xref: /freebsd/sys/kern/kern_mib.c (revision 62a52c15422470f97fc7b311d89c83f910bcc1b1)
1 /*-
2  * SPDX-License-Identifier: BSD-3-Clause
3  *
4  * Copyright (c) 1982, 1986, 1989, 1993
5  *	The Regents of the University of California.  All rights reserved.
6  *
7  * This code is derived from software contributed to Berkeley by
8  * Mike Karels at Berkeley Software Design, Inc.
9  *
10  * Quite extensively rewritten by Poul-Henning Kamp of the FreeBSD
11  * project, to make these variables more userfriendly.
12  *
13  * Redistribution and use in source and binary forms, with or without
14  * modification, are permitted provided that the following conditions
15  * are met:
16  * 1. Redistributions of source code must retain the above copyright
17  *    notice, this list of conditions and the following disclaimer.
18  * 2. Redistributions in binary form must reproduce the above copyright
19  *    notice, this list of conditions and the following disclaimer in the
20  *    documentation and/or other materials provided with the distribution.
21  * 3. Neither the name of the University nor the names of its contributors
22  *    may be used to endorse or promote products derived from this software
23  *    without specific prior written permission.
24  *
25  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
26  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
27  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
28  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
29  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
30  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
31  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
32  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
33  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
34  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35  * SUCH DAMAGE.
36  */
37 
38 #include <sys/cdefs.h>
39 #include "opt_posix.h"
40 #include "opt_config.h"
41 
42 #include <sys/param.h>
43 #include <sys/boot.h>
44 #include <sys/elf.h>
45 #include <sys/jail.h>
46 #include <sys/kernel.h>
47 #include <sys/limits.h>
48 #include <sys/lock.h>
49 #include <sys/mutex.h>
50 #include <sys/proc.h>
51 #include <sys/random.h>
52 #include <sys/sbuf.h>
53 #include <sys/smp.h>
54 #include <sys/sx.h>
55 #include <sys/sysent.h>
56 #include <sys/vmmeter.h>
57 #include <sys/sysctl.h>
58 #include <sys/systm.h>
59 #include <sys/unistd.h>
60 
61 SYSCTL_ROOT_NODE(0, sysctl, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
62     "Sysctl internal magic");
63 SYSCTL_ROOT_NODE(CTL_KERN, kern, CTLFLAG_RW | CTLFLAG_CAPRD | CTLFLAG_MPSAFE, 0,
64     "High kernel, proc, limits &c");
65 SYSCTL_ROOT_NODE(CTL_VM, vm, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
66     "Virtual memory");
67 SYSCTL_ROOT_NODE(CTL_VFS, vfs, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
68     "File system");
69 SYSCTL_ROOT_NODE(CTL_NET, net, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
70     "Network, (see socket.h)");
71 SYSCTL_ROOT_NODE(CTL_DEBUG, debug, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
72     "Debugging");
73 SYSCTL_NODE(_debug, OID_AUTO,  sizeof,  CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
74     "Sizeof various things");
75 SYSCTL_ROOT_NODE(CTL_HW, hw, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
76     "hardware");
77 SYSCTL_ROOT_NODE(CTL_MACHDEP, machdep, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
78     "machine dependent");
79 SYSCTL_NODE(_machdep, OID_AUTO, mitigations, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
80     "Machine dependent platform mitigations.");
81 SYSCTL_ROOT_NODE(CTL_USER, user, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
82     "user-level");
83 SYSCTL_ROOT_NODE(CTL_P1003_1B, p1003_1b, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
84     "p1003_1b, (see p1003_1b.h)");
85 
