apply patch (requested by maxv in ticket #1106): Fix kernel information leak. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.22.1 src/sys/kern/subr_evcnt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 21 12:05:10 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_event.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1102): sys/kern/kern_event.c: revision 1.104 Fix kernel info leak. There are 4 bytes of padding in struct kevent. [ 287.537676] kleak: Possible leak in copyout: [len=40, leaked=4] [ 287.537676] #0 0x80b7c41a in kleak_note [ 287.547673] #1 0x80b7c49a in kleak_copyout [ 287.557677] #2 0x80b1d32d in kqueue_scan.isra.1.constprop.2 [ 287.557677] #3 0x80b1dc6a in kevent1 [ 287.567683] #4 0x80b1dcb0 in sys___kevent50 [ 287.567683] #5 0x8025ab3c in sy_call [ 287.577688] #6 0x8025ad6e in sy_invoke [ 287.587693] #7 0x8025adf4 in syscall To generate a diff of this commit: cvs rdiff -u -r1.91.2.2 -r1.91.2.3 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Wed Nov 21 11:58:32 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_exec.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1100): sys/kern/kern_exec.c: revision 1.462 Fix stack info leak. There are 2x4 bytes of padding in struct ps_strings. [ 223.896199] kleak: Possible leak in copyout: [len=32, leaked=8] [ 223.906430] #0 0x80224d0a in kleak_note [ 223.906430] #1 0x80224d8a in kleak_copyout [ 223.918363] #2 0x80b1e26c in copyoutpsstrs [ 223.926560] #3 0x80b1e331 in copyoutargs [ 223.936216] #4 0x80b21768 in execve_runproc [ 223.946225] #5 0x80b21cc9 in execve1 [ 223.946225] #6 0x8025a89c in sy_call [ 223.956225] #7 0x8025aace in sy_invoke [ 223.966232] #8 0x8025ab54 in syscall To generate a diff of this commit: cvs rdiff -u -r1.442.4.3 -r1.442.4.4 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Mon Nov 12 08:56:15 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_proc.c Log Message: Pull up following revision(s) (requested by maxv in ticket #1088): sys/kern/kern_proc.c: revision 1.219 (via patch) Fix buffer overflow, which can lead to severe information leak. Detected by kASan. To generate a diff of this commit: cvs rdiff -u -r1.206.6.4 -r1.206.6.5 src/sys/kern/kern_proc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sat Oct 13 17:14:13 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_subr.c Log Message: Pull up following revision(s) (requested by mlelstv in ticket #1056): sys/kern/kern_subr.c: revision 1.220 Set rootdev for wedges. To generate a diff of this commit: cvs rdiff -u -r1.217 -r1.217.10.1 src/sys/kern/kern_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun Sep 23 17:46:16 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_synch.c Log Message: Pull up following revision(s) (requested by bouyer in ticket #1031): sys/kern/kern_synch.c: revision 1.317 In mi_switch(), also call pserialize_switchpoint() if we're not switching to another lwp, as proposed on http://mail-index.netbsd.org/tech-kern/2018/07/20/msg023709.html Without it, on a SMP machine with few processes running (e.g while running sysinst), pserialize could hang for a long time until all CPUs got a LWP to run (or, eventually, forever). Tested on Xen domUs with 4 CPUs, and on a 64-threads AMD machine. To generate a diff of this commit: cvs rdiff -u -r1.311.10.1 -r1.311.10.2 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sat Sep 1 06:04:16 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: vfs_bio.c Log Message: Pull up following revision(s) (requested by hannken in ticket #1000): sys/kern/vfs_bio.c: revision 1.277 Make sure getnewbuf() runs bawrite() inside fstrans. Use fstrans_start_nowait() to skip buffers that would block. To generate a diff of this commit: cvs rdiff -u -r1.273.2.1 -r1.273.2.2 src/sys/kern/vfs_bio.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Jun 14 19:59:18 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: subr_workqueue.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #879): sys/kern/subr_workqueue.c: revision 1.37 Don't wait on workqueue_wait if called from worker itself Otherwise workqueue_wait never return in such a case. This treatment is the same as callout_halt. To generate a diff of this commit: cvs rdiff -u -r1.33.30.2 -r1.33.30.3 src/sys/kern/subr_workqueue.