kern: Make fileops and filterops tables const where possible

No functional change intended.

MFC after: 1 week

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Di

kern: fix panic with disabled ttys

PR: 277240, 277329
Reviewed by: kib (earlier version)
Fixes: f1d0a0cbecf2 ("jail: Fix information leak.")
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D44086

show more ...

Fix the build.

MFC after: 1 week
MFC with: f1d0a0cbecf2c688061f35adea85bfb29c9ec893

jail: Fix information leak.

There is a lack of proper visibility checking in kern.ttys sysctl handler
which leads to information leak about processes outside the current jail.

This can be demonstra

jail: Fix information leak.

There is a lack of proper visibility checking in kern.ttys sysctl handler
which leads to information leak about processes outside the current jail.

This can be demonstrated with pstat -t: when called from within a jail,
it will output all terminal devices including process groups and
session leader process IDs:

jail# pstat -t | grep pts/ | head
LINE INQ CAN LIN LOW OUTQ USE LOW COL SESS PGID STATE
pts/2 1920 0 0 192 1984 0 199 0 4132 27245 Oi
pts/3 1920 0 0 192 1984 0 199 16 24890 33627 Oi
pts/5 0 0 0 0 0 0 0 25 17758 0 G
pts/16 0 0 0 0 0 0 0 0 52495 0 G
pts/15 0 0 0 0 0 0 0 25 53446 0 G
pts/17 0 0 0 0 0 0 0 6702 33230 0 G
pts/19 0 0 0 0 0 0 0 14 1116 0 G
pts/0 0 0 0 0 0 0 0 0 2241 0 G
pts/23 0 0 0 0 0 0 0 20 15639 0 G
pts/6 0 0 0 0 0 0 0 0 44062 93792 G
jail# pstat -t | grep pts/ | wc -l
85

Devfs does the filtering correctly and we get only one entry:

jail# ls /dev/pts/
2

Approved by: mzaborski, secteam
MFC after: 1 week
Sponsored by: Fudo Security

show more ...

kern: tty: recanonicalize the buffer on ICANON/VEOF/VEOL changes

Before this change, we would canonicalize any partial input if the new
local mode is not ICANON, but that's about it. If we were swi

kern: tty: recanonicalize the buffer on ICANON/VEOF/VEOL changes

Before this change, we would canonicalize any partial input if the new
local mode is not ICANON, but that's about it. If we were switching
from -ICANON -> ICANON, or if VEOF/VEOL changes, then our internal canon
accounting would be wrong.

The main consequence of this is that in ICANON mode, we would
potentially hang a read(2) longer if the new VEOF/VEOL appears later in
the buffer, and FIONREAD would be similarly wrong as a result.

Reviewed by: kib
Differential Revision: https://reviews.freebsd.org/D43456

show more ...

kern: tty: fix EOF handling for canonical reads

If the read(2) buffer is one byte short of an EOF, then we'll end up
reading the line into the buffer, then re-entering and seeing an EOF at
the begin

kern: tty: fix EOF handling for canonical reads

If the read(2) buffer is one byte short of an EOF, then we'll end up
reading the line into the buffer, then re-entering and seeing an EOF at
the beginning of the inq, assuming it's a zero-length line.

Fix this corner-case by searching one more byte than we have available
for an EOF. If we found it, then we'll trim it here; otherwise, we'll
limit our read to just the space we have in the out buffer and the next
read(2) will (potentially) read the remainder of the line.

Fix FIONREAD while we're here to match what an application can expect
read(2) to return -- scan for the first break character in the part of
the input that's been canonicalized, we'll never return more than that.

PR: 276220
Reviewed by: cy, imp (both previous version), kib
Differential Revision: https://reviews.freebsd.org/D43378

show more ...

tty: delete knotes when TTY is revoked

Do not clear knotes from the TTY until it gets dealloc'ed, unless the
TTY is being revoked, in that case delete the knotes when closed is
called on the TTY.

W

tty: delete knotes when TTY is revoked

Do not clear knotes from the TTY until it gets dealloc'ed, unless the
TTY is being revoked, in that case delete the knotes when closed is
called on the TTY.

