Commit Graph

157 Commits

Author SHA1 Message Date
Ed Schouten
bc1ace0b96 Decompose linkat()/renameat() rights to source and target.
To make it easier to understand how Capsicum interacts with linkat() and
renameat(), rename the rights to CAP_{LINK,RENAME}AT_{SOURCE,TARGET}.

This also addresses a shortcoming in Capsicum, where it isn't possible
to disable linking to files stored in a directory. Creating hardlinks
essentially makes it possible to access files with additional rights.

Reviewed by:	rwatson, wblock
Differential Revision:	https://reviews.freebsd.org/D3411
2015-08-27 15:16:41 +00:00
Simon J. Gerraty
ccfb965433 Add META_MODE support.
Off by default, build behaves normally.
WITH_META_MODE we get auto objdir creation, the ability to
start build from anywhere in the tree.

Still need to add real targets under targets/ to build packages.

Differential Revision:       D2796
Reviewed by: brooks imp
2015-06-13 19:20:56 +00:00
Simon J. Gerraty
44d314f704 dirdeps.mk now sets DEP_RELDIR 2015-06-08 23:35:17 +00:00
Simon J. Gerraty
98e0ffaefb Merge sync of head 2015-05-27 01:19:58 +00:00
Allan Jude
04017fc7a4 Create links to the libprocstat man pages for all of the libprocstat functions so they can be looked up by name
Add a cross refrence to libprocstat in the procstat.1 man page

Differential Revision:	https://reviews.freebsd.org/D2578
Suggested by:	jmg
Reviewed by:	brueffer
Approved by:	wblock (mentor)
MFC after:	1 week
Sponsored by:	ScaleEngine Inc.
2015-05-21 03:32:44 +00:00
John Baldwin
179fa75e6e Reassign copyright statements on several files from Advanced
Computing Technologies LLC to Hudson River Trading LLC.

Approved by:	Hudson River Trading LLC (who owns ACT LLC)
MFC after:	1 week
2015-04-23 14:22:20 +00:00
Scott Long
a506f1dd7f Fix a typo and update the date in the man page.
Submitted by:	emax
Obtained from:	Netflix, Inc.
MFC after:	3 days
2015-03-11 08:08:54 +00:00
Scott Long
cee9136cc6 Implement basic cpuset reporting in procstat via the -S flag.
Obtained from:	Netflix, Inc.
MFC after:	3 days
2015-03-10 09:41:48 +00:00
Baptiste Daroussin
3e11bd9e2a Convert to usr.bin/ to LIBADD
Reduce overlinking
2014-11-25 14:29:10 +00:00
Simon J. Gerraty
ee7b0571c2 Merge head from 7/28 2014-08-19 06:50:54 +00:00
Robert Watson
587be2d8fe In "procstat -v" (VM), spell out 'FL' to 'FLAG' since there are two extra
columns available anyway.  Also left align as we tend to do for flags
fields, although you can't see that currently as the string fully fills
that available columns.

MFC after:	3 days
Sponsored by:	DARPA, AFRL
2014-07-20 20:11:34 +00:00
Robert Watson
9fa958082f Better align headers and data for 'procstat -f' with and without '-C'.
MFC after:	3 days
Sponsored by:	DARPA, AFRL
2014-07-19 15:09:53 +00:00
Xin LI
0196728184 Use correct length for buffer.
Submitted by:	Sascha Wildner <swildner dragonflybsd org>
MFC after:	2 weeks
2014-06-25 23:42:53 +00:00
John Baldwin
cb3530163a Add descriptions of the display formats for -e, -l, -r, and -x. Fix a few
typos in indent settings while here.
2014-05-17 16:12:50 +00:00
John Baldwin
27705da488 Use 'RESOURCE' instead of the more generic 'TYPE' for the resource name
column header when displaying resource usage.  This more closely matches
other procstat displays.
2014-05-17 16:11:06 +00:00
John Baldwin
81c3d3958a Correct some minor nits in the per-thread signal format description such
as missing posessives and misordering of fields.

MFC after:	1 week
2014-05-17 04:06:54 +00:00
John Baldwin
dc0aa0675b - Add support for dumping current resource usage for processes via a new -r
flag to procstat.
- Add an -H flag to request information about threads rather than processes
  when dumping statistics.  Currently it is only used for -r to display
  resource usage for individual threads instead of the entire process.