86 SYSCTL_ROOT_NODE(OID_AUTO, compat, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
87     "Compatibility code");
88 SYSCTL_ROOT_NODE(OID_AUTO, security, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
89     "Security");
90 #ifdef REGRESSION
91 SYSCTL_ROOT_NODE(OID_AUTO, regression, CTLFLAG_RW | CTLFLAG_MPSAFE, 0,
92     "Regression test MIB");
93 #endif
94 
95 SYSCTL_STRING(_kern, OID_AUTO, ident, CTLFLAG_RD,
96     kern_ident, 0, "Kernel identifier");
97 
98 SYSCTL_INT(_kern, KERN_OSREV, osrevision, CTLFLAG_RD | CTLFLAG_CAPRD,
99     SYSCTL_NULL_INT_PTR, BSD, "Operating system revision");
100 
101 SYSCTL_STRING(_kern, KERN_VERSION, version, CTLFLAG_RD,
102     version, 0, "Kernel version");
103 
104 SYSCTL_STRING(_kern, OID_AUTO, compiler_version, CTLFLAG_RD,
105     compiler_version, 0, "Version of compiler used to compile kernel");
106 
107 SYSCTL_STRING(_kern, KERN_OSTYPE, ostype, CTLFLAG_RD | CTLFLAG_CAPRD,
108     ostype, 0, "Operating system type");
109 
110 SYSCTL_INT(_kern, KERN_MAXPROC, maxproc, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
111     &maxproc, 0, "Maximum number of processes");
112 
113 SYSCTL_INT(_kern, KERN_MAXPROCPERUID, maxprocperuid, CTLFLAG_RW,
114     &maxprocperuid, 0, "Maximum processes allowed per userid");
115 
116 SYSCTL_INT(_kern, OID_AUTO, maxusers, CTLFLAG_RDTUN | CTLFLAG_NOFETCH,
117     &maxusers, 0, "Hint for kernel tuning");
118 
119 SYSCTL_INT(_kern, KERN_ARGMAX, argmax, CTLFLAG_RD|CTLFLAG_CAPRD,
120     SYSCTL_NULL_INT_PTR, ARG_MAX, "Maximum bytes of argument to execve(2)");
121 
122 SYSCTL_INT(_kern, KERN_POSIX1, posix1version, CTLFLAG_RD|CTLFLAG_CAPRD,
123     SYSCTL_NULL_INT_PTR, _POSIX_VERSION, "Version of POSIX attempting to comply to");
124 
125 SYSCTL_INT(_kern, KERN_NGROUPS, ngroups, CTLFLAG_RDTUN |
126     CTLFLAG_NOFETCH | CTLFLAG_CAPRD, &ngroups_max, 0,
127     "Maximum number of supplemental groups a user can belong to");
128 
129 SYSCTL_INT(_kern, KERN_JOB_CONTROL, job_control, CTLFLAG_RD|CTLFLAG_CAPRD,
130     SYSCTL_NULL_INT_PTR, 1, "Whether job control is available");
131 
132 #ifdef _POSIX_SAVED_IDS
133 SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD|CTLFLAG_CAPRD,
134     SYSCTL_NULL_INT_PTR, 1, "Whether saved set-group/user ID is available");
135 #else
136 SYSCTL_INT(_kern, KERN_SAVED_IDS, saved_ids, CTLFLAG_RD|CTLFLAG_CAPRD,
137     SYSCTL_NULL_INT_PTR, 0, "Whether saved set-group/user ID is available");
138 #endif
139 
140 char kernelname[MAXPATHLEN] = PATH_KERNEL;	/* XXX bloat */
141 
142 SYSCTL_STRING(_kern, KERN_BOOTFILE, bootfile, CTLFLAG_RW,
143     kernelname, sizeof kernelname, "Name of kernel file booted");
144 
145 #ifdef COMPAT_FREEBSD12
146 static int
147 sysctl_maxphys(SYSCTL_HANDLER_ARGS)
148 {
149 	u_long lvalue;
150 	int ivalue;
151 
152 	lvalue = maxphys;
153 	if (sizeof(int) == sizeof(u_long) || req->oldlen >= sizeof(u_long))
154 		return (sysctl_handle_long(oidp, &lvalue, 0, req));
155 	if (lvalue > INT_MAX)
156 		return (sysctl_handle_long(oidp, &lvalue, 0, req));
157 	ivalue = lvalue;
158 	return (sysctl_handle_int(oidp, &ivalue, 0, req));
159 }
160 SYSCTL_PROC(_kern, KERN_MAXPHYS, maxphys, CTLTYPE_LONG | CTLFLAG_RDTUN |
161     CTLFLAG_NOFETCH | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
162     NULL, 0, sysctl_maxphys, "UL", "Maximum block I/O access size");
163 #else
164 SYSCTL_ULONG(_kern, KERN_MAXPHYS, maxphys,
165     CTLFLAG_RDTUN | CTLFLAG_NOFETCH | CTLFLAG_CAPRD,
166     &maxphys, 0, "Maximum block I/O access size");
167 #endif
168 
169 SYSCTL_INT(_hw, HW_NCPU, ncpu, CTLFLAG_RD|CTLFLAG_CAPRD,
170     &mp_ncpus, 0, "Number of active CPUs");
171 
172 SYSCTL_INT(_hw, HW_BYTEORDER, byteorder, CTLFLAG_RD|CTLFLAG_CAPRD,
173     SYSCTL_NULL_INT_PTR, BYTE_ORDER, "System byte order");
174 
175 SYSCTL_INT(_hw, HW_PAGESIZE, pagesize, CTLFLAG_RD|CTLFLAG_CAPRD,
