Home | History | Annotate | Download | only in kern
History log of /src/sys/kern/kern_ktrace.c
RevisionDateAuthorComments
 1.186  08-Sep-2024  rillig fix a/an grammar in obvious cases
 1.185  14-Jul-2024  kre PR kern/58425 -- Disallow INT_MIN as a (negative) pid arg.

Since -INT_MIN is undefined, and to point of negative pid args is
to negate them, and use the result as a pgrp id instead, we need
to avoid accidentally negating INT_MIN.

Since pid_t is just an integral type, of unspecified width, when
testing pid_t value test for <= INT_MIN (or > INT_MIN sometimes)
rather than == INT_MIN. When testing int values, just == INT_MIN
is all that is needed, < INT_MIN cannot occur.

XXX pullup -9, -10
 1.184  17-Oct-2023  riastradh kern_ktrace.c: Sort includes. No functional change intended.
 1.183  15-Oct-2023  riastradh sys/lwp.h: Nix sys/syncobj.h dependency.

Remove it in ddb/db_syncobj.h too.

New sys/wchan.h defines wchan_t so that users need not pull in
sys/syncobj.h to get it.

Sprinkle #include <sys/syncobj.h> in .c files where it is now needed.
 1.182  01-Jul-2022  riastradh branches: 1.182.4;
ktrace(9): Zero-initialize padding for ktr_psig records.

Reported-by: syzbot+03fbfa20e6c7a3919a06@syzkaller.appspotmail.com
 1.181  29-Jun-2022  riastradh ktrace(9): Fix mutex detection in ktrcsw.

On _entry_ to sleepq_block, l->l_syncobj is set so that ktrcsw
(ktr_csw) has the opportunity to detect whether it's a mutex or
rwlock. It is critical to avoid ktealloc when we're sleeping on a
mutex because we may be in softint context where ktealloc is
forbidden.

But after mi_switch, on _exit_ from sleepq_block, l->l_syncobj may
have been changed back to &sched_syncobj or something by
sleepq_remove, and so ktrcsw can no longer rely on l->l_syncobj to
determine whether we _were_ sleeping on a mutex or not.

Instead, save the syncobj in sleepq_block and pass it through as an
argument to ktrcsw.

Reported-by: syzbot+414edba9d161b7502658@syzkaller.appspotmail.com
Reported-by: syzbot+4425c97ac717b12495a2@syzkaller.appspotmail.com
Reported-by: syzbot+5812565b926ee8eb5cf3@syzkaller.appspotmail.com
Reported-by: syzbot+8b9d7b066c32dbcdc63b@syzkaller.appspotmail.com
Reported-by: syzbot+909a8e743c967d97f433@syzkaller.appspotmail.com
Reported-by: syzbot+e2a34bb5509bea0bba11@syzkaller.appspotmail.com
Reported-by: syzbot+faaea3aad6c9d0829f76@syzkaller.appspotmail.com
 1.180  27-Jun-2022  riastradh ktrace(9): Make sure ktrkuser initializes the full ktr_id member.

strlcpy does not; strncpy does. However, the member must be
NUL-terminated, because kdump uses it, e.g., with printf("%s"), so
expicitly set the last byte to NUL.

Possible fix for a host of sanitizer complaints in syzkaller.
 1.179  12-Mar-2022  riastradh ktrace(9): Avoid stomping over colliding KTROP_SET.

Reported-by: syzbot+1e2a24aaa5725cab16e1@syzkaller.appspotmail.com
Reported-by: syzbot+3f89dc33fa3020fab1c4@syzkaller.appspotmail.com
Reported-by: syzbot+44898c094ce209759d53@syzkaller.appspotmail.com
Reported-by: syzbot+99826cb4b0494bfbb828@syzkaller.appspotmail.com
Reported-by: syzbot+a7c4752dc308936c48b2@syzkaller.appspotmail.com
Reported-by: syzbot+c062464baf148ed5f192@syzkaller.appspotmail.com
Reported-by: syzbot+dfa19489edc185f94b0a@syzkaller.appspotmail.com
Reported-by: syzbot+e2c4a8195d3ad84342dc@syzkaller.appspotmail.com
Reported-by: syzbot+f31927b2905188fddc22@syzkaller.appspotmail.com
 1.178  27-Feb-2021  simonb Use "static" in the function intro if the function is static.
 1.177  23-May-2020  ad branches: 1.177.2;
Move proc_lock into the data segment. It was dynamically allocated because
at the time we had mutex_obj_alloc() but not __cacheline_aligned.
 1.176  14-Mar-2020  ad - Hide the details of SPCF_SHOULDYIELD and related behind a couple of small
functions: preempt_point() and preempt_needed().

- preempt(): if the LWP has exceeded its timeslice in kernel, strip it of
any priority boost gained earlier from blocking.
 1.175  21-Feb-2020  joerg Explicitly cast pointers to uintptr_t before casting to enums. They are
not necessarily the same size. Don't cast pointers to bool, check for
NULL instead.
 1.174  05-Feb-2020  msaitoh No functional change:

- s/vaule/value/ in comment.
- whitespace fixes.
- KNF.
 1.173  03-Sep-2018  riastradh branches: 1.173.4; 1.173.6;
Rename min/max -> uimin/uimax for better honesty.

These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER! Some subsystems have

#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
 1.172  28-Aug-2017  dholland branches: 1.172.2; 1.172.4;
If we go to allocate and find someone else has at the same time, don't
trigger a refcount leak of the other guy's object. From mjg@freebsd.

While here also remove a bogus use of lbolt on the same path.
 1.171  28-Jul-2017  riastradh Clamp the length we use, not the length we don't.

Avoids uninitialized memory disclosure to userland.

From Ilja Van Sprundel.
 1.170  01-Jun-2017  chs branches: 1.170.2;
remove checks for failure after memory allocation calls that cannot fail:

kmem_alloc() with KM_SLEEP
kmem_zalloc() with KM_SLEEP
percpu_alloc()
pserialize_create()
psref_class_create()

all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.
 1.169  13-Sep-2016  martin Allow emulations to override the creation of ktrace records for posting
signals. In compat_netbsd32 use this to write the 32bit version of
the records, so a 32bit userland kdump is happy.
 1.168  13-Sep-2016  martin Make the ktrace record written by do_sys_sendmsg/do_sys_recvmsg overridable
by the caller. Use this in compat_netbsd32 to log the 32bit version, so
the 32bit userland kdump is happy.
 1.167  07-Jul-2016  msaitoh KNF. Remove extra spaces. No functional change.
 1.166  21-Nov-2014  ozaki-r branches: 1.166.2;
Replace callout_stop with callout_halt

In order to call callout_destroy for a callout safely, we have to ensure
the function of the callout is not running and pending. To do so, we should
use callout_halt, not callout_stop.

In this case, we need to pass an interlock to callout_halt to wait for
the callout complete.

Reviewed by riastradh@.
 1.165  21-Sep-2014  christos remove casts to the same type.
 1.164  09-Dec-2013  pooka branches: 1.164.4;
Put vfs bits of ktrace into kern_ktrace_vfs.c per convention.
 1.163  16-Sep-2013  martin Fix inverted ktrop() return value - oops!
Noted by Nicolas Joly.
 1.162  14-Sep-2013  martin ktrop() seems to be expected [by it's callers] to return a "bool like"
value, not an errno - make it so.
Remove another unused variable.
 1.161  19-Feb-2012  rmind branches: 1.161.2; 1.161.4;
Remove COMPAT_SA / KERN_SA. Welcome to 6.99.3!
Approved by core@.
 1.160  30-Dec-2011  christos branches: 1.160.2; 1.160.6; 1.160.8;
Avoid panic on DIAGNOSTIC kernels with ktrace -p <not-existing-process>
The old logic was:

error = ktrace_common(, fp);
if (fp)
if (error)
fd_abort(, fp, );
else
fd_abort(, NULL, );

The 'if (fp)' portion really means if the op is not KTROP_CLEAR,
since the logic above always sets up fp otherwise, so change the
code to test this directly.

ktrace_common() can return an error both on the kernel thread
creation failure, which means that we should be calling fd_abort()
with fp, since nobody used the file yet and we should clear it now.
But it can also return an error because later, after the thread
creation if the process or process group was not found. In this
second case, we should be calling fd_abort with NULL, since the fp
is now used by the thread and it is going to clean it later. So
instead of checking the error from ktrace_common() to decide if we
are going to call fd_abort() with a NULL fp or not, let krace_common()
decide for us. So the new logic becomes:

error = ktrace_common(, &fp);
if (op != KTROP_CLEAR)
fd_abort(, fp, );

Since I am here, fix a freed memory access, by setting ktd to FALSE.
 1.159  30-Nov-2011  mbalmer branches: 1.159.2;
Only return values when there was no error.
 1.158  01-Sep-2011  matt branches: 1.158.2;
Always make sure that kte_entry is aligned appropriately so register_t can
be stored there. (not really a problem right now since time_t is now 64bit
bit and it just works but it's better to be explicit).
 1.157  01-Jun-2011  alnsn kern/42030 - tracking of file descriptors by ktrace/kdump
 1.156  27-Apr-2011  joerg branches: 1.156.2;
Remove Mach specific trace points.
 1.155  19-Nov-2010  dholland branches: 1.155.2;
Introduce struct pathbuf. This is an abstraction to hold a pathname
and the metadata required to interpret it. Callers of namei must now
create a pathbuf and pass it to NDINIT (instead of a string and a
uio_seg), then destroy the pathbuf after the namei session is
complete.

