Home | History | Annotate | Download | only in procfs
History log of /src/sys/miscfs/procfs/procfs_vnops.c
RevisionDateAuthorComments
 1.233  01-Jul-2024  christos Add linux POSIX message queue support (Ricardo Branco)
 1.232  12-May-2024  christos PR/58227: Ricardo Branco: Add support for proc/sysvipc in Linux emulator
 1.231  12-May-2024  christos PR/58240: Ricardo Branco: Add support for proc/self/limits as used by Linux
 1.230  17-Jan-2024  hannken Add a hashmap to access all procfs nodes by pid.
 1.229  17-Jun-2022  shm branches: 1.229.4;
Add missing permission check
 1.228  27-Mar-2022  christos dedup the eofs link/symlink methods
 1.227  17-Jan-2022  bouyer If the calling process is running under linux emulation, make /proc/xxx/fd/
return only symlinks pointing to the original file in the filesystem,
instead of a hard link. This matches the linux behavior, and some
linux programs relies on it (they unconditionally call readlink() on
/proc/xxx/fd/yy and don't deal with it returning EINVAL).
Proposed on tech-kern@ in
http://mail-index.netbsd.org/tech-kern/2022/01/11/msg027877.html
 1.226  14-Jan-2022  christos Fix emul and exe DT_ types (from RVP, as was the previous commit)
 1.225  14-Jan-2022  christos Put the appropriate DT_ constant in the dirent structure depending on the
file type.
 1.224  11-Jan-2022  christos remove redundant error initialization and break earlier. (from rvp)
 1.223  11-Jan-2022  hannken Use a single "p" variable.

Should fix PR kern/56614: kernel panic on tmux
 1.222  10-Jan-2022  christos use a single nc variable.
 1.221  10-Jan-2022  christos Fix locking in the error path (from RVP). Centralize unlock code.
 1.220  08-Dec-2021  andvar s/efficent/efficient/ in comments.
 1.219  05-Oct-2021  christos PR/53299: RVP: kernfs and procfs are broken when sysctl security.curtain
is enabled
 1.218  18-Jul-2021  dholland Abolish all the silly indirection macros for initializing vnode ops tables.

These are things of the form #define foofs_op genfs_op, or #define
foofs_op genfs_eopnotsupp, or similar. They serve no purpose besides
obfuscation, and have gotten cutpasted all over everywhere.
 1.217  29-Jun-2021  dholland - Add a new vnode op: VOP_PARSEPATH.
- Move namei_getcomponent to genfs_vnops.c and call it genfs_parsepath.
- Add a parsepath entry to every vnode ops table.

VOP_PARSEPATH takes a directory vnode to be searched and a complete
following path and chooses how much of that path to consume. To begin
with, all parsepath calls are genfs_parsepath, which locates the first
'/' as always.

Note that the call doesn't take the whole struct componentname, only
the string. The other bits of struct componentname should not be
needed and there's no reason to cause potential complications by
exposing them.
 1.216  28-Jun-2021  chs VOP_BMAP() may be called via ioctl(FIOGETBMAP) on any vnode that applications
can open. change various pseudo-fs *_bmap methods return an error instead of
panic.

Reported-by: syzbot+8289a3eaf2ba60958c87@syzkaller.appspotmail.com
 1.215  27-Jun-2020  christos branches: 1.215.6;
Introduce genfs_pathconf() and use it for the default case in all filesystems.
 1.214  23-May-2020  ad Move proc_lock into the data segment. It was dynamically allocated because
at the time we had mutex_obj_alloc() but not __cacheline_aligned.
 1.213  16-May-2020  christos Add ACL support for FFS. From FreeBSD.
 1.212  29-Apr-2020  thorpej If the procfs mount is marked as linux-compat, then allow proc lookup
by any LWP ID in the proc, not just the canonical PID.
 1.211  21-Apr-2020  ad Revert the changes made in February to make cwdinfo use mostly lockless,
which relied on taking extra vnode refs.

Having benchmarked various experimental changes over the past few months it
seems that it's better to avoid vnode refs as much as possible. cwdi_lock
as a RW lock already did that to some extent for getcwd() and will permit
the same for namei() too.
 1.210  24-Feb-2020  ad branches: 1.210.4;
v_interlock -> vmobjlock
 1.209  23-Feb-2020  ad Merge from ad-namecache:

- Have a stab at clustering the members of vnode_t and vnode_impl_t in a
more cache-conscious way. With that done, go back to adjusting v_usecount
with atomics and keep vi_lock directly in vnode_impl_t (saves KVA).

- Allow VOP_LOCK(LK_NONE) for the benefit of VFS_VGET() and VFS_ROOT().
Make sure LK_UPGRADE always comes with LK_NOWAIT.

- Make cwdinfo use mostly lockless.
 1.208  01-Feb-2020  riastradh Load struct filedesc::fd_dt with atomic_load_consume.

Exceptions: when fd_refcnt <= 1, or when holding fd_lock.

While here:

- Restore KASSERT(mutex_owned(&fdp->fd_lock)) in fd_unused.
=> This is used only in fd_close and fd_abort, where it holds.
- Move bounds check assertion in fd_putfile to where it matters.
- Store fd_dt with atomic_store_release.
- Move load of fd_dt under lock in knote_fdclose.
- Omit membar_consumer in fdesc_readdir.
=> atomic_load_consume serves the same purpose now.
=> Was needed only on alpha anyway.
 1.207  29-Aug-2019  hannken branches: 1.207.2;
Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@
 1.206  30-Mar-2019  christos branches: 1.206.4;
add a node for the process resource limits.
 1.205  14-Oct-2018  jdolecek remove M_CANFAIL flag for malloc(9) - it was completely ignored, so had
actually no effect
 1.204  03-Sep-2018  riastradh Rename min/max -> uimin/uimax for better honesty.

These functions are defined on unsigned int. The generic name
min/max should not silently truncate to 32 bits on 64-bit systems.
This is purely a name change -- no functional change intended.

HOWEVER! Some subsystems have

#define min(a, b) ((a) < (b) ? (a) : (b))
#define max(a, b) ((a) > (b) ? (a) : (b))

even though our standard name for that is MIN/MAX. Although these
may invite multiple evaluation bugs, these do _not_ cause integer
truncation.

To avoid `fixing' these cases, I first changed the name in libkern,
and then compile-tested every file where min/max occurred in order to
confirm that it failed -- and thus confirm that nothing shadowed
min/max -- before changing it.

I have left a handful of bootloaders that are too annoying to
compile-test, and some dead code:

cobalt ews4800mips hp300 hppa ia64 luna68k vax
acorn32/if_ie.c (not included in any kernels)
macppc/if_gm.c (superseded by gem(4))

It should be easy to fix the fallout once identified -- this way of
doing things fails safe, and the goal here, after all, is to _avoid_
silent integer truncations, not introduce them.

Maybe one day we can reintroduce min/max as type-generic things that
never silently truncate. But we should avoid doing that for a while,
so that existing code has a chance to be detected by the compiler for
conversion to uimin/uimax without changing the semantics until we can
properly audit it all. (Who knows, maybe in some cases integer
truncation is actually intended!)
 1.203  07-Apr-2018  hannken branches: 1.203.2;
Lock the target cwdi and take an additional reference to the
vnode we are interested in to prevent it from disappearing
before getcwd_common().

Should fix PR kern/53096 (netbsd-8 crash on heavy disk I/O)
 1.202  31-Dec-2017  christos branches: 1.202.2;
Add an environ node
 1.201  01-Dec-2017  christos Allow procfs_kqfilter, since we allow poll. "go" does it.
 1.200  08-Nov-2017  christos fix locking, remove error(1) comments.
 1.199  08-Nov-2017  christos use p->p_path, remove unused code.
 1.198  28-Aug-2017  kamil Remove the filesystem tracing feature

This is a legacy interface from 4.4BSD, and it was
introduced to overcome shortcomings of ptrace(2) at that time, which are
no longer relevant (performance). Today /proc/#/ctl offers a narrow
subset of ptrace(2) commands and is not applicable for modern
applications use beyond simplistic tracing scenarios.

This removal will simplify kernel internals. Users will still be able to
use all the other /proc files.

This change won't affect other procfs files neither Linux compat
features within mount_procfs(8). /proc/#/ctl isn't available on Linux.

Remove:
- /proc/#/ctl from mount_procfs(8)
- P_FSTRACE note from the documentation of ps(1)
- /proc/#/ctl and filesystem tracing documentation from mount_procfs(8)
- KAUTH_REQ_PROCESS_PROCFS_CTL documentation from kauth(9)
- source code file miscfs/procfs/procfs_ctl.c
- PFSctl and procfs_doctl() from sys/miscfs/procfs/procfs.h
- KAUTH_REQ_PROCESS_PROCFS_CTL from sys/sys/kauth.h
- PSL_FSTRACE (0x00010000) from sys/sys/proc.h
- P_FSTRACE (0x00010000) from sys/sys/sysctl.h

Reduce code complexity after removal of this functionality.

Update TODO.ptrace accordingly: remove two entries about /proc tracing.

Do not keep legacy notes as comments in the headers about removed
PSL_FSTRACE / P_FSTRACE, as this interface had little number of users
(close or equal to zero).

Proposed on tech-kern@.

All filesystem tracing utility users are encouraged to switch to ptrace(2).

Sponsored by <The NetBSD Foundation>
 1.197  26-May-2017  riastradh branches: 1.197.2;
Make VOP_RECLAIM do the last unlock of the vnode.

