Commit Graph

52753 Commits

Author SHA1 Message Date
Jordan K. Hubbard
042c61e58d Add another security configuration profile, call it "high" and
rename the previous one to indicate that it's not just high, it's
extreme (everything off, secure level raised).

Submitted mostly by:	Tony Finch <dot@dotat.at>
2000-10-14 21:02:31 +00:00
Poul-Henning Kamp
afd05ac212 Remove the HPFPLIB copyright which we have never used. 2000-10-14 19:14:48 +00:00
Poul-Henning Kamp
1f22e63352 Remove even more unneeded #includes. 2000-10-14 17:37:32 +00:00
Doug Rabson
94fb7ad620 Initial libc port for ia64. 2000-10-14 17:01:12 +00:00
Doug Rabson
ac5096139b CSU code for ia64. 2000-10-14 16:38:08 +00:00
Mark Murray
67297998c8 Add a man page for part of the PRNG API. 2000-10-14 16:16:42 +00:00
Poul-Henning Kamp
2d99f9a72c Remove even more nneeded #includes. 2000-10-14 15:57:44 +00:00
Mark Murray
318cc4ad59 Reseed the random device as early as possible to prevent hangs,
and provide some form of entropy in case there is no seed file
to prevent a reboot from hanging unnecessarily.
2000-10-14 12:56:08 +00:00
Mark Murray
a6278a2a42 After some complaints about the dir names, the random device is
now in dirs called sys/*/random/ instead of sys/*/randomdev/*.

Introduce blocking, but only at startup; the random device will
block until the first reseed happens to prevent clients from
using untrustworthy output.

Provide a read_random() call for the rest of the kernel so that
the entropy device does not need to be present. This means that
things like IPX no longer need to have "device random" hardcoded
into thir kernel config. The downside is that read_random() will
provide very poor output until the entropy device is loaded and
reseeded. It is recommended that developers do NOT use the
read_random() call; instead, they should use arc4random() which
internally uses read_random().

Clean up the mutex and locking code a bit; this makes it possible
to unload the module again.
2000-10-14 10:59:56 +00:00
Poul-Henning Kamp
1b3c07c893 Duh! LINT is called NOTES these days.
Make sure LINT checks profiling code as well.
2000-10-14 08:40:47 +00:00
Poul-Henning Kamp
990e680b90 Fix compilation of profiled kernels by including <machine/lock.h> 2000-10-14 08:34:27 +00:00
Poul-Henning Kamp
412916079c Make it possible to specify profiling in the kernel config file.
Do so for LINT.
2000-10-14 08:33:22 +00:00
John W. De Boskey
6bf02e51da Document the ptrace() PT_STEP request.
Add references to the newly added hardware debug register
support functions i386_clr_watch(3) and i386_set_watch(3).

Reviewed by:    Sean Eric Fagan <sef@kithrup.com>
                and no other response to the review request.
2000-10-14 04:01:39 +00:00
John W. De Boskey
2ec40c9aac Remove the signal value check from the PT_STEP codepath. It
can cause an bogus failure.

Reviewed by:    Sean Eric Fagan <sef@kithrup.com>
                and no other response to the review request.
2000-10-14 03:56:01 +00:00
Adrian Chadd
0b0c10b48d Initial commit of IFS - a inode-namespaced FFS. Here is a short
description:

How it works:
--

Basically ifs is a copy of ffs, overriding some vfs/vnops. (Yes, hack.)
I didn't see the need in duplicating all of sys/ufs/ffs to get this
off the ground.

File creation is done through a special file - 'newfile' . When newfile
is called, the system allocates and returns an inode. Note that newfile
is done in a cloning fashion:

fd = open("newfile", O_CREAT|O_RDWR, 0644);
fstat(fd, &st);

printf("new file is %d\n", (int)st.st_ino);

Once you have created a file, you can open() and unlink() it by its returned
inode number retrieved from the stat call, ie:

fd = open("5", O_RDWR);

The creation permissions depend entirely if you have write access to the
root directory of the filesystem.

To get the list of currently allocated inodes, VOP_READDIR has been added
which returns a directory listing of those currently allocated.

