/*
* Check if the minor is correct and ensure necessary structures
* are properly allocated.
*/
int
check_pty(int minor)
{
struct pt_softc *pti;
rw_enter_write(&pt_softc_lock);
if (minor >= npty) {
struct pt_softc **newpt;
int newnpty;
/* check if the requested pty can be granted */
if (minor >= maxptys)
goto limit_reached;
/* grow pty array by powers of two, up to maxptys */
for (newnpty = npty; newnpty <= minor; newnpty *= 2)
;
if (newnpty > maxptys)
newnpty = maxptys;
newpt = ptyarralloc(newnpty);
if (maxptys == npty) {
goto limit_reached;
}
memcpy(newpt, pt_softc, npty * sizeof(struct pt_softc *));
free(pt_softc, M_DEVBUF);
pt_softc = newpt;
npty = newnpty;
}
/*
* If the entry is not yet allocated, allocate one.
*/
if (!pt_softc[minor]) {
pti = malloc(sizeof(struct pt_softc), M_DEVBUF,
M_WAITOK|M_ZERO);
pti->pt_tty = ttymalloc();
ptydevname(minor, pti);
pt_softc[minor] = pti;
}
rw_exit_write(&pt_softc_lock);
return (0);
limit_reached:
rw_exit_write(&pt_softc_lock);
tablefull("pty");
return (ENXIO);
}
/*
* fork1
*
* Description: common code used by all new process creation other than the
* bootstrap of the initial process on the system
*
* Parameters: parent_proc parent process of the process being
* child_threadp pointer to location to receive the
* Mach thread_t of the child process
* breated
* kind kind of creation being requested
*
* Notes: Permissable values for 'kind':
*
* PROC_CREATE_FORK Create a complete process which will
* return actively running in both the
* parent and the child; the child copies
* the parent address space.
* PROC_CREATE_SPAWN Create a complete process which will
* return actively running in the parent
* only after returning actively running
* in the child; the child address space
* is newly created by an image activator,
* after which the child is run.
* PROC_CREATE_VFORK Creates a partial process which will
* borrow the parent task, thread, and
* uthread to return running in the child;
* the child address space and other parts
* are lazily created at execve() time, or
* the child is terminated, and the parent
* does not actively run until that
* happens.
*
* At first it may seem strange that we return the child thread
* address rather than process structure, since the process is
* the only part guaranteed to be "new"; however, since we do
* not actualy adjust other references between Mach and BSD (see
* the block diagram above the implementation of vfork()), this
* is the only method which guarantees us the ability to get
* back to the other information.
*/
int
fork1(proc_t parent_proc, thread_t *child_threadp, int kind)
{
thread_t parent_thread = (thread_t)current_thread();
uthread_t parent_uthread = (uthread_t)get_bsdthread_info(parent_thread);
proc_t child_proc = NULL; /* set in switch, but compiler... */
thread_t child_thread = NULL;
uid_t uid;
int count;
int err = 0;
int spawn = 0;
/*
* Although process entries are dynamically created, we still keep
* a global limit on the maximum number we will create. Don't allow
* a nonprivileged user to use the last process; don't let root
* exceed the limit. The variable nprocs is the current number of
* processes, maxproc is the limit.
*/
uid = kauth_cred_get()->cr_ruid;
proc_list_lock();
if ((nprocs >= maxproc - 1 && uid != 0) || nprocs >= maxproc) {
proc_list_unlock();
tablefull("proc");
return (EAGAIN);
}
proc_list_unlock();
/*
* Increment the count of procs running with this uid. Don't allow
* a nonprivileged user to exceed their current limit, which is
* always less than what an rlim_t can hold.
* (locking protection is provided by list lock held in chgproccnt)
*/
count = chgproccnt(uid, 1);
if (uid != 0 &&
(rlim_t)count > parent_proc->p_rlimit[RLIMIT_NPROC].rlim_cur) {
err = EAGAIN;
goto bad;
}
#if CONFIG_MACF
/*
* Determine if MAC policies applied to the process will allow
* it to fork. This is an advisory-only check.
*/
err = mac_proc_check_fork(parent_proc);
if (err != 0) {
goto bad;
}
#endif
switch(kind) {
case PROC_CREATE_VFORK:
/*
* Prevent a vfork while we are in vfork(); we should
* also likely preventing a fork here as well, and this
* check should then be outside the switch statement,
* since the proc struct contents will copy from the
* child and the tash/thread/uthread from the parent in
* that case. We do not support vfork() in vfork()
* because we don't have to; the same non-requirement
* is true of both fork() and posix_spawn() and any
* call other than execve() amd _exit(), but we've
* been historically lenient, so we continue to be so
* (for now).
*
* <rdar://6640521> Probably a source of random panics
*/
if (parent_uthread->uu_flag & UT_VFORK) {
printf("fork1 called within vfork by %s\n", parent_proc->p_comm);
err = EINVAL;
goto bad;
}
/*
* Flag us in progress; if we chose to support vfork() in
* vfork(), we would chain our parent at this point (in
* effect, a stack push). We don't, since we actually want
* to disallow everything not specified in the standard
*/
proc_vfork_begin(parent_proc);
/* The newly created process comes with signal lock held */
if ((child_proc = forkproc(parent_proc)) == NULL) {
/* Failed to allocate new process */
proc_vfork_end(parent_proc);
err = ENOMEM;
goto bad;
}
// XXX BEGIN: wants to move to be common code (and safe)
#if CONFIG_MACF
/*
* allow policies to associate the credential/label that
* we referenced from the parent ... with the child
* JMM - this really isn't safe, as we can drop that
* association without informing the policy in other
* situations (keep long enough to get policies changed)
*/
mac_cred_label_associate_fork(child_proc->p_ucred, child_proc);
#endif
/*
* Propogate change of PID - may get new cred if auditing.