VOP_RECLAIM naturally has exclusive access to the vnode, so having it
locked on entry is not strictly necessary -- but it means if there
are any final operations that must be done on the vnode, such as
ffs_update, requiring exclusive access to it, we can now kassert that
the vnode is locked in those operations.

We can't just have the caller release the last lock because some file
systems don't use genfs_lock, and require the vnode to remain valid
for VOP_UNLOCK to work, notably unionfs.
 1.196  11-Apr-2017  riastradh Make VOP_INACTIVE preserve vnode lock on return.

Discussed on tech-kern:
https://mail-index.netbsd.org/tech-kern/2017/04/01/msg021751.html

Ride 7.99.68, a bumpy bus of incremental vfs improvements!
 1.195  30-Mar-2017  christos add an auxv node.
 1.194  20-Aug-2016  hannken branches: 1.194.2;
Remove now obsolete operation vcache_remove().

Welcome to 7.99.36
 1.193  20-Apr-2015  riastradh branches: 1.193.2;
Make VOP_LINK return directory still locked and referenced.

Ride 7.99.10 bump.
 1.192  05-Sep-2014  matt branches: 1.192.2;
Try not to use f_data, use f_{vnode,socket,pipe,mqueue,kqueue,ksem} to get
a correctly typed pointer.
 1.191  27-Jul-2014  hannken branches: 1.191.2; 1.191.4; 1.191.8;
Change procfs from hashlist to vcache.
- Key is (type, pid, fd)
- Remove argument "p" from procfs_allocvp(). It is only used
when "type == PFSfd". Lookup the proc with proc_find() when
procfs_loadvnode() needs it.
- Use a vfs_vnode_iterator for procfs_revoke_vnodes().
 1.190  25-Jul-2014  dholland Add VOP_FALLOCATE and VOP_FDISCARD to every vnode ops table I can
find.

The filesystem ones all call genfs_eopnotsupp - right now I am only
implementing the plumbing and we can implement fallocate and/or
fdiscard for files later.

The device ones call spec_fallocate (which is also genfs_eopnotsupp)
and spec_fdiscard, which dispatches to the device-level op.

The fifo ones all call vn_fifo_bypass, which also ends up being
EOPNOTSUPP.
 1.189  07-Feb-2014  hannken branches: 1.189.2;
Change vnode operation lookup to return the resulting vnode *vpp unlocked.
Change cache_lookup() to return an unlocked vnode.

Discussed on tech-kern@

Welcome to 6.99.31
 1.188  23-Jan-2014  hannken Change vnode operations create, mknod, mkdir and symlink to return
the resulting vnode *vpp unlocked.

Discussed on tech-kern@

Welcome to 6.99.30
 1.187  17-Jan-2014  hannken Change vnode operations create, mknod, mkdir and symlink to keep the
directory node dvp locked on return.

Discussed on tech-kern@

Welcome to 6.99.29
 1.186  18-Mar-2013  plunky branches: 1.186.6;
C99 section 6.7.2.3 (Tags) Note 3 states that:

A type specifier of the form

enum identifier

without an enumerator list shall only appear after the type it
specifies is complete.

which means that we cannot pass an "enum vtype" argument to
kauth_access_action() without fully specifying the type first.
Unfortunately there is a complicated include file loop which
makes that difficult, so convert this minimal function into a
macro (and capitalize it).

(ok elad@)
 1.185  25-Nov-2012  christos do something reasonable with kernel semaphores.
 1.184  28-May-2012  christos branches: 1.184.2;
add a task process subdirectory for emul linux
 1.183  13-Mar-2012  elad Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with
something meaningful. All relevant documentation has been updated or
written.

Most of these changes were brought up in the following messages:

http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html

Thanks to christos, manu, njoly, and jmmv for input.

Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
 1.182  04-Sep-2011  jmcneill branches: 1.182.2; 1.182.6;
PR# kern/45021: Please support /emul/linux/proc/version

Add /proc/version for procfs with -o linux. The version reported depends
on the emulation type of the calling process:

$ cat /proc/version
NetBSD version 5.99.55 (netbsd@localhost) (gcc version 4.1.3 20080704 prerelease (NetBSD nb2 20081120)) NetBSD 5.99.55 (GENERIC) #39: Sun Sep 4 09:10:05 EDT 2011

$ /emul/linux/bin/cat /proc/version
Linux version 2.6.18 (linux@localhost) (gcc version 4.1.3 20080704 prerelease (NetBSD nb2 20081120)) #0 Wed Mar 3 03:03:03 PST 2010

$ /emul/linux32/bin/cat /proc/version
Linux version 2.6.18 (linux32@localhost) (gcc version 4.1.3 20080704 prerelease (NetBSD nb2 20081120)) #0 Wed Mar 3 03:03:03 PST 2010
 1.181  23-Jun-2011  christos From Aleksey Cheusov: Don't make it easy for compromised systems to bypass
ASLR protections by providing the mapping addresses of programs to everyone.
 1.180  01-Jul-2010  rmind Remove pfind() and pgfind(), fix locking in various broken uses of these.
Rename real routines to proc_find() and pgrp_find(), remove PFIND_* flags
and have consistent behaviour. Provide proc_find_raw() for special cases.
Fix memory leak in sysctl_proc_corename().

COMPAT_LINUX: rework ptrace() locking, minimise differences between
different versions per-arch.

Note: while this change adds some formal cosmetics for COMPAT_DARWIN and
COMPAT_IRIX - locking there is utterly broken (for ages).

Fixes PR/43176.
 1.179  24-Jun-2010  hannken Clean up vnode lock operations pass 2:

VOP_UNLOCK(vp, flags) -> VOP_UNLOCK(vp): Remove the unneeded flags argument.

Welcome to 5.99.32.

Discussed on tech-kern.
 1.178  08-Jun-2010  hannken Procfs_lookup() does not lookup directory descriptors in the fd/
subdirectory. There is no need for recursive vnode locking here.

Ok: Christos Zoulas <christos@netbsd.org>
 1.177  08-Jan-2010  pooka branches: 1.177.2; 1.177.4;
The VATTR_NULL/VREF/VHOLD/HOLDRELE() macros lost their will to live
years ago when the kernel was modified to not alter ABI based on
DIAGNOSTIC, and now just call the respective function interfaces
(in lowercase). Plenty of mix'n match upper/lowercase has creeped
into the tree since then. Nuke the macros and convert all callsites
to lowercase.

no functional change
 1.176  03-Jul-2009  elad Where possible, extract the file-system's access() routine to two internal
functions: the first checking if the operation is possible (regardless of
permissions), the second checking file-system permissions, ACLs, etc.

Mailing list reference:

http://mail-index.netbsd.org/tech-kern/2009/06/21/msg005311.html
 1.175  23-Jun-2009  elad Move the implementation of vaccess() to genfs_can_access(), in line with
the other routines of the same spirit.

Adjust file-system code to use it.

Keep vaccess() for KPI compatibility and to keep element of least
surprise. A "diagnostic" message warning that vaccess() is deprecated will
be printed when it's used (obviously, only in DIAGNOSTIC kernels).

No objections on tech-kern@:

http://mail-index.netbsd.org/tech-kern/2009/06/21/msg005310.html
 1.174  24-May-2009  ad More changes to improve kern_descrip.c.

- Avoid atomics in more places.
- Remove the per-descriptor mutex, and just use filedesc_t::fd_lock.
It was only being used to synchronize close, and in any case we needed
to take fd_lock to free the descriptor slot.
- Optimize certain paths for the <NDFDFILE case.
- Sprinkle more comments and assertions.
- Cache more stuff in filedesc_t.
- Fix numerous minor bugs spotted along the way.
- Restructure how the open files array is maintained, for clarity and so
that we can eliminate the membar_consumer() call in fd_getfile(). This is
mostly syntactic sugar; the main functional change is that fd_nfiles now
lives alongside the open file array.

Some measurements with libmicro:

- simple file syscalls are like close() are between 1 to 10% faster.
- some nice improvements, e.g. poll(1000) which is ~50% faster.
 1.173  17-Dec-2008  cegger branches: 1.173.2;
kill MALLOC and FREE macros.
 1.172  05-Sep-2008  skrll branches: 1.172.2;
PR/39324 kernel diagnostic assertion "l->l_stat != LSZOMB" failed.

Ignore procs with zero or all LSZOMB LWPs. Get a non-LSZOMB LWP to perform
operations against as part of the deal.

procfs really needs to be updated to support multi-threading fully.
Hi Antti!
 1.171  05-Sep-2008  skrll ANSIfy
 1.170  02-Jul-2008  rmind branches: 1.170.2;
Remove proc_representative_lwp(), use a simple LIST_FIRST() instead.
OK by <ad>.
 1.169  28-Apr-2008  martin branches: 1.169.2; 1.169.4;
Remove clause 3 and 4 from TNF licenses
 1.168  24-Apr-2008  ad branches: 1.168.2;
Merge proc::p_mutex and proc::p_smutex into a single adaptive mutex, since
we no longer need to guard against access from hardware interrupt handlers.

Additionally, if cloning a process with CLONE_SIGHAND, arrange to have the
child process share the parent's lock so that signal state may be kept in
sync. Partially addresses PR kern/37437.
 1.167  24-Apr-2008  ad Network protocol interrupts can now block on locks, so merge the globals
proclist_mutex and proclist_lock into a single adaptive mutex (proc_lock).
Implications:

- Inspecting process state requires thread context, so signals can no longer
be sent from a hardware interrupt handler. Signal activity must be
deferred to a soft interrupt or kthread.

- As the proc state locking is simplified, it's now safe to take exit()
and wait() out from under kernel_lock.