Reviewed by:	kib (older version without -H)
MFC after:	1 month
2014-05-17 03:54:51 +00:00
Simon J. Gerraty
fae50821ae Updated dependencies 2014-05-16 14:09:51 +00:00
Simon J. Gerraty
76b28ad6ab Updated dependencies 2014-05-10 05:16:28 +00:00
Simon J. Gerraty
3b8f084595 Merge head 2014-04-28 07:50:45 +00:00
Robert Watson
b881b8be1d Update most userspace consumers of capability.h to use capsicum.h instead.
auditdistd is not updated as I will make the change upstream and then do a
vendor import sometime in the next week or two.

MFC after:	3 weeks
2014-03-16 11:04:44 +00:00
John Baldwin
2db08c03f0 Expose OBJT_MGTDEVICE VM objects used for GEM/TTM with drm2 as an
explicit object type.

Reviewed by:	kib
MFC after:	1 week
2014-02-11 21:57:37 +00:00
Pawel Jakub Dawidek
ed5848c835 Replace CAP_POLL_EVENT and CAP_POST_EVENT capability rights (which I had
a very hard time to fully understand) with much more intuitive rights:

	CAP_EVENT - when set on descriptor, the descriptor can be monitored
		with syscalls like select(2), poll(2), kevent(2).

	CAP_KQUEUE_EVENT - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the eventlist
		argument set to non-NULL value; in other words the given
		kqueue descriptor can be used to monitor other descriptors.
	CAP_KQUEUE_CHANGE - When set on a kqueue descriptor, the kevent(2)
		syscall can be called on this kqueue to with the changelist
		argument set to non-NULL value; in other words it allows to
		modify events monitored with the given kqueue descriptor.

Add alias CAP_KQUEUE, which allows for both CAP_KQUEUE_EVENT and
CAP_KQUEUE_CHANGE.

Add backward compatibility define CAP_POLL_EVENT which is equal to CAP_EVENT.

Sponsored by:	The FreeBSD Foundation
MFC after:	3 days
2013-11-15 19:55:35 +00:00
Mark Johnston
7aa2b6928f With r247602, the "c" flag is no longer printed as a file descriptor flag.
Reviewed by:	pjd
MFC after:	3 days
2013-10-28 00:20:30 +00:00
Konstantin Belousov
85a0ddfd0b Add a resource limit for the total number of kqueues available to the
user.  Kqueue now saves the ucred of the allocating thread, to
correctly decrement the counter on close.

Under some specific and not real-world use scenario for kqueue, it is
possible for the kqueues to consume memory proportional to the square
of the number of the filedescriptors available to the process.  Limit
allows administrator to prevent the abuse.

This is kernel-mode side of the change, with the user-mode enabling
commit following.

Reported and tested by:	pho
Discussed with:	jmg
Sponsored by:	The FreeBSD Foundation
MFC after:	2 weeks
2013-10-21 16:46:12 +00:00
Simon J. Gerraty
3caf0790a8 Merge head@256284 2013-10-13 02:35:19 +00:00
Simon J. Gerraty
34b33809b7 Updated dependencies 2013-10-13 00:24:00 +00:00
Bryan Drewery
643fe75c7a cap_new(2) and cap_getrights2) were replaced with cap_rights_limit(2)
and cap_rights_get(2) in r247602

Reviewed by:	pjd
Approved by:	gjb
Approved by:	re (rodrigc)
2013-09-19 10:56:36 +00:00
Simon J. Gerraty
d1d0158641 Merge from head 2013-09-05 20:18:59 +00:00
Pawel Jakub Dawidek
7008be5bd7 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
Pawel Jakub Dawidek
f5ffdfc18b Make the "FD" column one character wider, so that "trace" can also align
properly.
2013-08-18 10:44:37 +00:00
Mikolaj Golub
948baa409b Make use of newly added libprocstat(3) ability to extract procstat
info from a process core file.

So now one can run procstat(1) on a process core e.g. to get a list of
files opened by a process when it crashed:

root@lisa:/ # procstat -f /root/vi.core
  PID COMM               FD T V FLAGS     REF  OFFSET PRO NAME
  658 vi               text v r r--------   -       - -   /usr/bin/vi
  658 vi               ctty v c rw-------   -       - -   /dev/pts/0
  658 vi                cwd v d r--------   -       - -   /root
  658 vi               root v d r--------   -       - -   /
  658 vi                  0 v c rw-------  11    3208 -   /dev/pts/0
  658 vi                  1 v c rw-------  11    3208 -   /dev/pts/0
  658 vi                  2 v c rw-------  11    3208 -   /dev/pts/0
  658 vi                  3 v r r----n-l-   1       0 -   /tmp/vi.0AYKz3Lps7
  658 vi                  4 v r rw-------   1       0 -   /var/tmp/vi.recover/vi.GaGYsz
  658 vi                  5 v r rw-------   1       0 -   -

PR:		kern/173723
Suggested by:	jhb
MFC after:	1 month
2013-04-20 08:22:09 +00:00
Mikolaj Golub
d86fa0c72c Use procstat_getkstack(3) for retrieving process kernel stacks
instead of direct sysctl calls.