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue May 22 17:50:27 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #833): sys/kern/uipc_mbuf.c: revision 1.214 Revert my rev1.190, remove the M_READONLY check. The initial code was correct: what is read-only is the mbuf storage, not the mbuf itself. The storage contains the packet payload, and never has anything related to mbufs. So it is fine to remove M_PKTHDR on mbufs that have a read-only storage. In fact it was kind of obvious, since several places already manually remove M_PKTHDR without taking care of the external storage. To generate a diff of this commit: cvs rdiff -u -r1.172.6.4 -r1.172.6.5 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Mon May 14 19:11:21 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_lwp.c Log Message: Pull up following revision(s) (requested by gson in ticket #805): sys/kern/kern_lwp.c: revision 1.192 PR/kern/53202: Kernel hangs running t_ptrace_wait:resume1 test, revert previous. To generate a diff of this commit: cvs rdiff -u -r1.189.2.1 -r1.189.2.2 src/sys/kern/kern_lwp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun May 6 09:20:43 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #802): sys/kern/uipc_mbuf.c: revision 1.211 (via patch) Modify m_defrag, so that it never frees the first mbuf of the chain. While here use the given 'flags' argument, and not M_DONTWAIT. We have a problem with several drivers: they poll an mbuf chain from their queues and call m_defrag on them, but m_defrag could update the mbuf pointer, so the mbuf in the queue is no longer valid. It is not easy to fix each driver, because doing pop+push will reorder the queue, and we don't really want that to happen. This problem was independently spotted by me, Kengo, Masanobu, and other people too it seems (perhaps PR/53218). Now m_defrag leaves the first mbuf in place, and compresses the chain only starting from the second mbuf in the chain. It is important not to compress the first mbuf with hacks, because the storage of this first mbuf may be shared with other mbufs. To generate a diff of this commit: cvs rdiff -u -r1.172.6.3 -r1.172.6.4 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sat May 5 19:13:21 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: sys_ptrace_common.c Log Message: Pull up following revision(s) (requested by kamil in ticket #792): sys/kern/sys_ptrace_common.c: revision 1.38 Harden the NetBSD PT_TRACE_ME operation You can't say to the parent of a process to start tracing if: (1) the parent is initproc, (2) the child is already traced. Rationale: (1) - It has a side effect of being an anti-debugger functionality, as we cannot kill initproc (PID1) and reset the traced flag. - initproc is not a debugger, raising debugging events from a child to initproc can result in at least a stopped/hanging process in the system. (2) - It does not make sense to be simultanously traced by two debuggers - It does not make sense to be traced twice by the same debugger. Permit enable tracing for a parent that has been chroot(8)ed, as this is harmless and the parent is already monitoring for child signals. The same semantics exist in FreeBSD. If you are looking for an antidebugging trick for old NetBSD (pre 8.0) or other popular kernels, here is an example: $ cat antidebug.c int main(int argc, char **argv) { pid_t child; int rv; int n =3D 0; child =3D fork(); if (child =3D=3D 0) { while (getppid() !=3D 1) continue; rv =3D ptrace(PT_TRACE_ME, 0, 0, 0); if (rv !=3D 0) abort(); printf("Try to detach to me with a debugger!! "); printf("haha My PID is %d\n", getpid()); while (1) { printf("%d\n", n++); sleep(1); } } exit(0); } A developer is no longer able to attach GDB, strace or LLDB to this program without killing the initproc (your favourite system daemon).. this action would be fatal for the operation of the whole Operating System stability. Examples from a current non-NetBSD popular kernel: $ ps -o ppid=3D -p 17904 1 $ strace -p 17904 strace: attach: ptrace(PTRACE_SEIZE, 17904): Operation not permitted $ gdb -p 17904 [...] Attaching to process 17904 warning: process 17904 is already traced by process 1 ptrace: Operation not permitted. (gdb) $ lldb-3.9 -p 17904 (lldb) process attach --pid 17904 error: attach failed: unable to attach On NetBSD 8.0 and newer it is now guaranteed to have an option to kill a malevolent (fake?) debugger and attach with a new tracer to the process Sponsored by To generate a diff of this commit: cvs rdiff -u -r1.22.2.2 -r1.22.2.3 src/sys/kern/sys_ptrace_common.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Apr 17 08:34:36 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: subr_pserialize.c Log Message: Pull up following revision(s) (requested by hannken in ticket #771): sys/kern/subr_pserialize.c: revision 1.11 Function pserialize_perform() usually succeeds after two cross calls so defer kpause() to iterations three and above. Speeds up VOP_REVOKE() on /proc/XXX/status by a factor of ~12. Ok: core@ To generate a diff of this commit: cvs rdiff -u -r1.8.10.2 -r1.8.10.3 src/sys/kern/subr_pserialize.