- The system spends less time at IPL_SCHED, and there is less lock activity.
 1.166  21-Mar-2008  ad branches: 1.166.2;
Catch up with descriptor handling changes. See kern_descrip.c revision
1.173 for details.
 1.165  23-Jan-2008  elad branches: 1.165.6;
Tons of process scope changes.

- Add a KAUTH_PROCESS_SCHEDULER action, to handle scheduler related
requests, and add specific requests for set/get scheduler policy and
set/get scheduler parameters.

- Add a KAUTH_PROCESS_KEVENT_FILTER action, to handle kevent(2) related
requests.

- Add a KAUTH_DEVICE_TTY_STI action to handle requests to TIOCSTI.

- Add requests for the KAUTH_PROCESS_CANSEE action, indicating what
process information is being looked at (entry itself, args, env,
open files).

- Add requests for the KAUTH_PROCESS_RLIMIT action indicating set/get.

- Add requests for the KAUTH_PROCESS_CORENAME action indicating set/get.

- Make bsd44 secmodel code handle the newly added rqeuests appropriately.

All of the above make it possible to issue finer-grained kauth(9) calls in
many places, removing some KAUTH_GENERIC_ISSUSER requests.

- Remove the "CAN" from KAUTH_PROCESS_CAN{KTRACE,PROCFS,PTRACE,SIGNAL}.

Discussed with christos@ and yamt@.
 1.164  02-Jan-2008  ad Merge vmlocking2 to head.
 1.163  26-Nov-2007  pooka branches: 1.163.2; 1.163.6;
Remove the "struct lwp *" argument from all VFS and VOP interfaces.
The general trend is to remove it from all kernel interfaces and
this is a start. In case the calling lwp is desired, curlwp should
be used.

quick consensus on tech-kern
 1.162  09-Nov-2007  christos make the last argument of procfs_dir size_t
 1.161  07-Nov-2007  ad Merge from vmlocking:

- pool_cache changes.
- Debugger/procfs locking fixes.
- Other minor changes.
 1.160  10-Oct-2007  ad branches: 1.160.2; 1.160.4;
Merge from vmlocking:

- Split vnode::v_flag into three fields, depending on field locking.
- simple_lock -> kmutex in a few places.
- Fix some simple locking problems.
 1.159  08-Oct-2007  ad Merge file descriptor locking, cwdi locking and cross-call changes
from the vmlocking branch.
 1.158  22-Jul-2007  pooka branches: 1.158.4; 1.158.6; 1.158.8; 1.158.10;
Don't allow getcwd() on procfs vnodes and provide "/" as the path
instead of the result from getcwd(). The works around locking
panics caused by namei calling VOP_READLINK while holding on to a
directory lock and getcwd() trying to acquire that lock. The real
fix would be to get rid of getcwd() calls within VOPs (not locking
safe), but that's not a viable option in the netbsd-4 timeframe.

Suggestion for workaround from David Holland.
 1.157  24-May-2007  agc branches: 1.157.2;
Extend the Linux emulation of /proc to include

/proc/stat
/proc/loadavg and
/proc/<pid>/statm.

These are only present when -o linux is specified as a mount option
to procfs.

Factor out some common code so that it can be used by a number of
functions.

XXX The values returned in the statm emulation need to be verified.
 1.156  04-Apr-2007  rmind Unfortunately, missed procfs_proc_unlock() in previous.
Pointed out by pooka@
 1.155  04-Apr-2007  rmind procfs_readlink: Handle a possible fail of fd_getfile(), also, we
do not need to check for error again.
CID: 4436
 1.154  09-Mar-2007  ad branches: 1.154.2; 1.154.4;
- Make the proclist_lock a mutex. The write:read ratio is unfavourable,
and mutexes are cheaper use than RW locks.
- LOCK_ASSERT -> KASSERT in some places.
- Hold proclist_lock/kernel_lock longer in a couple of places.
 1.153  04-Mar-2007  christos Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
 1.152  03-Mar-2007  salo Don't prepend rootvnode to the path in non-NULL case for exe links.
It breaks procfs in chroot.

from <christos>, tested by me.
 1.151  19-Feb-2007  pooka When checking for file validity under pid/, do proper proc->lwp
lookup (fsvo proper) instead of fiddling directly with the lwp
list.
 1.150  18-Feb-2007  pooka Don't check for validity of p in lookup for root nodes, since it
will always be NULL. Rather, just call pt_valid with NULL directly
and let it decide if we're a linux mount or not.
 1.149  17-Feb-2007  pavel Change the process/lwp flags seen by userland via sysctl back to the
P_*/L_* naming convention, and rename the in-kernel flags to avoid
conflict. (P_ -> PK_, L_ -> LW_ ). Add back the (now unused) LSDEAD
constant.

Restores source compatibility with pre-newlock2 tools like ps or top.

Reviewed by Andrew Doran.
 1.148  16-Feb-2007  pooka branches: 1.148.2;
In lookup, when checking for procfs process node validity, target the
process we're trying to get information about through procfs, not
the caller of lookup.

fixes 'ls -l /proc/*/file' panic, which would occur when trying to
lookup "file" for a kernel thread, which doesn't have p->p_textvp.
 1.147  15-Feb-2007  ad Need to acquire procp->p_mutex for procfs_dir().
 1.146  11-Feb-2007  ad Eliminate a couple of reference count and mutex leaks.
 1.145  09-Feb-2007  ad Merge newlock2 to head.
 1.144  25-Dec-2006  elad PR/35226: Johann Franz: Problems with permissions in
/usr/pkg/emul/linux/proc .

Okay mlelstv@
 1.143  09-Dec-2006  chs a smorgasbord of improvements to vnode locking and path lookup:
- LOCKPARENT is no longer relevant for lookup(), relookup() or VOP_LOOKUP().
these now always return the parent vnode locked. namei() works as before.
lookup() and various other paths no longer acquire vnode locks in the
wrong order via vrele(). fixes PR 32535.
as a nice side effect, path lookup is also up to 25% faster.
- the above allows us to get rid of PDIRUNLOCK.
- also get rid of WANTPARENT (just use LOCKPARENT and unlock it).
- remove an assumption in layer_node_find() that all file systems implement
a recursive VOP_LOCK() (unionfs doesn't).
- require that all file systems supply vfs_vptofh and vfs_fhtovp routines.
fill in eopnotsupp() for file systems that don't support being exported
and remove the checks for NULL. (layerfs calls these without checking.)
- in union_lookup1(), don't change refcounts in the ISDOTDOT case, just
adjust which vnode is locked. fixes PR 33374.
- apply fixes for ufs_rename() from ufs_vnops.c rev. 1.61 to ext2fs_rename().
 1.142  04-Dec-2006  christos From Nicolas Joly: restore previous behavior in procfs_validfile_linux, since
readdir passes a NULL lwp.
 1.141  03-Dec-2006  elad Move kauth(9) call to where it belongs. Noticed by Nicolas Joly, thanks!
 1.140  28-Nov-2006  elad branches: 1.140.2;
Move ktrace, ptrace, systrace, and procfs to use kauth(9).

First, remove process_checkioperm() calls from MD code. Similar checks
using kauth(9) routines (on the process scope, using appropriate action)
are done in the callers.

Add secmodel back-end to handle each subsystem.
 1.139  25-Nov-2006  skrll Expose the 'exe' symlink to the process realpath in NetBSD as well. An
example user is gdb.

OK'd by christos.
 1.138  16-Nov-2006  christos __unused removal on arguments; approved by core.
 1.137  29-Oct-2006  christos add an "emul" file node.
 1.136  25-Oct-2006  christos 1. fix procfs_validfile{,_linux} to test for NULL pointers properly.
2. make "exe" entry be a symlink to the executable, instead of pointing
directly to the vnode of the executable.
3. factor out commonly used code.
 1.135  12-Oct-2006  christos - sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386
 1.134  20-Sep-2006  manu Emulate Linux's /proc/devices
 1.133  13-Jun-2006  yamt branches: 1.133.6; 1.133.8;
use KAUTH_PROCESS_CANSEE rather than CURTAIN where appropriate.
 1.132  13-Jun-2006  yamt remove unnecessary arguments from kauth_authorize_process.
ie. make it similar to the one found in apple TN.
 1.131  07-Jun-2006  kardel merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
time.tv_sec -> time_second
- struct timeval mono_time is gone
mono_time.tv_sec -> time_uptime
- access to time via
{get,}{micro,nano,bin}time()
get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
 1.130  14-May-2006  elad branches: 1.130.2;
integrate kauth.
 1.129  02-Feb-2006  christos branches: 1.129.2; 1.129.4; 1.129.6; 1.129.8;
PR/32692: Matthew Mondor: linux compatibility in /proc/self should point
directly to the directory containing the pid instead of pointing to
/proc/curproc, because some programs rely on calling readlink on /proc/self
to get the pid.
 1.128  11-Dec-2005  christos branches: 1.128.2; 1.128.4;
merge ktrace-lwp.
 1.127  02-Nov-2005  yamt merge yamt-vop branch. remove following VOPs.

VOP_BLKATOFF
VOP_VALLOC
VOP_BALLOC
VOP_REALLOCBLKS
VOP_VFREE
VOP_TRUNCATE
VOP_UPDATE
 1.126  01-Oct-2005  atatat branches: 1.126.2;
Add "cwd" and "root" symlinks to each process's directory. The cwd
link points to the process's current working directory, and the root
link points to the process's root directory. What else would you
expect?