*
* NOTE: This has no effect in the vfork case, since
* child_proc->task != current_task(), but we duplicate it
* because this is probably, ultimately, wrong, since we
* will be running in the "child" which is the parent task
* with the wrong token until we get to the execve() or
* _exit() call; a lot of "undefined" can happen before
* that.
*
* <rdar://6640530> disallow everything but exeve()/_exit()?
*/
set_security_token(child_proc);
AUDIT_ARG(pid, child_proc->p_pid);
AUDIT_SESSION_PROCNEW(child_proc->p_ucred);
// XXX END: wants to move to be common code (and safe)
/*
* BORROW PARENT TASK, THREAD, UTHREAD FOR CHILD
*
* Note: this is where we would "push" state instead of setting
* it for nested vfork() support (see proc_vfork_end() for
* description if issues here).
*/
child_proc->task = parent_proc->task;
child_proc->p_lflag |= P_LINVFORK;
child_proc->p_vforkact = parent_thread;
child_proc->p_stat = SRUN;
parent_uthread->uu_flag |= UT_VFORK;
parent_uthread->uu_proc = child_proc;
parent_uthread->uu_userstate = (void *)act_thread_csave();
parent_uthread->uu_vforkmask = parent_uthread->uu_sigmask;
/* temporarily drop thread-set-id state */
if (parent_uthread->uu_flag & UT_SETUID) {
parent_uthread->uu_flag |= UT_WASSETUID;
parent_uthread->uu_flag &= ~UT_SETUID;
}
/* blow thread state information */
/* XXX is this actually necessary, given syscall return? */
thread_set_child(parent_thread, child_proc->p_pid);
child_proc->p_acflag = AFORK; /* forked but not exec'ed */
/*
* Preserve synchronization semantics of vfork. If
* waiting for child to exec or exit, set P_PPWAIT
* on child, and sleep on our proc (in case of exit).
*/
child_proc->p_lflag |= P_LPPWAIT;
pinsertchild(parent_proc, child_proc); /* set visible */
break;
case PROC_CREATE_SPAWN:
/*
* A spawned process differs from a forked process in that
* the spawned process does not carry around the parents
* baggage with regard to address space copying, dtrace,
* and so on.
*/
spawn = 1;
/* FALLSTHROUGH */
case PROC_CREATE_FORK:
/*
* When we clone the parent process, we are going to inherit
* its task attributes and memory, since when we fork, we
* will, in effect, create a duplicate of it, with only minor
* differences. Contrarily, spawned processes do not inherit.
*/
if ((child_thread = cloneproc(parent_proc->task, parent_proc, spawn ? FALSE : TRUE)) == NULL) {
/* Failed to create thread */
err = EAGAIN;
goto bad;
}
/* copy current thread state into the child thread (only for fork) */
if (!spawn) {
thread_dup(child_thread);
}
/* child_proc = child_thread->task->proc; */
child_proc = (proc_t)(get_bsdtask_info(get_threadtask(child_thread)));
// XXX BEGIN: wants to move to be common code (and safe)
#if CONFIG_MACF
/*
* allow policies to associate the credential/label that
* we referenced from the parent ... with the child
* JMM - this really isn't safe, as we can drop that
* association without informing the policy in other
* situations (keep long enough to get policies changed)
*/
mac_cred_label_associate_fork(child_proc->p_ucred, child_proc);
#endif
/*
* Propogate change of PID - may get new cred if auditing.
*
* NOTE: This has no effect in the vfork case, since
* child_proc->task != current_task(), but we duplicate it
* because this is probably, ultimately, wrong, since we
* will be running in the "child" which is the parent task
* with the wrong token until we get to the execve() or
* _exit() call; a lot of "undefined" can happen before
* that.
*
* <rdar://6640530> disallow everything but exeve()/_exit()?
*/
set_security_token(child_proc);
AUDIT_ARG(pid, child_proc->p_pid);
AUDIT_SESSION_PROCNEW(child_proc->p_ucred);
// XXX END: wants to move to be common code (and safe)
/*
* Blow thread state information; this is what gives the child
* process its "return" value from a fork() call.
*
* Note: this should probably move to fork() proper, since it
* is not relevent to spawn, and the value won't matter
* until we resume the child there. If you are in here
* refactoring code, consider doing this at the same time.
*/
thread_set_child(child_thread, child_proc->p_pid);
child_proc->p_acflag = AFORK; /* forked but not exec'ed */
// <rdar://6598155> dtrace code cleanup needed
#if CONFIG_DTRACE
/*
* This code applies to new processes who are copying the task
* and thread state and address spaces of their parent process.
*/
if (!spawn) {
// <rdar://6598155> call dtrace specific function here instead of all this...
/*
* APPLE NOTE: Solaris does a sprlock() and drops the
* proc_lock here. We're cheating a bit and only taking
* the p_dtrace_sprlock lock. A full sprlock would
* task_suspend the parent.
*/
lck_mtx_lock(&parent_proc->p_dtrace_sprlock);
/*
* Remove all DTrace tracepoints from the child process. We
* need to do this _before_ duplicating USDT providers since
* any associated probes may be immediately enabled.
*/
if (parent_proc->p_dtrace_count > 0) {
dtrace_fasttrap_fork(parent_proc, child_proc);
}
lck_mtx_unlock(&parent_proc->p_dtrace_sprlock);
/*
* Duplicate any lazy dof(s). This must be done while NOT
* holding the parent sprlock! Lock ordering is
* dtrace_dof_mode_lock, then sprlock. It is imperative we
* always call dtrace_lazy_dofs_duplicate, rather than null
* check and call if !NULL. If we NULL test, during lazy dof
* faulting we can race with the faulting code and proceed
* from here to beyond the helpers copy. The lazy dof
* faulting will then fail to copy the helpers to the child
* process.
*/
dtrace_lazy_dofs_duplicate(parent_proc, child_proc);
/*
* Duplicate any helper actions and providers. The SFORKING
* we set above informs the code to enable USDT probes that
* sprlock() may fail because the child is being forked.
