Commit Graph

130241 Commits

Author SHA1 Message Date
Kirk McKusick
6e6b7d44ef The functions that set and delete external attributes must check
that the filesystem is not mounted read-only before proceeding.

Reported by: Ryan Beasley <ryanb@FreeBSD.org>
MFC after: 1 week
2007-02-21 08:50:06 +00:00
Jean-Sébastien Pédron
2483dd1389 Fix a bug with the release of section's raw data. Both release loops
were using translated data linked list, leading to a memory leak.

Jkoshy's testsuite was used to check for non-regression.
2007-02-21 08:14:22 +00:00
Nick Hibma
814ee007c3 Initialise {transport,protocol}{,_version} fields during a PATH_INQ to avoid a
warning message.
2007-02-21 07:46:40 +00:00
Nick Hibma
55fe33a350 Reduce the noise when plugging in (USB) mass storage devices, like a 4 port
flash card reader.
Also remove an 'Opened da0 -> <random number>' which is not needed on a daily
basis (available through bootverbose).

Reviewed by:	phk, ken
MFC after:	1 week
2007-02-21 07:45:02 +00:00
Alan Cox
5f9e5adf8b Change pmap_protect() so that execute access can be removed without
simultaneously removing write access.
2007-02-21 06:00:46 +00:00
Tim Kientzle
671d7d80a4 If we already have stat() data, we might be able to
determine if this is a physical dir without an lstat().
While I'm in here, try to clarify the comments around
the _is_dir() and _is_physical_dir() tests.
2007-02-21 05:07:43 +00:00
Olivier Houchard
9bf1500921 Check that the error returned by vfs_getopts() is not ENOENT before assuming
there's actually an error.
This is just in order to unbreak ntfs on current, before a proper solution is
committed.
2007-02-21 00:30:09 +00:00
Robert Watson
7ee76f9d4e Remove unnecessary privilege and privilege check for WITNESS sysctl.
Head nod:	jhb
2007-02-20 23:49:31 +00:00
Nick Hibma
85fea78497 Create a link from hosts.allow(5) hosts_access(3), to give the user a
starting point for more information on a file in /etc.

MFC after:	1 week
2007-02-20 23:12:04 +00:00
Nick Hibma
7090e3d10c Kris suggested that swap is a better choice as a default than malloc.
MFC:	1 week
2007-02-20 22:04:23 +00:00
Nick Hibma
35ce0ff2f2 [Found the original diff I made, see previous commit for other part]
Assume '-a' and '-t malloc' flags for '-s <size>' (malloc ramdisk) if not
specified.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:29:30 +00:00
Nick Hibma
1253fe1ead Make attach the default for -f. That way
mdconfig -f image

works like a charm.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:04:12 +00:00
Ed Maste
5a16cfaeb6 Avoid writing uninitialized stack data into a thread's MMX/SSE state by
first getting the current state with td_thr_getxmmregs_p.  Without this,
debugging a threaded app that uses libthr resulted in kernel panics or
spurious SIGFPEs for me.

(As of revision 1.6, sys/i386/i386/ptrace_machdep.c masks off the
reserved bits in the mxcsr register, which prevents the kernel panics.)

Architectures without PT_GETXMMREGS are not affected.

MFC after:      1 week
2007-02-20 18:10:13 +00:00
Luigi Rizzo
560a65051c Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,
and make it print under debug.iwi control same as other debugging stuff.

Remove the device_printf() in iwi_ioctl() and replace with this:

        /*
         * wait until pending iwi_cmd() are completed, to avoid races
         * that could cause problems.
         */
        while (sc->flags & IWI_FLAG_BUSY)
                msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz);

This at least prevents what has become an almost systematic failure for my
system, presumably due to a previous iwi_cmd() not complete yet by the
time iwi_ioctl() is called.

It has been pointed to my attention that the real problem could be
calling ieee80211_ioctl() with the lock held. If that is true,
there might still be a possibility for a race condition e.g. an
interrupt coming while the ioctl is sleeping.
Need to investigate further on what changes are required to release
the lock before calling ieee80211_ioctl
2007-02-20 17:32:30 +00:00
Luigi Rizzo
484f6530e9 Address a few issues with the iwi driver, namely:
+ do not release the dma-ble region used for downloading firmware.
  This should fix the problems that some people were seeing, due to
  memory becoming too fragmented which prevented subsequent allocations
  of a suitable contiguous region of memory;

+ document the firmware format and usage in if_iwivar.h

+ use a loop to allocate the four tx rings, instead of replicating
  the body of the loop.