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Apr 17 08:24:02 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: uipc_mbuf.c Log Message: Pull up following revision(s) (requested by maxv in ticket #770): sys/kern/uipc_mbuf.c: revision 1.190 If the mbuf is shared leave M_PKTHDR in place. Given where this function is called from that's not supposed to happen, but I'm growing unconfident about our mbuf code. To generate a diff of this commit: cvs rdiff -u -r1.172.6.2 -r1.172.6.3 src/sys/kern/uipc_mbuf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Mon Apr 16 13:31:33 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_proc.c Log Message: Pull up following revision(s) (requested by kamil in ticket #758): sys/kern/kern_proc.c: revision 1.212 Don't set errno ESRCH for empty result of KINFO_PROC[2] Restore the previous behavior as it's prefered. This new behavior was introduced in 1.210. Code should check for length of the result. Requested by To generate a diff of this commit: cvs rdiff -u -r1.206.6.3 -r1.206.6.4 src/sys/kern/kern_proc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sun Apr 1 08:45:43 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_proc.c Log Message: Pull up following revision(s) (requested by kamil in ticket #679): sys/kern/kern_proc.c: revision 1.211 Make sysctl_doeproc() more predictable Swap the order of looking into zombie and all process lists, start now with the zombie one. This prevents a race observed previously that the same process could be detected on both lists during a single polling call. While there: - Short-circuit break for KERN_PROC_PID, once a pid has been detected. - Removal of redundant "if (kbuf)" and "if (marker)" checks. - Update of comments regarding potential optimization, explaining why we don't want to it as of now. Performance gain from lookup call vs iteration over a list is neglible on a regular system. - Return ESRCH when no results have been found. This allows more easily to implement a retry or abandon algorithm. This corrects races observed in the existing ATF ptrace(2) tests, related to await_zombie(). This function was expecting to check whether a process has been transformed into a zombie, however it was causing occasional crashes as it was overflowing the return buffer, returning the same pid twice: once from allproc list and the second time from zombieproc one. Fix suggested by Short-circuit break suggested by Discussed on tech-kern. Sponsored by To generate a diff of this commit: cvs rdiff -u -r1.206.6.1 -r1.206.6.2 src/sys/kern/kern_proc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: bouyer Date: Tue Mar 20 09:10:57 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: exec_elf.c Log Message: Pull up following revision(s) (requested by alnsn in ticket #644): sys/kern/exec_elf.c: revision 1.95 sys/kern/exec_elf.c: revision 1.96 Turn KASSERTS that check alignment which are user triggerable into errors. =46rom alnsn stsrt with an alignment of 1 (which means no alignment). From alnsn To generate a diff of this commit: cvs rdiff -u -r1.90 -r1.90.4.1 src/sys/kern/exec_elf.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Sat Mar 17 11:19:27 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_exec.c Log Message: Pull up the following revision, requested by maxv as part of ticket #637: sys/kern/kern_exec.c1.456 Fix off-by-one, we don't want the entry point to equal the maximum address. To generate a diff of this commit: cvs rdiff -u -r1.442.4.2 -r1.442.4.3 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Mon Feb 26 01:09:41 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: subr_tftproot.c Log Message: Pull up following revision(s) (requested by manu in ticket #580): sys/kern/subr_tftproot.c: 1.20 Fix md(4) double attachment in TFTPROOT option The mdattach() call in tftproot_dhcpboot() has probably always been useless, but it seems it became harmful, as it causes 7.1.1 to deadlock during boot. To generate a diff of this commit: cvs rdiff -u -r1.19 -r1.19.8.1 src/sys/kern/subr_tftproot.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Mon Feb 26 00:43:23 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_synch.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #573): sys/kern/kern_synch.c: 1.314 Avoid a race condition between an LWP migration and curlwp_bind curlwp_bind sets the LP_BOUND flag to l_pflags of the current LWP, which prevents it from migrating to another CPU until curlwp_bindx is called. Meanwhile, there are several ways that an LWP is migrated to another CPU and in any cases the scheduler postpones a migration if a target LWP is running. One example of LWP migrations is a load balancing; the scheduler periodically explores CPU-hogging LWPs and schedule them to migrate (see sched_lwp_stats). At that point the scheduler checks the LP_BOUND flag and if it's set to a LWP, the scheduler doesn't schedule the LWP. A scheduled LWP is tried to be migrated when it is leaving a running CPU, i.e., mi_switch. And mi_switch does NOT check the LP_BOUND flag. So if an LWP is scheduled first and then it sets the LP_BOUND flag, the LWP can be migrated regardless of the flag. To avoid this race condition, we need to check the flag in mi_switch too. For more details see https://mail-index.netbsd.org/tech-kern/2018/02/13/msg023079.html To generate a diff of this commit: cvs rdiff -u -r1.311 -r1.311.10.1 src/sys/kern/kern_synch.