*/
/*
* APPLE NOTE: As best I can tell, Apple's sprlock() equivalent
* never fails to find the child. We do not set SFORKING.
*/
if (parent_proc->p_dtrace_helpers != NULL && dtrace_helpers_fork) {
(*dtrace_helpers_fork)(parent_proc, child_proc);
}
}
#endif /* CONFIG_DTRACE */
break;
default:
panic("fork1 called with unknown kind %d", kind);
break;
}
/* return the thread pointer to the caller */
*child_threadp = child_thread;
bad:
/*
* In the error case, we return a 0 value for the returned pid (but
* it is ignored in the trampoline due to the error return); this
* is probably not necessary.
*/
if (err) {
(void)chgproccnt(uid, -1);
}
return (err);
}
/*
* Obtain a dquot structure for the specified identifier and quota file
* reading the information from the file if necessary.
*/
static int
dqget(struct vnode *vp, u_long id, struct ufsmount *ump, int type,
struct dquot **dqp)
{
uint8_t buf[sizeof(struct dqblk64)];
off_t base, recsize;
struct dquot *dq, *dq1;
struct dqhash *dqh;
struct vnode *dqvp;
struct iovec aiov;
struct uio auio;
int dqvplocked, error;
#ifdef DEBUG_VFS_LOCKS
if (vp != NULLVP)
ASSERT_VOP_ELOCKED(vp, "dqget");
#endif
if (vp != NULLVP && *dqp != NODQUOT) {
return (0);
}
/* XXX: Disallow negative id values to prevent the
* creation of 100GB+ quota data files.
*/
if ((int)id < 0)
return (EINVAL);
UFS_LOCK(ump);
dqvp = ump->um_quotas[type];
if (dqvp == NULLVP || (ump->um_qflags[type] & QTF_CLOSING)) {
*dqp = NODQUOT;
UFS_UNLOCK(ump);
return (EINVAL);
}
vref(dqvp);
UFS_UNLOCK(ump);
error = 0;
dqvplocked = 0;
/*
* Check the cache first.
*/
dqh = DQHASH(dqvp, id);
DQH_LOCK();
dq = dqhashfind(dqh, id, dqvp);
if (dq != NULL) {
DQH_UNLOCK();
hfound:
DQI_LOCK(dq);
DQI_WAIT(dq, PINOD+1, "dqget");
DQI_UNLOCK(dq);
if (dq->dq_ump == NULL) {
dqrele(vp, dq);
dq = NODQUOT;
error = EIO;
}
*dqp = dq;
if (dqvplocked)
vput(dqvp);
else
vrele(dqvp);
return (error);
}
/*
* Quota vnode lock is before DQ_LOCK. Acquire dqvp lock there
* since new dq will appear on the hash chain DQ_LOCKed.
*/
if (vp != dqvp) {
DQH_UNLOCK();
vn_lock(dqvp, LK_SHARED | LK_RETRY);
dqvplocked = 1;
DQH_LOCK();
/*
* Recheck the cache after sleep for quota vnode lock.
*/
dq = dqhashfind(dqh, id, dqvp);
if (dq != NULL) {
DQH_UNLOCK();
goto hfound;
}
}
/*
* Not in cache, allocate a new one or take it from the
* free list.
*/
if (TAILQ_FIRST(&dqfreelist) == NODQUOT &&
numdquot < MAXQUOTAS * desiredvnodes)
desireddquot += DQUOTINC;
if (numdquot < desireddquot) {
numdquot++;
DQH_UNLOCK();
dq1 = malloc(sizeof *dq1, M_DQUOT, M_WAITOK | M_ZERO);
mtx_init(&dq1->dq_lock, "dqlock", NULL, MTX_DEF);
DQH_LOCK();
/*
* Recheck the cache after sleep for memory.
*/
dq = dqhashfind(dqh, id, dqvp);
if (dq != NULL) {
numdquot--;
DQH_UNLOCK();
mtx_destroy(&dq1->dq_lock);
free(dq1, M_DQUOT);
goto hfound;
}
dq = dq1;
} else {
if ((dq = TAILQ_FIRST(&dqfreelist)) == NULL) {
DQH_UNLOCK();
tablefull("dquot");
*dqp = NODQUOT;
if (dqvplocked)
vput(dqvp);
else
vrele(dqvp);
return (EUSERS);
}
if (dq->dq_cnt || (dq->dq_flags & DQ_MOD))
panic("dqget: free dquot isn't %p", dq);
TAILQ_REMOVE(&dqfreelist, dq, dq_freelist);
if (dq->dq_ump != NULL)
LIST_REMOVE(dq, dq_hash);
}
/*
* Dq is put into hash already locked to prevent parallel
* usage while it is being read from file.
*/
dq->dq_flags = DQ_LOCK;
dq->dq_id = id;
dq->dq_type = type;
dq->dq_ump = ump;
LIST_INSERT_HEAD(dqh, dq, dq_hash);
DQREF(dq);
DQH_UNLOCK();
/*
* Read the requested quota record from the quota file, performing
* any necessary conversions.
*/
if (ump->um_qflags[type] & QTF_64BIT) {
recsize = sizeof(struct dqblk64);
base = sizeof(struct dqhdr64);
} else {
recsize = sizeof(struct dqblk32);
base = 0;
}
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
aiov.iov_base = buf;
aiov.iov_len = recsize;
auio.uio_resid = recsize;
auio.uio_offset = base + id * recsize;
auio.uio_segflg = UIO_SYSSPACE;
auio.uio_rw = UIO_READ;
auio.uio_td = (struct thread *)0;
error = VOP_READ(dqvp, &auio, 0, ump->um_cred[type]);
if (auio.uio_resid == recsize && error == 0) {
bzero(&dq->dq_dqb, sizeof(dq->dq_dqb));
} else {
if (ump->um_qflags[type] & QTF_64BIT)
dqb64_dq((struct dqblk64 *)buf, dq);
else
dqb32_dq((struct dqblk32 *)buf, dq);
}
if (dqvplocked)
vput(dqvp);
else
vrele(dqvp);
/*
* I/O error in reading quota file, release
* quota structure and reflect problem to caller.