--

What this entails:

* patching conf/files and conf/options to include IFS as a new compile
  option (and since ifs depends upon FFS, include the FFS routines)

* An entry in i386/conf/NOTES indicating IFS exists and where to go for
  an explanation

* Unstaticize a couple of routines in src/sys/ufs/ffs/ which the IFS
  routines require (ffs_mount() and ffs_reload())

* a new bunch of routines in src/sys/ufs/ifs/ which implement the IFS
  routines. IFS replaces some of the vfsops, and a handful of vnops -
  most notably are VFS_VGET(), VOP_LOOKUP(), VOP_UNLINK() and VOP_READDIR().
  Any other directory operation is marked as invalid.

What this results in:

* an IFS partition's create permissions are controlled by the perm/ownership of
  the root mount point, just like a normal directory

* Each inode has perm and ownership too

* IFS does *NOT* mean an FFS partition can be opened per inode. This is a
  completely seperate filesystem here

* Softupdates doesn't work with IFS, and really I don't think it needs it.
  Besides, fsck's are FAST. (Try it :-)

* Inodes 0 and 1 aren't allocatable because they are special (dump/swap IIRC).
  Inode 2 isn't allocatable since UFS/FFS locks all inodes in the system against
  this particular inode, and unravelling THAT code isn't trivial. Therefore,
  useful inodes start at 3.

Enjoy, and feedback is definitely appreciated!
2000-10-14 03:02:30 +00:00
Adrian Chadd
5332f2e5d8 Pre-IFS commit. Commit IFS-aware fsck and mount utilities.
mount_ifs: repocopy of sbin/mount, with most of the intelligence ripped out
           and "ufs" replaced with "ifs" in the right places. It will only
           mount a single filesystem, rather than the -t <type> magic that
           our real mount does.

fsck_ifs:  repocopy of sbin/fsck_ffs, but the directory structure stuff
           (pass2 and some refcount checks) has been #ifdef'ed out.

src/sbin/Makefile: Build these two utilities

There is probably cruft code left in both which can be removed at a later
date, especially in mount_ifs, but I trust that people will not try
mount_ifs -a ..

Note: there are no man pages installed for these two commands as I haven't
actually written them yet.
2000-10-14 02:44:56 +00:00
Mike Smith
d1eefff418 Whoops, add the 'twe' files.
Submitted by:	Chris Faulhaber <jedgar@fxp.org>
2000-10-14 01:23:29 +00:00
Bill Paul
4c2efe270a Clean up a few things in dc_setcfg() pointed out to be me by
aaron@openbsd.com on IRC earlier today.
2000-10-14 00:40:14 +00:00
Jonathan Lemon
834801e8af Look at both the vendor and subvendor information when determining
whether this is a Smart Array.  This fixes a problem where the driver
would incorrectly match a Dell RAID device.

Reviewed by: msmith
2000-10-13 23:34:47 +00:00
Daniel Eischen
b4145b0bfa Enable _PTHREADS_INVARIANTS until the recent libc_r changes are
shaken out.
2000-10-13 22:19:50 +00:00
Daniel Eischen
7c021a1090 Adjust to reflect recent changes in the internal layout of a struct
pthread in libc_r.

Reviewed by:	dfr
2000-10-13 22:15:19 +00:00
Daniel Eischen
fbeb36e4bf Implement zero system call thread switching. Performance of
thread switches should be on par with that under scheduler
activations.

  o Timing is achieved through the use of a fixed interval
    timer (ITIMER_PROF) to count scheduling ticks instead
    of retrieving the time-of-day upon every thread switch
    and calculating elapsed real time.

  o Polling for I/O readiness is performed once for each
    scheduling tick instead of every thread switch.

  o The non-signal saving/restoring versions of setjmp/longjmp
    are used to save and restore thread contexts.  This may
    allow the removal of _THREAD_SAFE macros from setjmp()
    and longjmp() - needs more investigation.

Change signal handling so that signals are handled in the
context of the thread that is receiving the signal.  When
signals are dispatched to a thread, a special signal handling
frame is created on top of the target threads stack.  The
frame contains the threads saved state information and a new
context in which the thread can run.  The applications signal
handler is invoked through a wrapper routine that knows how
to restore the threads saved state and unwind to previous
frames.