Update all namei call sites accordingly. Add a pathbuf(9) man page and
update namei(9).

The pathbuf interface also now appears in a couple of related
additional places that were passing string/uio_seg pairs that were
later fed into NDINIT. Update other call sites accordingly.
 1.154  18-Oct-2010  chs when using ktrace format version 0 or 1, don't adjust the changed fields
in ktealloc(), since we do the same adjustment later in ktrwrite().
also, remove an unused variable in ktr_csw().
 1.153  01-Jul-2010  rmind Remove pfind() and pgfind(), fix locking in various broken uses of these.
Rename real routines to proc_find() and pgrp_find(), remove PFIND_* flags
and have consistent behaviour. Provide proc_find_raw() for special cases.
Fix memory leak in sysctl_proc_corename().

COMPAT_LINUX: rework ptrace() locking, minimise differences between
different versions per-arch.

Note: while this change adds some formal cosmetics for COMPAT_DARWIN and
COMPAT_IRIX - locking there is utterly broken (for ages).

Fixes PR/43176.
 1.152  24-Jun-2010  hannken Clean up vnode lock operations pass 2:

VOP_UNLOCK(vp, flags) -> VOP_UNLOCK(vp): Remove the unneeded flags argument.

Welcome to 5.99.32.

Discussed on tech-kern.
 1.151  03-Mar-2010  yamt branches: 1.151.2;
remove redundant checks of PK_MARKER.
 1.150  02-Oct-2009  elad branches: 1.150.2;
Move ktrace's subsystem security policy to the subsystem itself, and keep
just the suser-related logic in the suser secmodel.
 1.149  05-Aug-2009  dsl Fix ktrace of data from iovec based system calls.
Fixes PR/41819
 1.148  11-Jan-2009  christos merge christos-time_t
 1.147  15-Oct-2008  wrstuden branches: 1.147.2; 1.147.4; 1.147.10;
Merge wrstuden-revivesa into HEAD.
 1.146  03-Jun-2008  dyoung branches: 1.146.4;
Before freeing a ktr_desc, destroy its condition variables.
 1.145  27-May-2008  ad Use pool_cache.
 1.144  29-Apr-2008  ad branches: 1.144.2;
Ignore processes with PK_MARKER set.
 1.143  28-Apr-2008  martin Remove clause 3 and 4 from TNF licenses
 1.142  24-Apr-2008  ad branches: 1.142.2;
Merge proc::p_mutex and proc::p_smutex into a single adaptive mutex, since
we no longer need to guard against access from hardware interrupt handlers.

Additionally, if cloning a process with CLONE_SIGHAND, arrange to have the
child process share the parent's lock so that signal state may be kept in
sync. Partially addresses PR kern/37437.
 1.141  24-Apr-2008  ad Network protocol interrupts can now block on locks, so merge the globals
proclist_mutex and proclist_lock into a single adaptive mutex (proc_lock).
Implications:

- Inspecting process state requires thread context, so signals can no longer
be sent from a hardware interrupt handler. Signal activity must be
deferred to a soft interrupt or kthread.

- As the proc state locking is simplified, it's now safe to take exit()
and wait() out from under kernel_lock.

- The system spends less time at IPL_SCHED, and there is less lock activity.
 1.140  21-Mar-2008  ad branches: 1.140.2; 1.140.4;
Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
 1.139  24-Feb-2008  dsl Set p->p_trace_enabled in fork and whenever the controlling falgs change
instead of doing it in syscall_intern().
Note that syscall_intern() must still be called when the flags change
since many ports use a different copy of the syscall entry code when
tracing is enabled.
 1.138  06-Feb-2008  dsl branches: 1.138.2; 1.138.6;
Remove the 'args' parameter to 'trace_exit()' it is no longer used.
Instead of passing the (un)real system call code and syscall table pointer,
just pass the number of arguments - which is what ktrace really wants.
Ride forthcoming 4.99.53
 1.137  02-Feb-2008  elad Add, document, and use KAUTH_REQ_PROCESS_KTRACE_PERSISTENT.
 1.136  02-Feb-2008  elad KTRFAC_ROOT -> KTRFAC_PERSISTENT, and update comments.

Discussed with christos@ and yamt@.
 1.135  23-Jan-2008  elad Forgot to commit these two as well. Spotted by hannken@.

Adapt to "CAN" removal.
 1.134  05-Jan-2008  dsl Use FILE_LOCK() and FILE_UNLOCK()
 1.133  02-Jan-2008  ad Merge vmlocking2 to head.
 1.132  22-Dec-2007  dsl Add a few buckets of 'const' and 'static' to the system call trace code.
sys_trace() still needs to be able to update the syscall args.
 1.131  20-Dec-2007  dsl Convert all the system call entry points from:
int foo(struct lwp *l, void *v, register_t *retval)
to:
int foo(struct lwp *l, const struct foo_args *uap, register_t *retval)
Fixup compat code to not write into 'uap' and (in some cases) to actually
pass a correctly formatted 'uap' structure with the right name to the
next routine.
A few 'compat' routines that just call standard ones have been deleted.
All the 'compat' code compiles (along with the kernels required to test
build it).
98% done by automated scripts.
 1.130  08-Dec-2007  pooka branches: 1.130.4;
Remove cn_lwp from struct componentname. curlwp should be used
from on. The NDINIT() macro no longer takes the lwp parameter and
associates the credentials of the calling thread with the namei
structure.
 1.129  04-Dec-2007  ad ktd_callout: ktrace_lock can be acquired now.
 1.128  08-Oct-2007  ad branches: 1.128.4; 1.128.6;
Fix merge error.
 1.127  08-Oct-2007  ad Merge file descriptor locking, cwdi locking and cross-call changes
from the vmlocking branch.
 1.126  27-Aug-2007  dsl branches: 1.126.2; 1.126.4;
Fix inverted test in ktrpoint(), NAMI traces weren't being generated.
Also inline the 'ktrace_on' part of the test.
 1.125  15-Aug-2007  ad Changes to make ktrace LKM friendly and reduce ifdef KTRACE. Proposed
on tech-kern.
 1.124  09-Jul-2007  ad branches: 1.124.2; 1.124.6;
Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements
 1.123  01-Jun-2007  dsl Add a ktrkuser() function that can be used to generate a KTR_USER trace
entry from kernel-resident data.
Mainly so I can (ab)use the KTR_USER entry for extra info.
 1.122  26-Apr-2007  dsl Move the ktrace (and systrace) in namei() inside the retry loop for
emulation lookups.
If doing a lookup relative to the emulation root, prepend the emulation root
to the traced filename.
While here pass the filename length through to the ktrace code since namei()
knows the length and ktr_namei() would have to call strlen().
Note: that if namei() is being called during execve processing, the emulation
root name isn't available and "/emul/???" is used. Also namei() has to use
strlen() to get the lenght on the emulatoon root - even though it is a
compile-time constant string.
 1.121  29-Mar-2007  ad - cv_wakeup, cv_broadcast -> cv_signal where appropriate
- Update some comments.
 1.120  12-Mar-2007  ad branches: 1.120.2; 1.120.4;
Pass an ipl argument to pool_init/POOL_INIT to be used when initializing
the pool's lock.
 1.119  09-Mar-2007  ad branches: 1.119.2;
- Make the proclist_lock a mutex. The write:read ratio is unfavourable,
and mutexes are cheaper use than RW locks.
- LOCK_ASSERT -> KASSERT in some places.
- Hold proclist_lock/kernel_lock longer in a couple of places.
 1.118  04-Mar-2007  christos Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
 1.117  26-Feb-2007  yamt implement priority inheritance.
 1.116  22-Feb-2007  thorpej TRUE -> true, FALSE -> false
 1.115  17-Feb-2007  pavel Change the process/lwp flags seen by userland via sysctl back to the
P_*/L_* naming convention, and rename the in-kernel flags to avoid
conflict. (P_ -> PK_, L_ -> LW_ ). Add back the (now unused) LSDEAD
constant.

Restores source compatibility with pre-newlock2 tools like ps or top.

