This is based on the ubsa driver by Alexander Kabaev along with documentation
gleaned from the Linux mct_u232 driver. I've had this driver sitting in my
tree for almost 6 months, and several others have found it useful.
have completed across the bus but not to the host before
processing of an exception condition (busfree, bus reset,
etc.). When flushing the controller of completed commands,
we also look for packetized commands that have completed
with good status and are stored in the "good status fifo".
The hardware will post to the good status fifo even if
data for that command is still active in a FIFO. In
one particular failure case, a command outstanding on the
bus reconnected, transferred data into a FIFO, and provided
good status while the host driver was processing an expected
busfree event (PPR message negotiation). This resulted in
an entry in the good status fifo that we completed, but
since the sequencer was paused, the data in the data FIFO
for this command had never been transferred to the host.
Once the busfree processing was complete, the sequencer
was unpaused, and the data completed its transfer to the
host. In some instances, the client for the data was notified
of the completion and attempted to view the data before
it arrived. This case only occurred during FreeBSD's
multi-target probe of the SCSI bus while some devices are
negotiating to go packetized and some devices are already
running in packetized.
The fix is to run and FIFOs active with a context in the
good status fifo to completion before completing the command
to the SCSI layer. This requies duplicating the FIFO rundown
operations in the host driver that would usually be handled
by the firmware, but there is no other alternative.
Don't blindly shutdown the SCB dma engine when restarting
the sequencer. We may be killing an operation that is
not supposed to be cancelled. The cases where we need to
shutdown these dma engines are already handled elsewhere in
the driver.
Fix a few more ahd_in?() -> ahd_in?_scbram() instances.
Add softc flag to indicate that we have seen at
least one selection since the last bus reset or
SE/LVD bus change.
aic79xx.c:
Fix a few style nits.
In ahd_update_pending_scbs(), only touch card registers
once we have found an SCB that needs to be updated.
This removes lots of clutter from PCI traces taken of
error recovery performed by the driver.
Short circuit the first selection iocell workaround handler
if we've run once since the last bus reset or iocell change.
This also removes clutter from PCI traces.
Note if completions are pending in the qoutfifo when we dump
card state.
Add a comment in ahd_clear_critical_sections() about
our need to leave ENBUSFREE set in SIMODE1 while single
stepping.
Re-arrange some delay loops so that we always perform
a read after any register write and before the delay.
This should make the delay loop more accurate.
When completing message processing for a packetized
commention, return the controller to a state where
invalid non-packetized phases will still cause protocol
violations. These are the same operations as those
performed in the clear_target_state routine in the
firmware.
Now that we have a chip with working ABORTPENDING
support (the 7901B), comment out the automatic use
of this feature until we can adequately test it.
The previous checkin updated the bug mask for the
7901B so this code was exercised.
When resetting the bus, perform an ahd_flush_device_writes()
call so that our reset assertion delay is acurately
timed from when the reset bit is written to the controller.
Remove an old comment that no longer applies.
Fix a jump in our unexpected non-packetized phase
handler to use an explicit lable. The old code
had a hardcoded jump offset that was off by one
instruction.
Add a 7901A specific feature definition.
aic79xx_pci.c:
Split out the general aic790X setup into it's own
setup handler that works on single and dual controllers.
Adjust all other PCI setup handlers to initialize the
chips basic features and type before calling the generic
handler.
Turn off a few Rev B workarounds that are not required
on the 7901B.
to store an int in the bio->bio_driver1 (a void *). It is big enough,
but you have to match the int sizes first before doing the cast.
Glanced at by: scottl
mark crypto requests with ``callback immediately'' to avoid doing a context
switch to return crypto results. This completes the work to eliminate
context switches for using software crypto via the crypto subsystem (with
symmetric crypto ops).
software crypto device:
o record crypto device capabilities in each session id
o add a capability that indicates if the crypto driver operates synchronously
o tag the software crypto driver as operating synchronously
This commit also introduces crypto session id macros that cleanup their
construction and querying.
an MSDOSFS file system either failed, silently corrupted the file, or
sometimes corrupted the neighboring file.
PR: 53695
Submitted by: Ariff Abdullah <skywizard@MyBSD.org.my> (original version)
MFC: 3 days
channel has been disabled by BIOS. This prevents a bus timeout
machine check on B&W G3 PowerMacs, which have a primary-only CMD646
on the motherboard.
