Commit Graph

58815 Commits

Author SHA1 Message Date
Kris Kennaway
4b7369ea64 Correct a typo; prefered -> preferred. 2001-04-17 08:01:54 +00:00
Kris Kennaway
3d09054934 Add fmtcheck(), a function for checking consistency of format string
arguments where the format string is obtained from user data, or
otherwise difficult to verify statically.

Example usage:

printf(fmtcheck(user_format, standard_format), arg1, arg2);

checks the format string user_format for consistency (same number/order/
type of format operators) with standard_format.  If they differ,
standard_format is used instead to avoid potential crashes or security
violations.

Obtained from:  NetBSD
Reviewed by:    -arch
2001-04-17 07:59:52 +00:00
Kris Kennaway
a2e73040f4 -Wnon-const-format sweep: make format strings const char *'s, add
__printflike()/__printf0like() to function prototypes, as appropriate.

Reviewed by:	bde, -audit
2001-04-17 07:46:38 +00:00
Kris Kennaway
f5e431dad3 '%' is not a valid format string :-) 2001-04-17 07:35:41 +00:00
Kris Kennaway
21af2aa18e Remove spurious extra format string argument. 2001-04-17 07:32:37 +00:00
Kris Kennaway
c3b1df1293 Add a missing argument to an error message format string. 2001-04-17 07:21:48 +00:00
Kirk McKusick
5819ab3f12 Add debugging option to always read/write cylinder groups as full
sized blocks. To enable this option, use: `sysctl -w debug.bigcgs=1'.
Add debugging option to disable background writes of cylinder
groups. To enable this option, use: `sysctl -w debug.dobkgrdwrite=0'.
These debugging options should be tried on systems that are panicing
with corrupted cylinder group maps to see if it makes the problem
go away. The set of panics in question are:

	ffs_clusteralloc: map mismatch
	ffs_nodealloccg: map corrupted
	ffs_nodealloccg: block not in map
	ffs_alloccg: map corrupted
	ffs_alloccg: block not in map
	ffs_alloccgblk: cyl groups corrupted
	ffs_alloccgblk: can't find blk in cyl
	ffs_checkblk: partially free fragment

The following panics are less likely to be related to this problem,
but might be helped by these debugging options:

	ffs_valloc: dup alloc
	ffs_blkfree: freeing free block
	ffs_blkfree: freeing free frag
	ffs_vfree: freeing free inode

If you try these options, please report whether they helped reduce your
bitmap corruption panics to Kirk McKusick at <mckusick@mckusick.com>
and to Matt Dillon <dillon@earth.backplane.com>.
2001-04-17 05:37:51 +00:00
Kirk McKusick
f0f3f19f05 Background fsck sysctl operations must use vn_start_write and
vn_finished_write so that they do not attempt to modify a
suspended filesystem.
2001-04-17 05:06:37 +00:00
Robert Watson
b114e127e6 In my first reading of POSIX.1e, I misinterpreted handling of the
ACL_USER_OBJ and ACL_GROUP_OBJ fields, believing that modification of the
access ACL could be used by privileged processes to change file/directory
ownership.  In fact, this is incorrect; ACL_*_OBJ (+ ACL_MASK and
ACL_OTHER) should have undefined ae_id fields; this commit attempts
to correct that misunderstanding.

o Modify arguments to vaccess_acl_posix1e() to accept the uid and gid
  associated with the vnode, as those can no longer be extracted from
  the ACL passed as an argument.  Perform all comparisons against
  the passed arguments.  This actually has the effect of simplifying
  a number of components of this call, as well as reducing the indent
  level, but now seperates handling of ACL_GROUP_OBJ from ACL_GROUP.

o Modify acl_posix1e_check() to return EINVAL if the ae_id field of
  any of the ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} entries is a value
  other than ACL_UNDEFINED_ID.  As a temporary work-around to allow
  clean upgrades, set the ae_id field to ACL_UNDEFINED_ID before
  each check so that this cannot cause a failure in the short term
  (this work-around will be removed when the userland libraries and
  utilities are updated to take this change into account).

