Commit Graph

831 Commits

Author SHA1 Message Date
Robert Watson
30d239bc4c Merge first in a series of TrustedBSD MAC Framework KPI changes
from Mac OS X Leopard--rationalize naming for entry points to
the following general forms:

  mac_<object>_<method/action>
  mac_<object>_check_<method/action>

The previous naming scheme was inconsistent and mostly
reversed from the new scheme.  Also, make object types more
consistent and remove spaces from object types that contain
multiple parts ("posix_sem" -> "posixsem") to make mechanical
parsing easier.  Introduce a new "netinet" object type for
certain IPv4/IPv6-related methods.  Also simplify, slightly,
some entry point names.

All MAC policy modules will need to be recompiled, and modules
not updates as part of this commit will need to be modified to
conform to the new KPI.

Sponsored by:	SPARTA (original patches against Mac OS X)
Obtained from:	TrustedBSD Project, Apple Computer
2007-10-24 19:04:04 +00:00
Julian Elischer
3745c395ec Rename the kthread_xxx (e.g. kthread_create()) calls
to kproc_xxx as they actually make whole processes.
Thos makes way for us to add REAL kthread_create() and friends
that actually make theads. it turns out that most of these
calls actually end up being moved back to the thread version
when it's added. but we need to make this cosmetic change first.

I'd LOVE to do this rename in 7.0  so that we can eventually MFC the
new kthread_xxx() calls.
2007-10-20 23:23:23 +00:00
Darren Reed
e86e344222 Pullup IPFilter 4.1.28 from the vendor branch into HEAD.
MFC after:	7 days
2007-10-18 21:52:14 +00:00
Darren Reed
9a214eca1f This commit was generated by cvs2svn to compensate for changes in r172771,
which included commits to RCS files with non-trunk default branches.
2007-10-18 21:42:51 +00:00
Darren Reed
e8e48c1c7b Import IPFilter 4.1.28 2007-10-18 21:42:51 +00:00
Andrew Thompson
1fe1be1535 ZFS_LOG adds a newline by itself.
Pointed out by:	pjd
2007-10-14 16:14:32 +00:00
Andrew Thompson
9528621759 Print the ZFS ereport to the console if vfs.zfs.debug is set to help diagnose
problems with zfs-on-root since devd isnt running yet.

Reviewed by:	pjd
2007-10-14 07:58:50 +00:00
Pawel Jakub Dawidek
e8bd23b460 Fix lock leak leading to the 'System call <name> returning with 1 locks held'
panic.

Reported by:	kris
Approved by:	re (kensmith)
2007-10-04 17:51:59 +00:00
Olivier Houchard
f530d4f06d Ok I hope I got it right this time.
After discussion with Sam, switch back to use firmware(9) instead of
having the firmware in hex format.
Put the binary firmware uuencoded into sys/contrib/dev/npe, and slap a
LICENSE file, as found on the Intel website.

Approved by:	re (blanket), mux (mentor)
MFC After:	1 week
2007-09-27 22:39:49 +00:00
Jung-uk Kim
26c31003af This commit was generated by cvs2svn to compensate for changes in r172314,
which included commits to RCS files with non-trunk default branches.
2007-09-24 17:12:36 +00:00
Jung-uk Kim
66244a7bdd Fix global lock recursion bug.
This patch was part of ACPI-CA 20070508 release and the
following is excerpt from its change log:

Fixed a problem where the Global Lock handle was not properly
updated if a thread that acquired the Global Lock via executing
AML code then attempted to acquire the lock via the
AcpiAcquireGlobalLock interface. Reported by Joe Liu.

Approved by:	re (kensmith)
Tested by:	ambrisko
Obtained from:	Intel
2007-09-24 17:12:36 +00:00
Pawel Jakub Dawidek
a95a61fc19 Now that we have CDDLed code in the tree, add CDDL license.
Discussed with:	core
Approved by:	re (kensmith)
2007-09-23 07:04:50 +00:00
Pawel Jakub Dawidek
a3c8c2e60f Reduce the limit of vnodes on i386 when ZFS is loaded to 3/4 of the original
value, so we don't run out of KVA. The default vnodes limit fits better for
UFS, but ZFS allocated more file system specific memory for a vnode than UFS.

Don't touch vnodes limit if we detect it was tuned by system administrator
and restore original value when ZFS is unloaded.

This isn't final fix, but before we implement something better, this will
help to stabilize ZFS under heavy load on i386.

