TAILQ_FIRST(&ifp->if_addrhead) to find the link layer ifaddr.
(it's always first I believe)
Allows this to compile on -current.
.. need testers with FEC capable switches..
the data value returned by kevent()'s EVFILT_READ filter on non-TCP
sockets accurately reflects the amount of data that can be read from the
sockets by applications.
PR: 30634
Reviewed by: -net, -arch
Sponsored by: NTT Multimedia Communications Labs
MFC after: 2 weeks
permitting MAC policies to limit access to the kernel environment.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
malloc(9) failed last time. This is intended to help code adjust
memory usage to the current circumstances.
A typical use could be:
if (malloc_last_fail() < 60)
reduce_cache_by_one();
has a valid b_iocmd. Valid is any one of BIO_{READ,WRITE,DELETE}.
I have seen at least one case where the bio_cmd field was zero once the
request made it into GEOM. Putting the KASSERT here allows us to spot
the culprit in the backtrace.
vm_page_alloc not to insert this page into an object. The pindex is
still used for colorization.
- Rework vm_page_select_* to accept a color instead of an object and
pindex to work with VM_PAGE_NOOBJ.
- Document other VM_ALLOC_ flags.
Reviewed by: peter, jake
prediction code. Previously, 2GB worth of header predicted data
could leave these variables too far out of sequence which would cause
problems after receiving a packet that did not match the header
prediction.
Submitted by: Bill Baumann <bbaumann@isilon.com>
Sponsored by: Isilon Systems, Inc.
Reviewed by: hsu, pete@isilon.com, neal@isilon.com, aaronp@isilon.com
This is NOT YET CONVERTED TO -current.
This node is a source for preprogrammed packets at a known rate for testing.
I will convert it to -current "in place" but will MFC teh original
pre-conversion variant as that is what is originally submitted.
Man page my me, info from Dave's README.
Submitted by: Dave Chapeskie <dchapeskie@SANDVINE.com>
Obtained from: Sandvine inc.
MFC after: 1 week
nfsm_srvpathsiz. This macro plucks a length out of an rpc request and
verifies that its size does not exceed NFS_MAXPATHLEN. If it does
it generates an ENAMETOOLONG response.
- Use this macro, and the existing nfsm_srvnamsiz macro in two places
where we deal with paths passed in by the client.
This fixes a linux interoperability bug. Linux was sending oversized path
components which would cause us to ignore the request all together. This
causes linux to hang indefinitly while it waits for a response. This
could still happen in other cases where we error out with EBADRPC.
Sponsored by: Isilon Systems, Inc.
Reviewed by: alfred, fabbri@isilon.com, neal@isilon.com
state. Instead, use ACPI_STA_PRESENT and ACPI_STA_FUNCTIONAL for it.
In some ACPI BIOS implementations, boot disabled devices don't have
ACPI_STA_ENABLE bit in _STA object.
Also it is not fatal if getting current IRQ of boot disabled devices
is failed in initial state.
And minor fixes.
amr_cam.c,
amrreg.h,
amrvar.h:
- added support for 12/16 byte cdb's, effecting CAM branch only ( non-disk support )
amrreg.h:
- increased number of scatter gather elements from 16 to 26.
amr_pci.c:
- amr_pci_free(), incorrect bus tag meant for 'amr_mailbox_dmat' was being freed
all:
- copyright change requested by scottl
Reviewed by: ps,scottl
MFC after: 1 week
across system suspends on the Intel 82371AB PCI-ISA bridge. On a
Sony Vaio C1XD that I have, these registers are not set correctly
after an ACPI resume. The result is that after resuming, a shared
IRQ is left in edge-triggered mode so the interrupt can later become
jammed in a state where the line remains asserted, but the handler
is never called.
Reviewed by: jhb
behaviour of the hardware: a possibly reserved bit of the receive
descriptor (RFA) `status' field is borrowed to record no-resource
(RNR) events, and the same status field is read and written to at
a time that may clash with the hardware updating this field.
