Commit Graph

104 Commits

Author SHA1 Message Date
jdolecek
d18332248c replace magic number '500' in pid allocation code with a macro PID_SKIP,
defined in <sys/proc.h> (along PID_MAX, NO_PID)
2002-12-12 20:41:45 +00:00
jdolecek
f13ab92159 put back portion of fork-bomb protection removed in last commit,
and make the sleep length depend on value of variable forkfsleep;
it's set to zero by default (no sleep)
this is a preparation for making the sleep length settable via sysctl
2002-12-11 18:09:07 +00:00
groo
b9df764f32 Remove portion of fork-bomb protection that has unfortunate side effects. 2002-12-11 05:01:22 +00:00
jdolecek
16e3e3cd55 Couple fork-bomb defense changes:
- leave 5 processes for root-only use, the previous value of 1
  was unsufficient to execute additional commands once logged, and
  perhaps also not enough to actually login remotely with recent (open)sshd
- protect the log of "proc: table full" with ratecheck(), so that
  the message is only logged once per 10 seconds; though syslogd normally
  doesn't pass the repeated messages through, this avoids flooding
  syslogd and potentially also screen/logs
- If the process hits either system limit of number of processes in system,
  or user's limit of same, force the process to sleep for 0.5 seconds
  before returning failure. This turns 2000 rampaging fork monsters into
  2000 harmlessly snoozing fork monsters.
  The sleep is intentionally uninterruptible by signals.

These are not intended as ultimate protection agains fork-bombs.
Determined attacker can eat CPU differently than via repeating
fork() calls. But this is good enough to help protect against
programming mistakes or simple-minded tests.

Based on FreeBSD kern_fork.c change in revision 1.132 by
Mike Silbersack <silby at FreeBSD org>

Change also discussed on tech-kern@NetBSD.org, thread
'Fork bomb protection patch'.
2002-12-05 16:24:46 +00:00
manu
005949afda cosmetic fix 2002-11-30 11:20:51 +00:00
chs
4b2625143d change uvm_uarea_alloc() to indicate whether the returned uarea is already
backed by physical pages (ie. because it reused a previously-freed one),
so that we can skip a bunch of useless work in that case.
this fixes the underlying problem behind PR 18543, and also speeds up fork()
quite a bit (eg. 7% on my pc, 1% on my ultra2) when we get a cache hit.
2002-11-17 08:32:43 +00:00
provos
a5883f1616 fix systrace panic that was introduced when postponing pid number allocation
approved itojun
2002-11-13 00:51:02 +00:00
manu
9a4dfe85fa Added two sysctl-able flags: proc.curproc.stopfork and proc.curproc.stopexec
that can be used to block a process after fork(2) or exec(2) calls. The
new process is created in the SSTOP state and is never scheduled for running.

This feature is designed so that it is esay to attach the process using gdb
before it has done anything.

It works also with sproc, kthread_create, clone...
2002-11-07 00:22:28 +00:00
jdolecek
e0cc03a09b merge kqueue branch into -current
kqueue provides a stateful and efficient event notification framework
currently supported events include socket, file, directory, fifo,
pipe, tty and device changes, and monitoring of processes and signals

kqueue is supported by all writable filesystems in NetBSD tree
(with exception of Coda) and all device drivers supporting poll(2)

based on work done by Jonathan Lemon for FreeBSD
initial NetBSD port done by Luke Mewburn and Jason Thorpe
2002-10-23 09:10:23 +00:00
christos
0ecf004286 Move pid allocation to the bottom of the process allocation, so that we
don't have to deal with partially initialized proc structs in the scheduler.
Pointed out by: Artur Grabowski and Chuck Silvers.
2002-10-21 17:37:53 +00:00
thorpej
71404bb533 Don't include <sys/map.h>. 2002-09-25 22:21:01 +00:00
chs
2b73cf7ece encapsulate knowledge of uarea allocation in some new functions. 2002-09-22 07:20:29 +00:00
gmcgarry
5bcbbd40bf MI kernel support for user-level Restartable Atomic Sequences (RAS). 2002-08-28 07:16:33 +00:00
pooka
2bc5807797 Add FORK_CLEANFILES flag to fork1(), which makes the new process start out
with a clean descriptor set (ie. not copied or shared from parent).

for rfork()
2002-08-06 13:58:08 +00:00
pooka
15d9246bb2 Add FORK_NOWAIT flag, which sets init as the parent of the forked
process. Useful for FreeBSD rfork() emulation.