Approved by:	re (bmah)
2007-09-10 19:58:14 +00:00
Pawel Jakub Dawidek
ef0ffc1c6f After dfr@ vnode leak fix, we can allow ARC to consume more memory.
Tested by:	kris
Approved by:	re (bmah)
2007-09-10 18:12:27 +00:00
Pawel Jakub Dawidek
6bc581fcf0 Use CTLFLAG_RDTUN for tunable sysctls.
Approved by:	re (bmah)
2007-09-01 06:23:42 +00:00
Daniel Hartmeier
7f368082ad When checking the sequence number of a TCP header embedded in an
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.

A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.

Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.

PR:		kern/115413: [ipv6] ipv6 pmtu not working
Tested by:	Jacek Zapala
Reviewed by:	mlaier
Approved by:	re (kensmith)
2007-08-23 09:30:58 +00:00
Robert Watson
c6b2899785 Replace references to NET_CALLOUT_MPSAFE with CALLOUT_MPSAFE, and remove
definition of NET_CALLOUT_MPSAFE, which is no longer required now that
debug.mpsafenet has been removed.

The once over:	bz
Approved by:	re (kensmith)
2007-07-28 07:31:30 +00:00
Pawel Jakub Dawidek
aa222db26f Update assertion after revision 1.23.
Reviewed by:	dfr
Approved by:	re (rwatson)
2007-07-24 15:00:43 +00:00
Nate Lawson
f1172c58e5 Fix a bug where the callout might not be initialized before being used.
Rev 1.9 introduced another path where machclk_freq would be initialized
before the rest of setup was done (i.e. initializing the callout).  Make
the one-time initialization a separate function and make init_machclk()
able to be called multiple times, any time.  We depend on tsc_freq first
being updated from the highest priority eventhandler, thus we run last
and call init_machclk() to set machclk_freq.  Also, don't initialize
static variables to 0.

Tested by:	Eygene Ryabinkin
Approved by:	re
2007-07-12 17:00:51 +00:00
Hartmut Brandt
2125877649 This commit was generated by cvs2svn to compensate for changes in r171364,
which included commits to RCS files with non-trunk default branches.
2007-07-11 14:41:54 +00:00
Hartmut Brandt
e52e259e88 Vendor patch to remove some __inline qualifiers on non-static functions
because they seem to cause warnings in gcc-4.2.

Submitted by:	mjacob
Approved by:	re
2007-07-11 14:41:54 +00:00
Doug Rabson
2dc26b36c8 Correct a reference-counting mistake in the ZFS code which led to abnormal
memory usage and pessimal cache performance.

Reviewed by: pjd
Approved by: re (rwatson)
2007-07-09 09:03:49 +00:00
Max Laier
e22a271eeb Remove unused variable from pf_subr.c to make it -Werror buildable.
Approved by:	re (kensmith)
2007-07-05 15:28:59 +00:00
Max Laier
44e0d5a8df Add two place holders in struct pf_rule for future netgraph integration.
Submitted by:	Ermal Luçi
Approved by:	re (kensmith)
2007-07-03 12:58:33 +00:00
Max Laier
60ee384760 Link pf 4.1 to the build:
- move ftp-proxy from libexec to usr.sbin
 - add tftp-proxy
 - new altq mtag link

Approved by:	re (kensmith)
2007-07-03 12:46:08 +00:00
Max Laier
c9a03d91ad Commit resolved import of OpenBSD 4.1 pf from perforce.
Approved by:	re (kensmith)
2007-07-03 12:16:07 +00:00
Max Laier
25929d7851 This commit was generated by cvs2svn to compensate for changes in r171164,
which included commits to RCS files with non-trunk default branches.
2007-07-03 12:06:01 +00:00
Max Laier
42247cbcaf Import pf from OpenBSD 4.1 2007-07-03 12:06:01 +00:00
Max Laier
d786f620df Fix hardware checksum verification on fragments.
MFC after:		7 days
Reported/tested by: 	Hugo Koji Kobayashi, Vadym Chepkov
Reviewed/help by:	yongari
Approved by:		re (kensmith)
2007-07-03 11:50:02 +00:00
Doug Rabson
7761242694 In zfs_vget, if we fail to translate an inode number to the corresponding
vnode, make sure we return an error code to the caller.