Reviewed by Andrew Doran.
 1.114  09-Feb-2007  ad branches: 1.114.2;
Merge newlock2 to head.
 1.113  04-Jan-2007  elad Consistent usage of KAUTH_GENERIC_ISSUSER.
 1.112  28-Nov-2006  elad branches: 1.112.2; 1.112.4;
Move ktrace, ptrace, systrace, and procfs to use kauth(9).

First, remove process_checkioperm() calls from MD code. Similar checks
using kauth(9) routines (on the process scope, using appropriate action)
are done in the callers.

Add secmodel back-end to handle each subsystem.
 1.111  01-Nov-2006  yamt remove some __unused from function parameters.
 1.110  22-Oct-2006  christos make ktruser enforce the maximum buffer length, and return an error.
 1.109  17-Oct-2006  dogcow now that we have -Wno-unused-parameter, back out all the tremendously ugly
code to gratuitously access said parameters.
 1.108  13-Oct-2006  dogcow More -Wunused fallout. sprinkle __unused when possible; otherwise, use the
do { if (&x) {} } while (/* CONSTCOND */ 0);
construct as suggested by uwe in <20061012224845.GA9449@snark.ptc.spbu.ru>.
 1.107  12-Oct-2006  christos - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
 1.106  23-Sep-2006  manu Add a -t+S flag to ktrace for tracing activity related to sysctl. MIB
names will be displayed, with data readen and written as well.
 1.105  23-Jul-2006  ad branches: 1.105.4; 1.105.6;
Use the LWP cached credentials where sane.
 1.104  07-Jun-2006  kardel merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
time.tv_sec -> time_second
- struct timeval mono_time is gone
mono_time.tv_sec -> time_uptime
- access to time via
{get,}{micro,nano,bin}time()
get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
 1.103  14-May-2006  elad branches: 1.103.2;
integrate kauth.
 1.102  15-Apr-2006  christos Coverity CID 846: Simplify code.
 1.101  01-Mar-2006  yamt branches: 1.101.2; 1.101.4; 1.101.6;
merge yamt-uio_vmspace branch.

- use vmspace rather than proc or lwp where appropriate.
the latter is more natural to specify an address space.
(and less likely to be abused for random purposes.)
- fix a swdmover race.
 1.100  24-Dec-2005  perry branches: 1.100.2; 1.100.4; 1.100.6;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.
 1.99  13-Dec-2005  reinoud Fix of panic that was introduced since ktrace-lwp branch was merged. The
shortcut to the process of the passed lwp paniced the kernel since lwp
could/can be passwd as NULL in VOP_WRITE().

This was happening when ktracing to NFS. The function ktrwrite() set the
uio_lwp to NULL and then calls VOP_WRITE() with this argument. nfs_write()
then accessed lwp *l->l_proc wich paniced.

Thanks to David Laight for his help on tracking it down.
 1.98  11-Dec-2005  christos merge ktrace-lwp.
 1.97  29-May-2005  christos branches: 1.97.2;
- add const.
- remove unnecessary casts.
- add __UNCONST casts and mark them with XXXUNCONST as necessary.
 1.96  09-Feb-2005  christos branches: 1.96.4; 1.96.6;
Don't de-reference a NULL ktd on error. Fix from enami, thanks.
 1.95  26-Oct-2004  skrll branches: 1.95.4; 1.95.6;
Fix bug in siginfo handling introduced in revision 1.93
 1.94  01-Oct-2004  yamt introduce a function, proclist_foreach_call, to iterate all procs on
a proclist and call the specified function for each of them.
primarily to fix a procfs locking problem, but i think that it's useful for
others as well.

while i'm here, introduce PROCLIST_FOREACH macro, which is similar to
LIST_FOREACH but skips marker entries which are used by proclist_foreach_call.
 1.93  22-Sep-2004  enami Create kernel thread and let it to issue the write request. We can't
do this from trace target process since we can't sleep at certain
trace point (otherwise system may hang). Address PR#23155.
 1.92  04-Sep-2004  skrll Use "NULL" instead of "(struct foo *)0".
 1.91  24-Jun-2004  christos Explain why the comment is a lie.
 1.90  23-Jun-2004  christos Fix a panic induced by forcing ktrace to inject an emul record on
a ktraced file descriptor that has already been invalidated. Change
all ktrace functions to propagate the error from ktrwrite() and
check for it. Thanks to Pavel Cahyna for finding this and giving
a perfect bug report.

[should be pulled up for 2.0]
 1.89  30-Apr-2004  enami ANSI'fy the rest of functions.
 1.88  25-Feb-2004  enami branches: 1.88.2;
Whitespace nits.
 1.87  25-Feb-2004  enami Make ktrwrite() and ktrinitheader() private again. ktrsyscall32() no longer
exists.
 1.86  16-Jan-2004  mrg clean up a little:
- delete ktrsyscall32()
- add a check #ifdef _LP64 to do the conversion if P_32 is set to the
standard ktrsyscall()
- add a couple of similar _LP64/P_32 checks to the systrace code.

this should get systrace working for 32 bit apps as well as complete
ktrace support for "trace_enter/trace_exit" using platforms such as amd64.

XXX: systrace isn't supported on sparc64 currently... (it doesn't use
trace_enter/trace_exit, or have it's own calls to systrace_xxx()...)
 1.85  15-Jan-2004  mrg export ktrinitheader() and ktrwrite() for ktrsyscall32(), which is used
to write 32 bit syscall arguments in a 64 bit format.
 1.84  14-Dec-2003  dsl Defer writing of KTR_EMUL entry until first trace done by target process.
Stops ktrops sleeping with the pid table locked.
 1.83  24-Nov-2003  manu Enable tracing of out of line data sent with Mach message
 1.82  12-Nov-2003  dsl - Count number of zombies and stopped children and requeue them at the top
of the sibling list so that find_stopped_child can be optimised to avoid
traversing the entire sibling list - helps when a process has a lot of
children.
- Modify locking in pfind() and pgfind() to that the caller can rely on the
result being valid, allow caller to request that zombies be findable.
- Rename pfind() to p_find() to ensure we break binary compatibility.
- Remove svr4_pfind since p_find willnow do the job.
- Modify some of the SMP locking of the proc lists - signals are still stuffed.

Welcome to 1.6ZF
 1.81  02-Nov-2003  jdolecek use LIST_FOREACH() where appropriate
 1.80  08-Oct-2003  thorpej * Shuffle some data structures so, and add a flags word to ksiginfo_t.
Right now the only flag is used to indicate if a ksiginfo_t is a
result of a trap. Add a predicate macro to test for this flag.
* Add initialization macros for ksiginfo_t's.
* Add accssor macro for ksi_trap. Expands to 0 if the ksiginfo_t was
not the result of a trap. This matches the sigcontext trapcode semantics.
* In kpsendsig(), use KSI_TRAP_P() to select the lwp that gets the signal.
Inspired by Matthias Drochner's fix to kpsendsig(), but correctly handles
the case of non-trap-generated signals that have a > 0 si_code.

This patch fixes a signal delivery problem with threaded programs noted by
Matthias Drochner on tech-kern.

As discussed on tech-kern. Reviewed and OK's by Christos.
 1.79  25-Sep-2003  christos constify sendsig/trapsignal
 1.78  19-Sep-2003  christos support for siginfo_t in ktrace
 1.77  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.
 1.76  04-Aug-2003  drochner sy_narg isn't very useful where an argument can span two register_t slots
(as off_t on 32-bit platforms)
see PR kern/22297 by myself
 1.75  16-Jul-2003  dsl Add ktrace of env and args during exec.
 1.74  29-Jun-2003  fvdl branches: 1.74.2;
Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
 1.73  29-Jun-2003  martin Intermediate cast to intptr_t when storing a lwp id in a caddr_t variable
for archs where those have different size.
 1.72  28-Jun-2003  darrenr Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
 1.71  15-May-2003  dsl ktrace rval[1] - in order to get both fd numbers for pipe()
 1.70  02-May-2003  yamt fix locking.
 1.69  03-Apr-2003  christos Don't require a file if CLEAR is set [did not work before because we
could have the descend flag too]
 1.68  23-Feb-2003  pk Make updating a file's reference and use count MP-safe.
 1.67  18-Jan-2003  thorpej Merge the nathanw_sa branch.
 1.66  21-Dec-2002  manu Pass the system call table to trace_enter() and ktrsys() so that it is
possible to use alternate system call tables. This is usefull for
displaying correctly the arguments in Mach binaries traces.

If NULL is given, then the regular systam call table for the process is used.
 1.65  20-Dec-2002  gmcgarry yield() -> preempt().
 1.64  17-Dec-2002  manu branches: 1.64.2;
Added support for exchange of Mach messages between processes.

This does not buy us new functionnality for now, because we still have to
discover how mach_init (which acts as a name server, enabling processes to
discover each other's ports) is able to receive messages from other processes
(this is a bootstrap problem, and the bootstrap port might be the place to
search).