For directories that are out of reach (caller is in a chroot, target
process is in a different chroot, etc), the links point to "/"
instead.
 1.125  11-Sep-2005  elad Implement curtain for procfs.
 1.124  30-Aug-2005  xtraeme Remove __P()
 1.123  29-May-2005  christos branches: 1.123.2;
- sprinkle const
- avoid shadowed variables.
 1.122  02-Apr-2005  christos PR/29782: Martin Husemann: procfs can not unmount when some process has its
current directory in curproc. Fix from Pedro Martelletto:
We cannot call vgone() from procfs_inactive() if we are coming from
vclean(). that's what's probably causing the deadlock.
 1.121  26-Feb-2005  perry nuke trailing whitespace
 1.120  04-Oct-2004  yamt branches: 1.120.4; 1.120.6;
procfs_readdir:
- return correct cookie when buffer size is small.
- simplify logic.
 1.119  04-Oct-2004  yamt procfs_readdir: remove a redundant assignment.
 1.118  02-Oct-2004  yamt procfs_getattr: correct size of /proc/self.
 1.117  01-Oct-2004  yamt procfs_readdir:
- fix a locking problem, using proclist_foreach_call. PR/27098.
- correct snprintf size argument.
 1.116  01-Oct-2004  yamt procfs_readdir: fix an offset handling bug after addition of /proc/self.
 1.115  01-Oct-2004  yamt procfs_readdir: use a list macro.
 1.114  20-Sep-2004  jdolecek add 'mounts' file for -o linux, which lists all currently mounted
filesystems; Linux glibc statvfs() uses this to get some of mount flags,
and this file is also useful as /emul/linux/etc/mtab (via symlink)
 1.113  29-Apr-2004  jrf Removed remaining caddr_t casts we do not need in miscfs. Recompiled
kernel and ran for a day or so. There are still some caddr_t types in
the arguments of some calls, I will do those separately (later) as
they touch a lot more of the system.
Approved by christos@NetBSD.org.
 1.112  22-Apr-2004  itojun sprintf -> snprintf
 1.111  15-Feb-2004  jdolecek unlock the descriptor table simple lock after fd_getfile() call in
procfs_readdir()
fixes procfs locking problems reported on current-users@, problem place
found by enami tsugutomo
 1.110  30-Oct-2003  simonb Remove some assigned-to but otherwise unused variables.
 1.109  27-Sep-2003  darcy Changes as discussed with itojun on tech-kern. I have modified the enums
to have KFS or PFS differentiators. Further I have wrapped the enum in
procfs in "#ifdef _KERNEL" as it is done in kernfs.

To see the discussion go to http://mail-index.NetBSD.org/tech-kern/2003/09/
and look for "Mismatched enums in include files" in the list.
 1.108  07-Sep-2003  itojun remove meaningless line (variable overwritten 2 lines below)
 1.107  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.
 1.106  29-Jun-2003  fvdl branches: 1.106.2;
Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
 1.105  29-Jun-2003  thorpej Undo part of the ktrace/lwp changes. In particular:
* Remove the "lwp *" argument that was added to vget(). Turns out
that nothing actually used it!
* Remove the "lwp *" arguments that were added to VFS_ROOT(), VFS_VGET(),
and VFS_FHTOVP(); all they did was pass it to vget() (which, as noted
above, didn't use it).
* Remove all of the "lwp *" arguments to internal functions that were added
just to appease the above.
 1.104  28-Jun-2003  darrenr Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records. The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
 1.103  28-May-2003  christos Add /proc/<pid>/stat for linux compat. j2sdk1.4.2 depends on it.
 1.102  18-Apr-2003  christos Make symlinks for directories that point to the actual directory.
Make symlinks to [kqueue] and [misc] for kqueue and misc fds.
 1.101  17-Apr-2003  jdolecek do not show nodes corresponding to directory descriptors for process
in fd/ subdirectory, nor allow lookup/open for the nodes
this fixes PR kern/21187 for good, and also avoids interesting directory
locking issues
 1.100  17-Apr-2003  jdolecek procfs_readdir(): in Pfd case, only show descriptors of types we want
how to represent (vnodes, fifo, pipes); also use fd_getfile() et al

this avoids annoying EOPNOTSUPP error messages from ls -F and such
 1.99  17-Apr-2003  jdolecek procfs_lookup(): use fd_getfile() et al in Pfd case
 1.98  17-Apr-2003  jdolecek use fd_getfile() in procfs_getfp(), and FILE_USE()/FILE_UNUSE() the
returned file descriptor pointer appropriately
 1.97  17-Apr-2003  jdolecek make some local arrays/variables static + const
 1.96  10-Apr-2003  jdolecek use former genfs_eopnotsupp_rele() as genfs_eopnotsupp(), so that vnodes
are vput()/vrele()d as necessary - some filesystems did use the wrong
one for some ops, and it's just safer to not take the chance

based on suggestion by Bill Studenmund
 1.95  05-Apr-2003  dsl Remove pointless check against PID_MAX. Let pfind() do the validation.
(The new pid allocation code may decide to allocate pids above PID_MAX.)
 1.94  25-Feb-2003  jrf This addresses PR kerm/19989. Thanks to hamajima@nagoya.ydc.co.jp for submitting this patch which enables /proc/uptime for linux emul. Patch reviewed by atatat@netbsd.org and tron@netbsd.org, approved by tron@netbsd.org.
 1.93  04-Jan-2003  martin Cast off_t expression to long long to match format even on 64 bit
plattforms.

Shouldn't we introduce a PRIoff_t macro to create such format strings?
 1.92  03-Jan-2003  christos add LK_CANRECURSE in the locking of /dev/<pid>/fd/<n> and remove the curproc
kludge. Thanks to fvdl.
 1.91  03-Jan-2003  christos Implement /proc/<pid>/fd/<n>. This is work in progress. Questionable things:
- Is it ok to convert DTYPE_PIPE to VFIFO and DTYPE_SOCKET to VSOCK?
- XXX: Avoid locking issue in ls -Rl /proc by avoiding curproc
- Does I/O to pipes work?
- XXX: Are there security implications?
 1.90  03-Aug-2002  simonb Just use the "time" variable in the *_getattr functions instead of a call
to (the potentially expensive) microtime().
 1.89  09-May-2002  thorpej branches: 1.89.2;
Move code shared by procfs and the kernel proper out of procfs and
into the kernel proper (renaming functions from procfs_* to process_*).
 1.88  12-Jan-2002  christos Don't hide the real return code with EPERM.
 1.87  06-Dec-2001  chs add a VOP_PUTPAGES method for all the filesystems that don't have pages,
just unlock the interlock.
 1.86  05-Dec-2001  thorpej * Allow machine-dependent code to specify hooks for ptrace(2)
(__HAVE_PTRACE_MACHDEP) and procfs (__HAVE_PROCFS_MACHDEP).
These changes will allow platforms like x86 (XMM) and PowerPC
(AltiVec) to export extended register sets in a sane manner.

* Use __HAVE_PTRACE_MACHDEP to export x86 XMM registers (standard
FP + SSE/SSE2) using PT_{GET,SET}XMMREGS (in the machdep
ptrace request space).
* Use __HAVE_PROCFS_MACHDEP to export x86 XMM registers via
/proc/N/xmmregs in procfs.
 1.85  10-Nov-2001  lukem add RCSIDs
 1.84  06-Nov-2001  simonb Remove some variables that are set but never used.
 1.83  31-Aug-2001  chs branches: 1.83.2; 1.83.4;
map files are zero-length.
 1.82  03-Jun-2001  chs branches: 1.82.2;
procfs_bmap() should never be called, make it a "bad op".
let procfs_mmap() use the default error method.
 1.81  14-Apr-2001  kleink In procfs_readdir(), give /proc/# directories DT_DIR (rather than DT_REG).
 1.80  30-Mar-2001  fvdl Bump va_blocksize for the map files some more, so that programs with
quite a few mappings have a chance of being handled correctly if
st_blksize is looked at.
 1.79  29-Mar-2001  fvdl For -o linux mounts, add some code to emulate /proc/#/maps.
Needs NAMECACHE_ENTER_REVERSE to include filenames.
 1.78  21-Feb-2001  jdolecek branches: 1.78.2;
make some more constant arrays 'const'
 1.77  22-Jan-2001  jdolecek make filesystem vnodeop, specop, fifoop and vnodeopv_* arrays const
 1.76  17-Jan-2001  fvdl Add a few linux-style files, only enabled when -o linux is specified
for the mount. Currently these are /proc/cpuinfo and /proc/meminfo.
The former only does something on i386 right now.
 1.75  24-Nov-2000  chs remove dead code and other misc cleanup.
 1.74  09-Aug-2000  tv Only show the "exe" entry to Linux processes, suggested by christos.
Since there are actually three struct emul's for linux, use the e_name
field to determine eligibility with strcmp().
 1.73  09-Aug-2000  tv Some versions of Linux libc look for /proc/.../exe instead of /proc/../file.
Add an entry for "exe" that is the same as "file", provided only if
COMPAT_LINUX is set.
 1.72  03-Aug-2000  thorpej MALLOC()/FREE() are not to be used for variable sized allocations.
 1.71  28-Jun-2000  mrg <vm/vm.h> -> <uvm/uvm_extern.h>
 1.70  30-Mar-2000  simonb branches: 1.70.4;
Delete duplicate declaration of atopid().
 1.69  02-Sep-1999  thorpej branches: 1.69.2; 1.69.8;
Make /proc/self a symlink to /proc/curproc. I've observed Linux programs
that expect /proc/self/cmdline to exist.
 1.68  25-Aug-1999  sommerfeld Change variable used for directory offset from "int" to "off_t".
Overkill, but avoids a host of truncation problems.
 1.67  24-Aug-1999  sommerfeld Fix PR8270:

Problem turned out to be due to improper handling of reads beyond EOF:
they should just return without error with the uio unchanged, and the
caller will recognize this as a zero-byte return (EOF).