Fix interruption of threads due to signals.  Some states
were being improperly interrupted while other states were
not being interrupted.  This should fix several PRs.

Signal handlers, which are invoked as a result of a process
signal (not by pthread_kill()), are now called with the
code (or siginfo_t if SA_SIGINFO was set in sa_flags) and
sigcontext_t as received from the process signal handler.

Modify the search for a thread to which a signal is delivered.
The search algorithm is now:

  o First thread found in sigwait() with signal in wait mask.
  o First thread found sigsuspend()'d on the signal.
  o Current thread if signal is unmasked.
  o First thread found with signal unmasked.

Collapse machine dependent support into macros defined in
pthread_private.h.  These should probably eventually be moved
into separate MD files.

Change the range of settable priorities to be compliant with
POSIX (0-31).  The threads library uses higher priorities
internally for real-time threads (not yet implemented) and
threads executing signal handlers.  Real-time threads and
threads running signal handlers add 64 and 32, respectively,
to a threads base priority.

Some other small changes and cleanups.

PR:		17757 18559 21943
Reviewed by:	jasone
2000-10-13 22:12:32 +00:00
Bill Paul
a95b77ec78 Remember to assign an_dev to device_t before calling an_attach(). 2000-10-13 22:04:20 +00:00
Peter Wemm
ac5f943c37 savectx() is now used exclusively by the crash dump system. Move the
i386 specific gunk (copy %cr3 to the pcb) from the MI dumpsys() to the
MD savectx().
2000-10-13 22:03:29 +00:00
Bill Paul
736f03e49a Convert the Aironet driver to use mutexes instead of spls. 2000-10-13 21:58:36 +00:00
Paul Saab
16a011f973 Do not allocate a callout for all crashdumps, not just when you panic. 2000-10-13 21:49:19 +00:00
Bill Paul
9fa3f7b0f2 Update the wi driver to use mutexes instead of spls. 2000-10-13 20:33:24 +00:00
Bill Paul
d308faacc2 Add #include <machine/mutex.h> since these files need it and don't
include anything else that includes mutex.h. Needed to resolve struct mtx
from struct dc_softc.
2000-10-13 19:15:50 +00:00
Chuck Paterson
f59dd3ae6a Make mutex name reflect device driver name.
Destroy mutex when detaching the device.
Submitted by: John Baldwin <jhb@FreeBSD.ORG>
2000-10-13 18:59:29 +00:00
Bill Paul
1e856a7b34 Use device_get_nameunit(dev) as the mutex string when calling
mtx_init() instead of hard-coded string constant. Also remember to do
the mutex changes to the ste driver, which I forgot in the first commit.
2000-10-13 18:35:49 +00:00
Robert Watson
36fa62c01b o Introduce cap_from_text() and cap_to_text() implementations.
Reviewed by:	green
Obtained from:	TrustedBSD Project
Security audited by:	imp, green
2000-10-13 18:24:58 +00:00
Bill Paul
d1ce910572 First round of converting network drivers from spls to mutexes. This
takes care of all the 10/100 and gigE PCI drivers that I've done.
Next will be the wireless drivers, then the USB ones. I may pick up
some stragglers along the way. I'm sort of playing this by ear: if
anyone spots any places where I've screwed up horribly, please let me
know.
2000-10-13 17:54:19 +00:00
Robert Watson
ab024bb02e o Simplify capability types away from an array of ints to a single
u_int64_t flag field, bounding the number of capabilities at 64,
  but substantially cleaning up capability logic (there are currently
  43 defined capabilities).

o Heads up to anyone actually using capabilities: the constant
  assignments for various capabilities have been redone, so any
  persistent binary capability stores (i.e., '$posix1e.cap' EA
  backing files) must be recreated.  If you have one of these,
  you'll know about it, so if you have no idea what this means,
  don't worry.

o Update libposix1e to reflect this new definition, fixing the
  exposed functions that directly manipulate the flags fields.

