Add pathconfat(2): pathconf(2) but with at-fd and flags arguments,
the latter supporting the ability to get timestamp resolution of
symlinks.

ok deraadt@ millert@

SYS_msyscall will go away soon. kdump does not need a special handler
for it.
ok tb

provide the pieces for ktrace/kdump to observe pinsyscall violations.
(not used yet, because the pinsyscall changes are still being worked on)
ok kettenis

remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards. This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go". "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

Add [-P progam] to filter dumps by basename

[-p pid] requires knowing the PIDs beforehand, sieving through big
dumps by argv[0] strings is more ergonomic.

OK deraadt

Make kdump show kqueue1(2) flags.

OK guenther@

Add a -u label option to print selected utrace records, used by upcoming
malloc (leak) dump fucntion. ok semarie@

KTRC_CODE__SYSCALL is never set anymore, because __syscall() is gone.

we spent far too long debugging a weird go library problem (incorrect
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "(via syscall)"
and such.
ok guenther

Add argument and return support for {get,set}thrname()

Add ktrace struct tracepoints for siginfo_t to the kernel side of
waitid(2) and __thrsigdivert(2) and teach kdump(1) to handle them.
Also report more from the siginfo_t inside PSIG tracepoints.

ok mpi@

Add argument support for msyscall, pledge, unveil, __realpath,
ypconnect, and __tmpfd. Reorder several other syscalls to match
the order in syscalls.master

ok deraadt@

Improve reporting of waitid(2)'s idtype/id and options arguments
Add mimmutable(2) to report like munmap(2)

Support the sendmmsg and recvmmsg system calls.
Input guenther@
OK bluhm@

the _pad_ system calls from 2021/12/23 can go away
ok guenther

Since ktr_comm is now a string, we do not need MAXCOMLEN to limit printf.
And thus, sys/param.h is not needed either.
ok millert

repair sys/param.h namespace list

need a local nitems() definition

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Do not assume futex(2) is always returning an errno value.

In the case of FUTEX_WAKE a number of woken threads is returned.

ok guenther@

Declare pledgenames[] as const.

OK deraadt@

kdump(1): give timestamp types real names; ok schwarze@

use _PATH_PROTOCOLS from netdb.h instead

kdump reads /etc/protocols to translate proto numbers into names; ok sthen@ gilles@

improve wrong markup and poor wording regarding the -t argument
that was spotted by deraadt@;
OK deraadt@ jmc@

mincore() is a relic from the past, exposing physical machine information
about shared resources which no program should see. only a few pieces of
software use it, generally poorly thought out. they are being fixed, so
mincore() can be deleted.
ok guenther tedu jca sthen, others

allow reading from stdin with -f -.
ok kn

futex(2) returns an errno value to decode

ok otto@

the only fs access kdump(1) needs is to the tracefile which by default is
ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

Need to remove fktrace here too
Noted by Andreas Kusalananda K��h��ri (andreas.kahari(at)icm.uu.se)

Format fktrace(2) arguments

ok millert@

Delete pointless casts from void*

ok otto@ millert@

Display futex(2) operations and arguments.

Add 'p' trace point for KTRFAC_PLEDGE, as noted by
Michal Mazurek <akfaew@jasminek.net>

While here, fix handling of -t+ in ltrace.

allow printing timestamps relative to beginnging of trace, -RT. ok benno

Handle error return by SYS_getlogin_r and SYS___thrsleep correct, and
parse args of SYS_getlogin_r

Display NAMI records and AF_UNIX socket paths with vis, using
VIS_CSTYLE | VIS_DQ | VIS_TAB | VIS_NL; add the latter three flags
to the existing vis encoding of exec argv/environ and pledge
requests/paths.
Delete local variables left unused when showbuf() and showbufc() were split

ok otto@ millert@

Format the flags argument to sendsyslog()

ok deraadt@ bluhm@

Handle kbind()'s third argument correctly

Improve display of unknown and KTR_START records

request and ok naddy@

No more compat emulations, so remove ktrace EMUL records and the baggage
for generating and parsing them.

ok mpi@ naddy@ millert@ deraadt@

drop the support for Linux emulation; ok guenther@ visa@

Split the intra-thread functionality from kill(2) into its own syscall
thrkill(2), rolling the kill(2) syscall number with the ABI change to
avoid breaking binaries during during the transition. thrkill(2) includes
a 'tcb' argument that eliminates the need for locking in pthread_kill()
and simplifies pthread_cancel(). Switch __stack_smash_handler() to use
thrkill(2) and explicitly unblock SIGABRT.

Minor bump to both libc and libpthread: make sure you install a new kernel!

ok semarie@

remove knowledge of dnssocket/dnsconnect

If the system call is entirely unpermitted, code will be 0, and there is
no pledge to recommend.

Fold "malloc" into "stdio" and -- recognizing that no program so far has
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther

Describe dnssocket / dnsconnect arguments

normalize a few more tame request orderings, to help review

since kdump may getprotobynumber() late, do not drop "rpath". We could
potentially modify pledge() to permit /etc/protocols (/etc/rpc?
/etc/services? etc) without requiring a rpath attribute.. but where would
we draw the line for what /etc files libc functions need? At present, we
draw that line closer to the minimum.
issue found by theo@math.ethz.ch

Change all tame callers to namechange to pledge(2).

tame "stdio getpw"
discussed with guenther

Add ktracing of tame()'s arguments' values

"every tool helps" deraadt@

option LFS is dead, but we missed option ACCOUNTING here

Fix wrong cast.

This one should be an unsigned long in theory, but the formatter function
argument we're printing from is already an int (being casted from register_t
at the formatter call time). So lets fix one bug at a time.

authoritative okay from guenther@

tame "stdio getpw rpath" can be done quite early after the getopt.
it might seem we can hoist the open above tame and then drop "rpath",
but guenther found getprotobynumber can be called much later.
ok guenther

update the -t args list; ok guenther

Add ktracing of argv and envp to execve(2), with envp not traced by default

ok tedu@ deraadt@

Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer
necessary

ok deraadt@ jsing@

Delete ktracing of context switches: it's unused, and not particularly useful,
and doing VOP_WRITE() from inside tsleep/msleep makes the locking too
complicated, making it harder to move forward on MP changes.

ok deraadt@ kettenis@

Make KTR_SYSRET records variables variables sized, leaving out the
retval on error, including a long long retval on successful lseek(),
and including a register_t retval for other successes. This fixes
lseek reporting on ILP32 archs.