Approved by: sos
Obtained from: NetBSD
bus_dma async callback scheme. Note that sparc64 does not seem to do
async callbacks. Note that ia64 callbacks might not be MPSAFE at the
moment. Note that powerpc doesn't seem to do async callbacks due to
the implementation being incomplete.
Reviewed by: mostly silence on arch@
succeeds. There is a difference between how OLDCARD and NEWCARD deal
with their resources, and this code exposes that difference. I'm not
sure which behavior is correct, and will need to look into that in
more detail. However, it appears that we go ahead and allocate the
right thing in both cases that I have access to (CF cards, CDROM, and
external ata enclosures), so go ahead and ignore the failure to get
the resource for the other rid. There's already another check to make
sure that the actual allocation works correctly, and that should be
sufficient to catch cases that don't work.
Submitted by: wpaul and iedowse
o add back rx monitor support
o make WI_RID_SCAN_RES DTRT
o fix a bug handling zero-length RID requests (used by dstumbler to set
a zero-length SSID)
o make RID_SCAN_REQ DTRT
o add back WI_RID_OWN_SSID
o fix wi_scan_ap to take a channel mask and txrate (for prism cards)
These changes fix dstumbler -o (monitor mode). A minor change to dstumbler
is needed to get normal AP scanning mode to work right; this is preferred to
modifying the driver.
PR: kern/53187
Reviewed by: Bruce M Simpson <bms@spc.org>
flag'ed INTR_MPSAFE. In ep_if_start(), use the IF_DEQUEUE macro to
grab the next mbuf to send, and use IF_PREPEND if the card is busy
and we actually can't handle it right now.
The old code was first getting the mbuf by taking it from the queue
without using the macros, thus without locking, and without removing
it from the queue either. It was later assuming that IF_DEQUEUE would
give him this same mbuf.
Tested by: mich
when the user specifies a maximum fragment size < 2.
This is the behavior that Linux provides and fixes the problem I've
observed in Tribes2 where sounds effects are delayed by 1/2 a second.
This commit has two pieces. One half is the watchdog kernel code which lives
primarily in hardclock() in sys/kern/kern_clock.c. The other half is a userland
daemon which, when run, will keep the watchdog from firing while the userland
is intact and functioning.
Approved by: jeff (mentor)
being requested is outside of the range of the direct map region. eg:
for pci windows. While here, increase the minimum size of the direct
map region to be 4GB instead of 1GB.
so can leave stale data in the buffer and confuse the driver.
- enable the ability to set the 'disable' hint for the driver to keep it
from attaching. i.e. 'hw.ips.0.disable=1' will prevent the driver from
attaching.
- Only detach if attach suceeded.
Submitted by: mjacob
Before, we would add/subtract the leap second when the system had been
up for an even multiple of days, rather than at the end of the day, as
a leap second is defined (at least wrt ntp). We do this by
calculating the notion of UTC earlier in the loop, and passing that to
get it adjusted. Any adjustments that ntp_update_second makes to this
time are then transferred to boot time. We can't pass it either the
boot time or the uptime because their sum is what determines when a
leap second is needed. This code adds an extra assignment and two
extra compare in the typical case, which is as cheap as I could made
it.
I have confirmed with this code the kernel time does the correct thing
for both positive and negative leap seconds. Since the ntp interface
doesn't allow for +2 or -2, those cases can't be tested (and the folks
in the know here say there will never be a +2s or -2s leap event, but
rather two +1s or -1s leap events).
There will very likely be no leap seconds for a while, given how the
earth is speeding up and slowing down, so there will be plenty of time
for this fix to propigate. UT1-UTC is currently at "about -0.4s" and
decrementing by .1s every 8 months or so. 6 * 8 is 48 months, or 4
years.
-stable has different code, but a similar bug that was introduced
about the time of the last leap second, which is why nobody has
noticed until now.
MFC After: 3 weeks
Reviewed by: phk
"Furthermore, leap seconds must die." -- Cato the Elder
incremented at the start of the leap second, not after the leap second
has been inserted. This is because at the start of the leap second,
we set the time back one second. This setting back one second is the
moment that the offset changes. The old code set it back after the
leap second, but that's one second too late. The negative leap second
case is handled correctly.
Reviewed by: phk
of pcpu locks. This makes uma_zone somewhat smaller (by (LOCKNAME_LEN *
sizeof(char) + sizeof(struct mtx) * maxcpu) bytes, to be exact).
