Index: lib/libc/sys/Makefile.inc =================================================================== --- lib/libc/sys/Makefile.inc (revision 255493) +++ lib/libc/sys/Makefile.inc (working copy) @@ -197,6 +197,7 @@ posix_fadvise.2 \ posix_fallocate.2 \ posix_openpt.2 \ + procctl.2 \ profil.2 \ pselect.2 \ ptrace.2 \ Index: lib/libc/sys/Symbol.map =================================================================== --- lib/libc/sys/Symbol.map (revision 255493) +++ lib/libc/sys/Symbol.map (working copy) @@ -395,6 +395,7 @@ ffclock_setestimate; pipe2; posix_fadvise; + procctl; wait6; }; @@ -822,6 +823,8 @@ __sys_poll; _preadv; __sys_preadv; + _procctl; + __sys_procctl; _profil; __sys_profil; _pselect; Index: lib/libc/sys/procctl.2 =================================================================== --- lib/libc/sys/procctl.2 (revision 0) +++ lib/libc/sys/procctl.2 (working copy) @@ -0,0 +1,142 @@ +.\" Copyright (c) 2013 Advanced Computing Technologies LLC +.\" Written by: John H. Baldwin +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 11, 2013 +.Dt PROCCTL 2 +.Os +.Sh NAME +.Nm procctl +.Nd control processes +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/procctl.h +.Ft int +.Fn procctl "idtype_t idtype" "id_t id" "int cmd" "void *arg" +.Sh DESCRIPTION +The +.Fn procctl +system call provides for control over processes. +The +.Fa idtype +and +.Fa id +arguments specify the set of processes to control. +If multiple processes match the identifier, +.Nm +will make a +.Dq best effort +to control as many of the selected possibles as possible. +An error is only returned if no selected processes successfully complete +the request. +The following identifier types are supported: +.Bl -tag -width Dv P_PGID +.It Dv P_PID +Control the process with the process ID +.Fa id . +.It Dv P_PGID +Control processes belonging to the process group with the ID +.Fa id . +.El +.Pp +The control request to perform is specified by the +.Fa cmd +argument. +The following commands are supported: +.Bl -tag -width Dv PROC_SPROTECT +.It Dv PROC_SPROTECT +Set process protection state. +This is used to mark a process as protected from being killed if the system +exhausts available memory and swap. +The +.Fa arg +parameter must point to an integer containing an operation and zero or more +optional flags. +The following operations are supported: +.Bl -tag -width Dv PPROT_CLEAR +.It Dv PPROT_SET +Mark the selected processes as protected. +.It Dv PPROT_CLEAR +Clear the protected state of selected processes. +.El +.Pp +The following optional flags are supported: +.Bl -tag -width Dv PPROT_DESCEND +.It Dv PPROT_DESCEND +Apply the requested operation to all child processes of each selected process +in addition to each selected process. +.It Dv PPROT_INHERIT +When used with +.Dv PPROT_SET , +mark all future child processes of each selected process as protected. +Future child processes will also mark all of their future child processes. +.El +.El +.Sh RETURN VALUES +If an error occurs, a value of -1 is returned and +.Va errno +is set to indicate the error. +.Sh ERRORS +The +.Fn procctl +system call +will fail if: +.Bl -tag -width Er +.It Bq Er EFAULT +The +.Fa arg +points outside the process's allocated address space. +.It Bq Er EINVAL +The +.Fa cmd +argument specifies an unsupported command. +.Pp +The +.Fa idtype +argument specifies an unsupported identifier type. +.It Bq Er EPERM +The calling process does not have permission to perform the requested +operation on any of the selected processes. +.It Bq Er ESRCH +No processes matched the requested +.Fa idtype +and +.Fa id . +.It Bq Er EINVAL +An invalid operation or flag was passed in +.Fa arg +for a +.Dv PROC_SPROTECT +command. +.El +.Sh SEE ALSO +.Xr ptrace 2 +.Sh HISTORY +The +.Fn procctl +function appeared in +.Fx 10 . Property changes on: lib/libc/sys/procctl.2 ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: sys/compat/freebsd32/freebsd32.h =================================================================== --- sys/compat/freebsd32/freebsd32.h (revision 255493) +++ sys/compat/freebsd32/freebsd32.h (working copy) @@ -342,6 +342,7 @@ char ki_loginclass[LOGINCLASSLEN+1]; char ki_sparestrings[50]; int ki_spareints[KI_NSPARE_INT]; + int ki_flag2; int ki_fibnum; u_int ki_cr_flags; int ki_jid; Index: sys/compat/freebsd32/freebsd32_misc.c =================================================================== --- sys/compat/freebsd32/freebsd32_misc.c (revision 255493) +++ sys/compat/freebsd32/freebsd32_misc.c (working copy) @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -3000,3 +3001,23 @@ } return (0); } + +int +freebsd32_procctl(struct thread *td, struct freebsd32_procctl_args *uap) +{ + void *data; + int error, flags; + + switch (uap->com) { + case PROC_SPROTECT: + error = copyin(PTRIN(uap->data), &flags, sizeof(flags)); + if (error) + return (error); + data = &flags; + break; + default: + return (EINVAL); + } + return (kern_procctl(td, uap->idtype, PAIR32TO64(id_t, uap->id), + uap->com, data)); +} Index: sys/compat/freebsd32/syscalls.master =================================================================== --- sys/compat/freebsd32/syscalls.master (revision 255493) +++ sys/compat/freebsd32/syscalls.master (working copy) @@ -1056,3 +1056,12 @@ 542 AUE_PIPE NOPROTO { int pipe2(int *fildes, int flags); } 543 AUE_NULL NOSTD { int freebsd32_aio_mlock( \ struct aiocb32 *aiocbp); } +#ifdef PAD64_REQUIRED +544 AUE_NULL STD { int freebsd32_procctl(int idtype, int pad, \ + uint32_t id1, uint32_t id2, int com, \ + void *data); } +#else +544 AUE_NULL STD { int freebsd32_procctl(int idtype, \ + uint32_t id1, uint32_t id2, int com, \ + void *data); } +#endif Index: sys/kern/init_main.c =================================================================== --- sys/kern/init_main.c (revision 255493) +++ sys/kern/init_main.c (working copy) @@ -474,6 +474,7 @@ p->p_sysent = &null_sysvec; p->p_flag = P_SYSTEM | P_INMEM; + p->p_flag2 = 0; p->p_state = PRS_NORMAL; knlist_init_mtx(&p->p_klist, &p->p_mtx); STAILQ_INIT(&p->p_ktr); Index: sys/kern/kern_fork.c =================================================================== --- sys/kern/kern_fork.c (revision 255493) +++ sys/kern/kern_fork.c (working copy) @@ -489,6 +489,7 @@ * Increase reference counts on shared objects. */ p2->p_flag = P_INMEM; + p2->p_flag2 = 0; p2->p_swtick = ticks; if (p1->p_flag & P_PROFIL) startprofclock(p2); @@ -512,6 +513,11 @@ p2->p_fd = fd; p2->p_fdtol = fdtol; + if (p1->p_flag2 & P2_INHERIT_PROTECTED) { + p2->p_flag |= P_PROTECTED; + p2->p_flag2 |= P2_INHERIT_PROTECTED; + } + /* * p_limit is copy-on-write. Bump its refcount. */ Index: sys/kern/kern_proc.c =================================================================== --- sys/kern/kern_proc.c (revision 255493) +++ sys/kern/kern_proc.c (working copy) @@ -802,6 +802,7 @@ kp->ki_fd = p->p_fd; kp->ki_vmspace = p->p_vmspace; kp->ki_flag = p->p_flag; + kp->ki_flag2 = p->p_flag2; cred = p->p_ucred; if (cred) { kp->ki_uid = cred->cr_uid; @@ -1161,6 +1162,7 @@ bcopy(ki->ki_comm, ki32->ki_comm, COMMLEN + 1); bcopy(ki->ki_emul, ki32->ki_emul, KI_EMULNAMELEN + 1); bcopy(ki->ki_loginclass, ki32->ki_loginclass, LOGINCLASSLEN + 1); + CP(*ki, *ki32, ki_flag2); CP(*ki, *ki32, ki_fibnum); CP(*ki, *ki32, ki_cr_flags); CP(*ki, *ki32, ki_jid); Index: sys/kern/sys_process.c =================================================================== --- sys/kern/sys_process.c (revision 255493) +++ sys/kern/sys_process.c (working copy) @@ -41,7 +41,9 @@ #include #include #include +#include #include +#include #include #include #include @@ -1240,3 +1242,196 @@ msleep(&p->p_step, &p->p_mtx, PWAIT, "stopevent", 0); } while (p->p_step); } + +static int +protect_setchild(struct thread *td, struct proc *p, int flags) +{ + + PROC_LOCK_ASSERT(p, MA_OWNED); + if (p->p_flag & P_SYSTEM || p_cansee(td, p) != 0) + return (0); + if (flags & PPROT_SET) { + p->p_flag |= P_PROTECTED; + if (flags & PPROT_INHERIT) + p->p_flag2 |= P2_INHERIT_PROTECTED; + } else { + p->p_flag &= ~P_PROTECTED; + p->p_flag2 &= ~P2_INHERIT_PROTECTED; + } + return (1); +} + +static int +protect_setchildren(struct thread *td, struct proc *top, int flags) +{ + struct proc *p; + int ret; + + p = top; + ret = 0; + sx_assert(&proctree_lock, SX_LOCKED); + for (;;) { + ret |= protect_setchild(td, p, flags); + PROC_UNLOCK(p); + /* + * If this process has children, descend to them next, + * otherwise do any siblings, and if done with this level, + * follow back up the tree (but not past top). + */ + if (!LIST_EMPTY(&p->p_children)) + p = LIST_FIRST(&p->p_children); + else for (;;) { + if (p == top) { + PROC_LOCK(p); + return (ret); + } + if (LIST_NEXT(p, p_sibling)) { + p = LIST_NEXT(p, p_sibling); + break; + } + p = p->p_pptr; + } + PROC_LOCK(p); + } +} + +static int +protect_set(struct thread *td, struct proc *p, int flags) +{ + int error, ret; + + switch (PPROT_OP(flags)) { + case PPROT_SET: + case PPROT_CLEAR: + break; + default: + return (EINVAL); + } + + if ((PPROT_FLAGS(flags) & ~(PPROT_DESCEND | PPROT_INHERIT)) != 0) + return (EINVAL); + + error = priv_check(td, PRIV_VM_MADV_PROTECT); + if (error) + return (error); + + if (flags & PPROT_DESCEND) + ret = protect_setchildren(td, p, flags); + else + ret = protect_setchild(td, p, flags); + if (ret == 0) + return (EPERM); + return (0); +} + +#ifndef _SYS_SYSPROTO_H_ +struct procctl_args { + idtype_t idtype; + id_t id; + int com; + void *data; +}; +#endif +/* ARGSUSED */ +int +sys_procctl(struct thread *td, struct procctl_args *uap) +{ + int error, flags; + void *data; + + switch (uap->com) { + case PROC_SPROTECT: + error = copyin(uap->data, &flags, sizeof(flags)); + if (error) + return (error); + data = &flags; + break; + default: + return (EINVAL); + } + + return (kern_procctl(td, uap->idtype, uap->id, uap->com, data)); +} + +static int +kern_procctl_single(struct thread *td, struct proc *p, int com, void *data) +{ + + PROC_LOCK_ASSERT(p, MA_OWNED); + switch (com) { + case PROC_SPROTECT: + return (protect_set(td, p, *(int *)data)); + default: + return (EINVAL); + } +} + +int +kern_procctl(struct thread *td, idtype_t idtype, id_t id, int com, void *data) +{ + struct pgrp *pg; + struct proc *p; + int error, first_error, ok; + + sx_slock(&proctree_lock); + switch (idtype) { + case P_PID: + p = pfind(id); + if (p == NULL) { + error = ESRCH; + break; + } + if (p->p_state == PRS_NEW) + error = ESRCH; + else + error = p_cansee(td, p); + if (error == 0) + error = kern_procctl_single(td, p, com, data); + PROC_UNLOCK(p); + break; + case P_PGID: + /* + * Attempt to apply the operation to all members of the + * group. Ignore processes in the group that can't be + * seen. Ignore errors so long as at least one process is + * able to complete the request successfully. + */ + pg = pgfind(id); + if (pg == NULL) { + error = ESRCH; + break; + } + PGRP_UNLOCK(pg); + ok = 0; + first_error = 0; + LIST_FOREACH(p, &pg->pg_members, p_pglist) { + PROC_LOCK(p); + if (p->p_state == PRS_NEW || p_cansee(td, p) != 0) { + PROC_UNLOCK(p); + continue; + } + error = kern_procctl_single(td, p, com, data); + PROC_UNLOCK(p); + if (error == 0) + ok = 1; + else if (first_error == 0) + first_error = error; + } + if (ok) + error = 0; + else if (first_error != 0) + error = first_error; + else + /* + * Was not able to see any processes in the + * process group. + */ + error = ESRCH; + break; + default: + error = EINVAL; + break; + } + sx_sunlock(&proctree_lock); + return (error); +} Index: sys/kern/syscalls.master =================================================================== --- sys/kern/syscalls.master (revision 255493) +++ sys/kern/syscalls.master (working copy) @@ -978,5 +978,7 @@ int flags); } 542 AUE_PIPE STD { int pipe2(int *fildes, int flags); } 543 AUE_NULL NOSTD { int aio_mlock(struct aiocb *aiocbp); } +544 AUE_NULL STD { int procctl(idtype_t idtype, id_t id, \ + int com, void *data); } ; Please copy any additions and changes to the following compatability tables: ; sys/compat/freebsd32/syscalls.master Index: sys/sys/proc.h =================================================================== --- sys/sys/proc.h (revision 255493) +++ sys/sys/proc.h (working copy) @@ -492,11 +492,8 @@ struct callout p_limco; /* (c) Limit callout handle */ struct sigacts *p_sigacts; /* (x) Signal actions, state (CPU). */ - /* - * The following don't make too much sense. - * See the td_ or ke_ versions of the same flags. - */ int p_flag; /* (c) P_* flags. */ + int p_flag2; /* (c) P2_* flags. */ enum { PRS_NEW = 0, /* In creation */ PRS_NORMAL, /* threads can be run. */ @@ -641,6 +638,9 @@ #define P_SHOULDSTOP(p) ((p)->p_flag & P_STOPPED) #define P_KILLED(p) ((p)->p_flag & P_WKILLED) +/* These flags are kept in p_flag2. */ +#define P2_INHERIT_PROTECTED 0x00000001 /* New children get P_PROTECTED. */ + /* * These were process status values (p_stat), now they are only used in * legacy conversion code. Index: sys/sys/syscallsubr.h =================================================================== --- sys/sys/syscallsubr.h (revision 255493) +++ sys/sys/syscallsubr.h (working copy) @@ -167,6 +167,8 @@ int advice); int kern_posix_fallocate(struct thread *td, int fd, off_t offset, off_t len); +int kern_procctl(struct thread *td, enum idtype idtype, id_t id, int com, + void *data); int kern_preadv(struct thread *td, int fd, struct uio *auio, off_t offset); int kern_pselect(struct thread *td, int nd, fd_set *in, fd_set *ou, fd_set *ex, struct timeval *tvp, sigset_t *uset, int abi_nfdbits); Index: sys/sys/user.h =================================================================== --- sys/sys/user.h (revision 255493) +++ sys/sys/user.h (working copy) @@ -84,7 +84,7 @@ * it in two places: function fill_kinfo_proc in sys/kern/kern_proc.c and * function kvm_proclist in lib/libkvm/kvm_proc.c . */ -#define KI_NSPARE_INT 8 +#define KI_NSPARE_INT 7 #define KI_NSPARE_LONG 12 #define KI_NSPARE_PTR 6 @@ -187,6 +187,7 @@ */ char ki_sparestrings[50]; /* spare string space */ int ki_spareints[KI_NSPARE_INT]; /* spare room for growth */ + int ki_flag2; /* P2_* flags */ int ki_fibnum; /* Default FIB number */ u_int ki_cr_flags; /* Credential flags */ int ki_jid; /* Process jail ID */ Index: sys/vm/vm_mmap.c =================================================================== --- sys/vm/vm_mmap.c (revision 255493) +++ sys/vm/vm_mmap.c (working copy) @@ -56,6 +56,7 @@ #include #include #include +#include #include #include #include @@ -68,6 +69,7 @@ #include #include #include +#include #include #include @@ -739,8 +741,7 @@ { vm_offset_t start, end; vm_map_t map; - struct proc *p; - int error; + int flags; /* * Check for our special case, advising the swap pager we are @@ -747,15 +748,11 @@ * "immortal." */ if (uap->behav == MADV_PROTECT) { - error = priv_check(td, PRIV_VM_MADV_PROTECT); - if (error == 0) { - p = td->td_proc; - PROC_LOCK(p); - p->p_flag |= P_PROTECTED; - PROC_UNLOCK(p); - } - return (error); + flags = PPROT_SET; + return (kern_procctl(td, P_PID, td->td_proc->p_pid, + PROC_SPROTECT, &flags)); } + /* * Check for illegal behavior */ Index: usr.bin/Makefile =================================================================== --- usr.bin/Makefile (revision 