*/
if (error) {
DQH_LOCK();
dq->dq_ump = NULL;
LIST_REMOVE(dq, dq_hash);
DQH_UNLOCK();
DQI_LOCK(dq);
if (dq->dq_flags & DQ_WANT)
wakeup(dq);
dq->dq_flags = 0;
DQI_UNLOCK(dq);
dqrele(vp, dq);
*dqp = NODQUOT;
return (error);
}
DQI_LOCK(dq);
/*
* Check for no limit to enforce.
* Initialize time values if necessary.
*/
if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
dq->dq_flags |= DQ_FAKE;
if (dq->dq_id != 0) {
if (dq->dq_btime == 0) {
dq->dq_btime = time_second + ump->um_btime[type];
if (dq->dq_bsoftlimit &&
dq->dq_curblocks >= dq->dq_bsoftlimit)
dq->dq_flags |= DQ_MOD;
}
if (dq->dq_itime == 0) {
dq->dq_itime = time_second + ump->um_itime[type];
if (dq->dq_isoftlimit &&
dq->dq_curinodes >= dq->dq_isoftlimit)
dq->dq_flags |= DQ_MOD;
}
}
DQI_WAKEUP(dq);
DQI_UNLOCK(dq);
*dqp = dq;
return (0);
}
/*
* Obtain a dquot structure for the specified identifier and quota file
* reading the information from the file if necessary.
*/
static int
ufs_dqget(struct vnode *vp, u_long id, struct ufsmount *ump, int type,
struct ufs_dquot **dqp)
{
struct ufs_dquot *dq;
struct ufs_dqhash *dqh;
struct vnode *dqvp;
struct iovec aiov;
struct uio auio;
int error;
dqvp = ump->um_quotas[type];
if (dqvp == NULLVP || (ump->um_qflags[type] & QTF_CLOSING)) {
*dqp = NODQUOT;
return (EINVAL);
}
/*
* Check the cache first.
*/
dqh = DQHASH(dqvp, id);
LIST_FOREACH(dq, dqh, dq_hash) {
if (dq->dq_id != id ||
dq->dq_ump->um_quotas[dq->dq_type] != dqvp)
continue;
/*
* Cache hit with no references. Take
* the structure off the free list.
*/
if (dq->dq_cnt == 0)
TAILQ_REMOVE(&ufs_dqfreelist, dq, dq_freelist);
DQREF(dq);
*dqp = dq;
return (0);
}
/*
* Not in cache, allocate a new one.
*/
if (TAILQ_EMPTY(&ufs_dqfreelist) && ufs_numdquot < MAXQUOTAS * desiredvnodes)
ufs_desireddquot += DQUOTINC;
if (ufs_numdquot < ufs_desireddquot) {
dq = (struct ufs_dquot *)
kmalloc(sizeof *dq, M_DQUOT, M_WAITOK | M_ZERO);
ufs_numdquot++;
} else {
if ((dq = TAILQ_FIRST(&ufs_dqfreelist)) == NULL) {
tablefull("dquot");
*dqp = NODQUOT;
return (EUSERS);
}
if (dq->dq_cnt || (dq->dq_flags & DQ_MOD))
panic("dqget: free dquot isn't");
TAILQ_REMOVE(&ufs_dqfreelist, dq, dq_freelist);
if (dq->dq_ump != NULL)
LIST_REMOVE(dq, dq_hash);
}
/*
* Initialize the contents of the dquot structure.
*/
if (vp != dqvp)
vn_lock(dqvp, LK_EXCLUSIVE | LK_RETRY);
LIST_INSERT_HEAD(dqh, dq, dq_hash);
DQREF(dq);
dq->dq_flags = DQ_LOCK;
dq->dq_id = id;
dq->dq_ump = ump;
dq->dq_type = type;
auio.uio_iov = &aiov;
auio.uio_iovcnt = 1;
aiov.iov_base = (caddr_t)&dq->dq_dqb;
aiov.iov_len = sizeof (struct ufs_dqblk);
auio.uio_resid = sizeof (struct ufs_dqblk);
auio.uio_offset = (off_t)(id * sizeof (struct ufs_dqblk));
auio.uio_segflg = UIO_SYSSPACE;
auio.uio_rw = UIO_READ;
auio.uio_td = NULL;
error = VOP_READ(dqvp, &auio, 0, ump->um_cred[type]);
if (auio.uio_resid == sizeof(struct ufs_dqblk) && error == 0)
bzero((caddr_t)&dq->dq_dqb, sizeof(struct ufs_dqblk));
if (vp != dqvp)
vn_unlock(dqvp);
if (dq->dq_flags & DQ_WANT)
wakeup((caddr_t)dq);
dq->dq_flags = 0;
/*
* I/O error in reading quota file, release
* quota structure and reflect problem to caller.
*/
if (error) {
LIST_REMOVE(dq, dq_hash);
ufs_dqrele(vp, dq);
*dqp = NODQUOT;
return (error);
}
/*
* Check for no limit to enforce.
* Initialize time values if necessary.
*/
if (dq->dq_isoftlimit == 0 && dq->dq_bsoftlimit == 0 &&
dq->dq_ihardlimit == 0 && dq->dq_bhardlimit == 0)
dq->dq_flags |= DQ_FAKE;
if (dq->dq_id != 0) {
if (dq->dq_btime == 0)
dq->dq_btime = time_second + ump->um_btime[type];
if (dq->dq_itime == 0)
dq->dq_itime = time_second + ump->um_itime[type];
}
*dqp = dq;
return (0);
}
/*
* General fork call. Note that another LWP in the process may call exec()
* or exit() while we are forking. It's safe to continue here, because
* neither operation will complete until all LWPs have exited the process.