While we are there:
- removed a lot of debug which is now available using ktrace.
- reworked message handling to avoid mutliple copyin/copyout of the
same data. ktrace of Mach message now uses the in-kernel copy of the
message instead of copying it from userland.
- packed mach trap handlers arguments into a structure to avoid modifying
everything next time we have to add an argument.
 1.63  12-Dec-2002  christos always compile in mach ktrace support; it is to small to bother.
 1.62  09-Dec-2002  manu Added support for dumping mach messages in ktrace/kdump. While we are
there, KNFify a few functions.
 1.61  15-Nov-2002  manu Add a realcode argument to trace_enter and ktrsyscall. realcode is the
original system call number, which can be negative for a Mach trap.
We cannot just replace code by realcode, because ktrsyscall uses it as
an index in the system call table, thus crashing the kernel when the
value is negative.
 1.60  10-Nov-2002  thorpej Fix signed/unsigned comparison warnings.
 1.59  23-Oct-2002  jdolecek merge kqueue branch into -current

kqueue provides a stateful and efficient event notification framework
currently supported events include socket, file, directory, fifo,
pipe, tty and device changes, and monitoring of processes and signals

kqueue is supported by all writable filesystems in NetBSD tree
(with exception of Coda) and all device drivers supporting poll(2)

based on work done by Jonathan Lemon for FreeBSD
initial NetBSD port done by Luke Mewburn and Jason Thorpe
 1.58  28-Jun-2002  itojun disallow ktrace on P_SUGID. from openbsd
 1.57  18-Jun-2002  fvdl Repair damage done in systrace commit. Since argsize is nog longer
passed, assume it's sy_narg * sizeof (register_t). The code
made this assumption implicitly anyway. Fixes compat_*32 tracing.
 1.56  17-Jun-2002  christos Niels Provos systrace work, ported to NetBSD by kittenz and reworked...
 1.55  12-Nov-2001  lukem branches: 1.55.8; 1.55.10;
add RCSIDs
 1.54  14-Jun-2001  thorpej branches: 1.54.2; 1.54.6;
Fix a partial construction problem that can cause race conditions
between creation of a file descriptor and close(2) when using kernel
assisted threads. What we do is stick descriptors in the table, but
mark them as "larval". This causes essentially everything to treat
it as a non-existent descriptor, except for fdalloc(), which sees a
filled slot so that it won't (incorrectly) allocate it again. When
a descriptor is fully constructed, the code that has constructed it
marks it as "mature" (which actually clears the "larval" flag), and
things continue to work as normal.

While here, gather all the code that gets a descriptor from the table
into a fd_getfile() function, and call it, rather than having the
same (sometimes incorrect) code copied all over the place.
 1.53  05-Jan-2001  jdolecek branches: 1.53.2;
utrace(2): limit size of user data to KTR_USER_MAXLEN (currently 2048); return EINVAL if 'len' is bigger
 1.52  05-Jan-2001  jdolecek utrace(2): rename 'id' parameter to 'label'
 1.51  28-Dec-2000  jdolecek add utrace(2) - this syscall allows to add user ktrace entries
idea from FreeBSD, but added argument (const char *id) so that it's possible
to differentiate between entries from different sources
 1.50  19-Dec-2000  scw Change struct emul's "char e_name[8]" field to "const char *e_name"
to allow for emulation names >= 8 characters.
 1.49  11-Dec-2000  martin Make this compilable again on ports without __HAVE_SYSCALL_INTERN.
 1.48  11-Dec-2000  mycroft Call e_syscall_intern every time ktrace flags are modified.
 1.47  01-Aug-2000  thorpej ANSI'ify.
 1.46  31-May-2000  thorpej branches: 1.46.2;
Track which process a CPU is running/has last run on by adding a
p_cpu member to struct proc. Use this in certain places when
accessing scheduler state, etc. For the single-processor case,
just initialize p_cpu in fork1() to avoid having to set it in the
low-level context switch code on platforms which will never have
multiprocessing.

While I'm here, comment a few places where there are known issues
for the SMP implementation.
 1.45  29-May-2000  sommerfeld Add null-pointer tests in ktrsamefile
 1.44  29-May-2000  sommerfeld Fix clearing of ktrace points:
- need deep compare of open files, not a shallow pointer compare.
- reorder fdrelease()/FILE_UNUSE() invocations so fdrelease doesn't
block waiting for something which can't happen until after it returns.
 1.43  28-May-2000  sommerfeld Deal with NULL file pointer for KTROP_CLEAR
 1.42  27-May-2000  sommerfeld branches: 1.42.2;
Reduce use of curproc in several places:

- Change ktrace interface to pass in the current process, rather than
p->p_tracep, since the various ktr* function need curproc anyway.

- Add curproc as a parameter to mi_switch() since all callers had it
handy anyway.

- Add a second proc argument for inferior() since callers all had
curproc handy.

Also, miscellaneous cleanups in ktrace:

- ktrace now always uses file-based, rather than vnode-based I/O
(simplifies, increases type safety); eliminate KTRFLAG_FD & KTRFAC_FD.
Do non-blocking I/O, and yield a finite number of times when receiving
EWOULDBLOCK before giving up.

- move code duplicated between sys_fktrace and sys_ktrace into ktrace_common.

- simplify interface to ktrwrite()
 1.41  26-May-2000  thorpej First sweep at scheduler state cleanup. Collect MI scheduler
state into global and per-CPU scheduler state:

- Global state: sched_qs (run queues), sched_whichqs (bitmap
of non-empty run queues), sched_slpque (sleep queues).
NOTE: These may collectively move into a struct schedstate
at some point in the future.

- Per-CPU state, struct schedstate_percpu: spc_runtime
(time process on this CPU started running), spc_flags
(replaces struct proc's p_schedflags), and
spc_curpriority (usrpri of processes on this CPU).

- Every platform must now supply a struct cpu_info and
a curcpu() macro. Simplify existing cpu_info declarations
where appropriate.

- All references to per-CPU scheduler state now made through
curcpu(). NOTE: this will likely be adjusted in the future
after further changes to struct proc are made.

Tested on i386 and Alpha. Changes are mostly mechanical, but apologies
in advance if it doesn't compile on a particular platform.
 1.40  08-May-2000  thorpej ktrgenio(): __predict_false() ktrwrite() failing.
ktrwrite(): __predict_true() no error occuring.
 1.39  19-Apr-2000  thorpej - Allocate the ktrace operation header on the stack rather than using
MALLOC()/FREE().
- In ktrgenio():
- Don't allocate the entire size of the I/O for the temporary
buffer used to write the data to the trace file. Instead,
do it in page-sized chunks.
- As in uiomove(), preempt the process if we are hogging the CPU.
- If writing to the trace file errors, abort rather than continuing
to loop through the buffer.

From Artur Grabowski <art@stacken.kth.se>, with some additional cleanup
by me.
 1.38  25-Jul-1999  darrenr branches: 1.38.2;
don't log an error for ktrace if it's EPIPE - an error that should be
expected with fktrace/ktruss (i.e the error is `noise').
 1.37  25-Jul-1999  thorpej Turn the proclist lock into a read/write spinlock. Update proclist locking
calls to reflect this. Also, block statclock rather than softclock during
in the proclist locking functions, to address a problem reported on
current-users by Sean Doran.
 1.36  22-Jul-1999  thorpej Add a read/write lock to the proclists and PID hash table. Use the
write lock when doing PID allocation, and during the process exit path.
Use a read lock every where else, including within schedcpu() (interrupt
context). Note that holding the write lock implies blocking schedcpu()
from running (blocks softclock).

PID allocation is now MP-safe.

Note this actually fixes a bug on single processor systems that was probably
extremely difficult to tickle; it was possible that schedcpu() would run
off a bad pointer if the right clock interrupt happened to come in the
middle of a LIST_INSERT_HEAD() or LIST_REMOVE() to/from allproc.
 1.35  05-May-1999  thorpej Add "use counting" to file entries. When closing a file, and it's reference
count is 0, wait for use count to drain before finishing the close.

