1996-04-07 13:03:06 +00:00
|
|
|
/*-
|
2017-11-20 19:43:44 +00:00
|
|
|
* SPDX-License-Identifier: BSD-3-Clause
|
|
|
|
|
*
|
1996-04-07 13:03:06 +00:00
|
|
|
* Copyright (c) 1982, 1986, 1989, 1993
|
|
|
|
|
* The Regents of the University of California. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This code is derived from software contributed to Berkeley by
|
|
|
|
|
* Mike Karels at Berkeley Software Design, Inc.
|
|
|
|
|
*
|
|
|
|
|
* Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD
|
|
|
|
|
* project, to make these variables more userfriendly.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
2016-09-15 13:16:20 +00:00
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
1996-04-07 13:03:06 +00:00
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
|
* without specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
|
*
|
|
|
|
|
* @(#)kern_sysctl.c 8.4 (Berkeley) 4/14/94
|
|
|
|
|
*/
|
|
|
|
|
|
2003-06-11 00:56:59 +00:00
|
|
|
#include <sys/cdefs.h>
|
|
|
|
|
__FBSDID("$FreeBSD$");
|
|
|
|
|
|
2001-11-08 15:31:19 +00:00
|
|
|
#include "opt_posix.h"
|
2007-05-16 16:08:04 +00:00
|
|
|
#include "opt_config.h"
|
2001-10-07 03:51:22 +00:00
|
|
|
|
1996-04-07 13:03:06 +00:00
|
|
|
#include <sys/param.h>
|
2019-06-24 20:52:21 +00:00
|
|
|
#include <sys/boot.h>
|
Huge cleanup of random(4) code.
* GENERAL
- Update copyright.
- Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set
neither to ON, which means we want Fortuna
- If there is no 'device random' in the kernel, there will be NO
random(4) device in the kernel, and the KERN_ARND sysctl will
return nothing. With RANDOM_DUMMY there will be a random(4) that
always blocks.
- Repair kern.arandom (KERN_ARND sysctl). The old version went
through arc4random(9) and was a bit weird.
- Adjust arc4random stirring a bit - the existing code looks a little
suspect.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Redo read_random(9) so as to duplicate random(4)'s read internals.
This makes it a first-class citizen rather than a hack.
- Move stuff out of locked regions when it does not need to be
there.
- Trim RANDOM_DEBUG printfs. Some are excess to requirement, some
behind boot verbose.
- Use SYSINIT to sequence the startup.
- Fix init/deinit sysctl stuff.
- Make relevant sysctls also tunables.
- Add different harvesting "styles" to allow for different requirements
(direct, queue, fast).
- Add harvesting of FFS atime events. This needs to be checked for
weighing down the FS code.
- Add harvesting of slab allocator events. This needs to be checked for
weighing down the allocator code.
- Fix the random(9) manpage.
- Loadable modules are not present for now. These will be re-engineered
when the dust settles.
- Use macros for locks.
- Fix comments.
* src/share/man/...
- Update the man pages.
* src/etc/...
- The startup/shutdown work is done in D2924.
* src/UPDATING
- Add UPDATING announcement.
* src/sys/dev/random/build.sh
- Add copyright.
- Add libz for unit tests.
* src/sys/dev/random/dummy.c
- Remove; no longer needed. Functionality incorporated into randomdev.*.
* live_entropy_sources.c live_entropy_sources.h
- Remove; content moved.
- move content to randomdev.[ch] and optimise.
* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h
- Remove; plugability is no longer used. Compile-time algorithm
selection is the way to go.
* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h
- Add early (re)boot-time randomness caching.
* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h
- Remove; no longer needed.
* src/sys/dev/random/uint128.h
- Provide a fake uint128_t; if a real one ever arrived, we can use
that instead. All that is needed here is N=0, N++, N==0, and some
localised trickery is used to manufacture a 128-bit 0ULLL.
* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h
- Improve unit tests; previously the testing human needed clairvoyance;
now the test will do a basic check of compressibility. Clairvoyant
talent is still a good idea.
- This is still a long way off a proper unit test.
* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h
- Improve messy union to just uint128_t.
- Remove unneeded 'static struct fortuna_start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h
- Improve messy union to just uint128_t.
- Remove unneeded 'staic struct start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
- Fix some magic numbers elsewhere used as FAST and SLOW.
Differential Revision: https://reviews.freebsd.org/D2025
Reviewed by: vsevolod,delphij,rwatson,trasz,jmg
Approved by: so (delphij)
2015-06-30 17:00:45 +00:00
|
|
|
#include <sys/jail.h>
|
1996-04-07 13:03:06 +00:00
|
|
|
#include <sys/kernel.h>
|
2018-12-29 15:55:44 +00:00
|
|
|
#include <sys/limits.h>
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
#include <sys/lock.h>
|
|
|
|
|
#include <sys/mutex.h>
|
Huge cleanup of random(4) code.
* GENERAL
- Update copyright.
- Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set
neither to ON, which means we want Fortuna
- If there is no 'device random' in the kernel, there will be NO
random(4) device in the kernel, and the KERN_ARND sysctl will
return nothing. With RANDOM_DUMMY there will be a random(4) that
always blocks.
- Repair kern.arandom (KERN_ARND sysctl). The old version went
through arc4random(9) and was a bit weird.
- Adjust arc4random stirring a bit - the existing code looks a little
suspect.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Redo read_random(9) so as to duplicate random(4)'s read internals.
This makes it a first-class citizen rather than a hack.
- Move stuff out of locked regions when it does not need to be
there.
- Trim RANDOM_DEBUG printfs. Some are excess to requirement, some
behind boot verbose.
- Use SYSINIT to sequence the startup.
- Fix init/deinit sysctl stuff.
- Make relevant sysctls also tunables.
- Add different harvesting "styles" to allow for different requirements
(direct, queue, fast).
- Add harvesting of FFS atime events. This needs to be checked for
weighing down the FS code.
- Add harvesting of slab allocator events. This needs to be checked for
weighing down the allocator code.
- Fix the random(9) manpage.
- Loadable modules are not present for now. These will be re-engineered
when the dust settles.
- Use macros for locks.
- Fix comments.
* src/share/man/...
- Update the man pages.
* src/etc/...
- The startup/shutdown work is done in D2924.
* src/UPDATING
- Add UPDATING announcement.
* src/sys/dev/random/build.sh
- Add copyright.
- Add libz for unit tests.
* src/sys/dev/random/dummy.c
- Remove; no longer needed. Functionality incorporated into randomdev.*.
* live_entropy_sources.c live_entropy_sources.h
- Remove; content moved.
- move content to randomdev.[ch] and optimise.
* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h
- Remove; plugability is no longer used. Compile-time algorithm
selection is the way to go.
* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h
- Add early (re)boot-time randomness caching.
* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h
- Remove; no longer needed.
* src/sys/dev/random/uint128.h
- Provide a fake uint128_t; if a real one ever arrived, we can use
that instead. All that is needed here is N=0, N++, N==0, and some
localised trickery is used to manufacture a 128-bit 0ULLL.
* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h
- Improve unit tests; previously the testing human needed clairvoyance;
now the test will do a basic check of compressibility. Clairvoyant
talent is still a good idea.