*/
int
fork1(struct lwp *l1, int flags, int exitsig, void *stack, size_t stacksize,
void (*func)(void *), void *arg, register_t *retval,
struct proc **rnewprocp)
{
struct proc *p1, *p2, *parent;
struct plimit *p1_lim;
uid_t uid;
struct lwp *l2;
int count;
vaddr_t uaddr;
int tnprocs;
int tracefork;
int error = 0;
p1 = l1->l_proc;
uid = kauth_cred_getuid(l1->l_cred);
tnprocs = atomic_inc_uint_nv(&nprocs);
/*
* Although process entries are dynamically created, we still keep
* a global limit on the maximum number we will create.
*/
if (__predict_false(tnprocs >= maxproc))
error = -1;
else
error = kauth_authorize_process(l1->l_cred,
KAUTH_PROCESS_FORK, p1, KAUTH_ARG(tnprocs), NULL, NULL);
if (error) {
static struct timeval lasttfm;
atomic_dec_uint(&nprocs);
if (ratecheck(&lasttfm, &fork_tfmrate))
tablefull("proc", "increase kern.maxproc or NPROC");
if (forkfsleep)
kpause("forkmx", false, forkfsleep, NULL);
return EAGAIN;
}
/*
* Enforce limits.
*/
count = chgproccnt(uid, 1);
if (__predict_false(count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur)) {
if (kauth_authorize_process(l1->l_cred, KAUTH_PROCESS_RLIMIT,
p1, KAUTH_ARG(KAUTH_REQ_PROCESS_RLIMIT_BYPASS),
&p1->p_rlimit[RLIMIT_NPROC], KAUTH_ARG(RLIMIT_NPROC)) != 0) {
(void)chgproccnt(uid, -1);
atomic_dec_uint(&nprocs);
if (forkfsleep)
kpause("forkulim", false, forkfsleep, NULL);
return EAGAIN;
}
}
/*
* Allocate virtual address space for the U-area now, while it
* is still easy to abort the fork operation if we're out of
* kernel virtual address space.
*/
uaddr = uvm_uarea_alloc();
if (__predict_false(uaddr == 0)) {
(void)chgproccnt(uid, -1);
atomic_dec_uint(&nprocs);
return ENOMEM;
}
/*
* We are now committed to the fork. From here on, we may
* block on resources, but resource allocation may NOT fail.
*/
/* Allocate new proc. */
p2 = proc_alloc();
/*
* Make a proc table entry for the new process.
* Start by zeroing the section of proc that is zero-initialized,
* then copy the section that is copied directly from the parent.
*/
memset(&p2->p_startzero, 0,
(unsigned) ((char *)&p2->p_endzero - (char *)&p2->p_startzero));
memcpy(&p2->p_startcopy, &p1->p_startcopy,
(unsigned) ((char *)&p2->p_endcopy - (char *)&p2->p_startcopy));
TAILQ_INIT(&p2->p_sigpend.sp_info);
LIST_INIT(&p2->p_lwps);
LIST_INIT(&p2->p_sigwaiters);
/*
* Duplicate sub-structures as needed.
* Increase reference counts on shared objects.
* Inherit flags we want to keep. The flags related to SIGCHLD
* handling are important in order to keep a consistent behaviour
* for the child after the fork. If we are a 32-bit process, the
* child will be too.
*/
p2->p_flag =
p1->p_flag & (PK_SUGID | PK_NOCLDWAIT | PK_CLDSIGIGN | PK_32);
p2->p_emul = p1->p_emul;
p2->p_execsw = p1->p_execsw;
if (flags & FORK_SYSTEM) {
/*
* Mark it as a system process. Set P_NOCLDWAIT so that
* children are reparented to init(8) when they exit.
* init(8) can easily wait them out for us.
*/
p2->p_flag |= (PK_SYSTEM | PK_NOCLDWAIT);
}
mutex_init(&p2->p_stmutex, MUTEX_DEFAULT, IPL_HIGH);
mutex_init(&p2->p_auxlock, MUTEX_DEFAULT, IPL_NONE);
rw_init(&p2->p_reflock);
cv_init(&p2->p_waitcv, "wait");
cv_init(&p2->p_lwpcv, "lwpwait");
/*
* Share a lock between the processes if they are to share signal
* state: we must synchronize access to it.
*/
if (flags & FORK_SHARESIGS) {
p2->p_lock = p1->p_lock;
mutex_obj_hold(p1->p_lock);
} else
p2->p_lock = mutex_obj_alloc(MUTEX_DEFAULT, IPL_NONE);
kauth_proc_fork(p1, p2);
p2->p_raslist = NULL;
#if defined(__HAVE_RAS)
ras_fork(p1, p2);
#endif
/* bump references to the text vnode (for procfs) */
p2->p_textvp = p1->p_textvp;
if (p2->p_textvp)
vref(p2->p_textvp);
if (flags & FORK_SHAREFILES)
fd_share(p2);
else if (flags & FORK_CLEANFILES)
p2->p_fd = fd_init(NULL);
else
p2->p_fd = fd_copy();
/* XXX racy */
p2->p_mqueue_cnt = p1->p_mqueue_cnt;
if (flags & FORK_SHARECWD)
cwdshare(p2);
else
p2->p_cwdi = cwdinit();
/*
* Note: p_limit (rlimit stuff) is copy-on-write, so normally
* we just need increase pl_refcnt.