While here, reworking internal kern_ktrace.c bits to be able to pass
two buffers to ktrwriteraw(), so we can avoid mallocing a buffer
in some cases and so that KTR_GENIO logs are split at PAGE_SIZE,
not PAGE_SIZE-sizeof(struct ktrgenio)

ok miod@

Figure out the tty width using TIOCGWINSZ early on. Will make tame(2)
integration easier in the future.

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

oops, started expecting sockoptlevelname() to handle two arguments
but never actually did so. Fix that so that we stop losing the
second argument to {get,set}sockopt(). Handling of levels other than
SOL_SOCKET could be improved.

The first argument to socket/socketpair is an address family, not a protocol
family. (sysctl(3) is practically the only place where PF_* is correct)

Oops: symlinkat()'s 'atfd' argument is its second, not its first

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

With revision 1.93 a space character got lost when printing the
signal action. Print the space again.
OK jsg@

remove -r from usage();

Eliminate the -r option and always do sysctl OID, username, groupname,
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.

ok millert@ otto@

Add some additional sanity checks to kdump.
Fixes a variety of crashes found with the afl fuzzer.
ok miod@ on an earlier version.

Convert syscall argument handling from a giant switch to a giant table.
While at it, use formatters for fds, counts, ids of all types, and "small
buffer sizes" that always show them in decimal, while paths, pointers, and
"big buffer sizes" get formatters that always show them in hex. The -d
option only affects args when the -n option is used or for unknown syscalls,
as well as syscall return values, and unrecognized ioctls.

ok otto@ millert@

Add dumping of struct dqblk done by quotactl(2)

ok millert@

userland reallocarray audit.

Replace malloc() and realloc() calls that may have integer overflow in the
multiplication of the arguments with reallocarray().

ok deraadt@

Add display of the flags to pipe2, dup3, and accept4, display of
MSG_CMSG_CLOEXEC in recvmsg, and display of SOCK_{CLOEXEC,NONBLOCK}
in socket and socketpair.
Do _not_ display the O_ACCMODE bits in the arg to fcntl(F_SETFD)

ok miod@

Add fancy printing of ktrace()'s ops argument
mquery() has the exact same argument layout as mmap(), so share the case
Fix a couple brace placement glitches

Display symbolicly the mode argument of mkdir, mkfifo, mknod, and umask

Recognize itimer and ktrace facility names to {get,set}itimer() and ktrace()

ok otto@

Rename the 'pid' global to eliminate compiler warnings about shadowing

ok otto@

Split out from kdump.c the ktrstruct.c bits into ktrstruct.c
Reduce the #includes to take advantage of that.

ok millert@ otto@

For consistency, move the functions that aren't generated at build-time
from mksubr to kdump.c

ok otto@ millert@

Use WAIT_* for the first argument to wait4(), and otherwise treat it (and
the first argument to kill) as signed 32bit ints.

ok millert@ otto@

Userland bits for utrace record handling; from otto@

simple large ino_t handling

handle large time_t variables; ok guenther

Remove CTL_USER hierarchy from sysctl()
(Use sysconf() or confstr() instead)

ok miod@ millert@

Report macro names for the second argument to shutdown(), getrusage(),
pathconf(), and fpathconf(), and for poll()'s INFTIM.
When open()'s flag arg doesn't include O_CREAT, don't show the third argument
unless th e-n option is given. Ditto for fcntl()'s F_GETFD and F_GETFL ops.
Show sysctl()'s KERN_PROC_KTHREAD as "kthread".

ok otto@

Explicitly include sys/resource.h for RLIM_INF, etc.

Report ptrace(PT_{GET,SET}XMMREGS) by name

ok otto@

Print the fd_set used by select in kdump.
OK guenther@ and deraadt@

sigpending() returns a sigset just like sigprocmask(), so decode it the same

ok matthew@ otto@

Add dumping of struct __tfork done by the revised __tfork syscall

Handle PT_GET_THREAD_*

ok otto@ kettenis@

remove rfork(); ok guenther miod

guenther and kettenis say THREAD_PID_OFFSET shouldn't be subtracted

add -H to usage();

Add a start record to the ktrace and use a special magic string "KTR"
to identify ktrace files. kdump(1) will now refuse to operate on
trace data without the start record and as a bonus will print only
PID, unless an -H flag is specified to print PID/TID pairs. Initial
diff, input from and ok deraadt, guenther.

err(1, NULL) can drive people insane, so please avoid it.
ok guenther

Add tracing and dumping of "pointer to struct" syscall arguments for
structs timespec, timeval, sigaction, and rlimit.

ok otto@ jsing@

- add more ptrace() ops
- be robust against a ktrace file the contains a record with
ktr_len==SIZE_MAX, instead of reallocating its buffer to zero size
- format the clockid_t argument to clock_*() and __thrsleep() as CLOCK_*
- format the sigset_t argument to sigprocmask() and __thrsigdivert(), the
return from sigprocmask(), and the mask reported for PSIG records
as a bitset of SIG* values, except that if most the bits are set
then invert it and prefix with '~'
- show the next level of the kern.proc sysctl
- __tfork() creates procs, so do the mappidtoemul() handling
- refactor ktrstat()'s time printing bits and fix a whitespace glitch
in its output
- reduce stack usage in ktrstruct()
- a value of zero is not an error for mode bits (S_*), atflag bits
(AT_*), wait options (W*), or shmat flags (SHM_*)

ok otto@

teach kdump about "siginfo-style" signal sub-codes, and the (currently)
limited subset of information the kernel supplies.
ok miod pirofti

Resolve sysctl numbers, original diff from nicm@, man page bits from
guenther@; ok guenther@ millert@

Add fancy kdump support for the openat(2) system calls.

