Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

===================================================================
RCS file: /ftp/cvs/cvsroot/src/sys/kern/init_main.c,v
rcsdiff: /ftp/cvs/cvsroot/src/sys/kern/init_main.c,v: warning: Unknown phrases like `commitid ...;' are present.
retrieving revision 1.276
retrieving revision 1.276.4.9
diff -u -p -r1.276 -r1.276.4.9
--- src/sys/kern/init_main.c	2006/07/26 09:33:57	1.276
+++ src/sys/kern/init_main.c	2007/01/19 20:49:54	1.276.4.9
@@ -1,4 +1,4 @@
-/*	$NetBSD: init_main.c,v 1.276 2006/07/26 09:33:57 dogcow Exp $	*/
+/*	$NetBSD: init_main.c,v 1.276.4.9 2007/01/19 20:49:54 ad Exp $	*/
 
 /*
  * Copyright (c) 1982, 1986, 1989, 1991, 1992, 1993
@@ -71,7 +71,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.276 2006/07/26 09:33:57 dogcow Exp $");
+__KERNEL_RCSID(0, "$NetBSD: init_main.c,v 1.276.4.9 2007/01/19 20:49:54 ad Exp $");
 
 #include "opt_ipsec.h"
 #include "opt_kcont.h"
@@ -81,7 +81,10 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #include "opt_posix.h"
 #include "opt_syscall_debug.h"
 #include "opt_sysv.h"
+#include "opt_systrace.h"
 #include "opt_fileassoc.h"
+#include "opt_ktrace.h"
+#include "opt_pax.h"
 
 #include "rnd.h"
 #include "veriexec.h"
@@ -115,6 +118,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #include <sys/sysctl.h>
 #include <sys/event.h>
 #include <sys/mbuf.h>
+#include <sys/sleepq.h>
+#include <sys/sleepq.h>
+#include <sys/iostat.h>
 #ifdef FAST_IPSEC
 #include <netipsec/ipsec.h>
 #endif
@@ -127,6 +133,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #ifdef SYSVMSG
 #include <sys/msg.h>
 #endif
+#ifdef SYSTRACE
+#include <sys/systrace.h>
+#endif
 #ifdef P1003_1B_SEMAPHORE
 #include <sys/ksem.h>
 #endif
@@ -144,6 +153,11 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #if NVERIEXEC > 0
 #include <sys/verified_exec.h>
 #endif /* NVERIEXEC > 0 */
+#ifdef KTRACE
+#include <sys/ktrace.h>
+#endif
+#include <sys/lockdebug.h>
+#include <sys/debug.h>
 #include <sys/kauth.h>
 #include <net80211/ieee80211_netbsd.h>
 
@@ -151,10 +165,9 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #include <sys/sa.h>
 #include <sys/syscallargs.h>
 
-#ifdef FILEASSOC
-#include <sys/fileassoc.h>
-#endif /* FILEASSOC */
-
+#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD)
+#include <sys/pax.h>
+#endif /* PAX_MPROTECT || PAX_SEGVGUARD */
 #include <ufs/ufs/quota.h>
 
 #include <miscfs/genfs/genfs.h>
@@ -169,6 +182,8 @@ __KERNEL_RCSID(0, "$NetBSD: init_main.c,
 #include <net/if.h>
 #include <net/raw_cb.h>
 
+#include <secmodel/secmodel.h>
+
 extern struct proc proc0;
 extern struct lwp lwp0;
 extern struct cwdinfo cwdi0;
@@ -190,6 +205,17 @@ static void check_console(struct lwp *l)
 static void start_init(void *);
 void main(void);
 
+#if defined(__SSP__) || defined(__SSP_ALL__)
+long __stack_chk_guard[8] = {0, 0, 0, 0, 0, 0, 0, 0};
+void __stack_chk_fail(void);
+
+void
+__stack_chk_fail(void)
+{
+	panic("stack overflow detected; terminated");
+}
+#endif
+
 /*
  * System startup; initialize the world, create process 0, mount root
  * filesystem, and fork to create init and pagedaemon.  Most of the
@@ -222,6 +248,10 @@ main(void)
 	l->l_proc = &proc0;
 	l->l_lid = 1;
 
+#ifdef LOCKDEBUG
+	lockdebug_init();
+#endif
+
 	/*
 	 * Attempt to find console and initialize
 	 * in case of early panic or other messages.
@@ -232,6 +262,10 @@ main(void)
 
 	uvm_init();
 
+#ifdef DEBUG
+	debug_init();
+#endif
+
 	kmem_init();
 
 	/* Do machine-dependent initialization. */
@@ -264,11 +298,10 @@ main(void)
 #if NRND > 0
 	rnd_init();		/* initialize RNG */
 #endif
-	/* Initialize the sysctl subsystem. */
-	sysctl_init();
 
 	/* Initialize process and pgrp structures. */
 	procinit();
+	lwpinit();
 
 	/* Initialize signal-related data structures. */
 	signal_init();
@@ -281,7 +314,16 @@ main(void)
 	 */
 	(void)chgproccnt(0, 1);
 
+	/* Initialize the run queues, turnstiles and sleep queues. */
 	rqinit();
+	turnstile_init();
+	sleeptab_init(&sleeptab);
+
+	/* Initialize the sysctl subsystem. */
+	sysctl_init();
+
+	/* Initialize I/O statistics. */
+	iostat_init();
 