o Modify ufs_sync_acl_from_inode() so that it forces
  ACL_{USER_OBJ,GROUP_OBJ,MASK,OTHER} ae_id fields to ACL_UNDEFINED_ID
  when synchronizing the ACL from the inode.

o Modify ufs_sync_inode_from_acl to not propagate uid and gid
  information to the inode from the ACL during ACL update.  Also
  modify the masking of permission bits that may be set from
  ALLPERMS to (S_IRWXU|S_IRWXG|S_IRWXO), as ACLs currently do not
  carry none-ACCESSPERMS (S_ISUID, S_ISGID, S_ISTXT).

o Modify ufs_getacl() so that when it emulates an access ACL from
  the inode, it initializes the ae_id fields to ACL_UNDEFINED_ID.

o Clean up ufs_setacl() substantially since it is no longer possible
  to perform chown/chgrp operations using vop_setacl(), so all the
  access control for that can be eliminated.

o Modify ufs_access() so that it passes owner uid and gid information
  into vaccess_acl_posix1e().

Pointed out by:	jedger
Obtained from:	TrustedBSD Project
2001-04-17 04:33:34 +00:00
John Baldwin
abd9053ee4 Blow away the panic mutex in favor of using a single atomic_cmpset() on a
panic_cpu shared variable.  I used a simple atomic operation here instead
of a spin lock as it seemed to be excessive overhead.  Also, this can avoid
recursive panics if, for example, witness is broken.
2001-04-17 04:18:08 +00:00
John Baldwin
3c41f323c9 Check to see if enroll() returns NULL in the witness initialization. This
can happen if witness runs out of resources during initialization or if
witness_skipspin is enabled.

Sleuthing by:	Peter Jeremy <peter.jeremy@alcatel.com.au>
2001-04-17 03:35:38 +00:00
John Baldwin
7141f2ad46 Exit and re-enter the critical section while spinning for a spinlock so
that interrupts can come in while we are waiting for a lock.
2001-04-17 03:34:52 +00:00
Peter Wemm
70825609cf Previous clobbered a work-in-progress. Here is the merged result:
Limit the "pathname" glob to one item, as that is what all users of it
are expecting, except for LIST.

Always glob, instead of when the first character is a ~.  For example,
if you had directories ~/x1, and ~/x2, then "cwd x[1]" would fail, but
"cwd ~/x[1]" would work since it was globbed due to the ~ character.
Also, "cwd ~/x[12]" used to arbitarily work as it used the first
expansion (ie: x1) without an error.  Make it return '550 ambiguous'
instead of '550 not found' so that the user can see the difference.

For LIST, just use the user supplied string as the popen does the glob.

Problem noticed by:  Ajay Mittal <amittal@iprg.nokia.com>
2001-04-17 03:03:45 +00:00
John Baldwin
8c321ed95f - Add appropriate #ifndef/#define/#endif to protect against multiple
inclusions.
- Blow away all evidence of a static curpcb as curpcb is a per-CPU variable
  and this definition is now bogus.
2001-04-17 02:51:28 +00:00
John Baldwin
2bec909c3d - Fix memory barriers in atomic operations so that the barriers are always
"inside" of locked regions.  That is, an acquire atomic operation will
  always enforce a memory barrier after the atomic operation and a release
  operation will always enforce a memory barrier before the atomic
  operation.
- Explicitly use 'mb' instead of 'wmb' in release atomic operations.  The
  'wmb' memory barrier is not strong enough to guarantee coherence with
  other processors.  This is effectively a nop since alpha_wmb() actually
  performs a 'mb' and not a 'wmb', but I wanted the code to be more
  correct since at some point in the future alpha_wmb()'s implementation
  may switch to being a real 'wmb'.
2001-04-17 02:50:05 +00:00
John Baldwin
85eba1489b Add a cpu_throw() function that secondary CPU's can use for their first
context switch.
2001-04-17 02:46:13 +00:00
John Baldwin
0f98ef505a In exception_return(), test for usermode before testing the IPL to see if
we should call ast().  This allows us to branch to a separate Lkernelret
label so we can fixup the saved t7 register in the trapframe.  Otherwise
we can run into a problem on SMP systems where a process is interrupted by
a trap or interrupt on one CPU, migrates to another CPU, and then returns
with the t7 in the stack clobbering the CPU's t7.  As a result, two CPU's
would both point to the same per-CPU data and things would go downhill from
there.