ok otto@

handle files produced by ktrace -a better by making a distinction
between default and current emulation; ok guenther@

since we're treating native emuls different (more fancy) than
non-native we should do a better job of tracking the emul
corresponding to a pid; ok guenther@; also tested by pirofti@

Make -m 0 work as expected.

print the name of an unknown struct, it has been verified to be sane;
prodded by tedu@

remove more atalk bits

Support sending struct info to kdump. So far for struct stat and
struct sockaddress; mostly from freebsd. ok deraadt@ tedu@ nicm@

Don't crash on non-native emuls; ok guenther@

remove compat_svr4

Big restructuring of the main switch making it much more readable.
Also, handle offset_t (long long) args and padding in a consistent manner.
ok deraadt@

more fancy kdump output, mostly from FreeBSD; ok deraadt@ tedu@

Change ktr_retval to a register_t so that we can see the full 64-bits
when neccesary. It is incredible this 64-bit bug has existed for
this long.
ok miod

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Remove FREEBSD_COMPAT bits and obsolete RTHREAD define

make kdump build after COMPAT_BSDOS removal.

Bad tedu, no cookie.

remove userland bits of compat_sunos

another day, another compat gets removed. today is ibcs2's turn

remove compat_osf1. ok deraadt miod

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

ultrix support going away, ok deraadt

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

sort options; synchronize argument names with synopsis;
split the usage's output in two lines to fit on standard displays.

ok millert@

more parts of netbsd compat that go away

`l' before `n';

use lots more size_t instead of int running around
ok deraadt

- add -X and -x to SYNOPSIS
- sort options
- new sentence, new line
- sync usage()

cedric points out 0xff mask isn't needed with unsigned chars

oops, missed a %ld should be %lu

need ctype.h for isprint.
%c expects an int argument, cast a u_long value so it gets it.

C spells 'byte' as 'unsigned char'. signed chars are not healthy for isprint

-x and -X options to print io output in hex. from cedric berger
ok mickey

Grok rthreads system calls before Dale yiells after me.

No need to define UFS_EXTATTR anymore.

for sysctl records, do not expect more than CTL_MAXNAME additional
"faked" arguments; ok uwe espie

for sysctl syscall pass the mib[] back to kdump to parse;
always print () on syscalls w/ void args even (deraadt version)

#ifdef hpux only for m68k or hppa; this needs a revisit since this shows
something flawed in the way that the emulation system calls are being
handled

better includes for syscalls from kernel

Better ptrace description, also fix an off-by-one spotted by otto
ok otto@ tdeval@

realloc stuff. ok deraadt@ jose@

ioctlname() proto

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

improve docs; raj@cerias.purdue.edu

missing defines for syscalls and a better formatting in usage

Remove kernel support for NTP. ok deraadt@ and tholo@

add -p pid feature, and ansi at the same time; millert ok

a real pid_t cleanup.

espie@ ok for make/,
deraadt@ one extra eye,
millert@ ok

Add PT_IO to ptrace ops.

include a siginfo_t with ktrace PSIG information, so that kdump can print
fault addresses and other information. (a small bug exists: in some signal
delivery cases, two PSIG records may be inserted, because postsig() is
unaware a PSIG record has already been placed. but this small bug can
stay since the siginfo_t information helps us find and fix other bugs)

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

Add lots of missing prototypes, constify a few things. Add explicit ints.
Makes gcc much happier, less warnings.

first pass at a -Wall cleanup

add processing of netbsd syscall emulation

add more emulations; problem noted by khym@bga.com

Only include sys/errno.h once.

make are of a whole number of missing system call names; interesting fix
from ghelmer@freebsd.org

fix IOR/IOW/IOWR; cgd@netbsd.org

used to permit a single arg, which it ignored, now does usage(); fenner@freebsd

rcsid

native emul is now called "native"

Decode unknown ioctl commands to _IO{R,W,}('c',x[,y]), instead of 0xabcdef00

branches: 1.1.1;
Initial revision

SYS_msyscall will go away soon. kdump does not need a special handler
for it.
ok tb

provide the pieces for ktrace/kdump to observe pinsyscall violations.
(not used yet, because the pinsyscall changes are still being worked on)
ok kettenis

remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards. This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go". "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

Add [-P progam] to filter dumps by basename

[-p pid] requires knowing the PIDs beforehand, sieving through big
dumps by argv[0] strings is more ergonomic.

OK deraadt

Make kdump show kqueue1(2) flags.

OK guenther@

Add a -u label option to print selected utrace records, used by upcoming
malloc (leak) dump fucntion. ok semarie@

KTRC_CODE__SYSCALL is never set anymore, because __syscall() is gone.

we spent far too long debugging a weird go library problem (incorrect
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "(via syscall)"
and such.
ok guenther

Add argument and return support for {get,set}thrname()

Add ktrace struct tracepoints for siginfo_t to the kernel side of
waitid(2) and __thrsigdivert(2) and teach kdump(1) to handle them.
Also report more from the siginfo_t inside PSIG tracepoints.

ok mpi@

Add argument support for msyscall, pledge, unveil, __realpath,
ypconnect, and __tmpfd. Reorder several other syscalls to match
the order in syscalls.master

ok deraadt@

Improve reporting of waitid(2)'s idtype/id and options arguments
Add mimmutable(2) to report like munmap(2)

Support the sendmmsg and recvmmsg system calls.
Input guenther@
OK bluhm@

the _pad_ system calls from 2021/12/23 can go away
ok guenther

Since ktr_comm is now a string, we do not need MAXCOMLEN to limit printf.
And thus, sys/param.h is not needed either.
ok millert

repair sys/param.h namespace list

need a local nitems() definition

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Do not assume futex(2) is always returning an errno value.

In the case of FUTEX_WAKE a number of woken threads is returned.

ok guenther@

Declare pledgenames[] as const.