*/
p1_lim = p1->p_limit;
if (!p1_lim->pl_writeable) {
lim_addref(p1_lim);
p2->p_limit = p1_lim;
} else {
p2->p_limit = lim_copy(p1_lim);
}
if (flags & FORK_PPWAIT) {
/* Mark ourselves as waiting for a child. */
l1->l_pflag |= LP_VFORKWAIT;
p2->p_lflag = PL_PPWAIT;
p2->p_vforklwp = l1;
} else {
p2->p_lflag = 0;
}
p2->p_sflag = 0;
p2->p_slflag = 0;
parent = (flags & FORK_NOWAIT) ? initproc : p1;
p2->p_pptr = parent;
p2->p_ppid = parent->p_pid;
LIST_INIT(&p2->p_children);
p2->p_aio = NULL;
#ifdef KTRACE
/*
* Copy traceflag and tracefile if enabled.
* If not inherited, these were zeroed above.
*/
if (p1->p_traceflag & KTRFAC_INHERIT) {
mutex_enter(&ktrace_lock);
p2->p_traceflag = p1->p_traceflag;
if ((p2->p_tracep = p1->p_tracep) != NULL)
ktradref(p2);
mutex_exit(&ktrace_lock);
}
#endif
/*
* Create signal actions for the child process.
*/
p2->p_sigacts = sigactsinit(p1, flags & FORK_SHARESIGS);
mutex_enter(p1->p_lock);
p2->p_sflag |=
(p1->p_sflag & (PS_STOPFORK | PS_STOPEXEC | PS_NOCLDSTOP));
sched_proc_fork(p1, p2);
mutex_exit(p1->p_lock);
p2->p_stflag = p1->p_stflag;
/*
* p_stats.
* Copy parts of p_stats, and zero out the rest.
*/
p2->p_stats = pstatscopy(p1->p_stats);
/*
* Set up the new process address space.
*/
uvm_proc_fork(p1, p2, (flags & FORK_SHAREVM) ? true : false);
/*
* Finish creating the child process.
* It will return through a different path later.
*/
lwp_create(l1, p2, uaddr, (flags & FORK_PPWAIT) ? LWP_VFORK : 0,
stack, stacksize, (func != NULL) ? func : child_return, arg, &l2,
l1->l_class);
/*
* Inherit l_private from the parent.
* Note that we cannot use lwp_setprivate() here since that
* also sets the CPU TLS register, which is incorrect if the
* process has changed that without letting the kernel know.
*/
l2->l_private = l1->l_private;
/*
* If emulation has a process fork hook, call it now.
*/
if (p2->p_emul->e_proc_fork)
(*p2->p_emul->e_proc_fork)(p2, l1, flags);
/*
* ...and finally, any other random fork hooks that subsystems
* might have registered.
*/
doforkhooks(p2, p1);
SDT_PROBE(proc,,,create, p2, p1, flags, 0, 0);
/*
* It's now safe for the scheduler and other processes to see the
* child process.
*/
mutex_enter(proc_lock);
if (p1->p_session->s_ttyvp != NULL && p1->p_lflag & PL_CONTROLT)
p2->p_lflag |= PL_CONTROLT;
LIST_INSERT_HEAD(&parent->p_children, p2, p_sibling);
p2->p_exitsig = exitsig; /* signal for parent on exit */
/*
* We don't want to tracefork vfork()ed processes because they
* will not receive the SIGTRAP until it is too late.
*/
tracefork = (p1->p_slflag & (PSL_TRACEFORK|PSL_TRACED)) ==
(PSL_TRACEFORK|PSL_TRACED) && (flags && FORK_PPWAIT) == 0;
if (tracefork) {
p2->p_slflag |= PSL_TRACED;
p2->p_opptr = p2->p_pptr;
if (p2->p_pptr != p1->p_pptr) {
struct proc *parent1 = p2->p_pptr;
if (parent1->p_lock < p2->p_lock) {
if (!mutex_tryenter(parent1->p_lock)) {
mutex_exit(p2->p_lock);
mutex_enter(parent1->p_lock);
}
} else if (parent1->p_lock > p2->p_lock) {
mutex_enter(parent1->p_lock);
}
parent1->p_slflag |= PSL_CHTRACED;
proc_reparent(p2, p1->p_pptr);
if (parent1->p_lock != p2->p_lock)
mutex_exit(parent1->p_lock);
}
/*
* Set ptrace status.
*/
p1->p_fpid = p2->p_pid;
p2->p_fpid = p1->p_pid;
}
LIST_INSERT_AFTER(p1, p2, p_pglist);
LIST_INSERT_HEAD(&allproc, p2, p_list);
p2->p_trace_enabled = trace_is_enabled(p2);
#ifdef __HAVE_SYSCALL_INTERN
(*p2->p_emul->e_syscall_intern)(p2);
#endif
/*
* Update stats now that we know the fork was successful.
*/
uvmexp.forks++;
if (flags & FORK_PPWAIT)
uvmexp.forks_ppwait++;
if (flags & FORK_SHAREVM)
uvmexp.forks_sharevm++;
/*
* Pass a pointer to the new process to the caller.
*/
if (rnewprocp != NULL)
*rnewprocp = p2;
if (ktrpoint(KTR_EMUL))
p2->p_traceflag |= KTRFAC_TRC_EMUL;
/*
* Notify any interested parties about the new process.
*/
if (!SLIST_EMPTY(&p1->p_klist)) {
mutex_exit(proc_lock);
KNOTE(&p1->p_klist, NOTE_FORK | p2->p_pid);
mutex_enter(proc_lock);
}
/*
* Make child runnable, set start time, and add to run queue except
* if the parent requested the child to start in SSTOP state.
*/
mutex_enter(p2->p_lock);
/*
* Start profiling.