This is necessary in order for multiple processes to safely share file
descriptor tables.
 1.34  11-Apr-1999  kleink * Add a comment to ktrgetheader() mentioning that ktr_len and ktr_buf are
being left uninitialized intentionally; addresses PR kern/6987.
* In ktrsysret(), initialize the unused ktr_eosys to avoid writing random junk.
 1.33  11-Sep-1998  mycroft branches: 1.33.6; 1.33.8;
Substantial signal handling changes:
* Increase the size of sigset_t to accomodate 128 signals -- adding new
versions of sys_setprocmask(), sys_sigaction(), sys_sigpending() and
sys_sigsuspend() to handle the changed arguments.
* Abstract the guts of sys_sigaltstack(), sys_setprocmask(), sys_sigaction(),
sys_sigpending() and sys_sigsuspend() into separate functions, and call them
from all the emulations rather than hard-coding everything. (Avoids uses
the stackgap crap for these system calls.)
* Add a new flag (p_checksig) to indicate that a process may have signals
pending and userret() needs to do the full (slow) check.
* Eliminate SAS_ALTSTACK; it's exactly the inverse of SS_DISABLE.
* Correct emulation bugs with restoring SS_ONSTACK.
* Make the signal mask in the sigcontext always use the emulated mask format.
* Store signals internally in sigaction structures, rather than maintaining a
bunch of little sigsets for each SA_* bit.
* Keep track of where we put the signal trampoline, rather than figuring it out
in *_sendsig().
* Issue a warning when a non-emulated sigaction bit is observed.
* Add missing emulated signals, and a native SIGPWR (currently not used).
* Implement the `not reset when caught' semantics for relevant signals.

Note: Only code touched by the i386 port has been modified. Other ports and
emulations need to be updated.
 1.32  04-Aug-1998  perry Abolition of bcopy, ovbcopy, bcmp, and bzero, phase one.
bcopy(x, y, z) -> memcpy(y, x, z)
ovbcopy(x, y, z) -> memmove(y, x, z)
bcmp(x, y, z) -> memcmp(x, y, z)
bzero(x, y) -> memset(x, 0, y)
 1.31  31-Jul-1998  perry fix sizeofs so they comply with the KNF style guide. yes, it is pedantic.
 1.30  30-Jun-1998  thorpej branches: 1.30.2;
Add two additional arguments to the fileops read and write calls, a
pointer to the offset to use, and a flags word. Define a flag that
specifies whether or not to update the offset passed by reference.
 1.29  25-Jun-1998  thorpej defopt KTRACE
 1.28  02-May-1998  christos New fktrace syscall from Darren Reed [with fixes from me]
 1.27  28-Apr-1998  mycroft Fix KTROP_CLEARFILE so it does the same thing as KTROP_CLEAR (i.e. vrele()
rather than vn_close()). Fixes PR 5357.
 1.26  29-Mar-1998  mrg remove register from decl.
 1.25  01-Mar-1998  fvdl Merge with Lite2 + local changes
 1.24  19-Oct-1997  mycroft branches: 1.24.2;
Add const where appropriate.
 1.23  09-Feb-1996  christos More proto fixes
 1.22  04-Feb-1996  christos First pass at prototyping
 1.21  22-Oct-1995  christos Make the ktrace code emit a record that indicates the current emulation
every time there is an attach or detach event.
 1.20  07-Oct-1995  mycroft Prefix names of system call implementation functions with `sys_'.
 1.19  19-Sep-1995  thorpej Make system calls conform to a standard prototype and bring those
prototypes into scope.
 1.18  19-Jul-1995  christos Add KTR_EMUL to indicate a switch between syscall emulations.
Currently this record is emitted only on exec. Maybe it should
be emitted on ktrace() attach too.
 1.17  26-Mar-1995  cgd don't default return types to ints; specify them.
ktrsyscall takes (vp, code, argsize, args), and stores argsize rather
than nargs.
 1.16  09-Mar-1995  mycroft Update types.
 1.15  14-Dec-1994  mycroft Remove extra arg to vn_open().
 1.14  14-Nov-1994  christos added extra argument in vn_open and VOP_OPEN to allow cloning devices
 1.13  20-Oct-1994  cgd update for new syscall args description mechanism
 1.12  30-Aug-1994  mycroft Convert process, file, and namei lists and hash tables to use queue.h.
 1.11  29-Jun-1994  cgd New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'
 1.10  08-Jun-1994  mycroft Update to 4.4-Lite fs code.
 1.9  18-May-1994  cgd mostly-machine-indepedent switch, and changes to match. also, hack init_main
 1.8  05-May-1994  cgd lots of changes: prototype migration, move lots of variables, definitions,
and structure elements around. kill some unnecessary type and macro
definitions. standardize clock handling. More changes than you'd want.
 1.7  18-Dec-1993  mycroft Canonicalize all #includes.
 1.6  15-Sep-1993  cgd make allproc be volatile, and cast things accordingly.
suggested by torek, because CSRG had problems with reordering
of assignments to allproc leading to strange panics from kernels
compiled with gcc2...
 1.5  13-Jul-1993  cgd branches: 1.5.4;
break args structs out, into syscallname_args structs, so gcc2 doesn't
whine so much.
 1.4  27-Jun-1993  andrew ANSIfications - removed all implicit function return types and argument
definitions. Ensured that all files include "systm.h" to gain access to
general prototypes. Casts where necessary.
 1.3  20-May-1993  cgd add $Id$ strings, and clean up file headers where necessary
 1.2  26-Mar-1993  glass removed unnecessary #ifdefing, fixed conf/files appropriately
 1.1  21-Mar-1993  cgd branches: 1.1.1;
Initial revision
 1.1.1.3  01-Mar-1998  fvdl Import 4.4BSD-Lite2
 1.1.1.2  01-Mar-1998  fvdl Import 4.4BSD-Lite for reference
 1.1.1.1  21-Mar-1993  cgd initial import of 386bsd-0.1 sources
 1.5.4.2  14-Nov-1993  mycroft Canonicalize all #includes.
 1.5.4.1  24-Sep-1993  mycroft Make all files using spl*() #include cpu.h. Changes from trunk.
init_main.c: New method of pseudo-device of initialization.
kern_clock.c: hardclock() and softclock() now take a pointer to a clockframe.
softclock() only does callouts.
kern_synch.c: Remove spurious declaration of endtsleep(). Adjust uses of
averunnable for new struct loadav.
subr_prf.c: Allow printf() formats in panic().
tty.c: averunnable changes.
vfs_subr.c: va_size and va_bytes are now quads.
 1.24.2.1  05-May-1998  mycroft Pull up 1.27, per request of nathanw@mit.edu.
 1.30.2.1  08-Aug-1998  eeh Revert cdevsw mmap routines to return int.
 1.33.8.2  02-Aug-1999  thorpej Update from trunk.
 1.33.8.1  21-Jun-1999  thorpej Sync w/ -current.
 1.33.6.2  30-Apr-2000  he Modify/re-do last pullup (via patch, requested by sommerfeld):
Fix two bugs:
o A malicious or erroneous program can hog the CPU in uiomove()
o A ktrace of such a program can hog large amounts of kernel memory
This version of the fix does not increase the size of struct proc
compared to 1.4.2.
 1.33.6.1  30-Apr-2000  he Pull up revisions 1.38-1.39 (via patch, requested by sommerfeld):
Fix two bugs:
o A malicious or erroneous program can hog the CPU in uiomove()
o A ktrace of such a program can hog large amounts of kernel memory
This increses the size of struct proc, so kernel-grovellers need
rebuild after this.
 1.38.2.4  18-Jan-2001  bouyer Sync with head (for UBC+NFS fixes, mostly).
 1.38.2.3  05-Jan-2001  bouyer Sync with HEAD
 1.38.2.2  13-Dec-2000  bouyer Sync with HEAD (for UBC fixes).
 1.38.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.42.2.1  22-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.46.2.1  01-Jul-2002  he Pull up revision 1.58 (requested by itojun):
Disallow ktrace on processes with P_SUGID set.
 1.53.2.12  07-Jan-2003  thorpej In the SA universe, the switch-to-this-LWP decision is made at a
different level than where preempt() calls are made, which renders
the "newlwp" argument useless. Replace it with a "more work to do"
boolean argument. Returning to userspace preempt() calls pass 0.
"Voluntary" preemptions in e.g. uiomove() pass 1. This will be used
to indicate to the SA subsystem that the LWP is not yet finished in
the kernel.

Collapse the SA vs. non-SA cases of preempt() together, making the
conditional code block much smaller, and don't call sa_preempt() if
more work is to come.

NOTE: THIS IS NOT A COMPLETE FIX TO THE preempt()-in-uiomove() PROBLEM
THAT CURRENTLY EXISTS FOR SA PROCESSES.
 1.53.2.11  29-Dec-2002  thorpej Sync with HEAD.
 1.53.2.10  19-Dec-2002  thorpej Sync with HEAD.
 1.53.2.9  11-Dec-2002  thorpej Sync with HEAD.
 1.53.2.8  11-Nov-2002  nathanw Catch up to -current
 1.53.2.7  01-Aug-2002  nathanw Catch up to -current.
 1.53.2.6  12-Jul-2002  nathanw No longer need to pull in lwp.h; proc.h pulls it in for us.
 1.53.2.5  20-Jun-2002  nathanw Catch up to -current.
 1.53.2.4  29-May-2002  nathanw #include <sys/sa.h> before <sys/syscallargs.h>, to provide sa_upcall_t
now that <sys/param.h> doesn't include <sys/sa.h>.