176     SYSCTL_NULL_INT_PTR, PAGE_SIZE, "System memory page size");
177 
178 static int
179 sysctl_kern_arnd(SYSCTL_HANDLER_ARGS)
180 {
181 	char buf[256];
182 	size_t len;
183 
184 	len = MIN(req->oldlen, sizeof(buf));
185 	read_random(buf, len);
186 	return (SYSCTL_OUT(req, buf, len));
187 }
188 
189 SYSCTL_PROC(_kern, KERN_ARND, arandom,
190     CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_CAPRD, NULL, 0,
191     sysctl_kern_arnd, "", "arc4rand");
192 
193 static int
194 sysctl_hw_physmem(SYSCTL_HANDLER_ARGS)
195 {
196 	u_long val, p;
197 
198 	p = SIZE_T_MAX >> PAGE_SHIFT;
199 	if (physmem < p)
200 		p = physmem;
201 	val = ctob(p);
202 	return (sysctl_handle_long(oidp, &val, 0, req));
203 }
204 SYSCTL_PROC(_hw, HW_PHYSMEM, physmem,
205     CTLTYPE_ULONG | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
206     sysctl_hw_physmem, "LU",
207     "Amount of physical memory (in bytes)");
208 
209 static int
210 sysctl_hw_realmem(SYSCTL_HANDLER_ARGS)
211 {
212 	u_long val, p;
213 
214 	p = SIZE_T_MAX >> PAGE_SHIFT;
215 	if (realmem < p)
216 		p = realmem;
217 	val = ctob(p);
218 	return (sysctl_handle_long(oidp, &val, 0, req));
219 }
220 SYSCTL_PROC(_hw, HW_REALMEM, realmem,
221     CTLTYPE_ULONG | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
222     sysctl_hw_realmem, "LU",
223     "Amount of memory (in bytes) reported by the firmware");
224 
225 static int
226 sysctl_hw_usermem(SYSCTL_HANDLER_ARGS)
227 {
228 	u_long val, p, p1;
229 
230 	p1 = physmem - vm_wire_count();
231 	p = SIZE_T_MAX >> PAGE_SHIFT;
232 	if (p1 < p)
233 		p = p1;
234 	val = ctob(p);
235 	return (sysctl_handle_long(oidp, &val, 0, req));
236 }
237 SYSCTL_PROC(_hw, HW_USERMEM, usermem,
238     CTLTYPE_ULONG | CTLFLAG_RD | CTLFLAG_MPSAFE, 0, 0,
239     sysctl_hw_usermem, "LU",
240     "Amount of memory (in bytes) which is not wired");
241 
242 SYSCTL_LONG(_hw, OID_AUTO, availpages, CTLFLAG_RD, &physmem, 0,
243     "Amount of physical memory (in pages)");
244 
245 u_long pagesizes[MAXPAGESIZES] = { PAGE_SIZE };
246 
247 static int
248 sysctl_hw_pagesizes(SYSCTL_HANDLER_ARGS)
249 {
250 	int error;
251 	size_t len;
252 #ifdef SCTL_MASK32
253 	int i;
254 	uint32_t pagesizes32[MAXPAGESIZES];
255 
256 	if (req->flags & SCTL_MASK32) {
257 		/*
258 		 * Recreate the "pagesizes" array with 32-bit elements.
259 		 * Truncate any page size greater than UINT32_MAX to zero,
260 		 * which assumes that page sizes are powers of two.
261 		 */
262 		for (i = 0; i < MAXPAGESIZES; i++)
263 			pagesizes32[i] = (uint32_t)pagesizes[i];
264 
265 		len = sizeof(pagesizes32);
266 		if (len > req->oldlen && req->oldptr != NULL)
267 			len = req->oldlen;
268 		error = SYSCTL_OUT(req, pagesizes32, len);
269 	} else
270 #endif
271 	{
272 		len = sizeof(pagesizes);
273 		if (len > req->oldlen && req->oldptr != NULL)
274 			len = req->oldlen;
275 		error = SYSCTL_OUT(req, pagesizes, len);
276 	}
277 	return (error);
278 }
279 SYSCTL_PROC(_hw, OID_AUTO, pagesizes,
280     CTLTYPE_OPAQUE | CTLFLAG_RD | CTLFLAG_MPSAFE, NULL, 0,
281     sysctl_hw_pagesizes, "S,pagesizes",
282     "Supported page sizes");
283 
284 int adaptive_machine_arch = 1;
285 SYSCTL_INT(_debug, OID_AUTO, adaptive_machine_arch, CTLFLAG_RW,
286     &adaptive_machine_arch, 1,
287     "Adapt reported machine architecture to the ABI of the binary");
288 
289 static const char *
290 proc_machine_arch(struct proc *p)
291 {
292 
293 	if (p->p_sysent->sv_machine_arch != NULL)
294 		return (p->p_sysent->sv_machine_arch(p));
295 #ifdef COMPAT_FREEBSD32
296 	if (SV_PROC_FLAG(p, SV_ILP32))
297 		return (MACHINE_ARCH32);
298 #endif
299 	return (MACHINE_ARCH);
300 }
301 
302 static int
303 sysctl_hw_machine_arch(SYSCTL_HANDLER_ARGS)
304 {
305 	const char *machine_arch;
306 
307 	if (adaptive_machine_arch)
308 		machine_arch = proc_machine_arch(curproc);
309 	else
310 		machine_arch = MACHINE_ARCH;