ok'd by Christos
2002-07-11 10:37:26 +00:00
christos
acf2d4083d Niels Provos systrace work, ported to NetBSD by kittenz and reworked... 2002-06-17 16:22:50 +00:00
thorpej
205c159f0e Make the coredump routine exec-format/emulation specific. Split
out traditional NetBSD coredump routines into core_netbsd.c and
netbsd32_core.c (for COMPAT_NETBSD32).
2001-12-08 00:35:25 +00:00
lukem
adc783d537 add RCSIDs 2001-11-12 15:25:01 +00:00
fvdl
2017fd0179 flags was used uninitialized. 2001-07-07 23:33:54 +00:00
thorpej
9377ba2c38 Linux-compatible clone(2) system call, lifted from the Linux
compatibility module.  Based on patches from Bang Jun-Young <bjy@mogua.org>.
2001-07-01 18:06:11 +00:00
lukem
4637391f86 minor KNF 2001-02-26 21:09:57 +00:00
fvdl
6907c4ded8 Do syscall_intern after p_traceflag has been copied to the new
process (if it is inherited), so that ktrace continues to work
properly on the child.
2001-01-09 23:36:50 +00:00
ad
e3514a4191 PR 4853: we fork a lot more during startup these days. Wrap nextpid to 500. 2000-12-31 17:43:41 +00:00
jdolecek
e9e91a0fb5 split off thread specific stuff from struct sigacts to struct sigctx, leaving
only signal handler array sharable between threads
move other random signal stuff from struct proc to struct sigctx

This addresses kern/10981 by Matthew Orgass.
2000-12-22 22:58:52 +00:00
tsutsui
aaa48a8d25 Use USPACE_ALIGN for an alignment argument on allocating U-area.
The default value is 0, and could be overridden by machine/vmparam.h.
2000-12-11 15:35:42 +00:00
mycroft
f495cd9dc6 Introduce 2 new flags in types.h:
* __HAVE_SYSCALL_INTERN.  If this is defined, e_syscall is replaced by
  e_syscall_intern, which is called at key places in the kernel.  This can be
  used to set a MD syscall handler pointer.  This obsoletes and replaces the
  *_HAS_SEPARATED_SYSCALL flags.
* __HAVE_MINIMAL_EMUL.  If this is defined, certain (deprecated) elements in
  struct emul are omitted.
2000-12-11 05:28:59 +00:00
jdolecek
9b6d040095 fork1(): write the ktrace entry before the parent is put to sleep for
FORK_PPWAIT case, so that this DTRT for vfork() too
2000-12-10 11:41:20 +00:00
nisimura
10571faa84 Introduce uvm_km_valloc_align() and use it to glab process's USPACE
aligned on USPACE boundary in kernel virutal address.  It's benefitial
for MIPS R4000's paired TLB entry design.
2000-11-27 04:36:40 +00:00
chs
a284236c04 in fork1(), only add make the new proc visible (by giving it a pid
and adding it to allproc) after it's fully initialized.
this prevents the scheduler from coming in via a clock interrupt
and tripping over a partially-initialized proc.
2000-11-08 05:16:23 +00:00
jdolecek
7d8eefdffc add void *p_emuldata into struct proc - this can be used to hold per-process
emulation-specific data
add process exit, exec and fork function hooks into struct emul:
* e_proc_fork() - called in fork1() after the new forked process is setup
* e_proc_exec() - called in sys_execve() after the executed process is setup
* e_proc_exit() - called in exit1() after all the other process cleanups are
  done, right before machine-dependant switch to new context; also called
  for "old" emulation from sys_execve() if emulation of executed program and
  the original process is different

This was discussed on tech-kern.
2000-11-07 12:41:52 +00:00
jdolecek
75823fcfc2 write KTR_EMUL entry on end of fork1() - primarily usable when the new
process never does execve(2), such as when creating a thread
2000-11-07 12:31:17 +00:00
sommerfeld
c9febd72cb Lock scheduler before putting new proc on run queues. 2000-09-06 14:06:42 +00:00
sommerfeld
392f867be8 MULTIPROCESSOR: Initialize new proc's p_cpu pointer to NULL, so
anything which looks at it before it runs won't explode.
2000-08-25 02:55:49 +00:00
thorpej
f759220f40 Define the MI parts of the "big kernel lock" perimeter. From
Bill Sommerfeld.
2000-08-22 17:28:28 +00:00
thorpej
cd32ace8bb ANSI'ify. 2000-08-01 04:57:28 +00:00
jdolecek
1ec07d7439 change tablefull() to accept one more parameter - optional hint
use that to inform about way to raise current limit when we reach maximum
number of processes, descriptors or vnodes