The previous fix to protect directory reads against bogus uio_offset
values returned EINVAL, which broke mount -o union, which only
union'ed in the lower directory if the upper directory cleanly
returned EOF.

While we're here, protect kernfs as well.
 1.66  14-Aug-1999  christos protect against large uio_offset
 1.65  03-Aug-1999  wrstuden Add support for fcntl(2) to generate VOP_FCNTL calls. Any fcntl
call with F_FSCTL set and F_SETFL calls generate calls to a new
fileop fo_fcntl. Add genfs_fcntl() and soo_fcntl() which return 0
for F_SETFL and EOPNOTSUPP otherwise. Have all leaf filesystems
use genfs_fcntl().

Reviewed by: thorpej
Tested by: wrstuden
 1.64  25-Jul-1999  thorpej Add calls to lock the proclist as appropriate.
 1.63  14-Jul-1999  thorpej Fix a paste-o in procfs_lookup() introduced with the vnode locking changes.
Fixes PR #7961, Mario Kemper <magick@bundy.lip.owl.de>.
 1.62  08-Jul-1999  wrstuden Bump osrelease to 1.4E. Add layerfs files, remove null_subr.c.

Update coda to new struct lock in struct vnode.

make fdescfs, kernfs, portalfs, and procfs actually lock their vnodes.
It's not that hard.

Make unionfs set v_vnlock = NULL so any overlayed fs will call its
VOP_LOCK.
 1.61  12-Mar-1999  christos branches: 1.61.2; 1.61.4;
PR/7143: Jaromir Docelek: Add procfs/cmdline from Linux emulation
 1.60  25-Jan-1999  msaitoh Add /proc/#/map. From FreeBSD.
 1.59  08-Sep-1998  thorpej - Use proclists[], rather than checking allproc and zombproc explicitly.
- Add some comments about locking.
 1.58  13-Aug-1998  kleink Per POSIX, fail with EINVAL if advisory locking is attempted on a file type
that doesn't support it, rather than using a homegrown EBADF or EOPNOTSUPP.
 1.57  10-Aug-1998  matthias create miscfs/genfs/genfs_vnops.c:genfs_enoioctl and make all the other
filesystems use it instead of a private version.
 1.56  09-Aug-1998  perry bzero->memset, bcopy->memcpy, bcmp->memcmp
 1.55  03-Aug-1998  kleink Recognize _PC_SYNC_IO.
 1.54  21-Apr-1998  fvdl procfs_readdir: in case of error, check if cookies actually have
been allocated before freeing them. From Wolfgang Solfrank.
 1.53  01-Mar-1998  fvdl Merge with Lite2 + local changes
 1.52  10-Oct-1997  fvdl Bump last argument to VOP_READDIR to off_t (from u_long).
 1.51  27-Aug-1997  thorpej Fix a reversed argument which caused procfs_checkioperm() to always return
"OK". Add a few comments to avoid further confusion.
 1.50  12-Aug-1997  thorpej Fix the procfs hole described on current-users, similar to a fix for
FreeBSD by Sean Eric Fagan, but a bit different. This makes the checks
in the same places as sef's FreeBSD patch, but does not hardcode the
"kmem" group into the kernel, and also does a check identical to the
(3) and (4) checks in the NetBSD ptrace(2):

(1) it's not owned by you, or is set-id on exec (unless
you're root), or

(2) it's init, which controls the security level of the
entire system, and the system was not compiled with
permanently insecure mode turned on.
 1.49  08-May-1997  mycroft branches: 1.49.4;
Pass the vnode type to vaccess(), and use it when checking VEXEC. Make sure
that the mode bits passed to vaccess() and returned by foo_getattr() contain
only permission bits.
 1.48  05-May-1997  mycroft Need stat.h.
 1.47  05-May-1997  mycroft Eliminate bogus uses of V{READ,WRITE,EXEC}. Use S_I[RWX]{USR,GRP,OTH} where
appropriate.
 1.46  28-Apr-1997  mycroft Minor code cleanup.
 1.45  25-Oct-1996  cgd define path name string variables that we should not (and, thankfully, do
not) modify as 'const char *' rather 'char *'.
 1.44  13-Oct-1996  christos backout previous kprintf changes
 1.43  10-Oct-1996  christos printf -> kprintf, sprintf -> ksprintf
 1.42  07-Sep-1996  mycroft Implement poll(2).
 1.41  01-Sep-1996  mycroft Add a set of generic file system operations that most file systems use.
Also, fix some time stamp bogosities.
 1.40  16-Mar-1996  christos Fix printf format follies.
 1.39  13-Feb-1996  mycroft GC *_nullop(). Minor nits.
 1.38  12-Feb-1996  christos close PR/2063: procfs_rw prototyped twice with different prototypes
 1.37  09-Feb-1996  christos miscfs prototype changes
 1.36  09-Feb-1996  mycroft Fix vop_link, vop_symlink, and vop_remove semantics in several ways:
* Change the argument names to vop_link so they actually make sense.
* Implement vop_link and vop_symlink for all file systems, so they do proper
cleanup.
* Require the file system to decide whether or not linking and unlinking of
directories is allowed, and disable it for all current file systems.
 1.35  09-Oct-1995  mycroft Use the index number as the cookie, rather than multiplying by UIO_MX.
 1.34  09-Oct-1995  mycroft Add support for cookies, mostly from Greg Hudson.
 1.33  15-Apr-1995  cgd fix timeval vs. timespec warnings
 1.32  03-Feb-1995  mycroft Return EROFS rather than ENOENT in many cases. Also some cosmetic cleanup.
 1.31  27-Dec-1994  mycroft Format police.
 1.30  24-Dec-1994  ws Implement and use a common access checking routine
 1.29  14-Dec-1994  mycroft Remove a_fp.
 1.28  14-Nov-1994  christos fixed struct comment
 1.27  30-Oct-1994  cgd be more careful with types, also pull in headers where necessary.
 1.26  20-Oct-1994  cgd update for new syscall args description mechanism
 1.25  30-Aug-1994  mycroft Convert process, file, and namei lists and hash tables to use queue.h.
 1.24  29-Jun-1994  cgd New RCS ID's, take two. they're more aesthecially pleasant, and use 'NetBSD'
 1.23  16-Jun-1994  mycroft Remove an unneeded test.
 1.22  15-Jun-1994  mycroft Minor update from JSP after merging my changes.
 1.21  08-Jun-1994  mycroft Update to 4.4-Lite fs code, with local changes.
 1.20  05-May-1994  cgd lots of changes: prototype migration, move lots of variables, definitions,
and structure elements around. kill some unnecessary type and macro
definitions. standardize clock handling. More changes than you'd want.
 1.19  15-Apr-1994  cgd forgot these...
 1.18  12-Apr-1994  cgd be a bit smarter about determining if files shouldn't be seen by the user.
Also, DON'T allow a lookup to succeed on a file that's not visible!
 1.17  15-Feb-1994  mycroft Undo last change; executables is `file', not `a.out'.
 1.16  14-Feb-1994  ws Rename file -> a.out
 1.15  14-Feb-1994  ws Don't try to show a file for a process if there is none
 1.14  28-Jan-1994  cgd make a fpregs file.
 1.13  20-Jan-1994  ws Make procfs really work for debugging.
Implement not & notepg files in procfs.
 1.12  09-Jan-1994  ws Bug fixes and enhancements:
Make NFS serving work (BUT DON'T USE "attach" TO /proc/*/ctl FOR NOW!!!)
Make `curproc' a symbolic link
Add `.' and `..' entries to the directories.
Return better guesses on the size of the files.
 1.11  05-Jan-1994  cgd return size of 'reg' from getattr()
 1.10  05-Jan-1994  cgd make it compile (cleanly) for us
 1.9  05-Jan-1994  cgd add new procfs code, from Jan-Simon Pendry, jsp@sequent.com.
This is pretty-much "virgin", so that diffs can be done later.
 1.8  18-Dec-1993  mycroft Canonicalize all #includes.
 1.7  16-Sep-1993  cgd kill volatile warning.
 1.6  07-Sep-1993  ws branches: 1.6.2;
Changes to VFS readdir semantics
NFS changes for better cookie support
ISOFS changes for better Rockridge support and support for generation numbers
 1.5  26-Aug-1993  pk Implement setattr: mode for process entries; mode + uid/gid for the
PROCFS root directory.
Fixed omission in pfs_root() which came to light as a result of the above:
hold on to vnode for root dir.
 1.4  25-Aug-1993  pk Fixed improperly initialized nfsnode in pfs_lookup()
 1.3  24-Aug-1993  pk copyright update.
 1.2  24-Aug-1993  pk Rcs Id added.
 1.1  24-Aug-1993  pk branches: 1.1.1;
Initial version of a proc filesystem.
 1.1.1.2  01-Mar-1998  fvdl Import 4.4BSD-Lite2
 1.1.1.1  01-Mar-1998  fvdl Import 4.4BSD-Lite for reference
 1.6.2.2  14-Nov-1993  mycroft Canonicalize all #includes.
 1.6.2.1  24-Sep-1993  mycroft Changes from trunk.
 1.49.4.3  14-Oct-1997  thorpej Update marc-pcmcia branch from trunk.
 1.49.4.2  28-Aug-1997  thorpej Update marc-pcmcia branch from trunk.
 1.49.4.1  23-Aug-1997  thorpej Update marc-pcmcia branch from trunk.
 1.61.4.1  02-Aug-1999  thorpej Update from trunk.
 1.61.2.2  14-Jan-2002  he Pull up revision 1.88 (via patch, requested by he):
Fix a ptrace/execve race condition which could be used to modify
the child process' image during execve. This would be a security
issue due to setuid programs.
 1.61.2.1  28-Aug-1999  he Pull up revisions 1.66-1.68:
Protect {fdesc,kernfs,procfs}_readdir against directory seeks
with bogus offsets. (sommerfeld)
 1.69.8.1  21-Dec-1999  wrstuden Initial commit of recent changes to make DEV_BSIZE go away.