Sleuthing help by:	gallatin
2001-04-17 02:44:35 +00:00
John Baldwin
1a72a97045 - Stop other CPU's in the SMP case when we enter ddb.
- Add a new ddb command: 'show pcpu' similar to the i386 command added
  recently.  By default it displays the current CPU's info, but an optional
  argument can specify the logical ID of a specific CPU to examine.
2001-04-17 02:41:41 +00:00
Chris D. Faulhaber
6d3fe674ce Limit number of paths returned via glob() for authorized users
using tilde expansion.
2001-04-17 02:33:20 +00:00
Bruce A. Mah
1fd931b580 s/Over 4500 ports/Over 5000 ports/ 2001-04-17 02:22:16 +00:00
Kirk McKusick
38375c40b8 Minor background cleanups:
1) Set the FS_NEEDSFSCK flag when unexpected problems are encountered.
2) Clear the FS_NEEDSFSCK flag after a successful foreground cleanup.
3) Refuse to run in background when the FS_NEEDSFSCK flag is set.
4) Avoid taking and removing a snapshot when the filesystem is already clean.
5) Properly implement the force cleaning (-f) flag when in preen mode.

Note that you need to have revision 1.21 (date: 2001/04/14 05:26:28) of
fs.h installed in <ufs/ffs/fs.h> defining FS_NEEDSFSCK for this to compile.
2001-04-16 22:22:21 +00:00
Brian Feldman
7d6505e64e Support the empty "PASS\r\n" command. 2001-04-16 22:20:26 +00:00
Søren Schmidt
b952dabaa1 Add support the the Intel ICH2 mobile
Tidy chip name printing a bit.
2001-04-16 21:22:34 +00:00
Jesper Skriver
fa7e10eca6 Fix typo s/thissystem/this system/
Submitted by:	Stephen <sdk@shell.yuck.net>
2001-04-16 21:14:13 +00:00
Gregory Neil Shapiro
164c01f05b Clean up temporary file(s) and directory when m4 exits without falling
through main() (e.g., signals or calls to errx()).

PR:		conf/25715
2001-04-16 18:36:35 +00:00
Mark Murray
573bc39917 Add missing sound module.
OK'ed by:	cg
2001-04-16 17:04:41 +00:00
Kenneth D. Merry
623db3603c Fix an off-by-2 error in periphdriver_register(). The read side of the
bcopy would go off the end of the array by two elements, which sometimes
causes a panic if it happens to cross into a page that isn't mapped.