- This is still a long way off a proper unit test.
* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h
- Improve messy union to just uint128_t.
- Remove unneeded 'static struct fortuna_start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h
- Improve messy union to just uint128_t.
- Remove unneeded 'staic struct start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
- Fix some magic numbers elsewhere used as FAST and SLOW.
Differential Revision: https://reviews.freebsd.org/D2025
Reviewed by: vsevolod,delphij,rwatson,trasz,jmg
Approved by: so (delphij)
2015-06-30 17:00:45 +00:00
|
|
|
#include <sys/proc.h>
|
|
|
|
|
#include <sys/random.h>
|
|
|
|
|
#include <sys/sbuf.h>
|
2001-04-27 19:28:25 +00:00
|
|
|
#include <sys/smp.h>
|
2009-05-27 14:11:23 +00:00
|
|
|
#include <sys/sx.h>
|
2017-04-17 17:07:00 +00:00
|
|
|
#include <sys/vmmeter.h>
|
Huge cleanup of random(4) code.
* GENERAL
- Update copyright.
- Make kernel options for RANDOM_YARROW and RANDOM_DUMMY. Set
neither to ON, which means we want Fortuna
- If there is no 'device random' in the kernel, there will be NO
random(4) device in the kernel, and the KERN_ARND sysctl will
return nothing. With RANDOM_DUMMY there will be a random(4) that
always blocks.
- Repair kern.arandom (KERN_ARND sysctl). The old version went
through arc4random(9) and was a bit weird.
- Adjust arc4random stirring a bit - the existing code looks a little
suspect.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Redo read_random(9) so as to duplicate random(4)'s read internals.
This makes it a first-class citizen rather than a hack.
- Move stuff out of locked regions when it does not need to be
there.
- Trim RANDOM_DEBUG printfs. Some are excess to requirement, some
behind boot verbose.
- Use SYSINIT to sequence the startup.
- Fix init/deinit sysctl stuff.
- Make relevant sysctls also tunables.
- Add different harvesting "styles" to allow for different requirements
(direct, queue, fast).
- Add harvesting of FFS atime events. This needs to be checked for
weighing down the FS code.
- Add harvesting of slab allocator events. This needs to be checked for
weighing down the allocator code.
- Fix the random(9) manpage.
- Loadable modules are not present for now. These will be re-engineered
when the dust settles.
- Use macros for locks.
- Fix comments.
* src/share/man/...
- Update the man pages.
* src/etc/...
- The startup/shutdown work is done in D2924.
* src/UPDATING
- Add UPDATING announcement.
* src/sys/dev/random/build.sh
- Add copyright.
- Add libz for unit tests.
* src/sys/dev/random/dummy.c
- Remove; no longer needed. Functionality incorporated into randomdev.*.
* live_entropy_sources.c live_entropy_sources.h
- Remove; content moved.
- move content to randomdev.[ch] and optimise.
* src/sys/dev/random/random_adaptors.c src/sys/dev/random/random_adaptors.h
- Remove; plugability is no longer used. Compile-time algorithm
selection is the way to go.
* src/sys/dev/random/random_harvestq.c src/sys/dev/random/random_harvestq.h
- Add early (re)boot-time randomness caching.
* src/sys/dev/random/randomdev_soft.c src/sys/dev/random/randomdev_soft.h
- Remove; no longer needed.
* src/sys/dev/random/uint128.h
- Provide a fake uint128_t; if a real one ever arrived, we can use
that instead. All that is needed here is N=0, N++, N==0, and some
localised trickery is used to manufacture a 128-bit 0ULLL.
* src/sys/dev/random/unit_test.c src/sys/dev/random/unit_test.h
- Improve unit tests; previously the testing human needed clairvoyance;
now the test will do a basic check of compressibility. Clairvoyant
talent is still a good idea.
- This is still a long way off a proper unit test.
* src/sys/dev/random/fortuna.c src/sys/dev/random/fortuna.h
- Improve messy union to just uint128_t.
- Remove unneeded 'static struct fortuna_start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
* src/sys/dev/random/yarrow.c src/sys/dev/random/yarrow.h
- Improve messy union to just uint128_t.
- Remove unneeded 'staic struct start_cache'.
- Tighten up up arithmetic.
- Provide a method to allow eternal junk to be introduced; harden
it against blatant by compress/hashing.
- Assert that locks are held correctly.
- Fix the nasty pre- and post-read overloading by providing explictit
functions to do these tasks.
- Turn into self-sufficient module (no longer requires randomdev_soft.[ch])
- Fix some magic numbers elsewhere used as FAST and SLOW.
Differential Revision: https://reviews.freebsd.org/D2025
Reviewed by: vsevolod,delphij,rwatson,trasz,jmg
Approved by: so (delphij)
2015-06-30 17:00:45 +00:00
|
|
|
#include <sys/sysctl.h>
|
|
|
|
|
#include <sys/systm.h>
|
2002-10-13 14:26:29 +00:00
|
|
|
#include <sys/unistd.h>
|
1997-08-30 02:52:04 +00:00
|
|
|
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(0, sysctl, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"Sysctl internal magic");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_KERN, kern, CTLFLAG_RW|CTLFLAG_CAPRD, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"High kernel, proc, limits &c");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_VM, vm, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"Virtual memory");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_VFS, vfs, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"File system");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_NET, net, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"Network, (see socket.h)");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_DEBUG, debug, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"Debugging");
|
1999-07-19 09:13:12 +00:00
|
|
|
SYSCTL_NODE(_debug, OID_AUTO, sizeof, CTLFLAG_RW, 0,
|
|
|
|
|
"Sizeof various things");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_HW, hw, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"hardware");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_MACHDEP, machdep, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"machine dependent");
|
Create a new sysctl subtree, machdep.mitigations. Its purpose is to organize
knobs and indicators for code that mitigates functional and security issues
in the architecture/platform. Controls for regular operational policy should
still go into places security, hw, kern, etc.
The machdep root node is inherently architecture dependent, but mitigations
tend to be architecture dependent as well. Some cases like Spectre do cross
architectural boundaries, but the mitigation code for them tends to be
architecture dependent anyways, and multiple architectures won't be active
in the same image of the kernel.
Many mitigation knobs already exist in the system, and they will be moved
with compat naming in the future. Going forward, mitigations should collect
in machdep.mitigations.