MFC after:	1 month
2013-04-20 08:19:06 +00:00
Mikolaj Golub
61e1b7c67b Use libprocstat(3) to retrieve ELF auxiliary vector.
MFC after:	1 month
2013-04-20 08:15:43 +00:00
Mikolaj Golub
729e63c34b Use libprocstat(3) to retrieve process command line arguments and
environment variables.

MFC after:	1 month
2013-04-20 08:08:29 +00:00
Mikolaj Golub
66e2f9998b Use libprocstat(3) when retrieving binary information for a process.
MFC after:	1 month
2013-04-20 08:05:04 +00:00
Mikolaj Golub
21b4f75a2c Use procstat_getrlimit(3) for retrieving rlimit information instead of
direct sysctl calls.

MFC after:	1 month
2013-04-20 08:01:00 +00:00
Mikolaj Golub
90a15eb9cb Use procstat_getumask(3) for retrieving umaks information instead of
direct sysctl.

MFC after:	1 month
2013-04-20 07:58:20 +00:00
Mikolaj Golub
e40d6078cd Use procstat_getgroups(3) for retrieving groups information instead of
direct sysctl.

MFC after:	1 month
2013-04-20 07:55:31 +00:00
Mikolaj Golub
eee7107cfb Use more generic procstat_getvmmap(3) for retrieving VM layout of a process.
MFC after:	1 month
2013-04-20 07:52:23 +00:00
Mikolaj Golub
efade1503b Use procstat_getprocs(3) for retrieving thread information instead of
direct sysctl calls.

MFC after:	1 month
2013-04-20 07:50:59 +00:00
Simon J. Gerraty
69e6d7b75e sync from head 2013-04-12 20:48:55 +00:00
Simon J. Gerraty
7cf3a1c6b2 Updated dependencies 2013-03-11 17:21:52 +00:00
Pawel Jakub Dawidek
7493f24ee6 - Implement two new system calls:
int bindat(int fd, int s, const struct sockaddr *addr, socklen_t addrlen);
	int connectat(int fd, int s, const struct sockaddr *name, socklen_t namelen);

  which allow to bind and connect respectively to a UNIX domain socket with a
  path relative to the directory associated with the given file descriptor 'fd'.

- Add manual pages for the new syscalls.

- Make the new syscalls available for processes in capability mode sandbox.

- Add capability rights CAP_BINDAT and CAP_CONNECTAT that has to be present on
  the directory descriptor for the syscalls to work.

- Update audit(4) to support those two new syscalls and to handle path
  in sockaddr_un structure relative to the given directory descriptor.

- Update procstat(1) to recognize the new capability rights.

- Document the new capability rights in cap_rights_limit(2).

Sponsored by:	The FreeBSD Foundation
Discussed with:	rwatson, jilles, kib, des
2013-03-02 21:11:30 +00:00
Pawel Jakub Dawidek
2609222ab4 Merge Capsicum overhaul:
- Capability is no longer separate descriptor type. Now every descriptor
  has set of its own capability rights.

- The cap_new(2) system call is left, but it is no longer documented and
  should not be used in new code.

- The new syscall cap_rights_limit(2) should be used instead of
  cap_new(2), which limits capability rights of the given descriptor
  without creating a new one.

- The cap_getrights(2) syscall is renamed to cap_rights_get(2).

- If CAP_IOCTL capability right is present we can further reduce allowed
  ioctls list with the new cap_ioctls_limit(2) syscall. List of allowed
  ioctls can be retrived with cap_ioctls_get(2) syscall.

- If CAP_FCNTL capability right is present we can further reduce fcntls
  that can be used with the new cap_fcntls_limit(2) syscall and retrive
  them with cap_fcntls_get(2).

- To support ioctl and fcntl white-listing the filedesc structure was
  heavly modified.

- The audit subsystem, kdump and procstat tools were updated to
  recognize new syscalls.

- Capability rights were revised and eventhough I tried hard to provide
  backward API and ABI compatibility there are some incompatible changes
  that are described in detail below:

	CAP_CREATE old behaviour:
	- Allow for openat(2)+O_CREAT.
	- Allow for linkat(2).
	- Allow for symlinkat(2).
	CAP_CREATE new behaviour:
	- Allow for openat(2)+O_CREAT.