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Mon Feb 5 14:00:37 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: subr_interrupt.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #525): sys/kern/subr_interrupt.c: revision 1.4 - don't return ENOMEM for errors not related to memory - don't overload return values (-error/+size) - don't allocate kernel memory from user supplied length. To generate a diff of this commit: cvs rdiff -u -r1.2 -r1.2.2.1 src/sys/kern/subr_interrupt.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Tue Jan 16 13:26:12 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_event.c Log Message: Pull up following revision(s) (requested by christos in ticket #501): sys/kern/kern_event.c: revision 1.103 Set EV_ONESHOT to prevent rescheduling XXX: pullup-8 To generate a diff of this commit: cvs rdiff -u -r1.91.2.1 -r1.91.2.2 src/sys/kern/kern_event.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Mon Jan 1 18:58:32 UTC 2018 Modified Files: src/sys/kern [netbsd-8]: kern_proc.c Log Message: Pull up following revision(s) (requested by maxv in ticket #465): sys/kern/kern_proc.c: revision 1.209 If no auxv is present, don't kmem_alloc(0). Easy to panic the kernel by typing 'cat /proc/aout_pid/auxv' on whatever a.out binary you're running. Fortunately, amd64 does not enable EXEC_AOUT by default. Unfortunately, i386 does enable it by default. To generate a diff of this commit: cvs rdiff -u -r1.206 -r1.206.6.1 src/sys/kern/kern_proc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Thu Dec 21 21:37:03 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_module.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #449): sys/kern/kern_module.c: 1.126-1.130 Add additional duplicate-module-name check in case we have two modules with the same internal name but no conflicting symbol definitions. When we load a module from the file system, the filename may have no relationship to the internal module's name. Furthermore, comparing the module's filename is insufficient if the file is loaded from an absolute path. -- Use KASSERT to ensure that the newly-added module's name can be found. -- Change a KASSERTMSG into a regular module_error - not nice for the kernel to panic when I try to modload the 'ntfs' module. -- When looking for a duplicate module name, also check the pending list. -- Remove the check for duplicate-module-name-on-pending-list since it really doesn't help. The check really cannot fail, and it only looks at the list belonging to the current level of recursion. Instead, verify that the module's modcmd(MODULE_CMD_INIT, ...) does not introduce a duplicate module name as a result of recursively calling module_do_load(). To generate a diff of this commit: cvs rdiff -u -r1.125 -r1.125.2.1 src/sys/kern/kern_module.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Thu Dec 21 19:41:16 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_sig.c Log Message: Pull up following revision(s) (requested by christos in ticket #443): sys/kern/kern_sig.c: revision 1.339 - Reset ignored or masked traps to avoid infinite loops - If sigpost fails don't add an SDT_PROBE ok (and author) chuq To generate a diff of this commit: cvs rdiff -u -r1.336 -r1.336.4.1 src/sys/kern/kern_sig.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Sun Dec 10 09:35:04 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_lwp.c Log Message: Pull up following revision(s) (requested by christos in ticket #417): sys/kern/kern_lwp.c: revision 1.191 Also wait interruptibly when exiting. Avoids deadlocked on exit processes create by golang. To generate a diff of this commit: cvs rdiff -u -r1.189 -r1.189.2.1 src/sys/kern/kern_lwp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Nov 23 13:40:22 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_softint.c Log Message: Pull up following revision(s) (requested by msaitoh in ticket #387): sys/kern/kern_softint.c: revision 1.44 Increase the size of softint's data to prevent panic on big machine. Nowadays, some device drivers and some pseudo interfaces allocate a lot of softints. The resource size for softints are static and it panics when it execeed the limit. It can be dynamically resized. Untill dynamically resizing is implemented, increase softint_bytes from 8192 to 32768. To generate a diff of this commit: cvs rdiff -u -r1.43 -r1.43.10.1 src/sys/kern/kern_softint.