+ add debugging code IWI_LOCK_ASSERT() to detect missing locks.
  These only do a printf, and should go away once we figure out why
  the driver sometimes freezes the system due to a (yet unidentified)
  race condition.

+ add a device_printf() in iwi_ioctl() in certain conditions
  (see comment in the code).  This helps preventing the race condition
  mentioned above, and makes the system survive. This printf will
  also go away once fixing this bug is completed.

+ change iwi_getfw() to return 0 on success, 1 on error, consistently
  with other functions.

+ fix the argument of a sizeof() in iwi_get_firmware()

+ use le32toh() to access little-endian fields

+ simplify error handling in iwi_load_firmware() and iwi_init_locked()

The bugs fixed by this commit (the freezing one especially) are serious
enough to call for a quick MFC

MFC after: 3 days
2007-02-20 15:45:59 +00:00
Robert Watson
bd146f1302 Replace a suser() check with an explicit check for PRIV_NET_SETIFMTU. 2007-02-20 15:20:36 +00:00
Luigi Rizzo
b8c4cc421e Document the endiannes of firmware headers
(in preparation for changes in the C code).
2007-02-20 14:29:09 +00:00
Robert Watson
a1f3b8390c Update auditing of socket information for the inpcb new world order:
so_pcb will always be non-NULL, and lock the inpcb while non-atomically
accessing address data.
2007-02-20 13:38:11 +00:00
Robert Watson
5b950deabc Break introductory comment into two paragraphs to separate material on the
garbage collection complications from general discussion of UNIX domain
sockets.

Staticize unp_addsockcred().

Remove XXX comment regarding Giant and v_socket -- v_socket is protected
by the global UNIX domain socket lock.
2007-02-20 10:50:02 +00:00
Robert Watson
d24c76d1f5 Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
2007-02-20 10:21:27 +00:00
Robert Watson
afdb42748d Rename two identically named log_in_vain variables: tcp_input.c's static
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
2007-02-20 10:20:03 +00:00
Robert Watson
3329b23659 Gratuitous UDP restyling toward style(9) in 7.x. 2007-02-20 10:13:11 +00:00
Robert Watson
3bb153ea78 Remove discontinuity in network privilege number space.
Spotted by:	emaste (ages ago)
2007-02-20 00:28:19 +00:00
Robert Watson
95420afea4 Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. 2007-02-20 00:12:52 +00:00
Robert Watson
2390d78f74 Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with
kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.
2007-02-20 00:06:59 +00:00
Robert Watson
b12c55ab92 Restore sysv_ipc.c:1.30, which was backed out due to interactions with
System V shared memory, now believed fixed in sysv_shm.c:1.109:

  date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
  Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
  specific privilege names to a broad range of privileges.  These may
  require some future tweaking.

  Sponsored by:           nCircle Network Security, Inc.
  Obtained from:          TrustedBSD Project
  Discussed on:           arch@
  Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                          Alex Lyashkov <umka at sevcity dot net>,
                          Skip Ford <skip dot ford at verizon dot net>,
                          Antoine Brodin <antoine dot brodin at laposte dot net>

This restores fine-grained privilege support to System V IPC.

PR:	106078
2007-02-19 22:59:23 +00:00
Robert Watson
3d50b06b8e Remove call to ipcperm() in shmget_existing(). The flags argument is
ignored on other systems I investigated when accessing an existing
memory segment rather than creating a new one.  This call to ipcperm()
is the only one to pass in a complete mode flag to the permission
checks rather than a simple access request mask, and caused problems
for the revised ipcperm() based on the priv(9) interface, which can
now be restored.