There is no hardware documentation available to determine if these
things are safe to do; the second issue almost certainly isn't, and
the first is only safe if there is documentation saying that this
bit is free to be used by the driver. The PR referenced below
provides extremely convincing evidence that the changes cause random
crashes on some (unusual) hardware.
Since these features are only required by the DEVICE_POLLING case,
this commit makes their use conditional on that option. It does not
change the DEVICE_POLLING case, but at least people with the rare
hardware on which this code causes problems can now avoid the crashes
by not enabling DEVICE_POLLING.
PR: kern/42260
Reviewed by: luigi
Problem revision found by: Pawel Malachowski <pawmal@unia.3lo.lublin.pl>
Tested by: Pawel Malachowski <pawmal@unia.3lo.lublin.pl>
MFC after: 1 week
structure definition, rather than using an operation vector
we translate into the structure. Originally, we used a vector
for two reasons:
(1) We wanted to define the structure sparsely, which wasn't
supported by the C compiler for structures. For a policy
with five entry points, you don't want to have to stick in
a few hundred NULL function pointers.
(2) We thought it would improve ABI compatibility allowing modules
to work with kernels that had a superset of the entry points
defined in the module, even if the kernel had changed its
entry point set.
Both of these no longer apply:
(1) C99 gives us a way to sparsely define a static structure.
(2) The ABI problems existed anyway, due to enumeration numbers,
argument changes, and semantic mismatches. Since the going
rule for FreeBSD is that you really need your modules to
pretty closely match your kernel, it's not worth the
complexity.
This submit eliminates the operation vector, dynamic allocation
of the operation structure, copying of the vector to the
structure, and redoes the vectors in each policy to direct
structure definitions. One enourmous benefit of this change
is that we now get decent type checking on policy entry point
implementation arguments.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
MAC access() and open() checks, the argument actually has an int type
where it becomes available. Switch to using 'int' for the mode argument
throughout the MAC Framework and policy modules.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
a true scratch register. This change and future re-allocations will
eventually result in code that we can unwind to to get the preserved
registers of the process. This of course means that we cannot trash
them while saving the process context.
While re-allocating, remove the register aliases. Abstraction is in
this case disadvanteous.
have f16-f31 as part of the context. The PCB has been reorganized to
better match how we save and restore the (preserved) registers. This
commit also moves the context restoriation to its own function (named
pcb_restore), as we did with pcb_save.
Only minimal effort has been put in writing optimal assembly. The
expectation is that there will be more rounds of changes.
This provides a 30% reduction in system time and a 6% reduction in wallclock time
for a make buildworld on my xp1000 (one 21264).
FWIW, I've been running this for nearly 2 months without problems.
Portions submitted by: ticso, jhb
Tested by: jhb (ds20 dual 21264)
We've been talking about this for years, but nobody has done it.
(and I don't think anybody has used this for debugging since Doug
and I were doing the initial bootstrapping..)
pipe callback function, and just return if these cases are detected.
Without these checks, the ulpt driver may cause an infinite loop
of failing USB transfers that can hang the whole machine. This makes
printing work for me on a HP DJ950C printer.
and mac_check_system_sysctl(), providing additional integrity
protections relating to swap target device selection and system
management via sysctl(). Require Biba privilege for both; also
require that the target of swap operations be a high integrity
object, since swap data is high integrity.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Asssociates Laboratories
These are really only partly netgraph nodes as they do not use the
netgraph interfaces for many of the functions for which they could
be used, however they represent important functionality.
Submitted by: wpaul
MFC after: 2 days
This allows socket() to return an error when the kernel is not built
with IPDIVERT, and doesn't prevent future applications from using the
"borrowed" IP protocol number. The sysctl net.inet.raw.olddiverterror
controls whether opening a socket with the "borrowed" IP protocol
fails with an accompanying kernel printf; this code should last only a
couple of releases.