Reviewed by: imp, brooks, rwatson, emaste, jhb
Sponsored by: Intel
2019-11-15 23:27:17 +00:00
|
|
|
SYSCTL_NODE(_machdep, OID_AUTO, mitigations, CTLFLAG_RW, 0,
|
|
|
|
|
"Machine dependent platform mitigations.");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_USER, user, CTLFLAG_RW, 0,
|
1996-04-07 13:03:06 +00:00
|
|
|
"user-level");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(CTL_P1003_1B, p1003_1b, CTLFLAG_RW, 0,
|
1998-03-28 11:51:01 +00:00
|
|
|
"p1003_1b, (see p1003_1b.h)");
|
1998-03-04 10:25:55 +00:00
|
|
|
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(OID_AUTO, compat, CTLFLAG_RW, 0,
|
1999-08-27 19:47:41 +00:00
|
|
|
"Compatibility code");
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(OID_AUTO, security, CTLFLAG_RW, 0,
|
2002-01-16 06:55:30 +00:00
|
|
|
"Security");
|
2001-11-08 15:31:19 +00:00
|
|
|
#ifdef REGRESSION
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_ROOT_NODE(OID_AUTO, regression, CTLFLAG_RW, 0,
|
2001-11-08 15:31:19 +00:00
|
|
|
"Regression test MIB");
|
|
|
|
|
#endif
|
1999-08-27 19:47:41 +00:00
|
|
|
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
SYSCTL_STRING(_kern, OID_AUTO, ident, CTLFLAG_RD|CTLFLAG_MPSAFE,
|
2003-06-09 18:19:33 +00:00
|
|
|
kern_ident, 0, "Kernel identifier");
|
2003-06-09 10:54:23 +00:00
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_OSREV, osrevision, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, BSD, "Operating system revision");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
SYSCTL_STRING(_kern, KERN_VERSION, version, CTLFLAG_RD|CTLFLAG_MPSAFE,
|
1999-05-03 23:57:32 +00:00
|
|
|
version, 0, "Kernel version");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2013-02-02 14:19:50 +00:00
|
|
|
SYSCTL_STRING(_kern, OID_AUTO, compiler_version, CTLFLAG_RD|CTLFLAG_MPSAFE,
|
2013-02-02 11:58:35 +00:00
|
|
|
compiler_version, 0, "Version of compiler used to compile kernel");
|
|
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_STRING(_kern, KERN_OSTYPE, ostype, CTLFLAG_RD|CTLFLAG_MPSAFE|
|
|
|
|
|
CTLFLAG_CAPRD, ostype, 0, "Operating system type");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_MAXPROC, maxproc, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
|
1999-05-03 23:57:32 +00:00
|
|
|
&maxproc, 0, "Maximum number of processes");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW,
|
1999-05-03 23:57:32 +00:00
|
|
|
&maxprocperuid, 0, "Maximum processes allowed per userid");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_INT(_kern, OID_AUTO, maxusers, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
|
2001-07-26 23:04:03 +00:00
|
|
|
&maxusers, 0, "Hint for kernel tuning");
|
|
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_ARGMAX, argmax, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, ARG_MAX, "Maximum bytes of argument to execve(2)");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, _POSIX_VERSION, "Version of POSIX attempting to comply to");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RDTUN |
|
|
|
|
|
CTLFLAG_NOFETCH | CTLFLAG_CAPRD, &ngroups_max, 0,
|
2010-01-09 23:22:31 +00:00
|
|
|
"Maximum number of supplemental groups a user can belong to");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 1, "Whether job control is available");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
|
|
|
|
#ifdef _POSIX_SAVED_IDS
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 1, "Whether saved set-group/user ID is available");
|
1996-04-07 13:03:06 +00:00
|
|
|
#else
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether saved set-group/user ID is available");
|
1996-04-07 13:03:06 +00:00
|
|
|
#endif
|
|
|
|
|
|
2019-06-24 20:34:53 +00:00
|
|
|
char kernelname[MAXPATHLEN] = PATH_KERNEL; /* XXX bloat */
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2016-10-19 19:42:01 +00:00
|
|
|
SYSCTL_STRING(_kern, KERN_BOOTFILE, bootfile, CTLFLAG_RW | CTLFLAG_MPSAFE,
|
1999-05-03 23:57:32 +00:00
|
|
|
kernelname, sizeof kernelname, "Name of kernel file booted");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2016-09-29 23:07:28 +00:00
|
|
|
SYSCTL_INT(_kern, KERN_MAXPHYS, maxphys, CTLFLAG_RD | CTLFLAG_CAPRD,
|
|
|
|
|
SYSCTL_NULL_INT_PTR, MAXPHYS, "Maximum block I/O access size");
|
|
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_hw, HW_NCPU, ncpu, CTLFLAG_RD|CTLFLAG_CAPRD,
|
1999-05-03 23:57:32 +00:00
|
|
|
&mp_ncpus, 0, "Number of active CPUs");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_hw, HW_BYTEORDER, byteorder, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, BYTE_ORDER, "System byte order");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2011-07-17 23:05:24 +00:00
|
|
|
SYSCTL_INT(_hw, HW_PAGESIZE, pagesize, CTLFLAG_RD|CTLFLAG_CAPRD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, PAGE_SIZE, "System memory page size");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2007-05-19 04:53:14 +00:00
|
|
|
static int
|
|
|
|
|
sysctl_kern_arnd(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
2008-02-17 16:44:48 +00:00
|
|
|
char buf[256];
|
|
|
|
|
size_t len;
|
|
|
|
|
|
random(4): Block read_random(9) on initial seeding
read_random() is/was used, mostly without error checking, in a lot of
very sensitive places in the kernel -- including seeding the widely used
arc4random(9).
Most uses, especially arc4random(9), should block until the device is seeded
rather than proceeding with a bogus or empty seed. I did not spy any
obvious kernel consumers where blocking would be inappropriate (in the
sense that lack of entropy would be ok -- I did not investigate locking
angle thoroughly). In many instances, arc4random_buf(9) or that family
of APIs would be more appropriate anyway; that work was done in r345865.
A minor cleanup was made to the implementation of the READ_RANDOM function:
instead of using a variable-length array on the stack to temporarily store
all full random blocks sufficient to satisfy the requested 'len', only store
a single block on the stack. This has some benefit in terms of reducing
stack usage, reducing memcpy overhead and reducing devrandom output leakage
via the stack. Additionally, the stack block is now safely zeroed if it was
used.
One caveat of this change is that the kern.arandom sysctl no longer returns
zero bytes immediately if the random device is not seeded. This means that
FreeBSD-specific userspace applications which attempted to handle an
unseeded random device may be broken by this change. If such behavior is
needed, it can be replaced by the more portable getrandom(2) GRND_NONBLOCK
option.
On any typical FreeBSD system, entropy is persisted on read/write media and
used to seed the random device very early in boot, and blocking is never a
problem.
This change primarily impacts the behavior of /dev/random on embedded
systems with read-only media that do not configure "nodevice random". We
toggle the default from 'charge on blindly with no entropy' to 'block
indefinitely.' This default is safer, but may cause frustration. Embedded
system designers using FreeBSD have several options. The most obvious is to
plan to have a small writable NVRAM or NAND to persist entropy, like larger
systems. Early entropy can be fed from any loader, or by writing directly
to /dev/random during boot. Some embedded SoCs now provide a fast hardware
entropy source; this would also work for quickly seeding Fortuna. A 3rd
option would be creating an embedded-specific, more simplistic random
module, like that designed by DJB in [1] (this design still requires a small
rewritable media for forward secrecy). Finally, the least preferred option
might be "nodevice random", although I plan to remove this in a subsequent
revision.
To help developers emulate the behavior of these embedded systems on
ordinary workstations, the tunable kern.random.block_seeded_status was
added. When set to 1, it blocks the random device.
I attempted to document this change in random.4 and random.9 and ran into a
bunch of out-of-date or irrelevant or inaccurate content and ended up
rototilling those documents more than I intended to. Sorry. I think
they're in a better state now.