	Added CAP_LINKAT:
	- Allow for linkat(2). ABI: Reuses CAP_RMDIR bit.
	- Allow to be target for renameat(2).

	Added CAP_SYMLINKAT:
	- Allow for symlinkat(2).

	Removed CAP_DELETE. Old behaviour:
	- Allow for unlinkat(2) when removing non-directory object.
	- Allow to be source for renameat(2).

	Removed CAP_RMDIR. Old behaviour:
	- Allow for unlinkat(2) when removing directory.

	Added CAP_RENAMEAT:
	- Required for source directory for the renameat(2) syscall.

	Added CAP_UNLINKAT (effectively it replaces CAP_DELETE and CAP_RMDIR):
	- Allow for unlinkat(2) on any object.
	- Required if target of renameat(2) exists and will be removed by this
	  call.

	Removed CAP_MAPEXEC.

	CAP_MMAP old behaviour:
	- Allow for mmap(2) with any combination of PROT_NONE, PROT_READ and
	  PROT_WRITE.
	CAP_MMAP new behaviour:
	- Allow for mmap(2)+PROT_NONE.

	Added CAP_MMAP_R:
	- Allow for mmap(PROT_READ).
	Added CAP_MMAP_W:
	- Allow for mmap(PROT_WRITE).
	Added CAP_MMAP_X:
	- Allow for mmap(PROT_EXEC).
	Added CAP_MMAP_RW:
	- Allow for mmap(PROT_READ | PROT_WRITE).
	Added CAP_MMAP_RX:
	- Allow for mmap(PROT_READ | PROT_EXEC).
	Added CAP_MMAP_WX:
	- Allow for mmap(PROT_WRITE | PROT_EXEC).
	Added CAP_MMAP_RWX:
	- Allow for mmap(PROT_READ | PROT_WRITE | PROT_EXEC).

	Renamed CAP_MKDIR to CAP_MKDIRAT.
	Renamed CAP_MKFIFO to CAP_MKFIFOAT.
	Renamed CAP_MKNODE to CAP_MKNODEAT.

	CAP_READ old behaviour:
	- Allow pread(2).
	- Disallow read(2), readv(2) (if there is no CAP_SEEK).
	CAP_READ new behaviour:
	- Allow read(2), readv(2).
	- Disallow pread(2) (CAP_SEEK was also required).

	CAP_WRITE old behaviour:
	- Allow pwrite(2).
	- Disallow write(2), writev(2) (if there is no CAP_SEEK).
	CAP_WRITE new behaviour:
	- Allow write(2), writev(2).
	- Disallow pwrite(2) (CAP_SEEK was also required).

	Added convinient defines:

	#define	CAP_PREAD		(CAP_SEEK | CAP_READ)
	#define	CAP_PWRITE		(CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_R		(CAP_MMAP | CAP_SEEK | CAP_READ)
	#define	CAP_MMAP_W		(CAP_MMAP | CAP_SEEK | CAP_WRITE)
	#define	CAP_MMAP_X		(CAP_MMAP | CAP_SEEK | 0x0000000000000008ULL)
	#define	CAP_MMAP_RW		(CAP_MMAP_R | CAP_MMAP_W)
	#define	CAP_MMAP_RX		(CAP_MMAP_R | CAP_MMAP_X)
	#define	CAP_MMAP_WX		(CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_MMAP_RWX		(CAP_MMAP_R | CAP_MMAP_W | CAP_MMAP_X)
	#define	CAP_RECV		CAP_READ
	#define	CAP_SEND		CAP_WRITE

	#define	CAP_SOCK_CLIENT \
		(CAP_CONNECT | CAP_GETPEERNAME | CAP_GETSOCKNAME | CAP_GETSOCKOPT | \
		 CAP_PEELOFF | CAP_RECV | CAP_SEND | CAP_SETSOCKOPT | CAP_SHUTDOWN)
	#define	CAP_SOCK_SERVER \
		(CAP_ACCEPT | CAP_BIND | CAP_GETPEERNAME | CAP_GETSOCKNAME | \
		 CAP_GETSOCKOPT | CAP_LISTEN | CAP_PEELOFF | CAP_RECV | CAP_SEND | \
		 CAP_SETSOCKOPT | CAP_SHUTDOWN)

	Added defines for backward API compatibility:

	#define	CAP_MAPEXEC		CAP_MMAP_X
	#define	CAP_DELETE		CAP_UNLINKAT
	#define	CAP_MKDIR		CAP_MKDIRAT
	#define	CAP_RMDIR		CAP_UNLINKAT
	#define	CAP_MKFIFO		CAP_MKFIFOAT
	#define	CAP_MKNOD		CAP_MKNODAT
	#define	CAP_SOCK_ALL		(CAP_SOCK_CLIENT | CAP_SOCK_SERVER)

Sponsored by:	The FreeBSD Foundation
Reviewed by:	Christoph Mallon <christoph.mallon@gmx.de>
Many aspects discussed with:	rwatson, benl, jonathan
ABI compatibility discussed with:	kib
2013-03-02 00:53:12 +00:00
Simon J. Gerraty
f5f7c05209 Updated dependencies 2013-02-16 01:23:54 +00:00
Pawel Jakub Dawidek
6a9f247c85 Capability rights for process management via process descriptors do exist
already, so uncomment them.

Sponsored by:	The FreeBSD Foundation
2013-02-11 00:10:35 +00:00
Pawel Jakub Dawidek
42f997ba53 Add CAP_MKNOD right.
Sponsored by:	The FreeBSD Foundation
2013-02-10 23:51:26 +00:00
David E. O'Brien
d9a447559b Sync with HEAD. 2013-02-08 16:10:16 +00:00
Mateusz Guzik
c0eb2f0351 procstat: only one mode flag can be specified, but required check for 'i'
and 'j' modes was missing. Fix that.

MFC after:	3 days
2013-01-12 22:20:37 +00:00
Simon J. Gerraty
23090366f7 Sync from head 2012-11-04 02:52:03 +00:00
Eitan Adler
bf38ffc95f add SG state type
PR:		bin/171664
Submitted by:	Jan Beich jbeich@tormail.org
Approved by:	cperciva
MFC after:	1 week
2012-10-02 00:30:20 +00:00
Konstantin Belousov
2a43855795 Handle AT_TIMEKEEP in procstat(1) -x [1]. Remove the AT_COUNT switch
case, since AT_COUNT is not an aux vector, it is the counter of total
number of defined vectors.

PR:	bin/171662 [1]
MFC after:	1 week
2012-09-16 05:52:54 +00:00
Mikolaj Golub
39f6ca6553 Free memory allocated by procstat_getfiles(), which may make difference
when procstat(1) is run with -a option.

Submitted by:	Daniel Dettlaff <dmilith gmail com>
MFC after:	1 week
2012-09-04 05:54:43 +00:00
Marcel Moolenaar
7750ad47a9 Sync FreeBSD's bmake branch with Juniper's internal bmake branch.
Requested by: Simon Gerraty <sjg@juniper.net>
2012-08-22 19:25:57 +00:00
Mikolaj Golub
b18b53bad0 Align the header with output.
MFC after:	3 days
2012-07-24 19:40:12 +00:00
Gabor Pali
599fc82b06 - Add support for displaying process stack memory regions.
Approved by:	rwatson
MFC after:	3 days
2012-07-16 09:38:19 +00:00
Mikolaj Golub
eaa769f547 Fix style.
MFC after:	3 days
2012-07-03 19:11:38 +00:00
Marcel Moolenaar
1eb9695119 Bring DPADD in sync with LDADD. 2012-05-19 05:07:03 +00:00
John Baldwin
e506e182dd Export some more useful info about shared memory objects to userland
via procstat(1) and fstat(1):
- Change shm file descriptors to track the pathname they are associated
  with and add a shm_path() method to copy the path out to a caller-supplied
  buffer.
- Use the fo_stat() method of shared memory objects and shm_path() to
  export the path, mode, and size of a shared memory object via
  struct kinfo_file.
- Add a struct shmstat to the libprocstat(3) interface along with a
  procstat_get_shm_info() to export the mode and size of a shared memory
  object.
- Change procstat to always print out the path for a given object if it
  is valid.
- Teach fstat about shared memory objects and to display their path,
  mode, and size.

MFC after:	2 weeks
2012-04-01 18:22:48 +00:00
Eitan Adler
50d675f7a9 Remove trailing whitespace per mdoc lint warning
Disussed with:	gavin
No objection from:	doc
Approved by:	joel
MFC after:	3 days
2012-03-29 05:02:12 +00:00
Mikolaj Golub
ca263e0080 When displaying binary information show also osreldate.
Suggested by:	kib
MFC after:	2 weeks
2012-03-23 20:09:21 +00:00
Sergey Kandaurov
409763ceba Update the description for -s flag after r232182.
When displaying security credential information show also process umask.