*/
if ((p2->p_stflag & PST_PROFIL) != 0) {
mutex_spin_enter(&p2->p_stmutex);
startprofclock(p2);
mutex_spin_exit(&p2->p_stmutex);
}
getmicrotime(&p2->p_stats->p_start);
p2->p_acflag = AFORK;
lwp_lock(l2);
KASSERT(p2->p_nrlwps == 1);
if (p2->p_sflag & PS_STOPFORK) {
struct schedstate_percpu *spc = &l2->l_cpu->ci_schedstate;
p2->p_nrlwps = 0;
p2->p_stat = SSTOP;
p2->p_waited = 0;
p1->p_nstopchild++;
l2->l_stat = LSSTOP;
KASSERT(l2->l_wchan == NULL);
lwp_unlock_to(l2, spc->spc_lwplock);
} else {
p2->p_nrlwps = 1;
p2->p_stat = SACTIVE;
l2->l_stat = LSRUN;
sched_enqueue(l2, false);
lwp_unlock(l2);
}
/*
* Return child pid to parent process,
* marking us as parent via retval[1].
*/
if (retval != NULL) {
retval[0] = p2->p_pid;
retval[1] = 0;
}
mutex_exit(p2->p_lock);
/*
* Preserve synchronization semantics of vfork. If waiting for
* child to exec or exit, sleep until it clears LP_VFORKWAIT.
*/
#if 0
while (l1->l_pflag & LP_VFORKWAIT) {
cv_wait(&l1->l_waitcv, proc_lock);
}
#else
while (p2->p_lflag & PL_PPWAIT)
cv_wait(&p1->p_waitcv, proc_lock);
#endif
/*
* Let the parent know that we are tracing its child.
*/
if (tracefork) {
ksiginfo_t ksi;
KSI_INIT_EMPTY(&ksi);
ksi.ksi_signo = SIGTRAP;
ksi.ksi_lid = l1->l_lid;
kpsignal(p1, &ksi, NULL);
}
mutex_exit(proc_lock);
return 0;
}
int
fork1(struct proc *p1, int exitsig, int flags, void *stack, size_t stacksize,
void (*func)(void *), void *arg, register_t *retval,
struct proc **rnewprocp)
{
struct proc *p2;
uid_t uid;
struct vmspace *vm;
int count;
vaddr_t uaddr;
int s;
extern void endtsleep(void *);
extern void realitexpire(void *);
/*
* Although process entries are dynamically created, we still keep
* a global limit on the maximum number we will create. We reserve
* the last 5 processes to root. The variable nprocs is the current
* number of processes, maxproc is the limit.
*/
uid = p1->p_cred->p_ruid;
if ((nprocs >= maxproc - 5 && uid != 0) || nprocs >= maxproc) {
static struct timeval lasttfm;
if (ratecheck(&lasttfm, &fork_tfmrate))
tablefull("proc");
return (EAGAIN);
}
nprocs++;
/*
* Increment the count of procs running with this uid. Don't allow
* a nonprivileged user to exceed their current limit.
*/
count = chgproccnt(uid, 1);
if (uid != 0 && count > p1->p_rlimit[RLIMIT_NPROC].rlim_cur) {
(void)chgproccnt(uid, -1);
nprocs--;
return (EAGAIN);
}
uaddr = uvm_km_alloc1(kernel_map, USPACE, USPACE_ALIGN, 1);
if (uaddr == 0) {
chgproccnt(uid, -1);
nprocs--;
return (ENOMEM);
}
/*
* From now on, we're committed to the fork and cannot fail.
*/
/* Allocate new proc. */
p2 = pool_get(&proc_pool, PR_WAITOK);
p2->p_stat = SIDL; /* protect against others */
p2->p_exitsig = exitsig;
p2->p_forw = p2->p_back = NULL;
#ifdef RTHREADS
if (flags & FORK_THREAD) {
atomic_setbits_int(&p2->p_flag, P_THREAD);
p2->p_p = p1->p_p;
TAILQ_INSERT_TAIL(&p2->p_p->ps_threads, p2, p_thr_link);
} else {
process_new(p2, p1);
}
#else
process_new(p2, p1);
#endif
/*
* Make a proc table entry for the new process.
* Start by zeroing the section of proc that is zero-initialized,
* then copy the section that is copied directly from the parent.
*/
bzero(&p2->p_startzero,
(unsigned) ((caddr_t)&p2->p_endzero - (caddr_t)&p2->p_startzero));
bcopy(&p1->p_startcopy, &p2->p_startcopy,
(unsigned) ((caddr_t)&p2->p_endcopy - (caddr_t)&p2->p_startcopy));
/*
* Initialize the timeouts.
*/
timeout_set(&p2->p_sleep_to, endtsleep, p2);
timeout_set(&p2->p_realit_to, realitexpire, p2);
#if defined(__HAVE_CPUINFO)
p2->p_cpu = p1->p_cpu;
#endif
/*
* Duplicate sub-structures as needed.
* Increase reference counts on shared objects.
* The p_stats and p_sigacts substructs are set in vm_fork.
*/
p2->p_flag = 0;
p2->p_emul = p1->p_emul;
if (p1->p_flag & P_PROFIL)
startprofclock(p2);
atomic_setbits_int(&p2->p_flag, p1->p_flag & (P_SUGID | P_SUGIDEXEC));
if (flags & FORK_PTRACE)
atomic_setbits_int(&p2->p_flag, p1->p_flag & P_TRACED);
#ifdef RTHREADS
if (flags & FORK_THREAD) {
/* nothing */
} else
#endif
{
p2->p_p->ps_cred = pool_get(&pcred_pool, PR_WAITOK);
bcopy(p1->p_p->ps_cred, p2->p_p->ps_cred, sizeof(*p2->p_p->ps_cred));
p2->p_p->ps_cred->p_refcnt = 1;
crhold(p1->p_ucred);
}
TAILQ_INIT(&p2->p_selects);
/* bump references to the text vnode (for procfs) */
p2->p_textvp = p1->p_textvp;
if (p2->p_textvp)
VREF(p2->p_textvp);
if (flags & FORK_CLEANFILES)
p2->p_fd = fdinit(p1);
else if (flags & FORK_SHAREFILES)
p2->p_fd = fdshare(p1);
else
p2->p_fd = fdcopy(p1);
/*
* If ps_limit is still copy-on-write, bump refcnt,
* otherwise get a copy that won't be modified.