No Objections from jeff.
short read operations at the end of a file to not have the "eof"
flag set as they should. The problem is that the requested read
count was compared against the rounded-up reply data length instead
of the actual reply data length. This bug appears to have been
introduced in revision 1.78 (June 1999). It causes first-time reads
of certain file sizes (e.g 4094 bytes) to fail with EIO on a RedHat
9.0 NFSv3 client.
MFC after: 1 week
build it on the i386 and alpha architectures, where this has been
set up (there is also a sparc64-bitops.h in sys/gnu/ext2fs, but it
appears to be broken and it is not linked up).
This should unbreak the sparc64 LINT build.
in the netisr case. This would result in a lock reversal. This
fixes the net.isr.enable=1 case. Better performance might be
obtained by chaining all packets received, dropping the lock, and
then calling if_input() on each one.
Reported by: hmp
of the contents of the CCSCBCTL register into our
local varaible. The other bits are used in later tests.
This avoids a potential deadlock in ahd_run_qoutfifo()
if we happen to catch the DMA engine in just the right
state.
built by LINT. Also override a number of knobs for enabling and
disabling various modules in the ALL_MODULES case to further increase
LINT's module coverage.
Submitted by: ru
o code reorg (relative to old netbsd-derived code) for future growth
o drivers now specify available channels and rates and 802.11 layer handles
almost all ifmedia actions
o multi-mode support for 11a/b/g devices
o 11g protocol additions (incomplete)
o new element id additions (for other than 11g)
o node/station table redone for proper locking and to eliminate driver
incestuousness
o split device flags and capabilities to reduce confusion and provide room
for expansion
o incomplete power management infrastructure (need to revisit)
o incomplete hooks for software retry
o more...
read permision only required for listing, read/write required for
read/write to registers
fix a possible memory leak
clean up error handling a bit
Reviewed by: silence
the MAC policy modules to improve robustness against C string
bugs and vulnerabilities. Following these revisions, all
string construction of labels for export to userspace (or
elsewhere) is performed using the sbuf API, which prevents
the consumer from having to perform laborious and intricate
pointer and buffer checks. This substantially simplifies
the externalization logic, both at the MAC Framework level,
and in individual policies; this becomes especially useful
when policies export more complex label data, such as with
compartments in Biba and MLS.
Bundled in here are some other minor fixes associated with
externalization: including avoiding malloc while holding the
process mutex in mac_lomac, and hence avoid a failure mode
when printing labels during a downgrade operation due to
the removal of the M_NOWAIT case.
This has been running in the MAC development tree for about
three weeks without problems.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
attributes from objects over vop_setextattr() with a NULL uio; if
the file system doesn't support the vop_rmextattr() method, fall
back to the vop_setextattr() method.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
interface, rather than relying on a NULL uio for the deletion
operation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
specify what credential to use when authorizing vn_open() and later
write operations, rather than curthread->td_ucred.
When writing KTR traces to an ALQ, specify the credential of the thread
generating the sysctl request.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
releasing the lock only if we are about to sleep (e.g., vm_pager_get_pages()
or vm_pager_has_pages()). If we sleep, we have marked the vm object with
the paging-in-progress flag.
"ipid" options. This feature has been requested by several users.
On passing, fix some minor bugs in the parser. This change is fully
backward compatible so if you have an old /sbin/ipfw and a new
kernel you are not in trouble (but you need to update /sbin/ipfw
if you want to use the new features).
Document the changes in the manpage.
Now you can write things like
ipfw add skipto 1000 iplen 0-500
which some people were asking to give preferential treatment to
short packets.
The 'MFC after' is just set as a reminder, because I still need
to merge the Alpha/Sparc64 fixes for ipfw2 (which unfortunately
change the size of certain kernel structures; not that it matters
a lot since ipfw2 is entirely optional and not the default...)
PR: bin/48015
MFC after: 1 week
policy definition structure; this permits policies to reduce their
number of gratuitous includes for required for entry points they
don't implement. This also facilitates building the MAC Framework
on Darwin.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Several of the subtypes have an associated vnode which is used for
stuff like the f*() functions.
By giving the vnode a speparate field, a number of checks for the specific
subtype can be replaced simply with a check for f_vnode != NULL, and
we can later free f_data up to subtype specific use.
At this point in time, f_data still points to the vnode, so any code I
might have overlooked will still work.
console, even if there is a TIOCCONS console tty. We were already
doing this after a panic, but it's also useful when entering DDB
for some other reason too.
TIOCCONS console (e.g. xconsole) via a timeout routine instead of
calling into the tty code directly from printf(). This fixes a
number of cases where calling printf() at the wrong time (such as
with locks held) would cause a panic if xconsole is running.