PR: 230875
Reviewed by: delphij, markm (earlier version)
Approved by: secteam(delphij), devrandom(markm)
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D19744
2019-04-15 18:40:36 +00:00
|
|
|
len = MIN(req->oldlen, sizeof(buf));
|
|
|
|
|
read_random(buf, len);
|
2008-02-17 16:44:48 +00:00
|
|
|
return (SYSCTL_OUT(req, buf, len));
|
2007-05-19 04:53:14 +00:00
|
|
|
}
|
|
|
|
|
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
SYSCTL_PROC(_kern, KERN_ARND, arandom,
|
2011-07-17 23:05:24 +00:00
|
|
|
CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_CAPRD, NULL, 0,
|
Mark most often used sysctl's as MPSAFE.
After running a `make buildkernel', I noticed most of the Giant locks in
sysctl are only caused by a very small amount of sysctl's:
- sysctl.name2oid. This one is locked by SYSCTL_LOCK, just like
sysctl.oidfmt.
- kern.ident, kern.osrelease, kern.version, etc. These are just constant
strings.
- kern.arandom, used by the stack protector. It is already protected by
arc4_mtx.
I also saw the following sysctl's show up. Not as often as the ones
above, but still quite often:
- security.jail.jailed. Also mark security.jail.list as MPSAFE. They
don't need locking or already use allprison_lock.
- kern.devname, used by devname(3), ttyname(3), etc.
This seems to reduce Giant locking inside sysctl by ~75% in my primitive
test setup.
2009-01-28 19:58:05 +00:00
|
|
|
sysctl_kern_arnd, "", "arc4rand");
|
2007-05-19 04:53:14 +00:00
|
|
|
|
2002-11-07 23:57:17 +00:00
|
|
|
static int
|
|
|
|
|
sysctl_hw_physmem(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
2018-12-29 15:55:44 +00:00
|
|
|
u_long val, p;
|
2002-11-07 23:57:17 +00:00
|
|
|
|
2018-12-29 15:55:44 +00:00
|
|
|
p = SIZE_T_MAX >> PAGE_SHIFT;
|
|
|
|
|
if (physmem < p)
|
|
|
|
|
p = physmem;
|
|
|
|
|
val = ctob(p);
|
2002-11-07 23:57:17 +00:00
|
|
|
return (sysctl_handle_long(oidp, &val, 0, req));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_hw, HW_PHYSMEM, physmem, CTLTYPE_ULONG | CTLFLAG_RD,
|
2019-03-23 19:53:15 +00:00
|
|
|
0, 0, sysctl_hw_physmem, "LU",
|
|
|
|
|
"Amount of physical memory (in bytes)");
|
2002-11-07 23:57:17 +00:00
|
|
|
|
|
|
|
|
static int
|
2005-02-28 21:42:56 +00:00
|
|
|
sysctl_hw_realmem(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
2018-12-29 15:55:44 +00:00
|
|
|
u_long val, p;
|
|
|
|
|
|
|
|
|
|
p = SIZE_T_MAX >> PAGE_SHIFT;
|
|
|
|
|
if (realmem < p)
|
|
|
|
|
p = realmem;
|
|
|
|
|
val = ctob(p);
|
2005-02-28 21:42:56 +00:00
|
|
|
return (sysctl_handle_long(oidp, &val, 0, req));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_hw, HW_REALMEM, realmem, CTLTYPE_ULONG | CTLFLAG_RD,
|
2019-03-23 19:53:15 +00:00
|
|
|
0, 0, sysctl_hw_realmem, "LU",
|
|
|
|
|
"Amount of memory (in bytes) reported by the firmware");
|
2018-12-29 15:55:44 +00:00
|
|
|
|
2005-02-28 21:42:56 +00:00
|
|
|
static int
|
2002-11-07 23:57:17 +00:00
|
|
|
sysctl_hw_usermem(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
2018-12-29 15:55:44 +00:00
|
|
|
u_long val, p, p1;
|
2002-11-07 23:57:17 +00:00
|
|
|
|
2018-12-29 15:55:44 +00:00
|
|
|
p1 = physmem - vm_wire_count();
|
|
|
|
|
p = SIZE_T_MAX >> PAGE_SHIFT;
|
|
|
|
|
if (p1 < p)
|
|
|
|
|
p = p1;
|
|
|
|
|
val = ctob(p);
|
2002-11-07 23:57:17 +00:00
|
|
|
return (sysctl_handle_long(oidp, &val, 0, req));
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_hw, HW_USERMEM, usermem, CTLTYPE_ULONG | CTLFLAG_RD,
|
2019-03-23 19:53:15 +00:00
|
|
|
0, 0, sysctl_hw_usermem, "LU",
|
|
|
|
|
"Amount of memory (in bytes) which is not wired");
|
2002-11-07 23:57:17 +00:00
|
|
|
|
2019-03-23 19:53:15 +00:00
|
|
|
SYSCTL_LONG(_hw, OID_AUTO, availpages, CTLFLAG_RD, &physmem, 0,
|
|
|
|
|
"Amount of physical memory (in pages)");
|
2002-11-07 23:57:17 +00:00
|
|
|
|
2009-09-18 17:04:57 +00:00
|
|
|
u_long pagesizes[MAXPAGESIZES] = { PAGE_SIZE };
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sysctl_hw_pagesizes(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
#ifdef SCTL_MASK32
|
|
|
|
|
int i;
|
|
|
|
|
uint32_t pagesizes32[MAXPAGESIZES];
|
|
|
|
|
|
|
|
|
|
if (req->flags & SCTL_MASK32) {
|
|
|
|
|
/*
|
|
|
|
|
* Recreate the "pagesizes" array with 32-bit elements. Truncate
|
|
|
|
|
* any page size greater than UINT32_MAX to zero.