Submitted by:	gibbs
Reviewed by:	peter
2001-04-16 15:53:54 +00:00
Ruslan Ermilov
96b660f1a3 mdoc(7) police: Prepare for mdocNG.
The .Cd macro does not cause a line break until in the SYNOPSIS section.
2001-04-16 15:18:16 +00:00
David E. O'Brien
3a1d7a55f8 Grrr, get the right change from the the machine I tested this on. 2001-04-16 15:17:27 +00:00
Ruslan Ermilov
3cfb58ec23 mdoc(7) police: cosmetics. 2001-04-16 15:14:07 +00:00
Ruslan Ermilov
7df8ffa198 mdoc(7) police: prepare for mdocNG. 2001-04-16 15:12:58 +00:00
Ruslan Ermilov
50597ec66b mdoc(7) police: add missing .El call. 2001-04-16 15:06:57 +00:00
Ruslan Ermilov
6061acb30c mdoc(7) police: fix markup. 2001-04-16 15:06:19 +00:00
Ruslan Ermilov
6a01974b78 Document that SITE extensions are disabled for anonymous logins.
Obtained from:	logdaemon package by Wietse Venema
2001-04-16 14:51:11 +00:00
John Hay
0d1b4aef96 Move the isa parts to a separate file. 2001-04-16 13:20:39 +00:00
John Hay
24dbea46a9 Update to the 2001-04-02 version of the nanokernel code from Dave Mills. 2001-04-16 13:05:05 +00:00
KATO Takenori
1a476993b0 Merged from sys/i386/isa/npx.c revision 1.95. 2001-04-16 09:15:40 +00:00
KATO Takenori
0af2322303 Merged from sys/conf/options.i386 revision 1.148. 2001-04-16 09:13:51 +00:00
Luigi Rizzo
047073a13a New script to help creation of shared readonly diskless partition.
It also has some instructions on how to setup the client and
the server. I have been using this code for over 2 years
on RELENG_3 and later RELENG_4. Have not tried on CURRENT, but
in case there are any issues these are in /etc/rc and
/etc/rc.diskless{12}
2001-04-16 06:37:03 +00:00
Poul-Henning Kamp
53ba84a69e Add the "SITE MD5 filename" facility.
This allows you to determine if the file on the other side is the same
as the one you have without transferring the entire file to compare.

Needless to say, if the server end lies to you this check doesn't work,
but on the other hand, if it lies to you about the files checksum,
what can you trust from it ?
2001-04-15 20:59:29 +00:00
Doug Barton
cf6490c9c7 Add a more useful solution to the problem of password files with more than
one user who differs only by case. The other perl tools assume (or enforce)
the all lowercase requirement, therefore making the search through
master.passwd case insensitive seemed a reasonable optimization, IMO.

I understand, although I do not sympathize with, the argument that someone
might want to do this on purpose, and might subsequently want to use the
wrong tool for the job. So, this fix should hopefully satisfy both camps.
2001-04-15 20:43:49 +00:00
Doug Barton
f756964985 Forced commit to point out that PR 25961 was actually originated by
Dan Langille <dan@freebsddiary.org>.
2001-04-15 20:38:01 +00:00
David E. O'Brien
5efcb24b76 Rev 1.11 introduced a bug where the processing became case insensative for
username to rm.

PR:		25961
Submitted by:	Linh Pham <lplist@closedsrc.org>
2001-04-15 20:01:02 +00:00
Dima Dorfman
5e75e35cca Grammar police: "its", not "it's", is the possessive form of "it". 2001-04-15 19:53:47 +00:00
Dima Dorfman
143b77576c Make links from setresuid.2 to getresgid.2 and getresuid.2. 2001-04-15 19:41:44 +00:00
Dima Dorfman
8a13bcbece Document getresgid and getresuid calls.
Reviewed by:	ru
2001-04-15 19:40:22 +00:00
David E. O'Brien
c5e70d92ce Turn on kernel debugging support (DDB, INVARIANTS, INVARIANT_SUPPORT, WITNESS)
by default while SMPng is still being developed.

Submitted by:	jhb
2001-04-15 19:37:28 +00:00
David E. O'Brien
65d7fc7c83 Apply rev 1.48 (only dike out the `ncr' driver, not every line with the
[sub]string "ncr" in it) to the Alpha also.
2001-04-15 19:34:40 +00:00
Chris D. Faulhaber
d5675fffd1 Correct a bogus cast in acl_get_qualifier() causing invalid
ID's to be stored in the ACL.

Obtained from:	TrustedBSD Project
2001-04-15 15:21:15 +00:00
Poul-Henning Kamp
7b8467e22f In the /etc/rc startup script a soft link is created from /var/run/log to
/dev/log like this: if [ ! -h /dev/log ];
The man page for test(1) says that the -h switch is depracated and that
users should NOT rely on it being available. It suggest the -L switch instead.
They both do the same thing: check for the existence of the symbolic link.

PR:		26596
Submitted by:	mikem <mike_makonnen@yahoo.com>
2001-04-15 13:44:05 +00:00