311 	return (SYSCTL_OUT(req, machine_arch, strlen(machine_arch) + 1));
312 }
313 SYSCTL_PROC(_hw, HW_MACHINE_ARCH, machine_arch, CTLTYPE_STRING | CTLFLAG_RD |
314     CTLFLAG_CAPRD | CTLFLAG_MPSAFE, NULL, 0, sysctl_hw_machine_arch, "A",
315     "System architecture");
316 
317 #ifdef COMPAT_FREEBSD32
318 #include <compat/freebsd32/freebsd32_util.h>
319 #endif
320 
321 static int
322 sysctl_kern_supported_archs(SYSCTL_HANDLER_ARGS)
323 {
324 	const char *supported_archs;
325 
326 	supported_archs =
327 #ifdef COMPAT_FREEBSD32
328 	    compat_freebsd_32bit ? MACHINE_ARCH " " MACHINE_ARCH32 :
329 #endif
330 	    MACHINE_ARCH;
331 	return (SYSCTL_OUT(req, supported_archs, strlen(supported_archs) + 1));
332 }
333 SYSCTL_PROC(_kern, OID_AUTO, supported_archs, CTLFLAG_RD | CTLFLAG_MPSAFE |
334     CTLFLAG_CAPRD | CTLTYPE_STRING, NULL, 0, sysctl_kern_supported_archs, "A",
335     "Supported architectures for binaries");
336 
337 static int
338 sysctl_hostname(SYSCTL_HANDLER_ARGS)
339 {
340 	struct prison *pr, *cpr;
341 	size_t pr_offset;
342 	char tmpname[MAXHOSTNAMELEN];
343 	int descend, error, len;
344 
345 	/*
346 	 * This function can set: hostname domainname hostuuid.
347 	 * Keep that in mind when comments say "hostname".
348 	 */
349 	pr_offset = (size_t)arg1;
350 	len = arg2;
351 	KASSERT(len <= sizeof(tmpname),
352 	    ("length %d too long for %s", len, __func__));
353 
354 	/*
355 	 * Make a local copy of hostname to get/set so we don't have to hold
356 	 * the jail mutex during the sysctl copyin/copyout activities.
357 	 */
358 	pr = req->td->td_ucred->cr_prison;
359 	mtx_lock(&pr->pr_mtx);
360 	bcopy((char *)pr + pr_offset, tmpname, len);
361 	mtx_unlock(&pr->pr_mtx);
362 
363 	error = sysctl_handle_string(oidp, tmpname, len, req);
364 	if (error != 0 || req->newptr == NULL)
365 		return (error);
366 
367 	/*
368 	 * Copy the locally set hostname to all jails that share
369 	 * this host info.
370 	 */
371 	sx_slock(&allprison_lock);
372 	if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME))
373 		error = EPERM;
374 	else {
375 		while (!(pr->pr_flags & PR_HOST))
376 			pr = pr->pr_parent;
377 		mtx_lock(&pr->pr_mtx);
378 		bcopy(tmpname, (char *)pr + pr_offset, len);
379 		FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
380 			if (cpr->pr_flags & PR_HOST)
381 				descend = 0;
382 			else
383 				bcopy(tmpname, (char *)cpr + pr_offset, len);
384 		mtx_unlock(&pr->pr_mtx);
385 	}
386 	sx_sunlock(&allprison_lock);
387 	return (error);
388 }
389 
390 SYSCTL_PROC(_kern, KERN_HOSTNAME, hostname,
391     CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
392     (void *)(offsetof(struct prison, pr_hostname)), MAXHOSTNAMELEN,
393     sysctl_hostname, "A", "Hostname");
394 SYSCTL_PROC(_kern, KERN_NISDOMAINNAME, domainname,
395     CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
396     (void *)(offsetof(struct prison, pr_domainname)), MAXHOSTNAMELEN,
397     sysctl_hostname, "A", "Name of the current YP/NIS domain");
398 SYSCTL_PROC(_kern, KERN_HOSTUUID, hostuuid,
399     CTLTYPE_STRING | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_CAPRD | CTLFLAG_MPSAFE,
400     (void *)(offsetof(struct prison, pr_hostuuid)), HOSTUUIDLEN,
401     sysctl_hostname, "A", "Host UUID");
402 
403 static int	regression_securelevel_nonmonotonic = 0;
404 
405 #ifdef REGRESSION
406 SYSCTL_INT(_regression, OID_AUTO, securelevel_nonmonotonic, CTLFLAG_RW,
407     &regression_securelevel_nonmonotonic, 0, "securelevel may be lowered");
408 #endif
409 
410 static int
411 sysctl_kern_securelvl(SYSCTL_HANDLER_ARGS)
412 {
413 	struct prison *pr, *cpr;
414 	int descend, error, level;
415 
416 	pr = req->td->td_ucred->cr_prison;
417 
418 	/*
419 	 * Reading the securelevel is easy, since the current jail's level
420 	 * is known to be at least as secure as any higher levels.  Perform
421 	 * a lockless read since the securelevel is an integer.