Runs on i386, needs work on other arch's. Main kernel routines should be
fine, but a number of the stand programs need help.

cd, fd, ccd, wd, and sd have been updated. sd has been tested with non-512
byte block devices. vnd, raidframe, and lfs need work.

Non 2**n block support is automatic for LKM's and conditional for kernels
on "options NON_PO2_BLOCKS".
 1.69.2.6  21-Apr-2001  bouyer Sync with HEAD
 1.69.2.5  12-Mar-2001  bouyer Sync with HEAD.
 1.69.2.4  11-Feb-2001  bouyer Sync with HEAD.
 1.69.2.3  18-Jan-2001  bouyer Sync with head (for UBC+NFS fixes, mostly).
 1.69.2.2  08-Dec-2000  bouyer Sync with HEAD.
 1.69.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.70.4.2  14-Jan-2002  he Pull up revision 1.88 (via patch, requested by christos):
Fix a ptrace/execve race condition which could be used to modify
the child process' image during execve. This would be a security
issue due to setuid programs.
 1.70.4.1  30-Mar-2001  he Pull up revisions 1.74-1.76 (via patch, requested by fvdl):
Add some required Linux emulation bits to support the Linux
version of VMware.
 1.78.2.13  07-Jan-2003  thorpej Sync with HEAD.
 1.78.2.12  15-Oct-2002  nathanw Make all the procfs_validfoo() routines go back to taking a proc
instead of an lwp; they aren't doing anything useful with the LWP.

Revert changes that changed /proc/curproc to /proc/curlwp, and broke it in
the process.
 1.78.2.11  13-Aug-2002  nathanw Catch up to -current.
 1.78.2.10  12-Jul-2002  nathanw No longer need to pull in lwp.h; proc.h pulls it in for us.
 1.78.2.9  24-Jun-2002  nathanw Curproc->curlwp renaming.

Change uses of "curproc->l_proc" back to "curproc", which is more like the
original use. Bare uses of "curproc" are now "curlwp".

"curproc" is now #defined in proc.h as ((curlwp) ? (curlwp)->l_proc) : NULL)
so that it is always safe to reference curproc (*de*referencing curproc
is another story, but that's always been true).
 1.78.2.8  20-Jun-2002  nathanw Catch up to -current.
 1.78.2.7  28-Feb-2002  nathanw Catch up to -current.
 1.78.2.6  08-Jan-2002  nathanw Catch up to -current.
 1.78.2.5  14-Nov-2001  nathanw Catch up to -current.
 1.78.2.4  21-Sep-2001  nathanw Catch up to -current.
 1.78.2.3  21-Jun-2001  nathanw Catch up to -current.
 1.78.2.2  09-Apr-2001  nathanw Catch up with -current.
 1.78.2.1  05-Mar-2001  nathanw Initial commit of scheduler activations and lightweight process support.
 1.82.2.5  06-Sep-2002  jdolecek sync kqueue branch with HEAD
 1.82.2.4  23-Jun-2002  jdolecek catch up with -current on kqueue branch
 1.82.2.3  11-Feb-2002  jdolecek Sync w/ -current.
 1.82.2.2  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.82.2.1  13-Sep-2001  thorpej Update the kqueue branch to HEAD.
 1.83.4.1  12-Nov-2001  thorpej Sync the thorpej-mips-cache branch with -current.
 1.83.2.1  18-Sep-2001  fvdl Various changes to make cloning devices possible:

* Add an extra argument (struct vnode **) to VOP_OPEN. If it is
not NULL, specfs will create a cloned (aliased) vnode during
the call, and return it there. The caller should release and
unlock the original vnode if a new vnode was returned. The
new vnode is returned locked.

* Add a flag field to the cdevsw and bdevsw structures.
DF_CLONING indicates that it wants a new vnode for each
open (XXX is there a better way? devprop?)

* If a device is cloning, always call the close entry
point for a VOP_CLOSE.


Also, rewrite cons.c to do the right thing with vnodes. Use VOPs
rather then direct device entry calls. Suggested by mycroft@

Light to moderate testing done an i386 system (arch doesn't matter
though, these are MI changes).
 1.89.2.1  29-Aug-2002  gehenna catch up with -current.
 1.106.2.10  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.106.2.9  04-Mar-2005  skrll Sync with HEAD.

Hi Perry!
 1.106.2.8  27-Oct-2004  skrll Fix various comments that describe the argument structures
 1.106.2.7  19-Oct-2004  skrll Sync with HEAD
 1.106.2.6  24-Sep-2004  skrll Sync with HEAD.
 1.106.2.5  21-Sep-2004  skrll Fix the sync with head I botched.
 1.106.2.4  18-Sep-2004  skrll Sync with HEAD.
 1.106.2.3  24-Aug-2004  skrll Undo part of the ktrace/lwp changes. In particular:
* Remove the "lwp *" argument that was added to vget(). Turns out
that nothing actually used it!
* Remove the "lwp *" arguments that were added to VFS_ROOT(), VFS_VGET(),
and VFS_FHTOVP(); all they did was pass it to vget() (which, as noted
above, didn't use it).
* Remove all of the "lwp *" arguments to internal functions that were added
just to appease the above.
 1.106.2.2  03-Aug-2004  skrll Sync with HEAD
 1.106.2.1  02-Jul-2003  darrenr Apply the aborted ktrace-lwp changes to a specific branch. This is just for
others to review, I'm concerned that patch fuziness may have resulted in some
errant code being generated but I'll look at that later by comparing the diff
from the base to the branch with the file I attempt to apply to it. This will,
at the very least, put the changes in a better context for others to review
them and attempt to tinker with removing passing of 'struct lwp' through
the kernel.
 1.120.6.1  19-Mar-2005  yamt sync with head. xen and whitespace. xen part is not finished.
 1.120.4.1  29-Apr-2005  kent sync with -current
 1.123.2.10  24-Mar-2008  yamt sync with head.
 1.123.2.9  04-Feb-2008  yamt sync with head.
 1.123.2.8  21-Jan-2008  yamt sync with head
 1.123.2.7  07-Dec-2007  yamt sync with head
 1.123.2.6  15-Nov-2007  yamt sync with head.
 1.123.2.5  27-Oct-2007  yamt sync with head.
 1.123.2.4  03-Sep-2007  yamt sync with head.
 1.123.2.3  26-Feb-2007  yamt sync with head.
 1.123.2.2  30-Dec-2006  yamt sync with head.
 1.123.2.1  21-Jun-2006  yamt sync with head.
 1.126.2.1  20-Oct-2005  yamt adapt procfs.
 1.128.4.1  09-Sep-2006  rpaulo sync with head
 1.128.2.1  18-Feb-2006  yamt sync with head.
 1.129.8.1  24-May-2006  tron Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
 1.129.6.3  06-May-2006  christos - Move kauth_cred_t declaration to <sys/types.h>
- Cleanup struct ucred; forward declarations that are unused.
- Don't include <sys/kauth.h> in any header, but include it in the c files
that need it.

Approved by core.
 1.129.6.2  10-Mar-2006  elad process_authorize() -> kauth_authorize_process(), to be closer to the
original and as requested by yamt@ and thorpej@.
 1.129.6.1  08-Mar-2006  elad Adapt to kernel authorization KPI.
 1.129.4.2  26-Jun-2006  yamt sync with head.
 1.129.4.1  24-May-2006  yamt sync with head.
 1.129.2.2  01-Jun-2006  kardel Sync with head.
 1.129.2.1  04-Feb-2006  simonb Adapt for timecounters: mostly use get*time() and use "time_second"
instead of "time.tv_sec".
 1.130.2.1  19-Jun-2006  chap Sync with head.
 1.133.8.2  10-Dec-2006  yamt sync with head.
 1.133.8.1  22-Oct-2006  yamt sync with head
 1.133.6.7  12-Jan-2007  ad Sync with head.
 1.133.6.6  29-Dec-2006  ad Checkpoint work in progress.
 1.133.6.5  18-Nov-2006  ad Sync with head.
 1.133.6.4  17-Nov-2006  ad Checkpoint work in progress.
 1.133.6.3  24-Oct-2006  ad - Redo LWP locking slightly and fix some races.
- Fix some locking botches.
- Make signal mask / stack per-proc for SA processes.
- Add _lwp_kill().
 1.133.6.2  21-Oct-2006  ad - Make this compile. XXX Needs more work on locking.
- Do FILE_UNUSE() as the current LWP, otherwise we will wipe out the
target's advisory locks. XXX Double check.
 1.133.6.1  11-Sep-2006  ad - Convert some locks to mutexes and RW locks.
- Use the proclist_lock to protect pgrps and sessions in some places.
 1.140.2.7  27-Sep-2007  xtraeme Pull up following revision(s) (requested by martti in ticket #905):
sys/miscfs/procfs/procfs_vnops.c: revision 1.152