OK deraadt@

kdump(1): give timestamp types real names; ok schwarze@

use _PATH_PROTOCOLS from netdb.h instead

kdump reads /etc/protocols to translate proto numbers into names; ok sthen@ gilles@

improve wrong markup and poor wording regarding the -t argument
that was spotted by deraadt@;
OK deraadt@ jmc@

mincore() is a relic from the past, exposing physical machine information
about shared resources which no program should see. only a few pieces of
software use it, generally poorly thought out. they are being fixed, so
mincore() can be deleted.
ok guenther tedu jca sthen, others

allow reading from stdin with -f -.
ok kn

futex(2) returns an errno value to decode

ok otto@

the only fs access kdump(1) needs is to the tracefile which by default is
ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

Need to remove fktrace here too
Noted by Andreas Kusalananda K��h��ri (andreas.kahari(at)icm.uu.se)

Format fktrace(2) arguments

ok millert@

Delete pointless casts from void*

ok otto@ millert@

Display futex(2) operations and arguments.

Add 'p' trace point for KTRFAC_PLEDGE, as noted by
Michal Mazurek <akfaew@jasminek.net>

While here, fix handling of -t+ in ltrace.

allow printing timestamps relative to beginnging of trace, -RT. ok benno

Handle error return by SYS_getlogin_r and SYS___thrsleep correct, and
parse args of SYS_getlogin_r

Display NAMI records and AF_UNIX socket paths with vis, using
VIS_CSTYLE | VIS_DQ | VIS_TAB | VIS_NL; add the latter three flags
to the existing vis encoding of exec argv/environ and pledge
requests/paths.
Delete local variables left unused when showbuf() and showbufc() were split

ok otto@ millert@

Format the flags argument to sendsyslog()

ok deraadt@ bluhm@

Handle kbind()'s third argument correctly

Improve display of unknown and KTR_START records

request and ok naddy@

No more compat emulations, so remove ktrace EMUL records and the baggage
for generating and parsing them.

ok mpi@ naddy@ millert@ deraadt@

drop the support for Linux emulation; ok guenther@ visa@

Split the intra-thread functionality from kill(2) into its own syscall
thrkill(2), rolling the kill(2) syscall number with the ABI change to
avoid breaking binaries during during the transition. thrkill(2) includes
a 'tcb' argument that eliminates the need for locking in pthread_kill()
and simplifies pthread_cancel(). Switch __stack_smash_handler() to use
thrkill(2) and explicitly unblock SIGABRT.

Minor bump to both libc and libpthread: make sure you install a new kernel!

ok semarie@

remove knowledge of dnssocket/dnsconnect

If the system call is entirely unpermitted, code will be 0, and there is
no pledge to recommend.

Fold "malloc" into "stdio" and -- recognizing that no program so far has
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther

Describe dnssocket / dnsconnect arguments

normalize a few more tame request orderings, to help review

since kdump may getprotobynumber() late, do not drop "rpath". We could
potentially modify pledge() to permit /etc/protocols (/etc/rpc?
/etc/services? etc) without requiring a rpath attribute.. but where would
we draw the line for what /etc files libc functions need? At present, we
draw that line closer to the minimum.
issue found by theo@math.ethz.ch

Change all tame callers to namechange to pledge(2).

tame "stdio getpw"
discussed with guenther

Add ktracing of tame()'s arguments' values

"every tool helps" deraadt@

option LFS is dead, but we missed option ACCOUNTING here

Fix wrong cast.

This one should be an unsigned long in theory, but the formatter function
argument we're printing from is already an int (being casted from register_t
at the formatter call time). So lets fix one bug at a time.

authoritative okay from guenther@

tame "stdio getpw rpath" can be done quite early after the getopt.
it might seem we can hoist the open above tame and then drop "rpath",
but guenther found getprotobynumber can be called much later.
ok guenther

update the -t args list; ok guenther

Add ktracing of argv and envp to execve(2), with envp not traced by default

ok tedu@ deraadt@

Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer
necessary

ok deraadt@ jsing@

Delete ktracing of context switches: it's unused, and not particularly useful,
and doing VOP_WRITE() from inside tsleep/msleep makes the locking too
complicated, making it harder to move forward on MP changes.

ok deraadt@ kettenis@

Make KTR_SYSRET records variables variables sized, leaving out the
retval on error, including a long long retval on successful lseek(),
and including a register_t retval for other successes. This fixes
lseek reporting on ILP32 archs.

While here, reworking internal kern_ktrace.c bits to be able to pass
two buffers to ktrwriteraw(), so we can avoid mallocing a buffer
in some cases and so that KTR_GENIO logs are split at PAGE_SIZE,
not PAGE_SIZE-sizeof(struct ktrgenio)

ok miod@

Figure out the tty width using TIOCGWINSZ early on. Will make tame(2)
integration easier in the future.

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

oops, started expecting sockoptlevelname() to handle two arguments
but never actually did so. Fix that so that we stop losing the
second argument to {get,set}sockopt(). Handling of levels other than
SOL_SOCKET could be improved.

The first argument to socket/socketpair is an address family, not a protocol
family. (sysctl(3) is practically the only place where PF_* is correct)

Oops: symlinkat()'s 'atfd' argument is its second, not its first

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

With revision 1.93 a space character got lost when printing the
signal action. Print the space again.
OK jsg@

remove -r from usage();

Eliminate the -r option and always do sysctl OID, username, groupname,
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.

ok millert@ otto@

Add some additional sanity checks to kdump.
Fixes a variety of crashes found with the afl fuzzer.
ok miod@ on an earlier version.

Convert syscall argument handling from a giant switch to a giant table.
While at it, use formatters for fds, counts, ids of all types, and "small
buffer sizes" that always show them in decimal, while paths, pointers, and
"big buffer sizes" get formatters that always show them in hex. The -d
option only affects args when the -n option is used or for unknown syscalls,
as well as syscall return values, and unrecognized ioctls.

ok otto@ millert@

Add dumping of struct dqblk done by quotactl(2)

ok millert@

userland reallocarray audit.