The TIOCCONS message buffer is 8k in size by default, but this can
be changed with the kern.consmsgbuf_size sysctl. By default, messages
are checked for 5 times per second. The timer runs and the buffer
memory remains allocated only at times when a TIOCCONS console is
active.
Discussed on: freebsd-arch
Reorder how the pci probing in handled. before adding devices, check to
see if the slot is a multi-function device to see if we should probe all
the functions.
Original idea by: imp
with a new implementation that has a mostly reentrant "addchar"
routine, supports multiple message buffers in the kernel, and hides
the implementation details from callers.
The new code uses a kind of sequence number to represend the current
read and write positions in the buffer. This approach (suggested
mainly by bde) permits the read and write pointers to be maintained
separately, which reduces the number of atomic operations that are
required. The "mostly reentrant" above refers to the way that while
it is now always safe to have any number of concurrent writers,
readers could see the message buffer after a writer has advanced
the pointers but before it has witten the new character.
Discussed on: freebsd-arch
data access errors when trying to read/write to non-existant PCI devices.
fix the psycho bridge to use peek for probing devices. This no longer
fakes it if the OFW node doesn't exist (and the reg == 0).
Reviewed by: jake, tmm
when serving up more than about 32 active files. For details see
section 6.3 (pg 111) of Daniel Ellard and Margo Seltzer, ``NFS
Tricks and Benchmarking Traps'' in the Proceedings of the Usenix
2003 Freenix Track, June 9-14, 2003 pg 101-114.
Obtained from: Daniel Ellard <ellard@eecs.harvard.edu>
Sponsored by: DARPA & NAI Labs.
causing poor interactive performance while unnice processes were running.
The new scheme still allows nice to have an effect on priority but it is
not as dramatic as the effect of the interactivity score.
- Avoid calling bread() with different sizes on the same blkno.
Although the buffer cache is designed to handle differing size
buffers, it erroneously tries to write the incorrectly-sized buffer
buffer back to disk before reading the correctly-sized one, even
when it's not dirty. This behaviour caused a panic for read-only
NTFS mounts when INVARIANTS was enabled ("bundirty: buffer x still
on queue y"), reported by NAKAJI Hiroyuki.
- Fix a bug in the code handling holes: a variable was incremented
instead of decremented, which could cause an infinite loop.
for vnodes reached through double indirection (i.e. **vpp). This
is worked-around by special-casing the identifier "vpp" (adding one
level of indirection).
The alternative fix mentioned in the PR had required substantial
changes to this script.
In case there are locking violations that had been hidden without
this patch, they may suddenly show up, now ...
This change does not affect code compiled without DEBUG_VFS_LOCKS.
PR: kern/46652
before calling it for bound thread. To avoid this problem, change
thread_schedule_upcall to not put new thread on run queue, let caller
do it, so we can tweak the new thread before setting it to run.
Reported by: pho
threads in the process have already masked the signal, so job control
is delayed. But later a thread unmasking the STOP signal should enable
job control, so in issignal(), scanning all threads in process to see
if we can direct suspend some of them, not just suspend current thread.
we can deadlock because of lock order reversals. This was not
caught because Witness ignores pool mutexes right now.
Diagnosis and help: truckman
Noticed by: pho
"maxproc limit exceeded by uid %i, please see tuning(7) and login.conf(5)."
Which will be triggered whenever a user hits his/her maxproc limit or
the systemwide maxproc limit is reached.
MFC after: 1 week
- Don't require all receivers of ipis to wait for all other receivers,
only that the sender wait for all receivers. This should reduce the
amount of time spent with interrupts disabled, which may be a cause
of ipi timeouts.
Discussed with: tmm
mutexes are supposed to only be used as leaf mutexes, and what appear
to be separate pool mutexes could be aliased together, it is bad idea
for a thread to attempt to hold two pool mutexes at the same time.
Slightly rearrange the code in kern_open() so that FILE_UNLOCK() is
called before calling VOP_GETVOBJECT(), which will grab the v_vnlock
mutex.
drivers that implemnt the i2c bit banging bus interface not have to
recompile iicbb in order to add an attachment for it.
This will mean the bktr and other definitions can go back to their
respective drivers.
- Mark that it cannot handle greater than 4GB of RAM at this time. Fixing
that will come later. Fail any attempts to dump above thati limit.
- If a call to aac_disk_dump() needs to be split into multiple i/o's,
increment the virtual offset after each i/o instead of just dumping the
same offset over and over again.