X-MFC-with:	r232182
2012-02-29 15:06:40 +00:00
Mikolaj Golub
c077ef009e When displaying security credential information show also process umask.
Submitted by:	Dmitry Banschikov <me ubique spb ru>
Discussed with:	rwatson
MFC after:	2 weeks
2012-02-26 14:27:34 +00:00
Mikolaj Golub
8d2393a033 Always return 0 if the sysctl failed.
This fixes the bug: when procstat -xa was run and the sysctl for a
process returned ESRCH or EPERM, for this process procstat output the
result collected for the previous successful process.
2012-01-29 20:39:42 +00:00
Mikolaj Golub
98623e8dda After the recent changes there is no need in rlimit array any more.
Submitted by:	Andrey Zonov <andrey at zonov.org>
MFC after:	1 week
2012-01-25 20:13:37 +00:00
Mikolaj Golub
c3c314f9f7 Make procstat -l to work with the new version of kern.proc.rlimit.
Submitted by:	Andrey Zonov <andrey at zonov.org>
MFC after:	2 weeks
2012-01-22 20:26:46 +00:00
Mikolaj Golub
cc1ff620b9 Make 64-bit procstat output ELF auxiliary vectors for 32-bit processes.
Reviewed by:	kib
MFC after:	1 week
2011-12-12 22:01:33 +00:00
Mikolaj Golub
de21500d6a Make procstat -l output similar to the output of limits(1).
Suggested by:	jhb
MFC after:	1 week
2011-12-12 21:41:05 +00:00
Mikolaj Golub
cc43fe5b46 Don't output a warning if kern.proc.auxv sysctl has returned EPERM.
After r228288 this is rather a normal situation.

MFC after:	1 week
2011-12-05 19:39:15 +00:00
Mikolaj Golub
447fdbd073 Update SYNOPSIS to include the flags added recently.
Spotted by:	jhb
2011-11-28 19:45:47 +00:00
Mikolaj Golub
6bfefd99ce Cast a_val on printing. This fixes build on mips. 2011-11-28 07:09:29 +00:00
Mikolaj Golub
d3c10c5235 Make proctstat -x output more readable.
This also fixes the issue, spotted by mdf, with values that were
printed as decimal and had hex prefixes.

Discussed with:	kib, rwatson
MFC after:	2 weeks
2011-11-27 15:53:58 +00:00
Mikolaj Golub
598585e835 usr.bin/procstat
Add -l flag to display resource limits.

PR:		bin/161257
Reviewed by:	kib
MFC after:	2 weeks
2011-11-24 20:54:06 +00:00
Mikolaj Golub
7294321939 Fix build, hopefully.
Reviewed by:	kib
2011-11-23 07:34:09 +00:00
Mikolaj Golub
e99272c732 Add new options, -e and -x, to display process environment variables
and ELF auxiliary vectors.

MFC after:	2 weeks
2011-11-22 20:59:52 +00:00
Mikolaj Golub
729bfad6a4 Bumb date after r227317.
Reminded by:	pluknet
2011-11-08 19:14:15 +00:00
Mikolaj Golub
82841ae6f8 When displaying process virtual memory mappings print superpage
mapping flag.

Submitted by:	Mel Flynn <mel.flynn+fbsd.hackers@mailing.thruhere.net>
Reviewed by:	alc, rwatson
2011-11-07 21:16:19 +00:00
Robert Watson
d57486e21c Updates to libprocstat(3) and procstat(1) to allow monitoring Capsicum
capability mode and capabilities.

Right now no attempt is made to unwrap capabilities when operating on
a crashdump, so further refinement is required.

Approved by:	re (bz)
Sponsored by:	Google Inc
2011-08-14 00:42:09 +00:00
Bjoern A. Zeeb
925af54487 Rename ki_ocomm to ki_tdname and OCOMMLEN to TDNAMLEN.
Provide backward compatibility defines under BURN_BRIDGES.

Suggested by:	jhb
Reviewed by:	emaste
Sponsored by:	Sandvine Incorporated
Approved by:	re (kib)
2011-07-18 20:06:15 +00:00
Stanislav Sedov
0daf62d9f5 - Commit work from libprocstat project. These patches add support for runtime
file and processes information retrieval from the running kernel via sysctl
  in the form of new library, libprocstat.  The library also supports KVM backend
  for analyzing memory crash dumps.  Both procstat(1) and fstat(1) utilities have
  been modified to take advantage of the library (as the bonus point the fstat(1)
  utility no longer need superuser privileges to operate), and the procstat(1)
  utility is now able to display information from memory dumps as well.

  The newly introduced fuser(1) utility also uses this library and able to operate
  via sysctl and kvm backends.