(Behold the Power of Ed)
 1.53.2.3  14-Nov-2001  nathanw Catch up to -current.
 1.53.2.2  21-Jun-2001  nathanw Catch up to -current.
 1.53.2.1  05-Mar-2001  nathanw Initial commit of scheduler activations and lightweight process support.
 1.54.6.1  12-Nov-2001  thorpej Sync the thorpej-mips-cache branch with -current.
 1.54.2.4  06-Sep-2002  jdolecek sync kqueue branch with HEAD
 1.54.2.3  21-Feb-2002  jdolecek ktrderef(): knote_fdclose() is not appropriate here - the descriptor
is not visible from userland and thus can't be watched
 1.54.2.2  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.54.2.1  10-Jul-2001  lukem highlight possible problem?
 1.55.10.1  30-Jun-2002  lukem Pull up revision 1.58 (requested by itojun in ticket #398):
disallow ktrace on P_SUGID. from openbsd
 1.55.8.2  15-Jul-2002  gehenna catch up with -current.
 1.55.8.1  20-Jun-2002  gehenna catch up with -current.
 1.64.2.1  18-Dec-2002  gmcgarry Merge pcred and ucred, and poolify. TBD: check backward compatibility
and factor-out some higher-level functionality.
 1.74.2.15  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.74.2.14  16-Feb-2005  skrll Simplify the record writing process as sizeof(struct ktr_header)
doesn't change. If it does increase in the future deal with it then.

Delete struct ktr_compat as it is not needed.
 1.74.2.13  15-Feb-2005  skrll Sync with HEAD.
 1.74.2.12  15-Feb-2005  skrll Use the gap between ktr_type and ktr_pid for a version field instead of
overloading ktr_type.
 1.74.2.11  02-Nov-2004  skrll Sync with HEAD.
 1.74.2.10  19-Oct-2004  skrll Sync with HEAD
 1.74.2.9  17-Oct-2004  skrll Provide a version mechanism for ktrace records and add new version that
uses struct timespec and records the lwpid.
 1.74.2.8  24-Sep-2004  skrll Sync with HEAD.
 1.74.2.7  21-Sep-2004  skrll Fix the sync with head I botched.
 1.74.2.6  18-Sep-2004  skrll Sync with HEAD.
 1.74.2.5  14-Sep-2004  skrll ktrops/ktrsetchildren no not need a struct lwp. Revert to struct proc and
fix a bug.

Noticed by enami. Thanks.
 1.74.2.4  12-Aug-2004  skrll Sync with HEAD.
 1.74.2.3  03-Aug-2004  skrll Sync with HEAD
 1.74.2.2  19-Aug-2003  skrll SA upcall support for ktrace(2) from my PR 19929.

This currently has problems when ktrwrite blocks and causes another
upcall, which causes another call to ktrsaupcall.
 1.74.2.1  02-Jul-2003  darrenr Apply the aborted ktrace-lwp changes to a specific branch. This is just for
others to review, I'm concerned that patch fuziness may have resulted in some
errant code being generated but I'll look at that later by comparing the diff
from the base to the branch with the file I attempt to apply to it. This will,
at the very least, put the changes in a better context for others to review
them and attempt to tinker with removing passing of 'struct lwp' through
the kernel.
 1.88.2.2  08-Feb-2007  bouyer Pull up following revision(s) (requested by adrianp in ticket #11023):
sys/kern/kern_ktrace.c: revision 1.110 via patch
sys/sys/ktrace.h: revision 1.45 via patch
sys/compat/freebsd/freebsd_misc.c: revision 1.26 via patch
sys/compat/darwin/darwin_iohidsystem.c: revision 1.35 via patch
sys/compat/darwin/darwin_ktrace.c: revision 1.6 via patch
Due to insufficient length checking it is possible for a user to cause
an integer overflow. Make ktruser return an error instead.
 1.88.2.1  24-Jun-2004  he branches: 1.88.2.1.2; 1.88.2.1.4;
Pull up revisions 1.89-1.90 (requested by christos in ticket #544):
Fix a panic induced by forcing ktrace to inject an emul
record in a ktraced file descriptor that has already been
invalidated. Change all ktrace functions to propagate the
error from ktrwrite() and check for it.
Drag along revision ANSIfying function declarations.
 1.88.2.1.4.1  08-Feb-2007  bouyer Pull up following revision(s) (requested by adrianp in ticket #11023):
sys/kern/kern_ktrace.c: revision 1.110 via patch
sys/sys/ktrace.h: revision 1.45 via patch
sys/compat/freebsd/freebsd_misc.c: revision 1.26 via patch
sys/compat/darwin/darwin_iohidsystem.c: revision 1.35 via patch
sys/compat/darwin/darwin_ktrace.c: revision 1.6 via patch
Due to insufficient length checking it is possible for a user to cause
an integer overflow. Make ktruser return an error instead.
 1.88.2.1.2.1  08-Feb-2007  bouyer Pull up following revision(s) (requested by adrianp in ticket #11023):
sys/kern/kern_ktrace.c: revision 1.110 via patch
sys/sys/ktrace.h: revision 1.45 via patch
sys/compat/freebsd/freebsd_misc.c: revision 1.26 via patch
sys/compat/darwin/darwin_iohidsystem.c: revision 1.35 via patch
sys/compat/darwin/darwin_ktrace.c: revision 1.6 via patch
Due to insufficient length checking it is possible for a user to cause
an integer overflow. Make ktruser return an error instead.
 1.95.6.1  12-Feb-2005  yamt sync with head.
 1.95.4.1  29-Apr-2005  kent sync with -current
 1.96.6.1  24-Oct-2006  ghen Pull up following revision(s) (requested by adrianp in ticket #1564):
sys/compat/darwin/darwin_ktrace.c: revision 1.6 via patch
sys/compat/darwin/darwin_iohidsystem.c: revision 1.35 via patch
sys/compat/freebsd/freebsd_misc.c: revision 1.26 via patch
sys/kern/kern_ktrace.c: revision 1.110 via patch
sys/sys/ktrace.h: revision 1.45 via patch
make ktruser enforce the maximum buffer length, and return an error.
ktruser checks for length now.
ktruser now returns an error if the buffer length is too big.
 1.96.4.1  24-Oct-2006  ghen Pull up following revision(s) (requested by adrianp in ticket #1564):
sys/compat/darwin/darwin_ktrace.c: revision 1.6 via patch
sys/compat/darwin/darwin_iohidsystem.c: revision 1.35 via patch
sys/compat/freebsd/freebsd_misc.c: revision 1.26 via patch
sys/kern/kern_ktrace.c: revision 1.110 via patch
sys/sys/ktrace.h: revision 1.45 via patch
make ktruser enforce the maximum buffer length, and return an error.
ktruser checks for length now.
ktruser now returns an error if the buffer length is too big.
 1.97.2.11  24-Mar-2008  yamt sync with head.
 1.97.2.10  27-Feb-2008  yamt sync with head.
 1.97.2.9  11-Feb-2008  yamt sync with head.
 1.97.2.8  04-Feb-2008  yamt sync with head.
 1.97.2.7  21-Jan-2008  yamt sync with head
 1.97.2.6  07-Dec-2007  yamt sync with head
 1.97.2.5  27-Oct-2007  yamt sync with head.
 1.97.2.4  03-Sep-2007  yamt sync with head.
 1.97.2.3  26-Feb-2007  yamt sync with head.
 1.97.2.2  30-Dec-2006  yamt sync with head.
 1.97.2.1  21-Jun-2006  yamt sync with head.
 1.100.6.3  01-Jun-2006  kardel Sync with head.
 1.100.6.2  22-Apr-2006  simonb Sync with head.
 1.100.6.1  04-Feb-2006  simonb Adapt for timecounters: mostly use get*time() and use "time_second"
instead of "time.tv_sec".
 1.100.4.1  09-Sep-2006  rpaulo sync with head
 1.100.2.1  31-Dec-2005  yamt uio_segflg/uio_lwp -> uio_vmspace.
 1.101.6.1  24-May-2006  tron Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
 1.101.4.3  06-May-2006  christos - Move kauth_cred_t declaration to <sys/types.h>
- Cleanup struct ucred; forward declarations that are unused.
- Don't include <sys/kauth.h> in any header, but include it in the c files
that need it.