- Bail out if bus_dmamap_load() returns an error. Error recovery is likely
not possible.
systems to fail more gracefully when a file descriptor exhaustion situation
occurs.
Original patch by: David G. Andersen <dga@lcs.mit.edu>
PR: 45353
MFC after: 1 week
the values that are "reserved", but they are not reserved anywhere else
so I'm assuming this is what they were unreserved for. Unfortunately
some of the values for local syscons types overlap the values used for
sbus adapters elsewhere, so we can't have all the same values.
- Move prototypes for sparc64-specific helper functions from bus.h to
bus_private.h
- Move the method pointers from struct bus_dma_tag into a separate
structure; this saves some memory, and allows to use a single method
table for each busdma backend, so that the bus drivers need no longer
be changed if the methods tables need to be modified.
- Remove the hierarchical tag method lookup. It was never really useful,
since the layering is fixed, and the current implementations do not
need to call into parent implementations anyway. Each tag inherits
its method table pointer and cookie from the parent (or the root tag)
now, and the method wrapper macros directly use the method table
of the tag.
- Add a method table to the non-IOMMU backend, remove unnecessary
prototypes, remove the extra parent tag argument.
- Rename sparc64_dmamem_alloc_map() and sparc64_dmamem_free_map() to
sparc64_dma_alloc_map() and sparc64_dma_free_map(), move them to a
better place and use them for all map allocations and deallocations.
- Add a method table to the iommu backend, and staticize functions,
remove the extra parent tag argument.
- Change the psycho and sbus drivers to just set cookie and method table
in the root tag.
- Miscellaneous small fixes.
redundant paths to the same device.
This class reacts to a label in the first sector of the device,
which is created the following way:
# "0123456789abcdef012345..."
# "<----magic-----><-id-...>
echo "GEOM::FOX someid" | dd of=/dev/da0 conv=sync
NB: Since the fact that multiple disk devices are in fact the same
device is not known to GEOM, the geom taste/spoil process cannot
fully catch all corner cases and this module can therefore be
confused if you do the right wrong things.
NB: The disk level drivers need to do the right thing for this to
be useful, and that is not by definition currently the case.
smbfs_close(). This fixes paging to and from mmap()'d regions of smbfs
files after the descriptor has been closed, and makes thttpd, GNU ld,
and perhaps more things work that depend on being able to do this.
PR: 48291
because the run time exceeds the largest value a signed int can hold.
The real solution involves calculating how far we are over the limit.
To quickly solve this problem we loop removing 1/5th of the current value
until it falls below the limit. The common case requires no passes.
- Emulate lock draining (LK_DRAIN) in null_lock() to avoid deadlocks
when the vnode is being recycled.
- Don't allow null_nodeget() to return a nullfs vnode from the wrong
mount when multiple nullfs's are mounted. It's unclear why these checks
were removed in null_subr.c 1.35, but they are definitely necessary.
Without the checks, trying to unmount a nullfs mount will erroneously
return EBUSY, and forcibly unmounting with -f will cause a panic.
- Bump LOG2_SIZEVNODE up to 8, since vnodes are >256 bytes now. The old
value (7) didn't cause any problems, but made the hash algorithm
suboptimal.
These changes fix nullfs enough that a parallel buildworld succeeds.
Submitted by: tegge (partially; LK_DRAIN)
Tested by: kris
and run time.
- Scale the sleep and run time back via sched_interact_update() in more
places. This is to keep the statistic more accurate.
- Charge a parent one tick for forking a child.
- Add only the run time and not the sleep time to the parents kg when a
thread exits. This allows us to give a penalty for having an expensive
thread exit but does not give a bonus for having an interactive thread
exit.
- Change the SLP_RUN_THROTTLE to limit us to 4/5th and not 1/2.
- Change the SLP_RUN_MAX to two seconds. This keeps bursty interactive
applications like mozilla and openoffice in the interactive range even
through expensive tasks.
- Recalculate the slice after every sleep. This ensures that once a task
has been marked interactive it only has a slice of 1 at the risk of
giving tasks that sleep for a very brief period a longer time slice.
this makes connect act more sensibly in these cases.
PR: 50839
Submitted by: Barney Wolff <barney@pit.databus.com>
Patch delayed by laziness of: silby
MFC after: 1 week
This version of the driver code is compatible with near-release FreeBSD 5.1
kernel/driver interfaces.
modules/Makefile, man page and other bindings to follow shortly, once I get
this part of the check-in right.