  The library is by no means complete (e.g. KVM backend is missing vnode name
  resolution routines, and there're no manpages for the library itself) so I
  plan to improve it further.  I'm commiting it so it will get wider exposure
  and review.

  We won't be able to MFC this work as it relies on changes in HEAD, which
  was introduced some time ago, that break kernel ABI.  OTOH we may be able
  to merge the library with KVM backend if we really need it there.

Discussed with:	rwatson
2011-05-12 10:11:39 +00:00
Konstantin Belousov
f464670689 Add file forgotten in r204879. 2010-03-08 20:45:52 +00:00
Konstantin Belousov
55f65cd929 Teach procstat(1) to display some information about signal disposition
and pending/blocked status for signals.

Reviewed by:	rwatson
MFC after:	2 weeks
2010-03-08 20:44:22 +00:00
Antoine Brodin
341631ae1a Document one more file descriptor type and two more vnode types.
MFC after:	2 weeks
2010-02-06 11:29:06 +00:00
Ed Schouten
b7946da96b Build usr.bin/ with WARNS=6 by default.
Also add some missing $FreeBSD$ to keep svn happy.
2010-01-02 10:27:05 +00:00
Xin LI
821df508e8 Revert most part of 200420 as requested, as more review and polish is
needed.
2009-12-13 03:14:06 +00:00
Xin LI
6f2d322192 Remove unneeded header includes from usr.bin/ except contributed code.
Tested with:	make universe
2009-12-11 23:35:38 +00:00
Robert Watson
d19d55a76f Update procstat(1) for the fact that devfs paths are no longer unsupported.
Approved by:	re (kib)
2009-08-12 10:41:37 +00:00
Brooks Davis
254d03c508 Introduce a new sysctl process mib, kern.proc.groups which adds the
ability to retrieve the group list of each process.

Modify procstat's -s option to query this mib when the kinfo_proc
reports that the field has been truncated.  If the mib does not exist,
fall back to the truncated list.

Reviewed by:	rwatson
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-24 19:12:19 +00:00
John Baldwin
013818111a Add a new type of VM object: OBJT_SG. An OBJT_SG object is very similar to
a device pager (OBJT_DEVICE) object in that it uses fictitious pages to
provide aliases to other memory addresses.  The primary difference is that
it uses an sglist(9) to determine the physical addresses for a given offset
into the object instead of invoking the d_mmap() method in a device driver.

Reviewed by:	alc
Approved by:	re (kensmith)
MFC after:	2 weeks
2009-07-24 13:50:29 +00:00
Robert Watson
e1f323f350 Include param.h instead of types.h before user.h so that the nested
include of param.h can be removed from audit.h.

MFC after:	3 weeks
2008-12-29 18:58:22 +00:00
Wesley Shields
d5db4444c3 Fix a typo.
Approved by:	rwatson
2008-12-19 16:56:49 +00:00
Joe Marcus Clarke
08afefa814 Do not segfault when procstat -f or procstat -v is called on a process not
owned by the current user.  If kinfo_getfile() or kinfo_getvmmap() return
NULL, simply exit, and do not try and derefernce the memory.

Reviewed by:	peter
Approved by:	peter
2008-12-19 06:50:15 +00:00
Peter Wemm
41fbf4374b Update format string for kve_start/end. 2008-12-02 15:08:33 +00:00
Peter Wemm
43151ee6cf Merge user/peter/kinfo branch as of r185547 into head.
This changes struct kinfo_filedesc and kinfo_vmentry such that they are
same on both 32 and 64 bit platforms like i386/amd64 and won't require
sysctl wrapping.

Two new OIDs are assigned.  The old ones are available under
COMPAT_FREEBSD7 - but it isn't that simple.  The superceded interface
was never actually released on 7.x.

The other main change is to pack the data passed to userland via the
sysctl.  kf_structsize and kve_structsize are reduced for the copyout.
If you have a process with 100,000+ sockets open, the unpacked records
require a 132MB+ copyout.  With packing, it is "only" ~35MB.  (Still
seriously unpleasant, but not quite as devastating).  A similar problem
exists for the vmentry structure - have lots and lots of shared libraries
and small mmaps and its copyout gets expensive too.