422 	 */
423 	level = pr->pr_securelevel;
424 	error = sysctl_handle_int(oidp, &level, 0, req);
425 	if (error || !req->newptr)
426 		return (error);
427 	/* Permit update only if the new securelevel exceeds the old. */
428 	sx_slock(&allprison_lock);
429 	mtx_lock(&pr->pr_mtx);
430 	if (!regression_securelevel_nonmonotonic &&
431 	    level < pr->pr_securelevel) {
432 		mtx_unlock(&pr->pr_mtx);
433 		sx_sunlock(&allprison_lock);
434 		return (EPERM);
435 	}
436 	pr->pr_securelevel = level;
437 	/*
438 	 * Set all child jails to be at least this level, but do not lower
439 	 * them (even if regression_securelevel_nonmonotonic).
440 	 */
441 	FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend) {
442 		if (cpr->pr_securelevel < level)
443 			cpr->pr_securelevel = level;
444 	}
445 	mtx_unlock(&pr->pr_mtx);
446 	sx_sunlock(&allprison_lock);
447 	return (error);
448 }
449 
450 SYSCTL_PROC(_kern, KERN_SECURELVL, securelevel,
451     CTLTYPE_INT | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE, 0, 0,
452     sysctl_kern_securelvl, "I",
453     "Current secure level");
454 
455 #ifdef INCLUDE_CONFIG_FILE
456 /* Actual kernel configuration options. */
457 extern char kernconfstring[];
458 
459 SYSCTL_STRING(_kern, OID_AUTO, conftxt, CTLFLAG_RD,
460     kernconfstring, 0, "Kernel configuration file");
461 #endif
462 
463 static int
464 sysctl_hostid(SYSCTL_HANDLER_ARGS)
465 {
466 	struct prison *pr, *cpr;
467 	u_long tmpid;
468 	int descend, error;
469 
470 	/*
471 	 * Like sysctl_hostname, except it operates on a u_long
472 	 * instead of a string, and is used only for hostid.
473 	 */
474 	pr = req->td->td_ucred->cr_prison;
475 	mtx_lock(&pr->pr_mtx);
476 	tmpid = pr->pr_hostid;
477 	mtx_unlock(&pr->pr_mtx);
478 
479 	error = sysctl_handle_long(oidp, &tmpid, 0, req);
480 	if (error != 0 || req->newptr == NULL)
481 		return (error);
482 
483 	sx_slock(&allprison_lock);
484 	if (!(pr->pr_allow & PR_ALLOW_SET_HOSTNAME))
485 		error = EPERM;
486 	else {
487 		while (!(pr->pr_flags & PR_HOST))
488 			pr = pr->pr_parent;
489 		mtx_lock(&pr->pr_mtx);
490 		pr->pr_hostid = tmpid;
491 		FOREACH_PRISON_DESCENDANT_LOCKED(pr, cpr, descend)
492 			if (cpr->pr_flags & PR_HOST)
493 				descend = 0;
494 			else
495 				cpr->pr_hostid = tmpid;
496 		mtx_unlock(&pr->pr_mtx);
497 	}
498 	sx_sunlock(&allprison_lock);
499 	return (error);
500 }
501 
502 SYSCTL_PROC(_kern, KERN_HOSTID, hostid,
503     CTLTYPE_ULONG | CTLFLAG_RW | CTLFLAG_PRISON | CTLFLAG_MPSAFE | CTLFLAG_CAPRD,
504     NULL, 0, sysctl_hostid, "LU", "Host ID");
505 
506 static struct mtx bootid_lk;
507 MTX_SYSINIT(bootid_lock, &bootid_lk, "bootid generator lock", MTX_DEF);
508 
509 static int
510 sysctl_bootid(SYSCTL_HANDLER_ARGS)
511 {
512 	static uint8_t boot_id[16];
513 	static bool initialized = false;
514 
515 	mtx_lock(&bootid_lk);
516 	if (!initialized) {
517 		if (!is_random_seeded()) {
518 			mtx_unlock(&bootid_lk);
519 			return (ENXIO);
520 		}
521 		arc4random_buf(boot_id, sizeof(boot_id));
522 		initialized = true;
523 	}
524 	mtx_unlock(&bootid_lk);
525 
526 	return (SYSCTL_OUT(req, boot_id, sizeof(boot_id)));
527 }
528 SYSCTL_PROC(_kern, OID_AUTO, boot_id,
529     CTLTYPE_STRUCT | CTLFLAG_RD | CTLFLAG_MPSAFE | CTLFLAG_CAPRD,
530     NULL, 0, sysctl_bootid, "", "Random boot ID");
531 
532 /*
533  * The osrelease string is copied from the global (osrelease in vers.c) into
534  * prison0 by a sysinit and is inherited by child jails if not changed at jail
535  * creation, so we always return the copy from the current prison data.