Replace malloc() and realloc() calls that may have integer overflow in the
multiplication of the arguments with reallocarray().

ok deraadt@

Add display of the flags to pipe2, dup3, and accept4, display of
MSG_CMSG_CLOEXEC in recvmsg, and display of SOCK_{CLOEXEC,NONBLOCK}
in socket and socketpair.
Do _not_ display the O_ACCMODE bits in the arg to fcntl(F_SETFD)

ok miod@

Add fancy printing of ktrace()'s ops argument
mquery() has the exact same argument layout as mmap(), so share the case
Fix a couple brace placement glitches

Display symbolicly the mode argument of mkdir, mkfifo, mknod, and umask

Recognize itimer and ktrace facility names to {get,set}itimer() and ktrace()

ok otto@

Rename the 'pid' global to eliminate compiler warnings about shadowing

ok otto@

Split out from kdump.c the ktrstruct.c bits into ktrstruct.c
Reduce the #includes to take advantage of that.

ok millert@ otto@

For consistency, move the functions that aren't generated at build-time
from mksubr to kdump.c

ok otto@ millert@

Use WAIT_* for the first argument to wait4(), and otherwise treat it (and
the first argument to kill) as signed 32bit ints.

ok millert@ otto@

Userland bits for utrace record handling; from otto@

simple large ino_t handling

handle large time_t variables; ok guenther

Remove CTL_USER hierarchy from sysctl()
(Use sysconf() or confstr() instead)

ok miod@ millert@

Report macro names for the second argument to shutdown(), getrusage(),
pathconf(), and fpathconf(), and for poll()'s INFTIM.
When open()'s flag arg doesn't include O_CREAT, don't show the third argument
unless th e-n option is given. Ditto for fcntl()'s F_GETFD and F_GETFL ops.
Show sysctl()'s KERN_PROC_KTHREAD as "kthread".

ok otto@

Explicitly include sys/resource.h for RLIM_INF, etc.

Report ptrace(PT_{GET,SET}XMMREGS) by name

ok otto@

Print the fd_set used by select in kdump.
OK guenther@ and deraadt@

sigpending() returns a sigset just like sigprocmask(), so decode it the same

ok matthew@ otto@

Add dumping of struct __tfork done by the revised __tfork syscall

Handle PT_GET_THREAD_*

ok otto@ kettenis@

remove rfork(); ok guenther miod

guenther and kettenis say THREAD_PID_OFFSET shouldn't be subtracted

add -H to usage();

Add a start record to the ktrace and use a special magic string "KTR"
to identify ktrace files. kdump(1) will now refuse to operate on
trace data without the start record and as a bonus will print only
PID, unless an -H flag is specified to print PID/TID pairs. Initial
diff, input from and ok deraadt, guenther.

err(1, NULL) can drive people insane, so please avoid it.
ok guenther

Add tracing and dumping of "pointer to struct" syscall arguments for
structs timespec, timeval, sigaction, and rlimit.

ok otto@ jsing@

- add more ptrace() ops
- be robust against a ktrace file the contains a record with
ktr_len==SIZE_MAX, instead of reallocating its buffer to zero size
- format the clockid_t argument to clock_*() and __thrsleep() as CLOCK_*
- format the sigset_t argument to sigprocmask() and __thrsigdivert(), the
return from sigprocmask(), and the mask reported for PSIG records
as a bitset of SIG* values, except that if most the bits are set
then invert it and prefix with '~'
- show the next level of the kern.proc sysctl
- __tfork() creates procs, so do the mappidtoemul() handling
- refactor ktrstat()'s time printing bits and fix a whitespace glitch
in its output
- reduce stack usage in ktrstruct()
- a value of zero is not an error for mode bits (S_*), atflag bits
(AT_*), wait options (W*), or shmat flags (SHM_*)

ok otto@

teach kdump about "siginfo-style" signal sub-codes, and the (currently)
limited subset of information the kernel supplies.
ok miod pirofti

Resolve sysctl numbers, original diff from nicm@, man page bits from
guenther@; ok guenther@ millert@

Add fancy kdump support for the openat(2) system calls.

ok otto@

handle files produced by ktrace -a better by making a distinction
between default and current emulation; ok guenther@

since we're treating native emuls different (more fancy) than
non-native we should do a better job of tracking the emul
corresponding to a pid; ok guenther@; also tested by pirofti@

Make -m 0 work as expected.

print the name of an unknown struct, it has been verified to be sane;
prodded by tedu@

remove more atalk bits

Support sending struct info to kdump. So far for struct stat and
struct sockaddress; mostly from freebsd. ok deraadt@ tedu@ nicm@

Don't crash on non-native emuls; ok guenther@

remove compat_svr4

Big restructuring of the main switch making it much more readable.
Also, handle offset_t (long long) args and padding in a consistent manner.
ok deraadt@

more fancy kdump output, mostly from FreeBSD; ok deraadt@ tedu@

Change ktr_retval to a register_t so that we can see the full 64-bits
when neccesary. It is incredible this 64-bit bug has existed for
this long.
ok miod

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Remove FREEBSD_COMPAT bits and obsolete RTHREAD define

make kdump build after COMPAT_BSDOS removal.

Bad tedu, no cookie.

remove userland bits of compat_sunos

another day, another compat gets removed. today is ibcs2's turn

remove compat_osf1. ok deraadt miod

Remove COMPAT_HPUX. No one wanted to support it and its fewmets were
blocking other cleanups
ok miod@

ultrix support going away, ok deraadt

rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and
unmaintainable). these days, people use source. these id's do not provide
any benefit, and do hurt the small install media
(the 33,000 line diff is essentially mechanical)
ok with the idea millert, ok dms

sort options; synchronize argument names with synopsis;
split the usage's output in two lines to fit on standard displays.

ok millert@

more parts of netbsd compat that go away

`l' before `n';

use lots more size_t instead of int running around
ok deraadt

- add -X and -x to SYNOPSIS
- sort options
- new sentence, new line
- sync usage()

cedric points out 0xff mask isn't needed with unsigned chars

oops, missed a %ld should be %lu

need ctype.h for isprint.
%c expects an int argument, cast a u_long value so it gets it.

C spells 'byte' as 'unsigned char'. signed chars are not healthy for isprint

-x and -X options to print io output in hex. from cedric berger
ok mickey

Grok rthreads system calls before Dale yiells after me.