|
|
|
|
|
*/
|
|
|
|
|
for (i = 0; i < MAXPAGESIZES; i++)
|
|
|
|
|
pagesizes32[i] = (uint32_t)pagesizes[i];
|
|
|
|
|
|
|
|
|
|
error = SYSCTL_OUT(req, pagesizes32, sizeof(pagesizes32));
|
|
|
|
|
} else
|
|
|
|
|
#endif
|
|
|
|
|
error = SYSCTL_OUT(req, pagesizes, sizeof(pagesizes));
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
SYSCTL_PROC(_hw, OID_AUTO, pagesizes, CTLTYPE_ULONG | CTLFLAG_RD,
|
|
|
|
|
NULL, 0, sysctl_hw_pagesizes, "LU", "Supported page sizes");
|
|
|
|
|
|
2010-07-22 09:13:49 +00:00
|
|
|
#ifdef SCTL_MASK32
|
|
|
|
|
int adaptive_machine_arch = 1;
|
|
|
|
|
SYSCTL_INT(_debug, OID_AUTO, adaptive_machine_arch, CTLFLAG_RW,
|
|
|
|
|
&adaptive_machine_arch, 1,
|
|
|
|
|
"Adapt reported machine architecture to the ABI of the binary");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sysctl_hw_machine_arch(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
int error;
|
|
|
|
|
static const char machine_arch[] = MACHINE_ARCH;
|
|
|
|
|
#ifdef SCTL_MASK32
|
|
|
|
|
static const char machine_arch32[] = MACHINE_ARCH32;
|
|
|
|
|
|
|
|
|
|
if ((req->flags & SCTL_MASK32) != 0 && adaptive_machine_arch)
|
|
|
|
|
error = SYSCTL_OUT(req, machine_arch32, sizeof(machine_arch32));
|
|
|
|
|
else
|
|
|
|
|
#endif
|
|
|
|
|
error = SYSCTL_OUT(req, machine_arch, sizeof(machine_arch));
|
|
|
|
|
return (error);
|
|
|
|
|
|
|
|
|
|
}
|
2016-10-19 19:42:01 +00:00
|
|
|
SYSCTL_PROC(_hw, HW_MACHINE_ARCH, machine_arch, CTLTYPE_STRING | CTLFLAG_RD |
|
|
|
|
|
CTLFLAG_MPSAFE, NULL, 0, sysctl_hw_machine_arch, "A",
|
|
|
|
|
"System architecture");
|
1997-08-29 09:03:40 +00:00
|
|
|
|
2013-12-04 16:38:40 +00:00
|
|
|
SYSCTL_STRING(_kern, OID_AUTO, supported_archs, CTLFLAG_RD | CTLFLAG_MPSAFE,
|
Add new sysctl, kern.supported_abis, containing the list of FreeBSD
MACHINE_ARCH values whose binaries this kernel can run. This patch provides
a feature requested for implementing pkgng ABI identifiers in a robust
way.
The list is designed to indicate whether, say, an i386 package can be run on
the current system. If kern.supported_abis contains "i386", then the answer
is yes. Otherwise, the answer is no.
At the moment, this only supports MACHINE_ARCH and MACHINE_ARCH32. As we
gain support for more interesting combinations, this needs to become more
flexible, possibily through the sysent framework, along with the
hw.machine_arch emulation immediately preceding this code in kern_mib.c.
Reviewed by: imp
MFC after: 3 days
2013-12-02 00:44:36 +00:00
|
|
|
#ifdef COMPAT_FREEBSD32
|
2013-12-04 16:38:40 +00:00
|
|
|
MACHINE_ARCH " " MACHINE_ARCH32, 0, "Supported architectures for binaries");
|
Add new sysctl, kern.supported_abis, containing the list of FreeBSD
MACHINE_ARCH values whose binaries this kernel can run. This patch provides
a feature requested for implementing pkgng ABI identifiers in a robust
way.
The list is designed to indicate whether, say, an i386 package can be run on
the current system. If kern.supported_abis contains "i386", then the answer
is yes. Otherwise, the answer is no.
At the moment, this only supports MACHINE_ARCH and MACHINE_ARCH32. As we
gain support for more interesting combinations, this needs to become more
flexible, possibily through the sysent framework, along with the
hw.machine_arch emulation immediately preceding this code in kern_mib.c.
Reviewed by: imp
MFC after: 3 days
2013-12-02 00:44:36 +00:00
|
|
|
#else
|
2013-12-04 16:38:40 +00:00
|
|
|
MACHINE_ARCH, 0, "Supported architectures for binaries");
|
Add new sysctl, kern.supported_abis, containing the list of FreeBSD
MACHINE_ARCH values whose binaries this kernel can run. This patch provides
a feature requested for implementing pkgng ABI identifiers in a robust
way.
The list is designed to indicate whether, say, an i386 package can be run on
the current system. If kern.supported_abis contains "i386", then the answer
is yes. Otherwise, the answer is no.
At the moment, this only supports MACHINE_ARCH and MACHINE_ARCH32. As we
gain support for more interesting combinations, this needs to become more
flexible, possibily through the sysent framework, along with the
hw.machine_arch emulation immediately preceding this code in kern_mib.c.
Reviewed by: imp
MFC after: 3 days
2013-12-02 00:44:36 +00:00
|
|
|
#endif
|
|
|
|
|
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
static int
|
2000-07-04 11:25:35 +00:00
|
|
|
sysctl_hostname(SYSCTL_HANDLER_ARGS)
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
{
|
2009-05-29 21:27:12 +00:00
|
|
|
struct prison *pr, *cpr;
|
|
|
|
|
size_t pr_offset;
|
|
|
|
|
char tmpname[MAXHOSTNAMELEN];
|
|
|
|
|
int descend, error, len;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* This function can set: hostname domainname hostuuid.
|
|
|
|
|
* Keep that in mind when comments say "hostname".
|
|
|
|
|
*/
|
|
|
|
|
pr_offset = (size_t)arg1;
|
|
|
|
|
len = arg2;
|
|
|
|
|
KASSERT(len <= sizeof(tmpname),
|
|
|
|
|
("length %d too long for %s", len, __func__));
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
|
2002-02-27 18:32:23 +00:00
|
|
|
pr = req->td->td_ucred->cr_prison;
|
2009-05-29 21:27:12 +00:00
|
|
|
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
|
|
|
|
|
return (EPERM);
|
|
|
|
|
/*
|
|
|
|
|
* Make a local copy of hostname to get/set so we don't have to hold
|
|
|
|
|
* the jail mutex during the sysctl copyin/copyout activities.
|
|
|
|
|
*/
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
|
bcopy((char *)pr + pr_offset, tmpname, len);
|
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
|
|
|
|
|
|
error = sysctl_handle_string(oidp, tmpname, len, req);
|
|
|
|
|
|
|
|
|
|
if (req->newptr != NULL && error == 0) {
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
/*
|
2009-05-29 21:27:12 +00:00
|
|
|
* Copy the locally set hostname to all jails that share
|
|
|
|
|
* this host info.
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
*/
|
2009-05-29 21:27:12 +00:00
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
|
while (!(pr->pr_flags & PR_HOST))
|
|
|
|
|
pr = pr->pr_parent;
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
mtx_lock(&pr->pr_mtx);
|
2009-05-29 21:27:12 +00:00
|
|
|
bcopy(tmpname, (char *)pr + pr_offset, len);
|
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
|
|
|
|
|
if (cpr->pr_flags & PR_HOST)
|
|
|
|
|
descend = 0;
|
|
|
|
|
else
|
|
|
|
|
bcopy(tmpname, (char *)cpr + pr_offset, len);
|
o Introduce pr_mtx into struct prison, providing protection for the
mutable contents of struct prison (hostname, securelevel, refcount,
pr_linux, ...)
o Generally introduce mtx_lock()/mtx_unlock() calls throughout kern/
so as to enforce these protections, in particular, in kern_mib.c
protection sysctl access to the hostname and securelevel, as well as
kern_prot.c access to the securelevel for access control purposes.
o Rewrite linux emulator abstractions for accessing per-jail linux
mib entries (osname, osrelease, osversion) so that they don't return
a pointer to the text in the struct linux_prison, rather, a copy
to an array passed into the calls. Likewise, update linprocfs to
use these primitives.
o Update in_pcb.c to always use prison_getip() rather than directly
accessing struct prison.
Reviewed by: jhb
2001-12-03 16:12:27 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
2009-05-29 21:27:12 +00:00
|
|
|
sx_sunlock(&allprison_lock);
|
2008-07-05 13:10:10 +00:00
|
|
|
}
|
This Implements the mumbled about "Jail" feature.