Approved by core.
 1.101.4.2  19-Apr-2006  elad sync with head.
 1.101.4.1  08-Mar-2006  elad Adapt to kernel authorization KPI.
 1.101.2.3  11-Aug-2006  yamt sync with head
 1.101.2.2  26-Jun-2006  yamt sync with head.
 1.101.2.1  24-May-2006  yamt sync with head.
 1.103.2.1  19-Jun-2006  chap Sync with head.
 1.105.6.2  10-Dec-2006  yamt sync with head.
 1.105.6.1  22-Oct-2006  yamt sync with head
 1.105.4.12  09-Feb-2007  ad Pass the correct argument to ktd_wakeup().
 1.105.4.11  06-Feb-2007  ad Now that kthreads always run with kernel priority, don't rely on preempt()
to actually yield the CPU.
 1.105.4.10  05-Feb-2007  ad Make it compile with !MULTIPROCESSOR.
 1.105.4.9  04-Feb-2007  ad Push the kernel_lock back in a couple of places. Sleep/wakeup and ktrace
are now MP safe.
 1.105.4.8  03-Feb-2007  ad - Require that cv_signal/cv_broadcast be called with the interlock held.
- Provide 'async' versions that's don't need the interlock.
 1.105.4.7  31-Jan-2007  ad ktrace: don't record context switches when blocking on a turnstile.
 1.105.4.6  30-Jan-2007  ad Remove support for SA. Ok core@.
 1.105.4.5  25-Jan-2007  ad - Fix a bug where ktrpsig() could corrupt memory.
- Tidy up a bit.
 1.105.4.4  12-Jan-2007  ad Sync with head.
 1.105.4.3  29-Dec-2006  ad Checkpoint work in progress.
 1.105.4.2  18-Nov-2006  ad Sync with head.
 1.105.4.1  11-Sep-2006  ad - Convert some lockmgr() locks to mutexes and RW locks.
- Acquire proclist_lock and p_crmutex in some obvious places.
 1.112.4.1  04-Jan-2008  skrll Pass an array pointers in kernel VM space to ktrsaupcall for it to
create the ktrace record instead of trying to access a pointer in
userland.

Fixes PR/37534.
 1.112.2.1  11-Apr-2008  jdc Pull up revisions:
src/sys/kern/kern_ktrace.c 1.112.4.1
src/sys/kern/kern_sa.c 1.87.4.9
src/sys/sys/ktrace.h 1.45.4.1
from [wrstuden-fixsa] (requested by skrll in ticket #1121).

Pass an array pointers in kernel VM space to ktrsaupcall for it to
create the ktrace record instead of trying to access a pointer in
userland.

Fixes PR/37534.
 1.114.2.5  07-May-2007  yamt sync with head.
 1.114.2.4  15-Apr-2007  yamt sync with head.
 1.114.2.3  24-Mar-2007  yamt sync with head.
 1.114.2.2  12-Mar-2007  rmind Sync with HEAD.
 1.114.2.1  27-Feb-2007  yamt - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
 1.119.2.11  09-Oct-2007  ad Sync with head.
 1.119.2.10  20-Aug-2007  ad Sync with HEAD.
 1.119.2.9  01-Jul-2007  ad - Adapt to callout API change.
- It's now OK to acquire ktrace_mutex from the callout.
 1.119.2.8  09-Jun-2007  ad Sync with head.
 1.119.2.7  08-Jun-2007  ad Sync with head.
 1.119.2.6  13-May-2007  ad - Pass the error number and residual count to biodone(), and let it handle
setting error indicators. Prepare to eliminate B_ERROR.
- Add a flag argument to brelse() to be set into the buf's flags, instead
of doing it directly. Typically used to set B_INVAL.
- Add a "struct cpu_info *" argument to kthread_create(), to be used to
create bound threads. Change "bool mpsafe" to "int flags".
- Allow exit of LWPs in the IDL state when (l != curlwp).
- More locking fixes & conversion to the new API.
 1.119.2.5  10-Apr-2007  ad Sync with head.
 1.119.2.4  10-Apr-2007  ad Nuke the deferred kthread creation stuff, as it's no longer needed.
Pointed out by thorpej@.
 1.119.2.3  09-Apr-2007  ad - Add two new arguments to kthread_create1: pri_t pri, bool mpsafe.
- Fork kthreads off proc0 as new LWPs, not new processes.
 1.119.2.2  21-Mar-2007  ad - Replace more simple_locks, and fix up in a few places.
- Use condition variables.
- LOCK_ASSERT -> KASSERT.
 1.119.2.1  13-Mar-2007  ad Sync with head.
 1.120.4.1  29-Mar-2007  reinoud Pullup to -current
 1.120.2.1  11-Jul-2007  mjf Sync with head.
 1.124.6.4  09-Dec-2007  jmcneill Sync with HEAD.
 1.124.6.3  26-Oct-2007  joerg Sync with HEAD.

Follow the merge of pmap.c on i386 and amd64 and move
pmap_init_tmp_pgtbl into arch/x86/x86/pmap.c. Modify the ACPI wakeup
code to restore CR4 before jumping back into kernel space as the large
page option might cover that.
 1.124.6.2  03-Sep-2007  jmcneill Sync with HEAD.
 1.124.6.1  16-Aug-2007  jmcneill Sync with HEAD.
 1.124.2.1  03-Sep-2007  skrll Sync with HEAD.
 1.126.4.1  14-Oct-2007  yamt sync with head.
 1.126.2.3  23-Mar-2008  matt sync with HEAD
 1.126.2.2  09-Jan-2008  matt sync with HEAD
 1.126.2.1  06-Nov-2007  matt sync with HEAD
 1.128.6.3  26-Dec-2007  ad Sync with head.
 1.128.6.2  08-Dec-2007  ad Sync with head.
 1.128.6.1  04-Dec-2007  ad Pull the vmlocking changes into a new branch.
 1.128.4.3  18-Feb-2008  mjf Sync with HEAD.
 1.128.4.2  27-Dec-2007  mjf Sync with HEAD.
 1.128.4.1  08-Dec-2007  mjf Sync with HEAD.
 1.130.4.3  23-Jan-2008  bouyer Sync with HEAD.
 1.130.4.2  08-Jan-2008  bouyer Sync with HEAD
 1.130.4.1  02-Jan-2008  bouyer Sync with HEAD
 1.138.6.4  17-Jan-2009  mjf Sync with HEAD.
 1.138.6.3  05-Jun-2008  mjf Sync with HEAD.

Also fix build.
 1.138.6.2  02-Jun-2008  mjf Sync with HEAD.
 1.138.6.1  03-Apr-2008  mjf Sync with HEAD.
 1.138.2.1  24-Mar-2008  keiichi sync with head.
 1.140.4.2  04-Jun-2008  yamt sync with head
 1.140.4.1  18-May-2008  yamt sync with head.
 1.140.2.2  01-Nov-2008  christos Sync with head.
 1.140.2.1  29-Mar-2008  christos Welcome to the time_t=long long dev_t=uint64_t branch.
 1.142.2.5  11-Aug-2010  yamt sync with head.
 1.142.2.4  11-Mar-2010  yamt sync with head
 1.142.2.3  19-Aug-2009  yamt sync with head.
 1.142.2.2  04-May-2009  yamt sync with head.
 1.142.2.1  16-May-2008  yamt sync with head.
 1.144.2.6  28-Jun-2008  wrstuden Fix up ktracing of upcalls. ktrace of an SA process now works.
 1.144.2.5  23-Jun-2008  wrstuden Sync w/ -current. 34 merge conflicts to follow.
 1.144.2.4  27-May-2008  wrstuden Pull in the fix for PR/37534.
 1.144.2.3  27-May-2008  wrstuden Re-merge ktrace upcall hooks. Still needs changes for PR 37534.
 1.144.2.2  14-May-2008  wrstuden Per discussion with ad, remove most of the #include <sys/sa.h> lines
as they were including sa.h just for the type(s) needed for syscallargs.h.

Instead, create a new file, sys/satypes.h, which contains just the
types needed for syscallargs.h. Yes, there's only one now, but that
may change and it's probably more likely to change if it'd be difficult
to handle. :-)

Per discussion with matt at n dot o, add an include of satypes.h to
sigtypes.h. Upcall handlers are kinda signal handlers, and signalling
is the header file that's already included for syscallargs.h that
closest matches SA.

This shaves about 3000 lines off of the diff of the branch relative
to the base. That also represents about 18% of the total before this
checkin.

I think this reduction is very good thing.
 1.144.2.1  10-May-2008  wrstuden Initial checkin of re-adding SA. Everything except kern_sa.c
compiles in GENERIC for i386. This is still a work-in-progress, but
this checkin covers most of the mechanical work (changing signalling
to be able to accomidate SA's process-wide signalling and re-adding
includes of sys/sa.h and savar.h). Subsequent changes will be much
more interesting.