No need to define UFS_EXTATTR anymore.

for sysctl records, do not expect more than CTL_MAXNAME additional
"faked" arguments; ok uwe espie

for sysctl syscall pass the mib[] back to kdump to parse;
always print () on syscalls w/ void args even (deraadt version)

#ifdef hpux only for m68k or hppa; this needs a revisit since this shows
something flawed in the way that the emulation system calls are being
handled

better includes for syscalls from kernel

Better ptrace description, also fix an off-by-one spotted by otto
ok otto@ tdeval@

realloc stuff. ok deraadt@ jose@

ioctlname() proto

Remove the advertising clause in the UCB license which Berkeley
rescinded 22 July 1999. Proofed by myself and Theo.

improve docs; raj@cerias.purdue.edu

missing defines for syscalls and a better formatting in usage

Remove kernel support for NTP. ok deraadt@ and tholo@

add -p pid feature, and ansi at the same time; millert ok

a real pid_t cleanup.

espie@ ok for make/,
deraadt@ one extra eye,
millert@ ok

Add PT_IO to ptrace ops.

include a siginfo_t with ktrace PSIG information, so that kdump can print
fault addresses and other information. (a small bug exists: in some signal
delivery cases, two PSIG records may be inserted, because postsig() is
unaware a PSIG record has already been placed. but this small bug can
stay since the siginfo_t information helps us find and fix other bugs)

Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.

Add lots of missing prototypes, constify a few things. Add explicit ints.
Makes gcc much happier, less warnings.

first pass at a -Wall cleanup

add processing of netbsd syscall emulation

add more emulations; problem noted by khym@bga.com

Only include sys/errno.h once.

make are of a whole number of missing system call names; interesting fix
from ghelmer@freebsd.org

fix IOR/IOW/IOWR; cgd@netbsd.org

used to permit a single arg, which it ignored, now does usage(); fenner@freebsd

rcsid

native emul is now called "native"

Decode unknown ioctl commands to _IO{R,W,}('c',x[,y]), instead of 0xabcdef00

branches: 1.1.1;
Initial revision

provide the pieces for ktrace/kdump to observe pinsyscall violations.
(not used yet, because the pinsyscall changes are still being worked on)
ok kettenis

remove support for syscall(2) -- the "indirection system call" because
it is a dangerous alternative entry point for all system calls, and thus
incompatible with the precision system call entry point scheme we are
heading towards. This has been a 3-year mission:
First perl needed a code-generated wrapper to fake syscall(2) as a giant
switch table, then all the ports were cleaned with relatively minor fixes,
except for "go". "go" required two fixes -- 1) a framework issue with
old library versions, and 2) like perl, a fake syscall(2) wrapper to
handle ioctl(2) and sysctl(2) because "syscall(SYS_ioctl" occurs all over
the place in the "go" ecosystem because the "go developers" are plan9-loving
unix-hating folk who tried to build an ecosystem without allowing "ioctl".
ok kettenis, jsing, afresh1, sthen

Add [-P progam] to filter dumps by basename

[-p pid] requires knowing the PIDs beforehand, sieving through big
dumps by argv[0] strings is more ergonomic.

OK deraadt

Make kdump show kqueue1(2) flags.

OK guenther@

Add a -u label option to print selected utrace records, used by upcoming
malloc (leak) dump fucntion. ok semarie@

KTRC_CODE__SYSCALL is never set anymore, because __syscall() is gone.

we spent far too long debugging a weird go library problem (incorrect
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "(via syscall)"
and such.
ok guenther

Add argument and return support for {get,set}thrname()

Add ktrace struct tracepoints for siginfo_t to the kernel side of
waitid(2) and __thrsigdivert(2) and teach kdump(1) to handle them.
Also report more from the siginfo_t inside PSIG tracepoints.

ok mpi@

Add argument support for msyscall, pledge, unveil, __realpath,
ypconnect, and __tmpfd. Reorder several other syscalls to match
the order in syscalls.master

ok deraadt@

Improve reporting of waitid(2)'s idtype/id and options arguments
Add mimmutable(2) to report like munmap(2)

Support the sendmmsg and recvmmsg system calls.
Input guenther@
OK bluhm@

the _pad_ system calls from 2021/12/23 can go away
ok guenther

Since ktr_comm is now a string, we do not need MAXCOMLEN to limit printf.
And thus, sys/param.h is not needed either.
ok millert

repair sys/param.h namespace list

need a local nitems() definition

Roll the syscalls that have an off_t argument to remove the explicit padding.
Switch libc and ld.so to the generic stubs for these calls.
WARNING: reboot to updated kernel before installing libc or ld.so!

Time for a story...

When gcc (back in 1.x days) first implemented long long, it didn't (always)
pass 64bit arguments in 'aligned' registers/stack slots, with the result that
argument offsets didn't match structure offsets. This affected the nine system
calls that pass off_t arguments:
ftruncate lseek mmap mquery pread preadv pwrite pwritev truncate

To avoid having to do custom ASM wrappers for those, BSD put an explicit pad
argument in so that the off_t argument would always start on a even slot and
thus be naturally aligned. Thus those odd wrappers in lib/libc/sys/ that use
__syscall() and pass an extra '0' argument.

The ABIs for different CPUs eventually settled how things should be passed on
each and gcc 2.x followed them. The only arch now where it helps is landisk,
which needs to skip the last argument register if it would be the first half of
a 64bit argument. So: add new syscalls without the pad argument and on landisk
do that skipping directly in the syscall handler in the kernel. Keep compat
support for the existing syscalls long enough for the transition.

ok deraadt@

Change the error reporting pattern throughout the tree when unveil
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.

Work done and verified by Ashton Fagg <ashton@fagg.id.au>

ok deraadt@ semarie@ claudio@

Do not assume futex(2) is always returning an errno value.

In the case of FUTEX_WAKE a number of woken threads is returned.

ok guenther@

Declare pledgenames[] as const.

OK deraadt@

kdump(1): give timestamp types real names; ok schwarze@

use _PATH_PROTOCOLS from netdb.h instead

kdump reads /etc/protocols to translate proto numbers into names; ok sthen@ gilles@

improve wrong markup and poor wording regarding the -t argument
that was spotted by deraadt@;
OK deraadt@ jmc@

mincore() is a relic from the past, exposing physical machine information
about shared resources which no program should see. only a few pieces of
software use it, generally poorly thought out. they are being fixed, so
mincore() can be deleted.
ok guenther tedu jca sthen, others

allow reading from stdin with -f -.
ok kn

futex(2) returns an errno value to decode

ok otto@

the only fs access kdump(1) needs is to the tracefile which by default is
ktrace.out unless argument -f is used. We can just unveil(2) that file with read
permissions before the pledge(2) call.