 	/* Initialize the file systems. */
 #ifdef NVNODE_IMPLICIT
@@ -302,13 +344,43 @@ main(void)
 	ntp_init();
 #endif /* __HAVE_TIMECOUNTER */
 
+	/* Initialize kauth. */
+	kauth_init();
+
 	/* Configure the system hardware.  This will enable interrupts. */
 	configure();
 
+#if defined(__SSP__) || defined(__SSP_ALL__)
+	{
+#ifdef DIAGNOSTIC
+		printf("Initializing SSP:");
+#endif
+		/*
+		 * We initialize ssp here carefully:
+		 *	1. after we got some entropy
+		 *	2. without calling a function
+		 */
+		size_t i;
+		long guard[__arraycount(__stack_chk_guard)];
+
+		arc4randbytes(guard, sizeof(guard));
+		for (i = 0; i < __arraycount(guard); i++)
+			__stack_chk_guard[i] = guard[i];
+#ifdef DIAGNOSTIC
+		for (i = 0; i < __arraycount(guard); i++)
+			printf("%lx ", guard[i]);
+		printf("\n");
+#endif
+	}
+#endif
 	ubc_init();		/* must be after autoconfig */
 
 	/* Lock the kernel on behalf of proc0. */
-	KERNEL_PROC_LOCK(l);
+	KERNEL_LOCK(1, l);
+
+#ifdef SYSTRACE
+	systrace_init();
+#endif
 
 #ifdef SYSVSHM
 	/* Initialize System V style shared memory. */
@@ -330,21 +402,20 @@ main(void)
 	ksem_init();
 #endif
 
-	/* Initialize kauth. */
-	kauth_init();
-
-#ifdef FILEASSOC
-	fileassoc_init();
-#endif /* FILEASSOC */
+	/* Initialize default security model. */
+	secmodel_start();
 
 #if NVERIEXEC > 0
-	  /*
-	   * Initialise the fingerprint operations vectors before
-	   * fingerprints can be loaded.
-	   */
-	veriexec_init_fp_ops();
+	/*
+	 * Initialise the Veriexec subsystem.
+	 */
+	veriexec_init();
 #endif /* NVERIEXEC > 0 */
 
+#if defined(PAX_MPROTECT) || defined(PAX_SEGVGUARD)
+	pax_init();
+#endif /* PAX_MPROTECT || PAX_SEGVGUARD */
+
 	/* Attach pseudo-devices. */
 	for (pdev = pdevinit; pdev->pdev_attach != NULL; pdev++)
 		(*pdev->pdev_attach)(pdev->pdev_count);
@@ -375,6 +446,11 @@ main(void)
 	/* Kick off timeout driven events by calling first time. */
 	schedcpu(NULL);
 
+#ifdef KTRACE
+	/* Initialize ktrace. */
+	ktrinit();
+#endif
+
 	/*
 	 * Create process 1 (init(8)).  We do this now, as Unix has
 	 * historically had init be process 1, and changing this would
@@ -461,28 +537,29 @@ main(void)
 
 	/*
 	 * Now can look at time, having had a chance to verify the time
-	 * from the file system.  Reset p->p_rtime as it may have been
+	 * from the file system.  Reset l->l_rtime as it may have been
 	 * munched in mi_switch() after the time got set.
 	 */
-	proclist_lock_read();
-	s = splsched();
 #ifdef __HAVE_TIMECOUNTER
 	getmicrotime(&time);
 #else
 	mono_time = time;
 #endif
 	boottime = time;
+	rw_enter(&proclist_lock, RW_READER);
 	LIST_FOREACH(p, &allproc, p_list) {
 		KASSERT((p->p_flag & P_MARKER) == 0);
+		mutex_enter(&p->p_smutex);
 		p->p_stats->p_start = time;
 		LIST_FOREACH(l, &p->p_lwps, l_sibling) {
-			if (l->l_cpu != NULL)
-				l->l_cpu->ci_schedstate.spc_runtime = time;
+			lwp_lock(l);
+			l->l_cpu->ci_schedstate.spc_runtime = time;
+			l->l_rtime.tv_sec = l->l_rtime.tv_usec = 0;
+			lwp_unlock(l);
 		}
-		p->p_rtime.tv_sec = p->p_rtime.tv_usec = 0;
+		mutex_exit(&p->p_smutex);
 	}
-	splx(s);
-	proclist_unlock_read();
+	rw_exit(&proclist_lock);
 
 	/* Create the pageout daemon kernel thread. */
 	uvm_swap_init();
@@ -494,8 +571,8 @@ main(void)
 		panic("fork syncer");
 
 	/* Create the aiodone daemon kernel thread. */
-	if (kthread_create1(uvm_aiodone_daemon, NULL, &uvm.aiodoned_proc,
-	    "aiodoned"))
+	if (workqueue_create(&uvm.aiodone_queue, "aiodoned",
+	    uvm_aiodone_worker, NULL, PVM, IPL_BIO, 0))
 		panic("fork aiodoned");
 
 #if defined(MULTIPROCESSOR)
@@ -697,7 +774,7 @@ start_init(void *arg)
 		 */
 		error = sys_execve(l, &args, retval);
 		if (error == 0 || error == EJUSTRETURN) {
-			KERNEL_PROC_UNLOCK(l);
+			KERNEL_UNLOCK_LAST(l);
 			return;
 		}
 		printf("exec %s: error %d\n", path, error);