* (If PL_SHAREMOD is clear, the structure is shared
* copy-on-write.)
*/
#ifdef RTHREADS
if (flags & FORK_THREAD) {
/* nothing */
} else
#endif
{
if (p1->p_p->ps_limit->p_lflags & PL_SHAREMOD)
p2->p_p->ps_limit = limcopy(p1->p_p->ps_limit);
else {
p2->p_p->ps_limit = p1->p_p->ps_limit;
p2->p_p->ps_limit->p_refcnt++;
}
}
if (p1->p_session->s_ttyvp != NULL && p1->p_flag & P_CONTROLT)
atomic_setbits_int(&p2->p_flag, P_CONTROLT);
if (flags & FORK_PPWAIT)
atomic_setbits_int(&p2->p_flag, P_PPWAIT);
p2->p_pptr = p1;
if (flags & FORK_NOZOMBIE)
atomic_setbits_int(&p2->p_flag, P_NOZOMBIE);
LIST_INIT(&p2->p_children);
#ifdef KTRACE
/*
* Copy traceflag and tracefile if enabled.
* If not inherited, these were zeroed above.
*/
if (p1->p_traceflag & KTRFAC_INHERIT) {
p2->p_traceflag = p1->p_traceflag;
if ((p2->p_tracep = p1->p_tracep) != NULL)
VREF(p2->p_tracep);
}
#endif
/*
* set priority of child to be that of parent
* XXX should move p_estcpu into the region of struct proc which gets
* copied.
*/
scheduler_fork_hook(p1, p2);
/*
* Create signal actions for the child process.
*/
if (flags & FORK_SIGHAND)
sigactsshare(p1, p2);
else
p2->p_sigacts = sigactsinit(p1);
/*
* If emulation has process fork hook, call it now.
*/
if (p2->p_emul->e_proc_fork)
(*p2->p_emul->e_proc_fork)(p2, p1);
p2->p_addr = (struct user *)uaddr;
/*
* Finish creating the child process. It will return through a
* different path later.
*/
uvm_fork(p1, p2, ((flags & FORK_SHAREVM) ? TRUE : FALSE), stack,
stacksize, func ? func : child_return, arg ? arg : p2);
timeout_set(&p2->p_stats->p_virt_to, virttimer_trampoline, p2);
timeout_set(&p2->p_stats->p_prof_to, proftimer_trampoline, p2);
vm = p2->p_vmspace;
if (flags & FORK_FORK) {
forkstat.cntfork++;
forkstat.sizfork += vm->vm_dsize + vm->vm_ssize;
} else if (flags & FORK_VFORK) {
forkstat.cntvfork++;
forkstat.sizvfork += vm->vm_dsize + vm->vm_ssize;
} else if (flags & FORK_RFORK) {
forkstat.cntrfork++;
forkstat.sizrfork += vm->vm_dsize + vm->vm_ssize;
} else {
forkstat.cntkthread++;
forkstat.sizkthread += vm->vm_dsize + vm->vm_ssize;
}
/* Find an unused pid satisfying 1 <= lastpid <= PID_MAX */
do {
lastpid = 1 + (randompid ? arc4random() : lastpid) % PID_MAX;
} while (pidtaken(lastpid));
p2->p_pid = lastpid;
LIST_INSERT_HEAD(&allproc, p2, p_list);
LIST_INSERT_HEAD(PIDHASH(p2->p_pid), p2, p_hash);
LIST_INSERT_HEAD(&p1->p_children, p2, p_sibling);
LIST_INSERT_AFTER(p1, p2, p_pglist);
if (p2->p_flag & P_TRACED) {
p2->p_oppid = p1->p_pid;
if (p2->p_pptr != p1->p_pptr)
proc_reparent(p2, p1->p_pptr);
/*
* Set ptrace status.
*/
if (flags & FORK_FORK) {
p2->p_ptstat = malloc(sizeof(*p2->p_ptstat),
M_SUBPROC, M_WAITOK);
p1->p_ptstat->pe_report_event = PTRACE_FORK;
p2->p_ptstat->pe_report_event = PTRACE_FORK;
p1->p_ptstat->pe_other_pid = p2->p_pid;
p2->p_ptstat->pe_other_pid = p1->p_pid;
}
}
#if NSYSTRACE > 0
if (ISSET(p1->p_flag, P_SYSTRACE))
systrace_fork(p1, p2);
#endif
/*
* Make child runnable, set start time, and add to run queue.
*/
SCHED_LOCK(s);
getmicrotime(&p2->p_stats->p_start);
p2->p_acflag = AFORK;
p2->p_stat = SRUN;
setrunqueue(p2);
SCHED_UNLOCK(s);
/*
* Notify any interested parties about the new process.
*/
KNOTE(&p1->p_klist, NOTE_FORK | p2->p_pid);
/*
* Update stats now that we know the fork was successfull.
*/
uvmexp.forks++;
if (flags & FORK_PPWAIT)
uvmexp.forks_ppwait++;
if (flags & FORK_SHAREVM)
uvmexp.forks_sharevm++;
/*
* Pass a pointer to the new process to the caller.
*/
if (rnewprocp != NULL)
*rnewprocp = p2;
/*
* Preserve synchronization semantics of vfork. If waiting for
* child to exec or exit, set P_PPWAIT on child, and sleep on our
* proc (in case of exit).
*/
if (flags & FORK_PPWAIT)
while (p2->p_flag & P_PPWAIT)
tsleep(p1, PWAIT, "ppwait", 0);
/*
* If we're tracing the child, alert the parent too.
*/
if ((flags & FORK_PTRACE) && (p1->p_flag & P_TRACED))
psignal(p1, SIGTRAP);
/*
* Return child pid to parent process,
* marking us as parent via retval[1].
*/
if (retval != NULL) {
retval[0] = p2->p_pid;
retval[1] = 0;
}
return (0);
}