Obtained from:	TrustedBSD Project
2000-10-13 17:12:58 +00:00
Gregory Neil Shapiro
e11cbdb767 Do not override BINDIR settings from subdirectory Makefiles.
Submitted by:	bde
2000-10-13 16:57:03 +00:00
Gregory Neil Shapiro
02e8c77f1d Note on the last commit that the problem was actually in the secure version
but bde recommended explicitly setting BINDIR in both Makefiles.

Submitted by:	bde
2000-10-13 16:52:28 +00:00
Gregory Neil Shapiro
1e503e9884 ../Makefile.inc was clobbering BINDIR so sendmail was being installed in
/usr/sbin/ instead of /usr/libexec/sendmail/

Submitted by:	bde
2000-10-13 16:51:05 +00:00
Matthew Dillon
64bcb9c815 The swap bitmap allocator was not calculating the bitmap size properly
in the face of non-stripe-aligned swap areas.  The bug could cause a
      panic during boot.

      Refuse to configure a swap area that is too large (67 GB or so)

      Properly document the power-of-2 requirement for SWB_NPAGES.

      The patch is slightly different then the one Tor enclosed in the P.R.,
      but accomplishes the same thing.

PR: kern/20273
Submitted by: Tor.Egge@fast.no
2000-10-13 16:44:34 +00:00
Dag-Erling Smørgrav
91ef813ce3 Skip sockets with no SCB 2000-10-13 16:25:37 +00:00
Søren Schmidt
7c6d7d5f82 Add ata-raid.c to the ata driver 2000-10-13 15:42:58 +00:00
MIHIRA Sanpei Yoshiro
49ff3907a6 cosmetic: resource -> res 2000-10-13 15:11:48 +00:00
Bruce A. Mah
ac37f3e6b2 Note fsck wrappers, ncurses update (+MFC), gperf update. 2000-10-13 14:31:01 +00:00
Hellmuth Michaelis
5d113d0ac0 Submitted by: phk
Remove not needed includes.
2000-10-13 14:10:51 +00:00
Bruce Evans
6092d1874e Fixed namespace pollution in rev.1.78. Don't export <sys/stat.h> to
userland from here; just forward declare struct stat.  fhstat.2
(== fhopen.2 == fhstatfs.2) has always specified including
<sys/stat.h> before using any of the fh functions although this is
only necessary for dereferencing the "struct stat *" arg of fhstat(),
so applications should not notice this change.

Fixed unsorting of user prototypes in rev.1.78.
2000-10-13 14:04:26 +00:00
Bruce Evans
3d7613a6e2 Avoid impending world breakage.
1. Don't include <sys/conf.h> in userland.  It is not used, and including it
   without including its prerequisite <sys/time.h> should have broken the
   world.
2. Don't include <sys/mount.h>.  It is not used, except in -current it
   bogusly includes <sys/stat.h> which bogusly includes <sys/time.h> and
   thus accidentally provides the prerequisite in (1).
3. Cleaned up nearby include messes.

Not approved by despite 5 weeks notice: MAINTAINER
2000-10-13 13:43:37 +00:00
Søren Schmidt
e9cf6115e4 Add support for ATA "pseudo" RAID controllers as the Promise Fasttrak
and HighPoint HPT370 controllers.

Use by defining the RAID in the BIOS and the "ar driver will pick it up
automagically...
2000-10-13 13:04:45 +00:00
Søren Schmidt
d851448bbf Add the ar ATA pseudo RAID driver 2000-10-13 13:02:17 +00:00
David E. O'Brien
eb8a206034 Helper to trim extracted files for use when importing new versions of
gperf.  This version coresponds to the gerpf 2.7.2 import.
2000-10-13 12:36:13 +00:00
David E. O'Brien
d8504df28b Style tweaks. 2000-10-13 12:22:47 +00:00
Søren Schmidt
8d8f318a08 Fix ISA only systems. 2000-10-13 12:09:23 +00:00
David E. O'Brien
8c91c0948a This commit was generated by cvs2svn to compensate for changes in r67064,
which included commits to RCS files with non-trunk default branches.
2000-10-13 12:04:55 +00:00