536  */
537 static int
538 sysctl_osrelease(SYSCTL_HANDLER_ARGS)
539 {
540 	struct prison *pr;
541 
542 	pr = req->td->td_ucred->cr_prison;
543 	return (SYSCTL_OUT(req, pr->pr_osrelease, strlen(pr->pr_osrelease) + 1));
544 
545 }
546 
547 SYSCTL_PROC(_kern, KERN_OSRELEASE, osrelease,
548     CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
549     NULL, 0, sysctl_osrelease, "A", "Operating system release");
550 
551 /*
552  * The osreldate number is copied from the global (osreldate in vers.c) into
553  * prison0 by a sysinit and is inherited by child jails if not changed at jail
554  * creation, so we always return the value from the current prison data.
555  */
556 static int
557 sysctl_osreldate(SYSCTL_HANDLER_ARGS)
558 {
559 	struct prison *pr;
560 
561 	pr = req->td->td_ucred->cr_prison;
562 	return (SYSCTL_OUT(req, &pr->pr_osreldate, sizeof(pr->pr_osreldate)));
563 
564 }
565 
566 /*
567  * NOTICE: The *userland* release date is available in
568  * /usr/include/osreldate.h
569  */
570 SYSCTL_PROC(_kern, KERN_OSRELDATE, osreldate,
571     CTLTYPE_INT | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
572     NULL, 0, sysctl_osreldate, "I", "Kernel release date");
573 
574 /*
575  * The build-id is copied from the ELF section .note.gnu.build-id.  The linker
576  * script defines two variables to expose the beginning and end.  LLVM
577  * currently uses a SHA-1 hash, but other formats can be supported by checking
578  * the length of the section.
579  */
580 
581 extern char __build_id_start[];
582 extern char __build_id_end[];
583 
584 #define	BUILD_ID_HEADER_LEN	0x10
585 #define	BUILD_ID_HASH_MAXLEN	0x14
586 
587 static int
588 sysctl_build_id(SYSCTL_HANDLER_ARGS)
589 {
590 	uintptr_t sectionlen = (uintptr_t)(__build_id_end - __build_id_start);
591 	int hashlen;
592 	char buf[2*BUILD_ID_HASH_MAXLEN+1];
593 
594 	/*
595 	 * The ELF note section has a four byte length for the vendor name,
596 	 * four byte length for the value, and a four byte vendor specific
597 	 * type.  The name for the build id is "GNU\0".  We skip the first 16
598 	 * bytes to read the build hash.  We will return the remaining bytes up
599 	 * to 20 (SHA-1) hash size.  If the hash happens to be a custom number
600 	 * of bytes we will pad the value with zeros, as the section should be
601 	 * four byte aligned.
602 	 */
603 	if (sectionlen <= BUILD_ID_HEADER_LEN ||
604 	    sectionlen > (BUILD_ID_HEADER_LEN + BUILD_ID_HASH_MAXLEN)) {
605 		return (ENOENT);
606 	}
607 
608 	hashlen = sectionlen - BUILD_ID_HEADER_LEN;
609 	for (int i = 0; i < hashlen; i++) {
610 		uint8_t c = __build_id_start[i+BUILD_ID_HEADER_LEN];
611 		snprintf(&buf[2*i], 3, "%02x", c);
612 	}
613 
614 	return (SYSCTL_OUT(req, buf, strlen(buf) + 1));
615 }
616 
617 SYSCTL_PROC(_kern, OID_AUTO, build_id,
618     CTLTYPE_STRING | CTLFLAG_CAPRD | CTLFLAG_RD | CTLFLAG_MPSAFE,
619     NULL, 0, sysctl_build_id, "A", "Operating system build-id");
620 
621 SYSCTL_NODE(_kern, OID_AUTO, features, CTLFLAG_RD | CTLFLAG_MPSAFE, 0,
622     "Kernel Features");
623 
624 #ifdef COMPAT_FREEBSD4
625 FEATURE(compat_freebsd4, "Compatible with FreeBSD 4");
626 #endif
627 
628 #ifdef COMPAT_FREEBSD5
629 FEATURE(compat_freebsd5, "Compatible with FreeBSD 5");
630 #endif
631 
632 #ifdef COMPAT_FREEBSD6