This is a seriously beefed up chroot kind of thing. The process
is jailed along the same lines as a chroot does it, but with
additional tough restrictions imposed on what the superuser can do.
For all I know, it is safe to hand over the root bit inside a
prison to the customer living in that prison, this is what
it was developed for in fact: "real virtual servers".
Each prison has an ip number associated with it, which all IP
communications will be coerced to use and each prison has its own
hostname.
Needless to say, you need more RAM this way, but the advantage is
that each customer can run their own particular version of apache
and not stomp on the toes of their neighbors.
It generally does what one would expect, but setting up a jail
still takes a little knowledge.
A few notes:
I have no scripts for setting up a jail, don't ask me for them.
The IP number should be an alias on one of the interfaces.
mount a /proc in each jail, it will make ps more useable.
/proc/<pid>/status tells the hostname of the prison for
jailed processes.
Quotas are only sensible if you have a mountpoint per prison.
There are no privisions for stopping resource-hogging.
Some "#ifdef INET" and similar may be missing (send patches!)
If somebody wants to take it from here and develop it into
more of a "virtual machine" they should be most welcome!
Tools, comments, patches & documentation most welcome.
Have fun...
Sponsored by: http://www.rndassociates.com/
Run for almost a year by: http://www.servetheweb.com/
1999-04-28 11:38:52 +00:00
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname,
|
2016-09-29 16:29:49 +00:00
|
|
|
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
|
2009-06-13 15:39:12 +00:00
|
|
|
(void *)(offsetof(struct prison, pr_hostname)), MAXHOSTNAMELEN,
|
2009-05-29 21:27:12 +00:00
|
|
|
sysctl_hostname, "A", "Hostname");
|
|
|
|
|
SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname,
|
2016-09-29 16:29:49 +00:00
|
|
|
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
|
2009-06-13 15:39:12 +00:00
|
|
|
(void *)(offsetof(struct prison, pr_domainname)), MAXHOSTNAMELEN,
|
2009-05-29 21:27:12 +00:00
|
|
|
sysctl_hostname, "A", "Name of the current YP/NIS domain");
|
|
|
|
|
SYSCTL_PROC(_kern, KERN_HOSTUUID, hostuuid,
|
2016-09-29 16:29:49 +00:00
|
|
|
CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
|
2009-06-13 15:39:12 +00:00
|
|
|
(void *)(offsetof(struct prison, pr_hostuuid)), HOSTUUIDLEN,
|
2009-05-29 21:27:12 +00:00
|
|
|
sysctl_hostname, "A", "Host UUID");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2001-11-08 15:31:19 +00:00
|
|
|
static int regression_securelevel_nonmonotonic = 0;
|
2001-10-07 03:51:22 +00:00
|
|
|
|
2001-11-28 21:22:05 +00:00
|
|
|
#ifdef REGRESSION
|
2001-10-07 03:51:22 +00:00
|
|
|
SYSCTL_INT(_regression, OID_AUTO, securelevel_nonmonotonic, CTLFLAG_RW,
|
|
|
|
|
®ression_securelevel_nonmonotonic, 0, "securelevel may be lowered");
|
2001-11-08 15:31:19 +00:00
|
|
|
#endif
|
2001-10-07 03:51:22 +00:00
|
|
|
|
1996-04-07 13:03:06 +00:00
|
|
|
static int
|
2000-07-04 11:25:35 +00:00
|
|
|
sysctl_kern_securelvl(SYSCTL_HANDLER_ARGS)
|
1996-04-07 13:03:06 +00:00
|
|
|
{
|
2009-05-27 14:11:23 +00:00
|
|
|
struct prison *pr, *cpr;
|
|
|
|
|
int descend, error, level;
|
2001-11-06 19:56:58 +00:00
|
|
|
|
2002-02-27 18:32:23 +00:00
|
|
|
pr = req->td->td_ucred->cr_prison;
|
2001-11-06 20:09:33 +00:00
|
|
|
|
2001-11-06 19:56:58 +00:00
|
|
|
/*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Reading the securelevel is easy, since the current jail's level
|
|
|
|
|
* is known to be at least as secure as any higher levels. Perform
|
|
|
|
|
* a lockless read since the securelevel is an integer.
|
2001-11-06 19:56:58 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
level = pr->pr_securelevel;
|
2001-11-06 19:56:58 +00:00
|
|
|
error = sysctl_handle_int(oidp, &level, 0, req);
|
|
|
|
|
if (error || !req->newptr)
|
|
|
|
|
return (error);
|
2009-05-27 14:11:23 +00:00
|
|
|
/* Permit update only if the new securelevel exceeds the old. */
|
|
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
|
if (!regression_securelevel_nonmonotonic &&
|
|
|
|
|
level < pr->pr_securelevel) {
|
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
|
sx_sunlock(&allprison_lock);
|
|
|
|
|
return (EPERM);
|
|
|
|
|
}
|
|
|
|
|
pr->pr_securelevel = level;
|
2001-11-06 19:56:58 +00:00
|
|
|
/*
|
2009-05-27 14:11:23 +00:00
|
|
|
* Set all child jails to be at least this level, but do not lower
|
|
|
|
|
* them (even if regression_securelevel_nonmonotonic).
|
2001-11-06 19:56:58 +00:00
|
|
|
*/
|
2009-05-27 14:11:23 +00:00
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) {
|
|
|
|
|
if (cpr->pr_securelevel < level)
|
|
|
|
|
cpr->pr_securelevel = level;
|
2001-11-06 19:56:58 +00:00
|
|
|
}
|
2009-05-27 14:11:23 +00:00
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
|
sx_sunlock(&allprison_lock);
|
2001-11-06 19:56:58 +00:00
|
|
|
return (error);
|
1996-04-07 13:03:06 +00:00
|
|
|
}
|
|
|
|
|
|
2001-09-26 20:39:48 +00:00
|
|
|
SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel,
|
|
|
|
|
CTLTYPE_INT|CTLFLAG_RW|CTLFLAG_PRISON, 0, 0, sysctl_kern_securelvl,
|
|
|
|
|
"I", "Current secure level");
|
2000-06-07 18:54:41 +00:00
|
|
|
|
2007-05-16 16:08:04 +00:00
|
|
|
#ifdef INCLUDE_CONFIG_FILE
|
2007-05-12 19:38:18 +00:00
|
|
|
/* Actual kernel configuration options. */
|
|
|
|
|
extern char kernconfstring[];
|
|
|
|
|
|
2016-10-19 19:42:01 +00:00
|
|
|
SYSCTL_STRING(_kern, OID_AUTO, conftxt, CTLFLAG_RD | CTLFLAG_MPSAFE,
|
|
|
|
|
kernconfstring, 0, "Kernel configuration file");
|
2007-05-17 05:05:12 +00:00
|
|
|
#endif
|
2007-05-12 19:38:18 +00:00
|
|
|
|
2008-07-05 13:10:10 +00:00
|
|
|
static int
|
2009-05-29 21:27:12 +00:00
|
|
|
sysctl_hostid(SYSCTL_HANDLER_ARGS)
|
2008-07-05 13:10:10 +00:00
|
|
|
{
|
2009-05-29 21:27:12 +00:00
|
|
|
struct prison *pr, *cpr;
|
|
|
|
|
u_long tmpid;
|
|
|
|
|
int descend, error;
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Like sysctl_hostname, except it operates on a u_long
|
|
|
|
|
* instead of a string, and is used only for hostid.