OK deraadt@

Need to remove fktrace here too
Noted by Andreas Kusalananda K��h��ri (andreas.kahari(at)icm.uu.se)

Format fktrace(2) arguments

ok millert@

Delete pointless casts from void*

ok otto@ millert@

Display futex(2) operations and arguments.

Add 'p' trace point for KTRFAC_PLEDGE, as noted by
Michal Mazurek <akfaew@jasminek.net>

While here, fix handling of -t+ in ltrace.

allow printing timestamps relative to beginnging of trace, -RT. ok benno

Handle error return by SYS_getlogin_r and SYS___thrsleep correct, and
parse args of SYS_getlogin_r

Display NAMI records and AF_UNIX socket paths with vis, using
VIS_CSTYLE | VIS_DQ | VIS_TAB | VIS_NL; add the latter three flags
to the existing vis encoding of exec argv/environ and pledge
requests/paths.
Delete local variables left unused when showbuf() and showbufc() were split

ok otto@ millert@

Format the flags argument to sendsyslog()

ok deraadt@ bluhm@

Handle kbind()'s third argument correctly

Improve display of unknown and KTR_START records

request and ok naddy@

No more compat emulations, so remove ktrace EMUL records and the baggage
for generating and parsing them.

ok mpi@ naddy@ millert@ deraadt@

drop the support for Linux emulation; ok guenther@ visa@

Split the intra-thread functionality from kill(2) into its own syscall
thrkill(2), rolling the kill(2) syscall number with the ABI change to
avoid breaking binaries during during the transition. thrkill(2) includes
a 'tcb' argument that eliminates the need for locking in pthread_kill()
and simplifies pthread_cancel(). Switch __stack_smash_handler() to use
thrkill(2) and explicitly unblock SIGABRT.

Minor bump to both libc and libpthread: make sure you install a new kernel!

ok semarie@

remove knowledge of dnssocket/dnsconnect

If the system call is entirely unpermitted, code will be 0, and there is
no pledge to recommend.

Fold "malloc" into "stdio" and -- recognizing that no program so far has
used less than "stdio" -- include all the "self" operations. Instead of
different defines, use regular PLEDGE_* in the "p_pledgenote" variable
(which indicates the operation subtype a system call is performing). Many
checks before easier to understand. p_pledgenote can often be passed
directly to ktrace, so that kdump says:
15565 test CALL pledge(0xa9a3f804c51,0)
15565 test STRU pledge request="stdio"
15565 test RET pledge 0
15565 test CALL open(0xa9a3f804c57,0x2<O_RDWR>)
15565 test NAMI "/tmp/testfile"
15565 test PLDG open, "wpath", errno 1 Operation not permitted
with help from semarie, ok guenther

Describe dnssocket / dnsconnect arguments

normalize a few more tame request orderings, to help review

since kdump may getprotobynumber() late, do not drop "rpath". We could
potentially modify pledge() to permit /etc/protocols (/etc/rpc?
/etc/services? etc) without requiring a rpath attribute.. but where would
we draw the line for what /etc files libc functions need? At present, we
draw that line closer to the minimum.
issue found by theo@math.ethz.ch

Change all tame callers to namechange to pledge(2).

tame "stdio getpw"
discussed with guenther

Add ktracing of tame()'s arguments' values

"every tool helps" deraadt@

option LFS is dead, but we missed option ACCOUNTING here

Fix wrong cast.

This one should be an unsigned long in theory, but the formatter function
argument we're printing from is already an int (being casted from register_t
at the formatter call time). So lets fix one bug at a time.

authoritative okay from guenther@

tame "stdio getpw rpath" can be done quite early after the getopt.
it might seem we can hoist the open above tame and then drop "rpath",
but guenther found getprotobynumber can be called much later.
ok guenther

update the -t args list; ok guenther

Add ktracing of argv and envp to execve(2), with envp not traced by default

ok tedu@ deraadt@

Rename __sysctl syscall to just sysctl, as the userland wrapper is no longer
necessary

ok deraadt@ jsing@

Delete ktracing of context switches: it's unused, and not particularly useful,
and doing VOP_WRITE() from inside tsleep/msleep makes the locking too
complicated, making it harder to move forward on MP changes.

ok deraadt@ kettenis@

Make KTR_SYSRET records variables variables sized, leaving out the
retval on error, including a long long retval on successful lseek(),
and including a register_t retval for other successes. This fixes
lseek reporting on ILP32 archs.

While here, reworking internal kern_ktrace.c bits to be able to pass
two buffers to ktrwriteraw(), so we can avoid mallocing a buffer
in some cases and so that KTR_GENIO logs are split at PAGE_SIZE,
not PAGE_SIZE-sizeof(struct ktrgenio)

ok miod@

Figure out the tty width using TIOCGWINSZ early on. Will make tame(2)
integration easier in the future.

Convert many atoi() calls to strtonum(), adding range checks and failure
handling along the way.
Reviews by Brendan MacDonell, Jeremy Devenport, florian, doug, millert

oops, started expecting sockoptlevelname() to handle two arguments
but never actually did so. Fix that so that we stop losing the
second argument to {get,set}sockopt(). Handling of levels other than
SOL_SOCKET could be improved.

The first argument to socket/socketpair is an address family, not a protocol
family. (sysctl(3) is practically the only place where PF_* is correct)

Oops: symlinkat()'s 'atfd' argument is its second, not its first

Replace <sys/param.h> with <limits.h> and other less dirty headers where
possible. Annotate <sys/param.h> lines with their current reasons. Switch
to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change
MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where
sensible to avoid pulling in the pollution. These are the files confirmed
through binary verification.
ok guenther, millert, doug (helped with the verification protocol)

With revision 1.93 a space character got lost when printing the
signal action. Print the space again.
OK jsg@

remove -r from usage();

Eliminate the -r option and always do sysctl OID, username, groupname,
and ctime presentation, but combined with the numeric form ala 0<"root">.
Do username and groupname presentation on syscall arguments and retvals.

ok millert@ otto@

Add some additional sanity checks to kdump.
Fixes a variety of crashes found with the afl fuzzer.
ok miod@ on an earlier version.