633 FEATURE(compat_freebsd6, "Compatible with FreeBSD 6");
634 #endif
635 
636 #ifdef COMPAT_FREEBSD7
637 FEATURE(compat_freebsd7, "Compatible with FreeBSD 7");
638 #endif
639 
640 #ifdef COMPAT_FREEBSD8
641 FEATURE(compat_freebsd8, "Compatible with FreeBSD 8");
642 #endif
643 
644 #ifdef COMPAT_FREEBSD9
645 FEATURE(compat_freebsd9, "Compatible with FreeBSD 9");
646 #endif
647 
648 #ifdef COMPAT_FREEBSD10
649 FEATURE(compat_freebsd10, "Compatible with FreeBSD 10");
650 #endif
651 
652 #ifdef COMPAT_FREEBSD11
653 FEATURE(compat_freebsd11, "Compatible with FreeBSD 11");
654 #endif
655 
656 #ifdef COMPAT_FREEBSD12
657 FEATURE(compat_freebsd12, "Compatible with FreeBSD 12");
658 #endif
659 
660 #ifdef COMPAT_FREEBSD13
661 FEATURE(compat_freebsd13, "Compatible with FreeBSD 13");
662 #endif
663 
664 #ifdef COMPAT_FREEBSD14
665 FEATURE(compat_freebsd14, "Compatible with FreeBSD 14");
666 #endif
667 
668 /*
669  * This is really cheating.  These actually live in the libc, something
670  * which I'm not quite sure is a good idea anyway, but in order for
671  * getnext and friends to actually work, we define dummies here.
672  *
673  * XXXRW: These probably should be CTLFLAG_CAPRD.
674  */
675 SYSCTL_STRING(_user, USER_CS_PATH, cs_path, CTLFLAG_RD,
676     "", 0, "PATH that finds all the standard utilities");
677 SYSCTL_INT(_user, USER_BC_BASE_MAX, bc_base_max, CTLFLAG_RD,
678     SYSCTL_NULL_INT_PTR, 0, "Max ibase/obase values in bc(1)");
679 SYSCTL_INT(_user, USER_BC_DIM_MAX, bc_dim_max, CTLFLAG_RD,
680     SYSCTL_NULL_INT_PTR, 0, "Max array size in bc(1)");
681 SYSCTL_INT(_user, USER_BC_SCALE_MAX, bc_scale_max, CTLFLAG_RD,
682     SYSCTL_NULL_INT_PTR, 0, "Max scale value in bc(1)");
683 SYSCTL_INT(_user, USER_BC_STRING_MAX, bc_string_max, CTLFLAG_RD,
684     SYSCTL_NULL_INT_PTR, 0, "Max string length in bc(1)");
685 SYSCTL_INT(_user, USER_COLL_WEIGHTS_MAX, coll_weights_max, CTLFLAG_RD,
686     SYSCTL_NULL_INT_PTR, 0, "Maximum number of weights assigned to an LC_COLLATE locale entry");
687 SYSCTL_INT(_user, USER_EXPR_NEST_MAX, expr_nest_max, CTLFLAG_RD,
688     SYSCTL_NULL_INT_PTR, 0, "");
689 SYSCTL_INT(_user, USER_LINE_MAX, line_max, CTLFLAG_RD,
690     SYSCTL_NULL_INT_PTR, 0, "Max length (bytes) of a text-processing utility's input line");
691 SYSCTL_INT(_user, USER_RE_DUP_MAX, re_dup_max, CTLFLAG_RD,
692     SYSCTL_NULL_INT_PTR, 0, "Maximum number of repeats of a regexp permitted");
693 SYSCTL_INT(_user, USER_POSIX2_VERSION, posix2_version, CTLFLAG_RD,
694     SYSCTL_NULL_INT_PTR, 0,
695     "The version of POSIX 1003.2 with which the system attempts to comply");
696 SYSCTL_INT(_user, USER_POSIX2_C_BIND, posix2_c_bind, CTLFLAG_RD,
697     SYSCTL_NULL_INT_PTR, 0, "Whether C development supports the C bindings option");
698 SYSCTL_INT(_user, USER_POSIX2_C_DEV, posix2_c_dev, CTLFLAG_RD,
699     SYSCTL_NULL_INT_PTR, 0, "Whether system supports the C development utilities option");
700 SYSCTL_INT(_user, USER_POSIX2_CHAR_TERM, posix2_char_term, CTLFLAG_RD,
701     SYSCTL_NULL_INT_PTR, 0, "");
702 SYSCTL_INT(_user, USER_POSIX2_FORT_DEV, posix2_fort_dev, CTLFLAG_RD,
703     SYSCTL_NULL_INT_PTR, 0, "Whether system supports FORTRAN development utilities");
704 SYSCTL_INT(_user, USER_POSIX2_FORT_RUN, posix2_fort_run, CTLFLAG_RD,
705     SYSCTL_NULL_INT_PTR, 0, "Whether system supports FORTRAN runtime utilities");