|
|
|
|
|
*/
|
|
|
|
|
pr = req->td->td_ucred->cr_prison;
|
|
|
|
|
if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME) && req->newptr)
|
|
|
|
|
return (EPERM);
|
|
|
|
|
tmpid = pr->pr_hostid;
|
|
|
|
|
error = sysctl_handle_long(oidp, &tmpid, 0, req);
|
|
|
|
|
|
2008-07-05 13:10:10 +00:00
|
|
|
if (req->newptr != NULL && error == 0) {
|
2009-05-29 21:27:12 +00:00
|
|
|
sx_slock(&allprison_lock);
|
|
|
|
|
while (!(pr->pr_flags & PR_HOST))
|
|
|
|
|
pr = pr->pr_parent;
|
|
|
|
|
mtx_lock(&pr->pr_mtx);
|
|
|
|
|
pr->pr_hostid = tmpid;
|
|
|
|
|
FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
|
|
|
|
|
if (cpr->pr_flags & PR_HOST)
|
|
|
|
|
descend = 0;
|
|
|
|
|
else
|
|
|
|
|
cpr->pr_hostid = tmpid;
|
|
|
|
|
mtx_unlock(&pr->pr_mtx);
|
|
|
|
|
sx_sunlock(&allprison_lock);
|
2008-07-05 13:10:10 +00:00
|
|
|
}
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
|
|
|
|
|
2009-05-29 21:27:12 +00:00
|
|
|
SYSCTL_PROC(_kern, KERN_HOSTID, hostid,
|
2016-02-23 23:37:10 +00:00
|
|
|
CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE | CTLFLAG_CAPRD,
|
2009-05-29 21:27:12 +00:00
|
|
|
NULL, 0, sysctl_hostid, "LU", "Host ID");
|
1996-04-07 13:03:06 +00:00
|
|
|
|
2015-02-27 16:28:55 +00:00
|
|
|
/*
|
|
|
|
|
* The osrelease string is copied from the global (osrelease in vers.c) into
|
|
|
|
|
* prison0 by a sysinit and is inherited by child jails if not changed at jail
|
|
|
|
|
* creation, so we always return the copy from the current prison data.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
sysctl_osrelease(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
struct prison *pr;
|
|
|
|
|
|
|
|
|
|
pr = req->td->td_ucred->cr_prison;
|
|
|
|
|
return (SYSCTL_OUT(req, pr->pr_osrelease, strlen(pr->pr_osrelease) + 1));
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SYSCTL_PROC(_kern, KERN_OSRELEASE, osrelease,
|
|
|
|
|
CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
|
|
|
|
|
NULL, 0, sysctl_osrelease, "A", "Operating system release");
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The osreldate number is copied from the global (osreldate in vers.c) into
|
|
|
|
|
* prison0 by a sysinit and is inherited by child jails if not changed at jail
|
|
|
|
|
* creation, so we always return the value from the current prison data.
|
|
|
|
|
*/
|
|
|
|
|
static int
|
|
|
|
|
sysctl_osreldate(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
struct prison *pr;
|
|
|
|
|
|
|
|
|
|
pr = req->td->td_ucred->cr_prison;
|
|
|
|
|
return (SYSCTL_OUT(req, &pr->pr_osreldate, sizeof(pr->pr_osreldate)));
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* NOTICE: The *userland* release date is available in
|
|
|
|
|
* /usr/include/osreldate.h
|
|
|
|
|
*/
|
|
|
|
|
SYSCTL_PROC(_kern, KERN_OSRELDATE, osreldate,
|
|
|
|
|
CTLTYPE_INT | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
|
|
|
|
|
NULL, 0, sysctl_osreldate, "I", "Kernel release date");
|
|
|
|
|
|
2019-06-04 13:07:10 +00:00
|
|
|
/*
|
2019-06-04 13:45:30 +00:00
|
|
|
* The build-id is copied from the ELF section .note.gnu.build-id. The linker
|
|
|
|
|
* script defines two variables to expose the beginning and end. LLVM
|
|
|
|
|
* currently uses a SHA-1 hash, but other formats can be supported by checking
|
2019-06-04 13:07:10 +00:00
|
|
|
* the length of the section.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
extern char __build_id_start[];
|
|
|
|
|
extern char __build_id_end[];
|
|
|
|
|
|
|
|
|
|
#define BUILD_ID_HEADER_LEN 0x10
|
|
|
|
|
#define BUILD_ID_HASH_MAXLEN 0x14
|
|
|
|
|
|
|
|
|
|
static int
|
|
|
|
|
sysctl_build_id(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
uintptr_t sectionlen = (uintptr_t)(__build_id_end - __build_id_start);
|
|
|
|
|
int hashlen;
|
|
|
|
|
char buf[2*BUILD_ID_HASH_MAXLEN+1];
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The ELF note section has a four byte length for the vendor name,
|
2019-06-04 13:45:30 +00:00
|
|
|
* four byte length for the value, and a four byte vendor specific
|
|
|
|
|
* type. The name for the build id is "GNU\0". We skip the first 16
|
|
|
|
|
* bytes to read the build hash. We will return the remaining bytes up
|
|
|
|
|
* to 20 (SHA-1) hash size. If the hash happens to be a custom number
|
|
|
|
|
* of bytes we will pad the value with zeros, as the section should be
|
2019-06-04 13:07:10 +00:00
|
|
|
* four byte aligned.
|
|
|
|
|
*/
|
|
|
|
|
if (sectionlen <= BUILD_ID_HEADER_LEN ||
|
|
|
|
|
sectionlen > (BUILD_ID_HEADER_LEN + BUILD_ID_HASH_MAXLEN)) {
|
2019-06-04 13:45:30 +00:00
|
|
|
return (ENOENT);
|
2019-06-04 13:07:10 +00:00
|
|
|
}
|
2019-06-04 13:45:30 +00:00
|
|
|
|
2019-06-04 13:07:10 +00:00
|
|
|
|
|
|
|
|
hashlen = sectionlen - BUILD_ID_HEADER_LEN;
|
|
|
|
|
for (int i = 0; i < hashlen; i++) {
|
2019-06-04 13:45:30 +00:00
|
|
|
uint8_t c = __build_id_start[i+BUILD_ID_HEADER_LEN];
|
|
|
|
|
snprintf(&buf[2*i], 3, "%02x", c);
|
2019-06-04 13:07:10 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (SYSCTL_OUT(req, buf, strlen(buf) + 1));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
SYSCTL_PROC(_kern, OID_AUTO, build_id,
|
|
|
|
|
CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
|
|
|
|
|
NULL, 0, sysctl_build_id, "A", "Operating system build-id");
|
|
|
|
|
|
2007-12-31 22:03:57 +00:00
|
|
|
SYSCTL_NODE(_kern, OID_AUTO, features, CTLFLAG_RD, 0, "Kernel Features");
|
|
|
|
|
|
2008-01-17 22:46:32 +00:00
|
|
|
#ifdef COMPAT_FREEBSD4
|
|
|
|
|
FEATURE(compat_freebsd4, "Compatible with FreeBSD 4");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD5
|
|
|
|
|
FEATURE(compat_freebsd5, "Compatible with FreeBSD 5");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD6
|
|
|
|
|
FEATURE(compat_freebsd6, "Compatible with FreeBSD 6");
|
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
#ifdef COMPAT_FREEBSD7
|
|
|
|
|
FEATURE(compat_freebsd7, "Compatible with FreeBSD 7");
|
|
|
|
|
#endif
|
|
|
|
|
|
1996-04-07 13:03:06 +00:00
|
|
|
/*
|
|
|
|
|
* This is really cheating. These actually live in the libc, something
|
2001-11-08 15:20:00 +00:00
|
|
|
* which I'm not quite sure is a good idea anyway, but in order for
|
1996-04-07 13:03:06 +00:00
|
|
|
* getnext and friends to actually work, we define dummies here.