Don't prepend rootvnode to the path in non-NULL case for exe links.
It breaks procfs in chroot.
from <christos>, tested by me.
 1.140.2.6  23-Jul-2007  liamjfoy Pull up following revision(s) (requested by pooka in ticket #785):
sys/miscfs/procfs/procfs_vnops.c: revision 1.158
Don't allow getcwd() on procfs vnodes and provide "/" as the path
instead of the result from getcwd(). The works around locking
panics caused by namei calling VOP_READLINK while holding on to a
directory lock and getcwd() trying to acquire that lock. The real
fix would be to get rid of getcwd() calls within VOPs (not locking
safe), but that's not a viable option in the netbsd-4 timeframe.
Suggestion for workaround from David Holland.
 1.140.2.5  31-Mar-2007  bouyer branches: 1.140.2.5.2;
pull up the following revisions (requested by pooka in ticket #537):
sys/miscfs/procfs/procfs_vnops.c 1.148, 1.150-1.151 via patch
Fixes a panic when doing stat */exe.
 1.140.2.4  17-Feb-2007  tron Apply patch (requested by chs in ticket #422):
- Fix various deadlock problems with nullfs and unionfs.
- Speed up path lookups by upto 25%.
 1.140.2.3  03-Jan-2007  tron Pull up following revision(s) (requested by elad in ticket #308):
sys/secmodel/bsd44/secmodel_bsd44_suser.c: revision 1.21 via patch
sys/miscfs/procfs/procfs_vnops.c: revision 1.144
PR/35226: Johann Franz: Problems with permissions in
/usr/pkg/emul/linux/proc .
Okay mlelstv@
 1.140.2.2  03-Jan-2007  tron Pull up following revision(s) (requested by elad in ticket #307):
sys/miscfs/procfs/procfs_vnops.c: revision 1.142
From Nicolas Joly: restore previous behavior in procfs_validfile_linux,
since
readdir passes a NULL lwp.
 1.140.2.1  06-Dec-2006  tron Pull up following revision(s) (requested by elad in ticket #248):
sys/miscfs/procfs/procfs_vnops.c: revision 1.141
Move kauth(9) call to where it belongs. Noticed by Nicolas Joly, thanks!
 1.140.2.5.2.2  30-Sep-2007  wrstuden Catch up on netbsd-4 as of a few days ago.
 1.140.2.5.2.1  03-Sep-2007  wrstuden Sync w/ NetBSD-4-RC_1
 1.148.2.3  15-Apr-2007  yamt sync with head.
 1.148.2.2  12-Mar-2007  rmind Sync with HEAD.
 1.148.2.1  27-Feb-2007  yamt - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
 1.154.4.1  11-Jul-2007  mjf Sync with head.
 1.154.2.7  25-Oct-2007  ad - Simplify debugger/procfs reference counting of processes. Use a per-proc
rwlock: rw_tryenter(RW_READER) to gain a reference, and rw_enter(RW_WRITER)
by the process itself to drain out reference holders before major changes
like exiting.
- Fix numerous bugs and locking issues in procfs.
- Mark procfs MPSAFE.
 1.154.2.6  16-Sep-2007  ad Checkpoint work in progress on the vnode lifecycle and reference counting
stuff. This makes it work properly without kernel_lock and fixes a few
quite old bugs. See vfs_subr.c 1.283.2.17 for details.
 1.154.2.5  20-Aug-2007  ad Sync with HEAD.
 1.154.2.4  17-Jun-2007  ad - Increase the number of thread priorities from 128 to 256. How the space
is set up is to be revisited.
- Implement soft interrupts as kernel threads. A generic implementation
is provided, with hooks for fast-path MD code that can run the interrupt
threads over the top of other threads executing in the kernel.
- Split vnode::v_flag into three fields, depending on how the flag is
locked (by the interlock, by the vnode lock, by the file system).
- Miscellaneous locking fixes and improvements.
 1.154.2.3  08-Jun-2007  ad Sync with head.
 1.154.2.2  10-Apr-2007  ad Sync with head.
 1.154.2.1  21-Mar-2007  ad - Replace more simple_locks, and fix up in a few places.
- Use condition variables.
- LOCK_ASSERT -> KASSERT.
 1.157.2.1  15-Aug-2007  skrll Sync with HEAD.
 1.158.10.2  22-Jul-2007  pooka Don't allow getcwd() on procfs vnodes and provide "/" as the path
instead of the result from getcwd(). The works around locking
panics caused by namei calling VOP_READLINK while holding on to a
directory lock and getcwd() trying to acquire that lock. The real
fix would be to get rid of getcwd() calls within VOPs (not locking
safe), but that's not a viable option in the netbsd-4 timeframe.

Suggestion for workaround from David Holland.
 1.158.10.1  22-Jul-2007  pooka file procfs_vnops.c was added on branch matt-mips64 on 2007-07-22 13:37:14 +0000
 1.158.8.1  14-Oct-2007  yamt sync with head.
 1.158.6.4  23-Mar-2008  matt sync with HEAD
 1.158.6.3  09-Jan-2008  matt sync with HEAD
 1.158.6.2  08-Nov-2007  matt sync with -HEAD
 1.158.6.1  06-Nov-2007  matt sync with HEAD
 1.158.4.3  27-Nov-2007  joerg Sync with HEAD. amd64 Xen support needs testing.
 1.158.4.2  11-Nov-2007  joerg Sync with HEAD.
 1.158.4.1  26-Oct-2007  joerg Sync with HEAD.

Follow the merge of pmap.c on i386 and amd64 and move
pmap_init_tmp_pgtbl into arch/x86/x86/pmap.c. Modify the ACPI wakeup
code to restore CR4 before jumping back into kernel space as the large
page option might cover that.
 1.160.4.3  18-Feb-2008  mjf Sync with HEAD.
 1.160.4.2  08-Dec-2007  mjf Sync with HEAD.
 1.160.4.1  19-Nov-2007  mjf Sync with HEAD.
 1.160.2.1  13-Nov-2007  bouyer Sync with HEAD
 1.163.6.2  23-Jan-2008  bouyer Sync with HEAD.
 1.163.6.1  02-Jan-2008  bouyer Sync with HEAD
 1.163.2.1  04-Dec-2007  ad Pull the vmlocking changes into a new branch.
 1.165.6.4  17-Jan-2009  mjf Sync with HEAD.
 1.165.6.3  28-Sep-2008  mjf Sync with HEAD.
 1.165.6.2  02-Jun-2008  mjf Sync with HEAD.
 1.165.6.1  03-Apr-2008  mjf Sync with HEAD.
 1.166.2.1  18-May-2008  yamt sync with head.
 1.168.2.6  11-Aug-2010  yamt sync with head.
 1.168.2.5  11-Mar-2010  yamt sync with head
 1.168.2.4  18-Jul-2009  yamt sync with head.
 1.168.2.3  20-Jun-2009  yamt sync with head
 1.168.2.2  04-May-2009  yamt sync with head.
 1.168.2.1  16-May-2008  yamt sync with head.
 1.169.4.1  03-Jul-2008  simonb Sync with head.
 1.169.2.1  18-Sep-2008  wrstuden Sync with wrstuden-revivesa-base-2.
 1.170.2.1  19-Oct-2008  haad Sync with HEAD.
 1.172.2.1  19-Jan-2009  skrll Sync with HEAD.
 1.173.2.1  23-Jul-2009  jym Sync with HEAD.
 1.177.4.1  03-Jul-2010  rmind sync with head
 1.177.2.1  17-Aug-2010  uebayasi Sync with HEAD.
 1.182.6.2  02-Jun-2012  mrg sync to latest -current.
 1.182.6.1  05-Apr-2012  mrg sync to latest -current.
 1.182.2.4  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.182.2.3  16-Jan-2013  yamt sync with (a bit old) head
 1.182.2.2  30-Oct-2012  yamt sync with head
 1.182.2.1  17-Apr-2012  yamt sync with head
 1.184.2.4  03-Dec-2017  jdolecek update from HEAD
 1.184.2.3  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.184.2.2  23-Jun-2013  tls resync from head
 1.184.2.1  25-Feb-2013  tls resync with head
 1.186.6.1  18-May-2014  rmind sync with head
 1.189.2.1  10-Aug-2014  tls Rebase.
 1.191.8.1  29-Aug-2019  martin Pull up following revision(s) (requested by hannken in ticket #1703):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@
 1.191.4.1  29-Aug-2019  martin Pull up following revision(s) (requested by hannken in ticket #1703):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@
 1.191.2.1  29-Aug-2019  martin Pull up following revision(s) (requested by hannken in ticket #1703):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@
 1.192.2.3  28-Aug-2017  skrll Sync with HEAD
 1.192.2.2  05-Oct-2016  skrll Sync with HEAD
 1.192.2.1  06-Jun-2015  skrll Sync with HEAD
 1.193.2.1  26-Apr-2017  pgoyette Sync with HEAD
 1.194.2.1  21-Apr-2017  bouyer Sync with HEAD
 1.197.2.4  17-Jun-2022  martin Pull up following revision(s) (requested by shm in ticket #1748):

sys/miscfs/procfs/procfs_vnops.c: revision 1.229

Add missing permission check
 1.197.2.3  29-Aug-2019  martin Pull up following revision(s) (requested by hannken in ticket #1346):

sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207

Add missing operation VOP_GETPAGES() returning EFAULT.

Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.