XXX hopefully I catched all users of tablefull()
2000-07-04 15:33:28 +00:00
mrg
32aa199ccf remove include of <vm/vm.h> 2000-06-27 17:41:07 +00:00
mrg
2f159a1bac remove/move more mach vm header files:
<vm/pglist.h> -> <uvm/uvm_pglist.h>
	<vm/vm_inherit.h> -> <uvm/uvm_inherit.h>
	<vm/vm_kern.h> -> into <uvm/uvm_extern.h>
	<vm/vm_object.h> -> nothing
	<vm/vm_pager.h> -> into <uvm/uvm_pager.h>

also includes a bunch of <vm/vm_page.h> include removals (due to redudancy
with <vm/vm.h>), and a scattering of other similar headers.
2000-06-26 14:20:25 +00:00
thorpej
956b3ca3b3 Track which process a CPU is running/has last run on by adding a
p_cpu member to struct proc.  Use this in certain places when
accessing scheduler state, etc.  For the single-processor case,
just initialize p_cpu in fork1() to avoid having to set it in the
low-level context switch code on platforms which will never have
multiprocessing.

While I'm here, comment a few places where there are known issues
for the SMP implementation.
2000-05-31 05:02:31 +00:00
thorpej
e03e9e8086 Rather than starting init and creating kthreads by forking and then
doing a cpu_set_kpc(), just pass the entry point and argument all
the way down the fork path starting with fork1().  In order to
avoid special-casing the normal fork in every cpu_fork(), MI code
passes down child_return() and the child process pointer explicitly.

This fixes a race condition on multiprocessor systems; a CPU could
grab the newly created processes (which has been placed on a run queue)
before cpu_set_kpc() would be performed.
2000-05-28 05:48:59 +00:00
thorpej
a58b73be13 __predict_false() the test for full process table, user exceeding their
process limit, and USPACE valloc failure.
2000-05-08 19:59:21 +00:00
augustss
264f1d27c6 Get rid of register declarations. 2000-03-30 09:27:11 +00:00
thorpej
b667a5a357 New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 06:30:07 +00:00
thorpej
01a8cffe77 Add a read/write lock to the proclists and PID hash table. Use the
write lock when doing PID allocation, and during the process exit path.
Use a read lock every where else, including within schedcpu() (interrupt
context).  Note that holding the write lock implies blocking schedcpu()
from running (blocks softclock).

PID allocation is now MP-safe.

Note this actually fixes a bug on single processor systems that was probably
extremely difficult to tickle; it was possible that schedcpu() would run
off a bad pointer if the right clock interrupt happened to come in the
middle of a LIST_INSERT_HEAD() or LIST_REMOVE() to/from allproc.
1999-07-22 21:08:30 +00:00
thorpej
e8485145c1 Rearrange some code slightly. 1999-07-22 18:28:30 +00:00
thorpej
c10a926030 Allow the caller to specify a stack for the child process. If NULL,
the child inherits the stack pointer from the parent (traditional
behavior).  Like the signal stack, the stack area is secified as
a low address and a size; machine-dependent code accounts for stack
direction.

This is required for clone(2).
1999-05-13 21:58:32 +00:00
thorpej
5d97669cfe Allow an alternate exit signal (i.e. not SIGCHLD) to be delivered to the
parent, specified at fork time.  Specify a new flag to wait4(2), WALTSIG,
to wait for processes which use an alternate exit signal.

This is required for clone(2).
1999-05-13 00:59:03 +00:00
thorpej
b699afcb5b Pay attention to FORK_SHARECWD, FORK_SHAREFILES, and FORK_SHARESIGS. 1999-04-30 21:39:51 +00:00
thorpej
2835fc6e46 Pull signal actions out of struct user, make them a separate proc
substructure, and allow them to be shared.

Required for clone(2).
1999-04-30 21:23:49 +00:00
thorpej
16936c9565 Break cdir/rdir/cmask info out of struct filedesc, and put it in a new
substructure, `cwdinfo'.  Implement optional sharing of this substructure.

This is required for clone(2).
1999-04-30 18:42:58 +00:00