706 SYSCTL_INT(_user, USER_POSIX2_LOCALEDEF, posix2_localedef, CTLFLAG_RD,
707     SYSCTL_NULL_INT_PTR, 0, "Whether system supports creation of locales");
708 SYSCTL_INT(_user, USER_POSIX2_SW_DEV, posix2_sw_dev, CTLFLAG_RD,
709     SYSCTL_NULL_INT_PTR, 0, "Whether system supports software development utilities");
710 SYSCTL_INT(_user, USER_POSIX2_UPE, posix2_upe, CTLFLAG_RD,
711     SYSCTL_NULL_INT_PTR, 0, "Whether system supports the user portability utilities");
712 SYSCTL_INT(_user, USER_STREAM_MAX, stream_max, CTLFLAG_RD,
713     SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of streams a process may have open at one time");
714 SYSCTL_INT(_user, USER_TZNAME_MAX, tzname_max, CTLFLAG_RD,
715     SYSCTL_NULL_INT_PTR, 0, "Min Maximum number of types supported for timezone names");
716 
717 static char localbase[MAXPATHLEN] = "";
718 
719 SYSCTL_STRING(_user, USER_LOCALBASE, localbase, CTLFLAG_RWTUN,
720     localbase, sizeof(localbase), "Prefix used to install and locate add-on packages");
721 
722 #include <sys/vnode.h>
723 SYSCTL_INT(_debug_sizeof, OID_AUTO, vnode, CTLFLAG_RD,
724     SYSCTL_NULL_INT_PTR, sizeof(struct vnode), "sizeof(struct vnode)");
725 
726 SYSCTL_INT(_debug_sizeof, OID_AUTO, proc, CTLFLAG_RD,
727     SYSCTL_NULL_INT_PTR, sizeof(struct proc), "sizeof(struct proc)");
728 
729 static int
730 sysctl_kern_pid_max(SYSCTL_HANDLER_ARGS)
731 {
732 	int error, pm;
733 
734 	pm = pid_max;
735 	error = sysctl_handle_int(oidp, &pm, 0, req);
736 	if (error || !req->newptr)
737 		return (error);
738 	sx_xlock(&proctree_lock);
739 	sx_xlock(&allproc_lock);
740 
741 	/*
742 	 * Only permit the values less then PID_MAX.
743 	 * As a safety measure, do not allow to limit the pid_max too much.
744 	 */
745 	if (pm < 300 || pm > PID_MAX)
746 		error = EINVAL;
747 	else
748 		pid_max = pm;
749 	sx_xunlock(&allproc_lock);
750 	sx_xunlock(&proctree_lock);
751 	return (error);
752 }
753 SYSCTL_PROC(_kern, OID_AUTO, pid_max, CTLTYPE_INT |
754     CTLFLAG_RWTUN | CTLFLAG_NOFETCH | CTLFLAG_MPSAFE,
755     0, 0, sysctl_kern_pid_max, "I", "Maximum allowed pid");
756 
757 SYSCTL_INT(_kern, OID_AUTO, pid_max_limit, CTLFLAG_RD,
758     SYSCTL_NULL_INT_PTR, PID_MAX,
759     "Maximum allowed pid (kern.pid_max) top limit");
760 
761 #include <sys/bio.h>
762 #include <sys/buf.h>
763 SYSCTL_INT(_debug_sizeof, OID_AUTO, bio, CTLFLAG_RD,
764     SYSCTL_NULL_INT_PTR, sizeof(struct bio), "sizeof(struct bio)");
765 SYSCTL_INT(_debug_sizeof, OID_AUTO, buf, CTLFLAG_RD,
766     SYSCTL_NULL_INT_PTR, sizeof(struct buf), "sizeof(struct buf)");
767 
768 #include <sys/user.h>
769 SYSCTL_INT(_debug_sizeof, OID_AUTO, kinfo_proc, CTLFLAG_RD,
770     SYSCTL_NULL_INT_PTR, sizeof(struct kinfo_proc), "sizeof(struct kinfo_proc)");
771 
772 /* Used by kernel debuggers. */
773 const int pcb_size = sizeof(struct pcb);
774 SYSCTL_INT(_debug_sizeof, OID_AUTO, pcb, CTLFLAG_RD,
775     SYSCTL_NULL_INT_PTR, sizeof(struct pcb), "sizeof(struct pcb)");
776 
777 /* XXX compatibility, remove for 6.0 */
778 #include <sys/imgact.h>
779 #include <sys/imgact_elf.h>
780 SYSCTL_INT(_kern, OID_AUTO, fallback_elf_brand, CTLFLAG_RW,
781     &__elfN(fallback_brand), sizeof(__elfN(fallback_brand)),
782     "compatibility for kern.fallback_elf_brand");
783