|
2011-07-17 23:05:24 +00:00
|
|
|
*
|
|
|
|
|
* XXXRW: These probably should be CTLFLAG_CAPRD.
|
1996-04-07 13:03:06 +00:00
|
|
|
*/
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_STRING(_user, USER_CS_PATH, cs_path, CTLFLAG_RD,
|
1999-05-03 23:57:32 +00:00
|
|
|
"", 0, "PATH that finds all the standard utilities");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_BC_BASE_MAX, bc_base_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Max ibase/obase values in bc(1)");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_BC_DIM_MAX, bc_dim_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Max array size in bc(1)");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_BC_SCALE_MAX, bc_scale_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Max scale value in bc(1)");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_BC_STRING_MAX, bc_string_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Max string length in bc(1)");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_COLL_WEIGHTS_MAX, coll_weights_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Maximum number of weights assigned to an LC_COLLATE locale entry");
|
|
|
|
|
SYSCTL_INT(_user, USER_EXPR_NEST_MAX, expr_nest_max, CTLFLAG_RD,
|
|
|
|
|
SYSCTL_NULL_INT_PTR, 0, "");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_LINE_MAX, line_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Max length (bytes) of a text-processing utility's input line");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_RE_DUP_MAX, re_dup_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Maximum number of repeats of a regexp permitted");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_VERSION, posix2_version, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0,
|
1999-05-03 23:57:32 +00:00
|
|
|
"The version of POSIX 1003.2 with which the system attempts to comply");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_C_BIND, posix2_c_bind, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether C development supports the C bindings option");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_C_DEV, posix2_c_dev, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports the C development utilities option");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_CHAR_TERM, posix2_char_term, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_FORT_DEV, posix2_fort_dev, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports FORTRAN development utilities");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_FORT_RUN, posix2_fort_run, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports FORTRAN runtime utilities");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_LOCALEDEF, posix2_localedef, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports creation of locales");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_SW_DEV, posix2_sw_dev, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports software development utilities");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_POSIX2_UPE, posix2_upe, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Whether system supports the user portability utilities");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_STREAM_MAX, stream_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of streams a process may have open at one time");
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_user, USER_TZNAME_MAX, tzname_max, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of types supported for timezone names");
|
1999-07-19 09:13:12 +00:00
|
|
|
|
|
|
|
|
#include <sys/vnode.h>
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, vnode, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct vnode), "sizeof(struct vnode)");
|
1999-07-19 09:13:12 +00:00
|
|
|
|
2001-11-08 15:20:00 +00:00
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct proc), "sizeof(struct proc)");
|
1999-07-20 07:19:32 +00:00
|
|
|
|
2012-08-15 15:56:21 +00:00
|
|
|
static int
|
|
|
|
|
sysctl_kern_pid_max(SYSCTL_HANDLER_ARGS)
|
|
|
|
|
{
|
|
|
|
|
int error, pm;
|
|
|
|
|
|
|
|
|
|
pm = pid_max;
|
|
|
|
|
error = sysctl_handle_int(oidp, &pm, 0, req);
|
|
|
|
|
if (error || !req->newptr)
|
|
|
|
|
return (error);
|
|
|
|
|
sx_xlock(&proctree_lock);
|
|
|
|
|
sx_xlock(&allproc_lock);
|
2012-08-16 13:04:21 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Only permit the values less then PID_MAX.
|
|
|
|
|
* As a safety measure, do not allow to limit the pid_max too much.
|
|
|
|
|
*/
|
|
|
|
|
if (pm < 300 || pm > PID_MAX)
|
2012-08-15 15:56:21 +00:00
|
|
|
error = EINVAL;
|
|
|
|
|
else
|
|
|
|
|
pid_max = pm;
|
|
|
|
|
sx_xunlock(&allproc_lock);
|
|
|
|
|
sx_xunlock(&proctree_lock);
|
|
|
|
|
return (error);
|
|
|
|
|
}
|
2014-06-28 03:56:17 +00:00
|
|
|
SYSCTL_PROC(_kern, OID_AUTO, pid_max, CTLTYPE_INT |
|
|
|
|
|
CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE,
|
|
|
|
|
0, 0, sysctl_kern_pid_max, "I", "Maximum allowed pid");
|
2012-08-15 15:56:21 +00:00
|
|
|
|
2000-05-05 09:59:14 +00:00
|
|
|
#include <sys/bio.h>
|
2000-04-02 09:26:51 +00:00
|
|
|
#include <sys/buf.h>
|
|
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, bio, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct bio), "sizeof(struct bio)");
|
2000-04-02 09:26:51 +00:00
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, buf, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct buf), "sizeof(struct buf)");
|
2001-02-12 00:20:08 +00:00
|
|
|
|
|
|
|
|
#include <sys/user.h>
|
|
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, kinfo_proc, CTLFLAG_RD,
|
2014-10-21 07:31:21 +00:00
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct kinfo_proc), "sizeof(struct kinfo_proc)");
|
2003-01-04 22:07:48 +00:00
|
|
|
|
2015-11-12 22:00:59 +00:00
|
|
|
/* Used by kernel debuggers. */
|
|
|
|
|
const int pcb_size = sizeof(struct pcb);
|
|
|
|
|
SYSCTL_INT(_debug_sizeof, OID_AUTO, pcb, CTLFLAG_RD,
|
|
|
|
|
SYSCTL_NULL_INT_PTR, sizeof(struct pcb), "sizeof(struct pcb)");
|
|
|
|
|
|
2003-01-05 03:48:14 +00:00
|
|
|
/* XXX compatibility, remove for 6.0 */
|
|
|
|
|
#include <sys/imgact.h>
|
|
|
|
|
#include <sys/imgact_elf.h>
|
|
|
|
|
SYSCTL_INT(_kern, OID_AUTO, fallback_elf_brand, CTLFLAG_RW,
|
|
|
|
|
&__elfN(fallback_brand), sizeof(__elfN(fallback_brand)),
|
|
|
|
|
"compatibility for kern.fallback_elf_brand");
|