Observed by maxv@
 1.197.2.2  12-Apr-2018  martin Pull up following revision(s) (requested by kamil in ticket #713):

sys/modules/procfs/Makefile: revision 1.4
sys/miscfs/procfs/procfs_vfsops.c: revision 1.98
bin/ps/ps.1: revision 1.108
sys/compat/linux/arch/i386/linux_ptrace.c: revision 1.32
sys/miscfs/procfs/procfs_vnops.c: revision 1.198
sys/kern/sys_ptrace_common.c: revision 1.23
sys/kern/sys_ptrace_common.c: revision 1.24
sbin/mount_procfs/mount_procfs.8: revision 1.36
sys/kern/sys_ptrace_common.c: revision 1.25
sys/kern/sys_ptrace.c: revision 1.5
sys/compat/linux/arch/powerpc/linux_ptrace.c: revision 1.30
sys/sys/proc.h: revision 1.342
sys/kern/sys_ptrace_common.c: revision 1.26
sys/miscfs/procfs/procfs_ctl.c: file removal
sys/kern/sys_ptrace_common.c: revision 1.27
sys/miscfs/procfs/procfs_subr.c: revision 1.109
sys/kern/sys_ptrace_common.c: revision 1.28
sys/secmodel/extensions/secmodel_extensions.c: revision 1.8
sys/kern/sys_ptrace_common.c: revision 1.29
sys/sys/ptrace.h: revision 1.62
sys/compat/netbsd32/netbsd32_signal.c: revision 1.45
share/man/man9/kauth.9: revision 1.109
sys/miscfs/procfs/files.procfs: revision 1.12
sys/compat/netbsd32/netbsd32.h: revision 1.115
sys/miscfs/procfs/procfs.h: revision 1.72
sys/compat/netbsd32/netbsd32_ptrace.c: revision 1.5
sys/kern/kern_sig.c: revision 1.337
sys/sys/kauth.h: revision 1.75
sys/sys/sysctl.h: revision 1.224
sys/kern/sys_ptrace_common.c: revision 1.30
sys/kern/sys_ptrace_common.c: revision 1.31
sys/kern/sys_ptrace_common.c: revision 1.32
sys/kern/sys_ptrace_common.c: revision 1.33
sys/compat/linux/arch/arm/linux_ptrace.c: revision 1.20
sys/kern/sys_ptrace_common.c: revision 1.34
sys/kern/sys_ptrace_common.c: revision 1.36
sys/kern/kern_proc.c: revision 1.207
sys/kern/kern_exit.c: revision 1.269
doc/TODO.ptrace: revision 1.29

Make {s,g}et{db,fp,}regs work again for PK_32 processes
XXX: pullup-8

add disgusting magic to handle compat_netbsd32 as a module.

use process_*reg32 instead of struct *reg32.

Remove the filesystem tracing feature

This is a legacy interface from 4.4BSD, and it was
introduced to overcome shortcomings of ptrace(2) at that time, which are
no longer relevant (performance). Today /proc/#/ctl offers a narrow
subset of ptrace(2) commands and is not applicable for modern
applications use beyond simplistic tracing scenarios.

This removal will simplify kernel internals. Users will still be able to
use all the other /proc files.

This change won't affect other procfs files neither Linux compat
features within mount_procfs(8). /proc/#/ctl isn't available on Linux.

Remove:
- /proc/#/ctl from mount_procfs(8)
- P_FSTRACE note from the documentation of ps(1)
- /proc/#/ctl and filesystem tracing documentation from mount_procfs(8)
- KAUTH_REQ_PROCESS_PROCFS_CTL documentation from kauth(9)
- source code file miscfs/procfs/procfs_ctl.c
- PFSctl and procfs_doctl() from sys/miscfs/procfs/procfs.h
- KAUTH_REQ_PROCESS_PROCFS_CTL from sys/sys/kauth.h
- PSL_FSTRACE (0x00010000) from sys/sys/proc.h
- P_FSTRACE (0x00010000) from sys/sys/sysctl.h

Reduce code complexity after removal of this functionality.

Update TODO.ptrace accordingly: remove two entries about /proc tracing.

Do not keep legacy notes as comments in the headers about removed

PSL_FSTRACE / P_FSTRACE, as this interface had little number of users
(close or equal to zero).
Proposed on tech-kern@.

All filesystem tracing utility users are encouraged to switch to ptrace(2).

Sponsored by <The NetBSD Foundation>

untangle the mess:
- factor out common code
- break each ptrace subcall to its own sub-function
.. more to come ...
- reduce ifdef ugliness by moving it up top.
- factor out PT_IO and make PT_{READ,WRITE}_{I,D} use it
- factor out PT_DUMPCORE
- factor out sendsig code
.. more to come ...

handle siginfo requests for ptrace32

ptrace: Partially undo PT_{READ,WRITE}_{I,D} and unbreak these commands

The refactored code did not work and was generating EFAULT.

Sponsored by <The NetBSD Foundation>

Merge the code back; the problem was that since we are reading/writing
to a kernel address for PT_{READ,WRITE}_{I,D} we need the kernel vmspace.
provide separate read and write functions to accomodate register functions
that need a size argument.

don't ignore error from copyout_piod

Use the proper process (the tracee) to get information about lwps and
registers and the tracer for vmspace.

Add new sysctl(3) entry: security.models.extensions.user_set_dbregs

Model this new sysctl(3) entry after "user_set_cpu_affinity" in the same
level of sysctl(3) switches.

Allow to read unconditionally Debug Registers (no change here). This is
convenient as even if a user of a debugger does not use hardware assisted
watchpoints/breakpoints, a debugger can still prompt these values to store
in an internal cache with context of registers. Reading them should have
no security concerns.

Add a paranoid MI switch that prohibits by default setting these registers
by a regular user (non-superuser). Make this switch disabled by default.
There are enough reserved bits out there to allow using them
unconditionally on hardened hosts.

Features shipped with Debug Registers are optional features in debuggers.
There is no reduction in elementary functionality.

Reviewed by <christos>

Sponsored by <The NetBSD Foundation>
 1.197.2.1  08-Apr-2018  snj Pull up following revision(s) (requested by hannken in ticket #702):
sys/miscfs/procfs/procfs_vnops.c: 1.203
Lock the target cwdi and take an additional reference to the
vnode we are interested in to prevent it from disappearing
before getcwd_common().
Should fix PR kern/53096 (netbsd-8 crash on heavy disk I/O)
 1.202.2.3  20-Oct-2018  pgoyette Sync with head
 1.202.2.2  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.202.2.1  16-Apr-2018  pgoyette Sync with HEAD, resolve some conflicts
 1.203.2.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.203.2.1  10-Jun-2019  christos Sync with HEAD
 1.206.4.2  17-Jun-2022  martin Pull up following revision(s) (requested by shm in ticket #1475):

sys/miscfs/procfs/procfs_vnops.c: revision 1.229

Add missing permission check
 1.206.4.1  01-Sep-2019  martin Pull up following revision(s) (requested by hannken in ticket #132):
sys/miscfs/kernfs/kernfs_vnops.c: revision 1.161
sys/miscfs/procfs/procfs_vnops.c: revision 1.207
Add missing operation VOP_GETPAGES() returning EFAULT.
Without this operation posix_fadvise(..., POSIX_FADV_WILLNEED)
would leave the v_interlock held.
Observed by maxv@
 1.207.2.2  29-Feb-2020  ad Sync with head.
 1.207.2.1  25-Jan-2020  ad Make cwdinfo use mostly lockless, and largely hide the details in vfs_cwd.c.
 1.210.4.1  25-Apr-2020  bouyer Sync with bouyer-xenpvh-base2 (HEAD)
 1.215.6.1  01-Aug-2021  thorpej Sync with HEAD.
 1.229.4.1  18-Apr-2024  martin Pull up following revision(s) (requested by hannken in ticket #668):

sys/miscfs/procfs/procfs.h: revision 1.83
sys/miscfs/procfs/procfs.h: revision 1.84
sys/kern/vfs_mount.c: revision 1.104
sys/miscfs/procfs/procfs_vnops.c: revision 1.230
sys/kern/init_main.c: revision 1.547
sys/kern/kern_hook.c: revision 1.15
sys/miscfs/procfs/procfs_vfsops.c: revision 1.112
sys/miscfs/procfs/procfs_vfsops.c: revision 1.113
sys/miscfs/procfs/procfs_vfsops.c: revision 1.114
sys/miscfs/procfs/procfs_subr.c: revision 1.117

Print dangling vnode before panic() to help debug.

PR kern/57775 ""panic: unmount: dangling vnode" while umounting procfs"
Protect kernel hooks exechook, exithook and forkhook with rwlock.

Lock as writer on establish/disestablish and as reader on list traverse.

For exechook ride "exec_lock" as it is already take as reader when
traversing the list. Add local locks for exithook and forkhook.

Move exec_init before signal_init as signal_init calls exechook_establish()
that needs "exec_lock".

PR kern/39913 "exec, fork, exit hooks need locking"

Add a hashmap to access all procfs nodes by pid.

Using the exechook to revoke procfs nodes is racy and may deadlock:
one thread runs doexechooks() -> procfs_revoke_vnodes() and wants to suspend
the file system for vgone(), while another thread runs a forced unmount,
has the file system suspended, tries to disestablish the exechook and
waits for doexechooks() to complete.

Establish/disestablish the exechook on module load/unload instead
mount/unmount and use the hashmap to access all procfs nodes for this pid.

May fix PR kern/57775 ""panic: unmount: dangling vnode" while umounting procfs"

Remove all procfs nodes for this process on process exit.

RSS XML Feed