Approved by: re
terminating zero (it was treated as length missmatch). The mtools create
such slots if the name len is the product of 13 (max number of unicode
chars fitting in directory slot).
MFC after: 1 week
WARNING: This is not a published interface, it is a stopgap measure for
WARNING: libdisk so we can get 5.0-R out of the door.
Sponsored by: DARPA & NAI Labs
with the new VFS/EA semantics in the MAC framework. Move the per-policy
structures out to per-policy include files, removing all policy-specific
defines and structures out of the base framework includes and
implementation, making mac_biba and mac_mls entirely self-contained.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Print a warning if a requested interface name is longer than
IFNAMSIZ.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
WARNING: You need to backup and restore the _unencrypted_ contents
WARNING: of your GBDE disks when you take this update!
Sponsored by: DARPA & NAI Labs.
from all low-level bus space support functions. There's no need
to actually force the read/write to be accepted by the platform
before we can do anything else. We still have the mf instruction
there, which forces ordering. This too is not required given the
semantices of the bus space I/O functions, but it's not at all
clear to me if there are any poorly written device drivers that
depend on the strict ordering by the processor. The motto here is
to take small steps...
o Properly set the pointer to the counter for each interrupt and
update the intrnames table.
o Remove Alpha cruft from intrcnt.h.
o Create INTRNAME_LEN as the single entity that defines the width
of the names in the intrnames table (incl. terminatinf '\0').
missed. This bug has been present since the vn_start_write() and
vn_finished_write() calls were first added in revision 1.159. When
the case is triggered, any attempts to create snapshots on the
filesystem will deadlock and also prevent further write activity
on that filesystem.
This guarantees that loads and stores emitted before the fence are
made visible before the IPI becomes pended.
Remove the mf.a instruction after initiating the IPI. There's no
guarantee that the IPI becomes pended prior to subsequent reads or
writes. Even if there was a guarantee, it would mostly be without
any benefit.
to conform to 1003.1-2001. Make it possible for applications to actually
tell whether or not asynchronous I/O is supported.
Since FreeBSD's aio implementation works on all descriptor types, don't
call down into file or vnode ops when [f]pathconf() is asked about
_PC_ASYNC_IO; this avoids the need for every file and vnode op to know about
it.
Implement new sysconf keys. Change the implenentation of
_SC_ASYNCHRONOUS_IO in preparation for the next set of changes.
Move some limits which had been in <sys/syslimits.h> to <limits.h> where
they belong. They had only ever been in syslimits.h to provide for the
kernel implementation of the CTL_USER MIB branch, which went away with
newsysctl years ago. (There is a #error in <sys/syslimits.h> which I
will downgrade in the next commit.)
for sparc64 from trap #9 to trap #65. This is one of the ABI "blessed"
system call vectors and is different from any other system that we might
want to emulate, making the emulation easier by reducing the number of
code paths that need to be shared. Compatibility with old applications
is provided with COMPAT_FREEBSD4.
Add defines for a few special traps that we may need to implement for
compatibility with 32bit applications, and add comments on which vectors
are used for what in other systems, and which are available.
Pass magic flags to trap() for deprecated or unimplemented system call
vectors so they will deliver SIGSYS instead of SIGILL.
This piggy backs nicely with the recent sigaction(2) system call number
change, and provided the rules are followed for upgrading past it, this
change should not be noticed.
mac_enforce_system toggle, rather than several separate toggles.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
permit MAC policies to augment the security protections on sysctl()
operations. This is not really a wonderful entry point, as we
only have access to the MIB of the target sysctl entry, rather than
the more useful entry name, but this is sufficient for policies
like Biba that wish to use their notions of privilege or integrity
to prevent inappropriate sysctl modification. Affects MAC kernels
only. Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c,
we can't assert the SYSCTL subsystem lockin the MAC Framework.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