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Thu Aug 31 11:46:23 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_veriexec.c Log Message: Pull up following revision(s) (requested by pgoyette in ticket #251): sys/kern/kern_veriexec.c: revision 1.16 When adding a new veriexec_file_entry, if an entry already exists with all the same values (except for the filename) just ignore it. Otherwise report the duplicate-entry error. This allows the user to create a signature file with veriexegen(8) and not worry about duplicate entries (due to hard-linked files) which will otherwise cause /etc/rc.d/veriexec to report an error. Fixes PR kern/52512 XXX Pull-up for -8 To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.12.4.1 src/sys/kern/kern_veriexec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Wed Aug 9 05:14:20 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_ktrace.c Log Message: Pull up following revision(s) (requested by spz in ticket #194): sys/kern/kern_ktrace.c: revision 1.171 Clamp the length we use, not the length we don't. Avoids uninitialized memory disclosure to userland. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.170 -r1.170.2.1 src/sys/kern/kern_ktrace.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Wed Aug 9 05:09:47 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: vfs_getcwd.c Log Message: Pull up following revision(s) (requested by spz in ticket #192): sys/kern/vfs_getcwd.c: revision 1.52 Don't walk off the end of the dirent buffer. >From Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.51 -r1.51.2.1 src/sys/kern/vfs_getcwd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Tue Aug 1 23:26:58 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: kern_malloc.c Log Message: Pull up following revision(s) (requested by martin in ticket #168): sys/kern/kern_malloc.c: revision 1.146 Avoid integer overflow in kern_malloc(). Reported by Ilja Van Sprundel. To generate a diff of this commit: cvs rdiff -u -r1.145 -r1.145.10.1 src/sys/kern/kern_malloc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Wed Jul 26 07:29:34 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: sched_4bsd.c Log Message: Pull up following revision(s) (requested by maxv in ticket #158): sys/kern/sched_4bsd.c: revision 1.31-1.33 explain a bit - Revert rev1.26. l_estcpu is increased by only one cpu, not all of them. - Should be loadfactor(). To generate a diff of this commit: cvs rdiff -u -r1.30 -r1.30.20.1 src/sys/kern/sched_4bsd.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Tue Jul 25 01:29:23 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: vnode_if.src Log Message: Pull up following revision(s) (requested by hannken in ticket #130): sys/kern/vnode_if.src: revision 1.77 As VOP_ADVLOCK() may block indefinitely we cannot take fstrans here. Fixes PR kern/52364: System hangs not much before showing the login prompt To generate a diff of this commit: cvs rdiff -u -r1.75.2.1 -r1.75.2.2 src/sys/kern/vnode_if.src Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: martin Date: Mon Jul 10 13:02:47 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: vfs_lookup.c Log Message: Pull up following revision(s) (requested by dh in ticket #116): sys/kern/vfs_lookup.c: revision 1.208 Fix vnode leak on error, introduced by the openat family changes in -r1.200. >From mjg@freebsd. To generate a diff of this commit: cvs rdiff -u -r1.207 -r1.207.2.1 src/sys/kern/vfs_lookup.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jun 21 18:26:42 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: exec_subr.c Log Message: revert ticket 50 To generate a diff of this commit: cvs rdiff -u -r1.78.2.1 -r1.78.2.2 src/sys/kern/exec_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jun 21 18:24:26 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: vfs_trans.c Log Message: Pull up following revision(s) (requested by hannken in ticket #54): sys/kern/vfs_trans.c: 1.47, 1.48 Clear fstrans entries whose mount is gone from the last fstrans_done() only. -- Make the fast path of fstrans_get_lwp_info() "static inline". To generate a diff of this commit: cvs rdiff -u -r1.45.2.1 -r1.45.2.2 src/sys/kern/vfs_trans.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [netbsd-8] src/sys/kern
Module Name:src Committed By: snj Date: Wed Jun 21 18:12:40 UTC 2017 Modified Files: src/sys/kern [netbsd-8]: exec_subr.c Log Message: Pull up following revision(s) (requested by joerg in ticket #50): sys/kern/exec_subr.c: revision 1.79 Always include a 1MB guard area beyond the end of stack. While ASLR will normally create a guard area as well, this provides a deterministic area for all binaries. Mitigates the rest of CVE-2017-1000374 and CVE-2017-1000375 from Qualys. To generate a diff of this commit: cvs rdiff -u -r1.78 -r1.78.2.1 src/sys/kern/exec_subr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.