My immediate problem is valgrind.  It traditionally achieves this
functionality by parsing procfs output, in a packed format.  Secondly, when
tracing 32 bit binaries on amd64 under valgrind, it uses a cross compiled
32 bit binary which ran directly into the differing data structures in 32
vs 64 bit mode.  (valgrind uses this to track file descriptor operations
and this therefore affected every single 32 bit binary)

I've added two utility functions to libutil to unpack the structures into
a fixed record length and to make it a little more convenient to use.
2008-12-02 06:50:26 +00:00
Ed Schouten
bc093719ca Integrate the new MPSAFE TTY layer to the FreeBSD operating system.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:

- Improved driver model:

  The old TTY layer has a driver model that is not abstract enough to
  make it friendly to use. A good example is the output path, where the
  device drivers directly access the output buffers. This means that an
  in-kernel PPP implementation must always convert network buffers into
  TTY buffers.

  If a PPP implementation would be built on top of the new TTY layer
  (still needs a hooks layer, though), it would allow the PPP
  implementation to directly hand the data to the TTY driver.

- Improved hotplugging:

  With the old TTY layer, it isn't entirely safe to destroy TTY's from
  the system. This implementation has a two-step destructing design,
  where the driver first abandons the TTY. After all threads have left
  the TTY, the TTY layer calls a routine in the driver, which can be
  used to free resources (unit numbers, etc).

  The pts(4) driver also implements this feature, which means
  posix_openpt() will now return PTY's that are created on the fly.

- Improved performance:

  One of the major improvements is the per-TTY mutex, which is expected
  to improve scalability when compared to the old Giant locking.
  Another change is the unbuffered copying to userspace, which is both
  used on TTY device nodes and PTY masters.

Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.

Obtained from:		//depot/projects/mpsafetty/...
Approved by:		philip (ex-mentor)
Discussed:		on the lists, at BSDCan, at the DevSummit
Sponsored by:		Snow B.V., the Netherlands
dcons(4) fixed by:	kan
2008-08-20 08:31:58 +00:00
Ed Schouten
d693ac206e Fix a small typo in the procstat(1) manpage: messsage queue.
Approved by:	philip (mentor)
MFC after:	3 days
2008-07-28 08:01:24 +00:00
John Baldwin
6bc1e9cd84 Rework the lifetime management of the kernel implementation of POSIX
semaphores.  Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec.  This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely.  It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.

Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
  the sem_unlink() operation.  Prior to this patch, if a semaphore's name
  was removed, valid handles from sem_open() would get EINVAL errors from
  sem_getvalue(), sem_post(), etc.  This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
  process exited or exec'd.  They were only cleaned up if the process
  did an explicit sem_destroy().  This could result in a leak of semaphore
  objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
  'struct ksem' of an unnamed semaphore (created via sem_init)) and had
  write access to the semaphore based on UID/GID checks, then that other
  process could manipulate the semaphore via sem_destroy(), sem_post(),
  sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
  creating the semaphore was not honored.  Thus if your umask denied group
  read/write access but the explicit mode in the sem_init() call allowed
  it, the semaphore would be readable/writable by other users in the
  same group, for example.  This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
  then it might have deregistered one or more of the semaphore system
  calls before it noticed that there was a problem.  I'm not sure if
  this actually happened as the order that modules are discovered by the
  kernel linker depends on how the actual .ko file is linked.  One can
  make the order deterministic by using a single module with a mod_event
  handler that explicitly registers syscalls (and deregisters during
  unload after any checks).  This also fixes a race where even if the
  sem_module unloaded first it would have destroyed locks that the
  syscalls might be trying to access if they are still executing when
  they are unloaded.

  XXX: By the way, deregistering system calls doesn't do any blocking
  to drain any threads from the calls.
- Some minor fixes to errno values on error.  For example, sem_init()
  isn't documented to return ENFILE or EMFILE if we run out of semaphores
  the way that sem_open() can.  Instead, it should return ENOSPC in that
  case.

Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
  named semaphores nearly in a similar fashion to the POSIX shared memory
  object file descriptors.  Kernel semaphores can now also have names
  longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
  in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
  done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
  MAC checks for POSIX semaphores accept both a file credential and an
  active credential.  There is also a new posixsem_check_stat() since it
  is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
  in src/tools/regression/posixsem.

Reported by:	kris (1)
Tested by:	kris
Reviewed by:	rwatson (lightly)
MFC after:	1 month
2008-06-27 05:39:04 +00:00
Robert Watson
070356d1fb Use ddb(4), not DDB(4) for man page cross-references.
MFC after:	3 days
Reported by:	novel
2008-04-21 17:09:53 +00:00
Robert Watson
b27c1c8db7 Provide more detailed information about each procstat(1) display mode,
including a key to fields in each mode and flag abbreviations.

MFC after:	3 days
X-MFC-note:	POSIX shared memory memory objects aren't in 7-STABLE yet
2008-04-19 13:40:42 +00:00