When knotes are cleared from a knlist, those knotes become detached from
the knlist. And when an event is triggered on a detached knote there
isn't an associated knlist and therefore no lock will be taken when the
event is triggered.

This becomes a problem when a detached knote is triggered on a TTY since
the mutex for a TTY is also used as the lock for its knlists. This
scenario ends up calling the TTY event handlers without the TTY lock
being held and tripping on asserts in the event handlers.

PR: 272151
Reviewed by: kib, markj
Differential Revision: https://reviews.freebsd.org/D41605

show more ...

tty: Avoid a kernel memory discloure via kern.ttys

Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before p

tty: Avoid a kernel memory discloure via kern.ttys

Four pad bytes at the end of each xtty structure were not being cleared
before being copied out. Fix this by clearing the whole structure
before populating fields.

MFC after: 3 days
Reported by: KMSAN

show more ...

(s)tty: add support for IUTF8 input flag

This patch adds the necessary kernel and stty code to support setting
the IUTF8 flag for ttys. It is the first of two patches that fix
backspace behaviour fo

(s)tty: add support for IUTF8 input flag

This patch adds the necessary kernel and stty code to support setting
the IUTF8 flag for ttys. It is the first of two patches that fix
backspace behaviour for UTF-8 encoded characters when in canonical mode.

Reported by: christos
Reviewed by: christos, imp
MFC after: 2 weeks
Differential Revision: https://reviews.freebsd.org/D42066

show more ...

sys: Remove $FreeBSD$: one-line .c pattern

Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of

spdx: The BSD-2-Clause-FreeBSD identifier is obsolete, drop -FreeBSD

The SPDX folks have obsoleted the BSD-2-Clause-FreeBSD identifier. Catch
up to that fact and revert to their recommended match of BSD-2-Clause.

Discussed with: pfg
MFC After: 3 days
Sponsored by: Netflix

show more ...

fd: rename fget*_locked to fget*_noref

This gets rid of the error prone naming where fget_unlocked returns with
a ref held, while fget_locked requires a lock but provides nothing in
terms of making

fd: rename fget*_locked to fget*_noref

This gets rid of the error prone naming where fget_unlocked returns with
a ref held, while fget_locked requires a lock but provides nothing in
terms of making sure the file lives past unlock.

No functional changes.

show more ...

tty: fix a panic with INVARIANTS

watch'ing a tty triggers a refcount wraparound panic, take a reference
on fp after fget_cap_locked() to fix.

Reported by: Michael Jung <mikej_at_paymentalliancei

tty: fix a panic with INVARIANTS

watch'ing a tty triggers a refcount wraparound panic, take a reference
on fp after fget_cap_locked() to fix.

Reported by: Michael Jung <mikej_at_paymentallianceintl.com>
Reviewed by: hselasky, mjg
Fixes: f40dd6c8034b ("tty: switch ttyhook_register to use fget_cap_locked")
Differential Revision: https://reviews.freebsd.org/D34335

show more ...

tty: switch ttyhook_register to use fget_cap_locked

It is still wrong-ish as fget* funcs don't expect to operate on abitrary
file descriptor tables, but this at least moves it out of the way of an
u

tty: switch ttyhook_register to use fget_cap_locked

It is still wrong-ish as fget* funcs don't expect to operate on abitrary
file descriptor tables, but this at least moves it out of the way of an
upcoming change while being bug-compatible.

show more ...

Re-implement virtual console (constty).

Protect conscallout with tty lock instead of Giant. In addition to
Giant removal it also closes race on console unset.

Introduce additional lock to protect

Re-implement virtual console (constty).

Protect conscallout with tty lock instead of Giant. In addition to
Giant removal it also closes race on console unset.

Introduce additional lock to protect against concurrent console sets.

Remove consbuf free on console unset as unsafe, making impossible to
change buffer size after first allocation. Instead increase default
buffer size from 8KB to 64KB and processing rate from 5Hz to 10-15Hz
to make the output more smooth.