Also, kern_sa.c has received partial cleanup. There's still more
to do, though.
 1.146.4.1  19-Oct-2008  haad Sync with HEAD.
 1.147.10.2  21-Apr-2010  matt sync to netbsd-5
 1.147.10.1  16-Mar-2010  matt Make sure kte_space has at least enough alignment to store a register_t.
 1.147.4.1  05-Sep-2009  bouyer Pull up following revision(s) (requested by dsl in ticket #901):
sys/kern/kern_ktrace.c: revision 1.149
Fix ktrace of data from iovec based system calls.
Fixes PR/41819
 1.147.2.1  19-Jan-2009  skrll Sync with HEAD.
 1.150.2.3  22-Oct-2010  uebayasi Sync with HEAD (-D20101022).
 1.150.2.2  17-Aug-2010  uebayasi Sync with HEAD.
 1.150.2.1  30-Apr-2010  uebayasi Sync with HEAD.
 1.151.2.4  12-Jun-2011  rmind sync with head
 1.151.2.3  31-May-2011  rmind sync with head
 1.151.2.2  05-Mar-2011  rmind sync with head
 1.151.2.1  03-Jul-2010  rmind sync with head
 1.155.2.1  06-Jun-2011  jruoho Sync with HEAD.
 1.156.2.1  23-Jun-2011  cherry Catchup with rmind-uvmplock merge.
 1.158.2.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.158.2.1  17-Apr-2012  yamt sync with head
 1.159.2.2  24-Feb-2012  mrg sync to -current.
 1.159.2.1  18-Feb-2012  mrg merge to -current.
 1.160.8.1  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1484):
sys/kern/kern_ktrace.c: revision 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.160.6.1  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1484):
sys/kern/kern_ktrace.c: revision 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.160.2.2  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1484):
sys/kern/kern_ktrace.c: revision 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.160.2.1  07-Dec-2014  martin Pull up following revision(s) (requested by ozaki-r in ticket #1201):
sys/kern/kern_ktrace.c: revision 1.166
sys/dev/isa/aps.c: revision 1.16
sys/dev/sysmon/sysmonvar.h: revision 1.45
sys/dev/ir/irframe_tty.c: revision 1.60
sys/dev/sysmon/sysmon_envsys_events.c: revision 1.111-1.112 (patch)
sys/dev/pci/pccbb.c: revision 1.207
sys/dev/wscons/wskbd.c: revision 1.135
sys/dev/usb/ohci.c: revision 1.254
sys/net/if_ecosubr.c: revision 1.41
sys/dev/pcmcia/btbc.c: revision 1.17
sys/arch/x86/x86/via_padlock.c: revision 1.23
sys/dev/sdmmc/sdmmc.c: revision 1.23 (patch)
sys/dev/bluetooth/btkbd.c: revision 1.17
sys/dev/bluetooth/bcsp.c: revision 1.25
sys/arch/x86/pci/fwhrng.c: revision 1.8
sys/dev/ic/nslm7x.c: revision 1.61
share/man/man9/callout.9: revision 1.28 (patch)

Replace callout_stop with callout_halt and ensure the callout
is not running before destroying it.
 1.161.4.1  18-May-2014  rmind sync with head
 1.161.2.2  03-Dec-2017  jdolecek update from HEAD
 1.161.2.1  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.164.4.2  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1481):
sys/kern/kern_ktrace.c: 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.164.4.1  01-Dec-2014  martin branches: 1.164.4.1.2; 1.164.4.1.6;
Pull up following revision(s) (requested by ozaki-r in ticket #279):
sys/kern/kern_ktrace.c: revision 1.166
sys/dev/isa/aps.c: revision 1.16
sys/dev/sysmon/sysmonvar.h: revision 1.45
sys/dev/ir/irframe_tty.c: revision 1.60
sys/dev/sysmon/sysmon_envsys_events.c: revision 1.111
sys/dev/sysmon/sysmon_envsys_events.c: revision 1.112
sys/dev/pci/pccbb.c: revision 1.207
sys/dev/wscons/wskbd.c: revision 1.135
sys/dev/usb/ohci.c: revision 1.254
sys/net/if_ecosubr.c: revision 1.41
sys/dev/pcmcia/btbc.c: revision 1.17
sys/arch/x86/x86/via_padlock.c: revision 1.23
sys/dev/sdmmc/sdmmc.c: revision 1.23
sys/dev/bluetooth/btkbd.c: revision 1.17
sys/dev/bluetooth/bcsp.c: revision 1.25
sys/arch/x86/pci/fwhrng.c: revision 1.8
sys/dev/ic/nslm7x.c: revision 1.61
share/man/man9/callout.9: revision 1.28
Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure
the function of the callout is not running and pending. To do so, we should
use callout_halt, not callout_stop.
Discussed with martin@ and riastradh@.
Make it clear that we should use not callout_stop but callout_halt
before callout_destroy
Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure
the function of the callout is not running and pending. To do so, we should
use callout_halt, not callout_stop.
In this case, we need to pass an interlock to callout_halt to wait for
the callout complete.
Reviewed by riastradh@.
Kill sme_callout_mtx and use sme_mtx instead
We can use sme_mtx for the callout as well. Actually we should do so
because sme_events_list and some other data that are touched in the
callout should be protected by sme_mtx, not sme_callout_mtx.
Discussed with riastradh@ in
http://mail-index.netbsd.org/tech-kern/2014/11/11/msg017956.html
Replace callout_stop with callout_halt
In order to call callout_destroy for a callout safely, we have to ensure
the function of the callout is not running and pending. To do so, we should
use callout_halt, not callout_stop.
In this case, we need to pass an interlock to callout_halt to wait for
the callout complete. And also we make sure that SME_CALLOUT_INITIALIZED
is unset before calling callout_halt to prevent the callout from calling
callout_schedule. This is the same as what we did in sys/netinet6/mld6.c@1.61.
Reviewed by riastradh@.
 1.164.4.1.6.1  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1481):
sys/kern/kern_ktrace.c: 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.164.4.1.2.1  19-Aug-2017  snj Pull up following revision(s) (requested by mrg in ticket #1481):
sys/kern/kern_ktrace.c: 1.171 via patch
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.166.2.3  28-Aug-2017  skrll Sync with HEAD
 1.166.2.2  05-Oct-2016  skrll Sync with HEAD
 1.166.2.1  09-Jul-2016  skrll Sync with HEAD
 1.170.2.1  09-Aug-2017  snj Pull up following revision(s) (requested by spz in ticket #194):
sys/kern/kern_ktrace.c: revision 1.171
Clamp the length we use, not the length we don't.
Avoids uninitialized memory disclosure to userland.
From Ilja Van Sprundel.
 1.172.4.2  08-Apr-2020  martin Merge changes from current as of 20200406
 1.172.4.1  10-Jun-2019  christos Sync with HEAD
 1.172.2.1  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.173.6.1  29-Feb-2020  ad Sync with head.
 1.173.4.1  07-Aug-2024  martin Pull up following revision(s) (requested by kre in ticket #1859):

sys/kern/kern_proc.c: revision 1.276 (via patch)
sys/kern/kern_ktrace.c: revision 1.185 (via patch)
sys/kern/sys_sig.c: revision 1.58 (via patch)
sys/kern/kern_descrip.c: revision 1.263 (via patch)
lib/libc/compat-43/killpg.c: revision 1.10
sys/kern/tty.c: revision 1.313 (via patch)
tests/lib/libc/sys/t_kill.c: revision 1.2

PR kern/58425 -- Disallow INT_MIN as a (negative) pid arg.
Since -INT_MIN is undefined, and to point of negative pid args is
to negate them, and use the result as a pgrp id instead, we need
to avoid accidentally negating INT_MIN.

Since pid_t is just an integral type, of unspecified width, when
testing pid_t value test for <= INT_MIN (or > INT_MIN sometimes)
rather than == INT_MIN. When testing int values, just == INT_MIN
is all that is needed, < INT_MIN cannot occur.

tests/lib/libc/sys/t_kill: Test kill(INT_MIN, ...) fails with ESRCH.
PR kern/58425
 1.177.2.1  03-Apr-2021  thorpej Sync with HEAD.
 1.182.4.1  07-Aug-2024  martin Pull up following revision(s) (requested by kre in ticket #773):

sys/kern/kern_proc.c: revision 1.276
sys/kern/kern_ktrace.c: revision 1.185
sys/kern/sys_sig.c: revision 1.58
sys/kern/kern_descrip.c: revision 1.263
lib/libc/compat-43/killpg.c: revision 1.10
sys/kern/tty.c: revision 1.313
tests/lib/libc/sys/t_kill.c: revision 1.2

PR kern/58425 -- Disallow INT_MIN as a (negative) pid arg.

Since -INT_MIN is undefined, and to point of negative pid args is
to negate them, and use the result as a pgrp id instead, we need
to avoid accidentally negating INT_MIN.

Since pid_t is just an integral type, of unspecified width, when
testing pid_t value test for <= INT_MIN (or > INT_MIN sometimes)
rather than == INT_MIN. When testing int values, just == INT_MIN
is all that is needed, < INT_MIN cannot occur.

tests/lib/libc/sys/t_kill: Test kill(INT_MIN, ...) fails with ESRCH.
PR kern/58425

RSS XML Feed