Approved by: markm(mentor)
state, as inp_socket will then be NULL. This fixes a panic that occurs when one
tries to bind a port that was previously binded with remaining TIME_WAIT
sockets.
the terminating '\0'. Since the initialisation of rootpath in
libstand/bootp.c may copy junk into the rest of the buffer, it was
possible for the code to find a ':' after the '\0' and do the wrong
thing.
Reviewed by: ps
MFC after: 1 week
resource deallocation back to fifo_close(). This eliminates any
stale data that might be stuck in the socket buffers after all the
readers and writers have closed the fifo.
Tested by: Thorsten Schroeder <ths@katjusha.de>
on friday 13th and without making a universe). This adds struct and
constant definitions for ATM traffic parameters and re-enables the
build of the midway driver.
Tested by: make universe
Previously, any normal I/O on an fdc(4) device would fail with ENXIO
if the device had been opened in non-blocking mode and then closed
prior to the conventional access; that would last until the floppy
disk was ejected and re-inserted to raise the unit attention condition.
Add a clarifying comment.
populated. Apparently, if you use an ehci controller, it's not.
Use usbd_device2interface_handle() to retrieve the interface handle.
NOTE: uaa->iface is populated in the probe routine, so I suspect the
fact that it's NULL in the attach routine is a bug in the ehci driver.
Also, don't depend on the PHY addresses returned by the AXE_CMD_READ_PHYID
command. The address is correct for my LinkSys NIC, but a user has
reported that with a D-Link NIC, the PHYID command returns address 4
while the attached Broadcom PHY is in fact strapped for address 0.
Instead, latch onto the first PHY address that returns valid data
during a readreg operation.
- Add vm page queue locking in certain places that are only needed on
sparc64.
This should make pmap_qenter and pmap_qremove MP-safe.
Discussed with: alc
as should every block device strategy routine.
There was at least one evil consequence of not doing so:
Some errors returned by fdstrategy() could be lost (EAGAIN,
in particular.)
PR: kern/52338 (in the audit-trail)
Discussed with: bde
to access floppy parameters through it.
Note: The DIOCGSECTORSIZE and DIOCGMEDIASIZE handlers withing
fdioctl() couldn't be just moved to below the existing check
for blocking mode because fd->ft can be non-NULL while still
in non-blocking mode (fd->ft can be set with the FD_STYPE ioctl.)
PR: kern/52338
No MFC: Not applicable to STABLE
schedules an upcall. Signal delivering to a bound thread is same as
non-threaded process. This is intended to be used by libpthread to
implement PTHREAD_SCOPE_SYSTEM thread.
2. Simplify kse_release() a bit, remove sleep loop.
ulpt_status() afterwards. This fixes a crash that can occur if a
USB printer is power-cycled when printing is just starting. The
problem is similar to that fixed in revision 1.33, but it is much
less likely to occur.
MFC after: 1 week
panics. Before revision 1.38, we used to just point panicstr at the
format string if panicstr was NULL, but since we now use a static
buffer for the formatted panic message, we have to be careful to
only write to it during the first panic.
Pointed out by: bde
UFS quota implementation. Push some quite broken access control
logic out of ufs_quotactl() into the individual command
implementations in ufs_quota.c; fix that logic. Pass in the thread
argument to any quotactl command that will need to perform access
control.
o quotaon() requires privilege (PRISON_ROOT).
o quotaoff() requires privilege (PRISON_ROOT).
o getquota() requires that:
If the type is USRQUOTA, either the effective uid match the
requested quota ID, that the unprivileged_get_quota flag be
set, or that the thread be privileged (PRISON_ROOT).
If the type is GRPQUOTA, require that either the thread be
a member of the group represented by the requested quota ID,
that the unprivileged_get_quota flag be set, or that the
thread be privileged (PRISON_ROOT).
o setquota() requires privilege (PRISON_ROOT).
o setuse() requires privilege (PRISON_ROOT).
o qsync() requires no special privilege (consistent with what
was present before, but probably not very useful).
Add a new sysctl, security.bsd.unprivileged_get_quota, which when
set to a non-zero value, will permit unprivileged users to query user
quotas with non-matching uids and gids. Set this to 0 by default
to be mostly consistent with the previous behavior (the same for
USRQUOTA, but not for GRPQUOTA).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
from the tree until it is fixed. Since it is an atm driver, it isn't
commonly used so this will not negatively impact too many people.
harti can reconnect it when he resurfaces and corrects the en module
problems. This should allow snapshots to start succeeding again.
Reported by: lots of people