MFC after: 1 month

show more ...

ttydev_write: prevent stops while terminal is busied

Since busy state is checked by all blocked writes, stopping a process
which waits in ttydisc_write() causes cascade. Utilize sigdeferstop()
to a

ttydev_write: prevent stops while terminal is busied

Since busy state is checked by all blocked writes, stopping a process
which waits in ttydisc_write() causes cascade. Utilize sigdeferstop()
to avoid the issue.

Submitted by: Jakub Piecuch <j.piecuch96@gmail.com>
PR: 255816
MFC after: 1 week

show more ...

Convert remaining cap_rights_init users to cap_rights_init_one

semantic patch:

@@

expression rights, r;

@@

- cap_rights_init(&rights, r)
+ cap_rights_init_one(&rights, r)

jobc: rework detection of orphaned groups.

Instead of trying to maintain pg_jobc counter on each process group
update (and sometimes before), just calculate the counter when needed.
Still, for the b

jobc: rework detection of orphaned groups.

Instead of trying to maintain pg_jobc counter on each process group
update (and sometimes before), just calculate the counter when needed.
Still, for the benefit of the signal delivery code, explicitly mark
orphaned groups as such with the new process group flag.

This way we prevent bugs in the corner cases where updates to the counter
were missed due to complicated configuration of p_pptr/p_opptr/real_parent
(debugger).

Since we need to iterate over all children of the process on exit, this
change mostly affects the process group entry and leave, where we need
to iterate all process group members to detect orpaned status.

(For MFC, keep pg_jobc around but unused).

Reported by: jhb
Reviewed by: jilles
Tested by: pho
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27871

show more ...

tty_wait_background: improve locking.

Increase the scope of the process group lock ownership. This ensures that
we are consistent in returning EIO for tty write from an orphan and delivery
of TTYOU

tty_wait_background: improve locking.

Increase the scope of the process group lock ownership. This ensures that
we are consistent in returning EIO for tty write from an orphan and delivery
of TTYOUT signals.

Reviewed by: jilles
Tested by: pho
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27871

show more ...

Style. Improve some KASSERTs messages.

Reviewed by: jilles
Tested by: pho
MFC after: 3 days
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D27871

Fix a race in tty_signal_sessleader() with unlocked read of s_leader.

Since we do not own the session lock, a parallel killjobc() might
reset s_leader to NULL after we checked it. Read s_leader onl

Fix a race in tty_signal_sessleader() with unlocked read of s_leader.

Since we do not own the session lock, a parallel killjobc() might
reset s_leader to NULL after we checked it. Read s_leader only once
and ensure that compiler is not allowed to reload.

While there, make access to t_session somewhat more pretty by using
local variable.

PR: 251915
Submitted by: Jakub Piecuch <j.piecuch96@gmail.com>
MFC after: 1 week

show more ...

Check for process group change in tty_wait_background().

The calling process's process group can change between PROC_UNLOCK(p)
and PGRP_LOCK(pg) in tty_wait_background(), e.g. by a setpgid() call
fr

Check for process group change in tty_wait_background().

The calling process's process group can change between PROC_UNLOCK(p)
and PGRP_LOCK(pg) in tty_wait_background(), e.g. by a setpgid() call
from another process. If that happens, the signal is not sent to the
calling process, even if the prior checks determine that one should be
sent. Re-check that the process group hasn't changed after acquiring
the pgrp lock, and if it has, redo the checks.

PR: 250701
Submitted by: Jakub Piecuch <j.piecuch96@gmail.com>
MFC after: 2 weeks

show more ...

MFH

Sponsored by: Rubicon Communications, LLC (netgate.com)

Implement FLUSHO

Turn FLUSHO on/off with ^O (or whatever VDISCARD is). Honor that to
throw away output quickly. This tries to remain true to 4.4BSD
behavior (since that was the origin of this featur

Implement FLUSHO

Turn FLUSHO on/off with ^O (or whatever VDISCARD is). Honor that to
throw away output quickly. This tries to remain true to 4.4BSD
behavior (since that was the origin of this feature), with any
corrections NetBSD has done. Since the implemenations are a little
different, though, some edge conditions may be handled differently.

Reviewed by: kib, kevans
Differential Review: https://reviews.freebsd.org/D26148

show more ...

Merge ^/head r364082 through r364250.