255493) +++ usr.bin/Makefile (working copy) @@ -131,6 +131,7 @@ printenv \ printf \ procstat \ + protect \ rctl \ renice \ rev \ Index: usr.bin/kdump/kdump.c =================================================================== --- usr.bin/kdump/kdump.c (revision 255493) +++ usr.bin/kdump/kdump.c (working copy) @@ -1161,6 +1161,18 @@ ip++; narg--; break; + case SYS_procctl: + putchar('('); + idtypename(*ip, decimal); + c = ','; + ip++; + narg--; + print_number(ip, narg, c); + putchar(','); + procctlcmdname(*ip); + ip++; + narg--; + break; } } while (narg > 0) { Index: usr.bin/kdump/mksubr =================================================================== --- usr.bin/kdump/mksubr (revision 255493) +++ usr.bin/kdump/mksubr (working copy) @@ -169,6 +169,7 @@ #include #include #include +#include #include #include #include @@ -465,6 +466,7 @@ auto_switch_type "msyncflagsname" "MS_[A-Z]+[[:space:]]+0x[0-9]+" "sys/mman.h" auto_or_type "nfssvcname" "NFSSVC_[A-Z0-9]+[[:space:]]+0x[0-9]+" "nfs/nfssvc.h" auto_switch_type "prioname" "PRIO_[A-Z]+[[:space:]]+[0-9]" "sys/resource.h" +auto_switch_type "procctlcmdname" "PROC_[A-Z]+[[:space:]]+[0-9]" "sys/procctl.h" auto_switch_type "ptraceopname" "PT_[[:alnum:]_]+[[:space:]]+[0-9]+" "sys/ptrace.h" auto_switch_type "quotactlname" "Q_[A-Z]+[[:space:]]+0x[0-9]+" "ufs/ufs/quota.h" auto_or_type "rebootoptname" "RB_[A-Z]+[[:space:]]+0x[0-9]+" "sys/reboot.h" Index: usr.bin/protect/Makefile =================================================================== --- usr.bin/protect/Makefile (revision 0) +++ usr.bin/protect/Makefile (working copy) @@ -0,0 +1,8 @@ +# $FreeBSD $ + +PROG= protect +WARNS?= 6 + +CFLAGS+= -I/home/jhb/work/p4/proc + +.include Property changes on: usr.bin/protect/Makefile ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: usr.bin/protect/protect.1 =================================================================== --- usr.bin/protect/protect.1 (revision 0) +++ usr.bin/protect/protect.1 (working copy) @@ -0,0 +1,89 @@ +.\" Copyright (c) 2013 Advanced Computing Technologies LLC +.\" Written by: John H. Baldwin +.\" All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" $FreeBSD$ +.\" +.Dd September 9, 2013 +.Dt PROTECT 1 +.Os +.Sh NAME +.Nm protect +.Nd "protect processes from being killed when swap space is exhausted" +.Sh SYNOPSIS +.Nm +.Op Fl i +.Ar command +.Nm +.Op Fl cdi +.Fl g Ar pgrp | Fl p Ar pid +.Sh DESCRIPTION +The +.Nm +command is used to mark processes as protected. +The kernel does not kill protected processes when swap space is exhausted. +Note that this protected state is not inherited by child processes by default. +.Pp +The options are: +.Bl -tag -width indent +.It Fl c +Remove protection from the specified processes. +.It Fl d +Apply the operation to all current children of the specified processes. +.It Fl i +Apply the operation to all future children of the specified processes. +.It Fl g Ar pgrp +Apply the operation to all processes in the specified process group. +.It Fl p Ar pid +Apply the operation to the specified process. +.It Ar command +Execute +.Ar command +as a protected process. +.El +.Pp +Note that only one of the +.Fl p +or +.Fl g +flags may be specified when adjusting the state of existing processes. +.Sh EXIT STATUS +.Ex -std +.Sh EXAMPLES +Mark the Xorg server as protected: +.Pp +.Dl "pgrep Xorg | xargs protect -p" +Protect all ssh sessions and their child processes: +.Pp +.Dl "pgrep sshd | xargs protect -dip" +Remove protection from all current and future processes: +.Pp +.Dl "protect -cdi -p 1" +.Sh SEE ALSO +.Xr pprotect 2 +.Sh BUGS +If you protect a runaway process that allocates all memory the system will +deadlock. +.Pp +Inheritance of the protected state is not yet implemented. Property changes on: usr.bin/protect/protect.1 ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: usr.bin/protect/protect.c =================================================================== --- usr.bin/protect/protect.c (revision 0) +++ usr.bin/protect/protect.c (working copy) @@ -0,0 +1,122 @@ +/*- + * Copyright (c) 2013 Advanced Computing Technologies LLC + * Written by: John H. Baldwin + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include +__FBSDID("$FreeBSD"); + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static void +usage(void) +{ + + fprintf(stderr, "usage: protect [-i] command\n"); + fprintf(stderr, " protect [-cdi] -g pgrp | -p pid\n"); + exit(1); +} + +static id_t +parse_id(char *id) +{ + static bool first = true; + long value; + char *ch; + + if (!first) { + warnx("only one -g or -p flag is permitted"); + usage(); + } + value = strtol(id, &ch, 0); + if (*ch != '\0') { + warnx("invalid process id"); + usage(); + } + return (value); +} + +int +main(int argc, char *argv[]) +{ + idtype_t idtype; + id_t id; + int ch, flags; + bool descend, inherit, idset; + + idtype = P_PID; + id = getpid(); + flags = PPROT_SET; + descend = inherit = idset = false; + while ((ch = getopt(argc, argv, "cdig:p:")) != -1) + switch (ch) { + case 'c': + flags = PPROT_CLEAR; + break; + case 'd': + descend = true; + break; + case 'i': + inherit = true; + break; + case 'g': + idtype = P_PGID; + id = parse_id(optarg); + idset = true; + break; + case 'p': + idtype = P_PID; + id = parse_id(optarg); + idset = true; + break; + } + argc -= optind; + argv += optind; + + if ((idset && argc != 0) || (!idset && (argc == 0 || descend))) + usage(); + + if (descend) + flags |= PPROT_DESCEND; + if (inherit) + flags |= PPROT_INHERIT; + if (procctl(idtype, id, PROC_SPROTECT, &flags) == -1) + err(1, "procctl"); + + if (argc != 0) { + errno = 0; + execvp(*argv, argv); + err(errno == ENOENT ? 127 : 126, "%s", *argv); + } + return (0); +} Property changes on: usr.bin/protect/protect.c ___________________________________________________________________ Added: svn:mime-type ## -0,0 +1 ## +text/plain \ No newline at end of property Added: svn:keywords ## -0,0 +1 ## +FreeBSD=%H \ No newline at end of property Added: svn:eol-style ## -0,0 +1 ## +native \ No newline at end of property Index: usr.bin/truss/syscall.h =================================================================== --- usr.bin/truss/syscall.h (revision 255493) +++ usr.bin/truss/syscall.h (working copy) @@ -40,7 +40,7 @@ Fd_set, Sigaction, Fcntl, Mprot, Mmapflags, Whence, Readlinkres, Umtx, Sigset, Sigprocmask, Kevent, Sockdomain, Socktype, Open, Fcntlflag, Rusage, BinString, Shutdown, Resource, Rlimit, Timeval2, - Pathconf, Rforkflags, ExitStatus, Waitoptions, Idtype }; + Pathconf, Rforkflags, ExitStatus, Waitoptions, Idtype, Procctl }; #define ARG_MASK 0xff #define OUT 0x100 Index: usr.bin/truss/syscalls.c =================================================================== --- usr.bin/truss/syscalls.c (revision 255493) +++ usr.bin/truss/syscalls.c (working copy) @@ -41,6 +41,7 @@ #include #include +#include #include #include #include @@ -270,6 +271,8 @@ { .name = "wait6", .ret_type = 1, .nargs = 6, .args = { { Idtype, 0 }, { Int, 1 }, { ExitStatus | OUT, 2 }, { Waitoptions, 3 }, { Rusage | OUT, 4 }, { Ptr, 5 } } }, + { .name = "procctl", .ret_type = 1, .nargs = 4, + .args = { { Idtype, 0 }, { Int, 1 }, { Procctl, 2 }, { Ptr, 3 } } }, { .name = 0 }, }; @@ -399,6 +402,10 @@ X(P_CTID) X(P_CPUID) X(P_PSETID) XEND }; +static struct xlat procctl_arg[] = { + X(PROC_SPROTECT) XEND +}; + #undef X #undef XEND @@ -1198,6 +1205,9 @@ case Idtype: tmp = strdup(xlookup(idtype_arg, args[sc->offset])); break; + case Procctl: + tmp = strdup(xlookup(procctl_arg, args[sc->offset])); + break; default: errx(1, "Invalid argument type %d\n", sc->type & ARG_MASK); }