Convert syscall argument handling from a giant switch to a giant table.
While at it, use formatters for fds, counts, ids of all types, and "small
buffer sizes" that always show them in decimal, while paths, pointers, and
"big buffer sizes" get formatters that always show them in hex. The -d
option only affects args when the -n option is used or for unknown syscalls,
as well as syscall return values, and unrecognized ioctls.

ok otto@ millert@

Add dumping of struct dqblk done by quotactl(2)

ok millert@

userland reallocarray audit.

Replace malloc() and realloc() calls that may have integer overflow in the
multiplication of the arguments with reallocarray().

ok deraadt@

Add display of the flags to pipe2, dup3, and accept4, display of
MSG_CMSG_CLOEXEC in recvmsg, and display of SOCK_{CLOEXEC,NONBLOCK}
in socket and socketpair.
Do _not_ display the O_ACCMODE bits in the arg to fcntl(F_SETFD)

ok miod@

Add fancy printing of ktrace()'s ops argument
mquery() has the exact same argument layout as mmap(), so share the case
Fix a couple brace placement glitches

Display symbolicly the mode argument of mkdir, mkfifo, mknod, and umask

Recognize itimer and ktrace facility names to {get,set}itimer() and ktrace()

ok otto@

Rename the 'pid' global to eliminate compiler warnings about shadowing

ok otto@

Split out from kdump.c the ktrstruct.c bits into ktrstruct.c
Reduce the #includes to take advantage of that.

ok millert@ otto@

For consistency, move the functions that aren't generated at build-time
from mksubr to kdump.c

ok otto@ millert@

Use WAIT_* for the first argument to wait4(), and otherwise treat it (and
the first argument to kill) as signed 32bit ints.

ok millert@ otto@

Userland bits for utrace record handling; from otto@

simple large ino_t handling

handle large time_t variables; ok guenther

Remove CTL_USER hierarchy from sysctl()
(Use sysconf() or confstr() instead)

ok miod@ millert@

Report macro names for the second argument to shutdown(), getrusage(),
pathconf(), and fpathconf(), and for poll()'s INFTIM.
When open()'s flag arg doesn't include O_CREAT, don't show the third argument
unless th e-n option is given. Ditto for fcntl()'s F_GETFD and F_GETFL ops.
Show sysctl()'s KERN_PROC_KTHREAD as "kthread".

ok otto@

Explicitly include sys/resource.h for RLIM_INF, etc.

Report ptrace(PT_{GET,SET}XMMREGS) by name

ok otto@

Print the fd_set used by select in kdump.
OK guenther@ and deraadt@

sigpending() returns a sigset just like sigprocmask(), so decode it the same

ok matthew@ otto@

Add dumping of struct __tfork done by the revised __tfork syscall

Handle PT_GET_THREAD_*

ok otto@ kettenis@

remove rfork(); ok guenther miod

guenther and kettenis say THREAD_PID_OFFSET shouldn't be subtracted

add -H to usage();

Add a start record to the ktrace and use a special magic string "KTR"
to identify ktrace files. kdump(1) will now refuse to operate on
trace data without the start record and as a bonus will print only
PID, unless an -H flag is specified to print PID/TID pairs. Initial
diff, input from and ok deraadt, guenther.

err(1, NULL) can drive people insane, so please avoid it.
ok guenther

Add tracing and dumping of "pointer to struct" syscall arguments for
structs timespec, timeval, sigaction, and rlimit.

ok otto@ jsing@

- add more ptrace() ops
- be robust against a ktrace file the contains a record with
ktr_len==SIZE_MAX, instead of reallocating its buffer to zero size
- format the clockid_t argument to clock_*() and __thrsleep() as CLOCK_*
- format the sigset_t argument to sigprocmask() and __thrsigdivert(), the
return from sigprocmask(), and the mask reported for PSIG records
as a bitset of SIG* values, except that if most the bits are set
then invert it and prefix with '~'
- show the next level of the kern.proc sysctl
- __tfork() creates procs, so do the mappidtoemul() handling
- refactor ktrstat()'s time printing bits and fix a whitespace glitch
in its output
- reduce stack usage in ktrstruct()
- a value of zero is not an error for mode bits (S_*), atflag bits
(AT_*), wait options (W*), or shmat flags (SHM_*)

ok otto@

teach kdump about "siginfo-style" signal sub-codes, and the (currently)
limited subset of information the kernel supplies.
ok miod pirofti

Resolve sysctl numbers, original diff from nicm@, man page bits from
guenther@; ok guenther@ millert@

Add fancy kdump support for the openat(2) system calls.

ok otto@

handle files produced by ktrace -a better by making a distinction
between default and current emulation; ok guenther@

since we're treating native emuls different (more fancy) than
non-native we should do a better job of tracking the emul
corresponding to a pid; ok guenther@; also tested by pirofti@

Make -m 0 work as expected.

print the name of an unknown struct, it has been verified to be sane;
prodded by tedu@

remove more atalk bits

Support sending struct info to kdump. So far for struct stat and
struct sockaddress; mostly from freebsd. ok deraadt@ tedu@ nicm@

Don't crash on non-native emuls; ok guenther@

remove compat_svr4

Big restructuring of the main switch making it much more readable.
Also, handle offset_t (long long) args and padding in a consistent manner.
ok deraadt@

more fancy kdump output, mostly from FreeBSD; ok deraadt@ tedu@

Change ktr_retval to a register_t so that we can see the full 64-bits
when neccesary. It is incredible this 64-bit bug has existed for
this long.
ok miod

Avoid using NULL in non-pointer contexts: use 0 for integer values and '\0'
for chars.

Remove FREEBSD_COMPAT bits and obsolete RTHREAD define

make kdump build after COMPAT_BSDOS removal.

Bad tedu, no cookie.

remove userland bits of compat_sunos