Reviewed by: pjd
Approved by: re
2007-06-27 12:00:24 +00:00
Darren Reed
a2ba8029c8 Pointer to an ICMP header was getting left behind after doing a pullup. 2007-06-09 09:28:36 +00:00
Marcel Moolenaar
6d63683c41 Add my copyright.
Requested by: pjd@
2007-06-08 16:20:03 +00:00
Pawel Jakub Dawidek
3b7917d766 - Reduce number of atomic operations needed to be implemented in asm by
implementing some of them using existing ones.
- Allow to compile ZFS on all archs and use atomic operations surrounded
  by global mutex on archs we don't have or can't have all atomic
  operations needed by ZFS.
2007-06-08 12:35:47 +00:00
Pawel Jakub Dawidek
083c4dd695 Missing atomic operations for ZFS/ia64.
Submitted by:	marcel
2007-06-08 12:26:30 +00:00
Pawel Jakub Dawidek
b166b92692 Reimplement traverse() helper function:
1. Pass locking flags to VFS_ROOT().
2. Check v_mountedhere while the vnode is locked.
3. Always return locked vnode on success.

Change 1 fixes problem reported by Stephen M. Rumble - after
zfs_vfsops.c,1.9 change, zfs_root() no longer locks the vnode
unconditionally and traverse() didn't pass right lock type to
VFS_ROOT(). The result was that kernel paniced when .zfs/ directory
was accessed via NFS.
2007-06-04 11:31:46 +00:00
Darren Reed
d7eeb25225 Merge IPFilter 4.1.23 back to HEAD
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:54:36 +00:00
Darren Reed
103b406762 Import IPFilter 4.1.23 to vendor branch.
See src/contrib/ipfilter/HISTORY for details of changes since 4.1.13
2007-06-04 02:50:28 +00:00
Darren Reed
2bf2a702cc This commit was generated by cvs2svn to compensate for changes in r170263,
which included commits to RCS files with non-trunk default branches.
2007-06-04 02:50:28 +00:00
Pawel Jakub Dawidek
5750956634 Adjust va_mask for setattr. FreeBSD doesn't have va_mask, so we initialize it
based on individual fields beeing set. This doesn't work for setattr replay,
because va_type is set there, so we add AT_TYPE flag to va_mask, which won't
be accepted by zfs_setattr().

Reported by:	kris
2007-05-28 02:37:43 +00:00
Pawel Jakub Dawidek
a906fff9c5 Because we allocate componentname structures on stack, bzero() them before
use just in case.
2007-05-28 00:26:20 +00:00
Pawel Jakub Dawidek
f92dd5c2d9 Initialize ZFS a bit earlier and block root mounting until
initialization is complete. This fixes some root-on-ZFS
configurations.

Reported by:	Bruno Damour <freebsd.ruomad@free.fr>
Tested by:	Bruno Damour <freebsd.ruomad@free.fr>
2007-05-24 07:43:00 +00:00
Pawel Jakub Dawidek
d4c4dfe96f FreeBSD's namecache works quite well with ZFS, so remove DNLC. 2007-05-23 21:33:02 +00:00
Pawel Jakub Dawidek
4282c449dc All objects we create using GFS are directories, so initialize d_type
properly, but add XXX comment saying that it can eventually change in
the future.
2007-05-23 21:27:47 +00:00
Pawel Jakub Dawidek
124427f96d Lock vnode on lookup. This fixes ZIL replay for rmdir/unlink/rename.
Reported by:	des
2007-05-22 21:22:25 +00:00
Daniel Hartmeier
67debc100c From OpenBSD, rev. 1.524, 1.528, 1.529
Deal with IPv6 routing headers (see FreeBSD-SA-07:03.ipv6 for background)
Block IPv6 packets with routing headers by default, unless 'allow-opts'
is specified. Block RH0 unconditionally. Deal with ip6_plen 0.

MFC after:	1 week
Discussed with:	mlaier
2007-05-21 20:08:59 +00:00
Pawel Jakub Dawidek
68e752c31c Increase debug level - this message is not that important. 2007-05-09 22:32:49 +00:00
Pawel Jakub Dawidek
6a7309390f - Add missing lock destruction and remove duplicate initializations.
With this change it is possible to unload zfs.ko module from
  WITNESS-enabled kernel.
- Remove bogus comment.
2007-05-06 19:05:37 +00:00
Pawel Jakub Dawidek
7baf73a6c2 Use provider's ident to handle situations when disks are moved around
and show up with different names: first try to open provider using
remembered name and compare its ident, if equal, this is our provider,
if not equal or there is no provider with such name, find provider with
remembered ident and don't care about the name.
2007-05-06 01:39:39 +00:00
Pawel Jakub Dawidek
fab3f4465e MFp4: We don't need to cover vnode_pager_setsize() with the z_map_lock. 2007-05-06 01:27:54 +00:00
Pawel Jakub Dawidek
57504dcfaf Share-lock a vnode where possible. 2007-05-02 01:03:10 +00:00