PR:	106078
2007-02-19 22:56:10 +00:00
Nate Lawson
699e491f50 Note problems I had with bsnmpd while updating from an older -current.
There may be better ways to fix/work around these issues but this worked
for me.
2007-02-19 22:49:43 +00:00
Robert Watson
19913888ad Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize
adding a netatalk address to an interface.
2007-02-19 22:40:02 +00:00
Robert Watson
95b091d2f2 Rename three quota privileges from the UFS privilege namespace to the
VFS privilege namespace: exceedquota, getquota, and setquota.  Leave
UFS-specific quota configuration privileges in the UFS name space.

This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
2007-02-19 13:33:10 +00:00
Robert Watson
e82d0201bd Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
2007-02-19 13:26:39 +00:00
Robert Watson
8bd5639f18 Do allow bypass of mac_seeotheruids in jail in order to be consistent
with other uses of PRIV_SEEOTHERUIDS.  This will automatically be
scoped to the jail by the jail policy.
2007-02-19 13:25:17 +00:00
Robert Watson
ea04d82da8 Do allow privilege to create over-sized messages on System V IPC
message queues in jail.
2007-02-19 13:23:45 +00:00
Robert Watson
86138fc742 Use priv_check(9) instead of suser(9) for checking the privilege to
set real-time priority on a thread.  It looks like this suser(9)
call was introduced after my first pass through replacing superuser
checks with named privilege checks.
2007-02-19 13:22:36 +00:00
Robert Watson
c3c1b5e62a For now, reflect practical reality that Audit system calls aren't
allowed in Jail: return a privilege error.
2007-02-19 13:10:29 +00:00
Robert Watson
969e5bdcd0 Do allow PIOCSFL in jail for setguid processes; this is more consistent
with other debugging checks elsewhere.  XXX comment on the fact that
p_candebug() is not being used here remains.
2007-02-19 13:04:25 +00:00
Konstantin Belousov
3c97ab97bf Unbreak ddb stepping over special frames after the following commit:
Revision  Changes    Path
  1.113     +4 -2      src/sys/i386/i386/apic_vector.s
  1.117     +7 -1      src/sys/i386/i386/exception.s
  1.36      +7 -7      src/sys/i386/i386/local_apic.c
  1.298     +61 -63    src/sys/i386/i386/trap.c
  1.62      +15 -22    src/sys/i386/i386/vm86.c
  1.32      +4 -2      src/sys/i386/i386/vm86bios.s
  1.21      +2 -2      src/sys/i386/include/apicvar.h
  1.27      +2 -2      src/sys/i386/isa/atpic.c
  1.50      +2 -1      src/sys/i386/isa/atpic_vector.s
  1.35      +1 -1      src/sys/i386/isa/icu.h

Tested by:	kris, Peter Holm
No objections from:	kmacy
2007-02-19 10:57:47 +00:00
Konstantin Belousov
9b2f1a0740 Remove union_dircheckp hook, it is not needed by new unionfs code anymore.
As consequence, getdirentries() no longer needs to drop/reacquire
directory vnode lock, that would allow it to be reclaimed in between.

Reported and tested by:	Peter Holm
Approved by:		rodrigc (unionfs)
MFC after:		1 week
2007-02-19 10:56:09 +00:00
Konstantin Belousov
e277569ee2 MFi386 rev. 1.544 of i386/i386/pmap.c:
Rounding addr upwards to next 2M boundary in pmap_growkernel() could
cause addr to become 0, resulting in an early return without populating
the last PDE.

Reported and tested by:	kris
Suggested by:	alc
MFC after:	1 week
2007-02-19 10:55:16 +00:00
Bruce A. Mah
98d8f299a3 It'd be kind of nice if we installed the hardware notes to their
own directory, rather than overwriting the release notes.  :-p
Fix this.

Pointy hat to:	bmah
2007-02-19 02:46:12 +00:00
Olivier Houchard
f59ae8e84a Add two new options, FLASHADDR, which defines the address the flash is
mapped at, and LOADERRAMADDR, the address at which the loader maps the ram at
at the time the kernel is booted.
They are used to detect if the kernel is booted from the onboard flash.
Define those for the IQ31244
2007-02-19 01:03:08 +00:00
Olivier Houchard
db599c2f20 Teach the kernel and the ELF trampoline how to boot from onboard flash. 2007-02-19 00:57:27 +00:00
Olivier Houchard
0d9fc1e6e1 There's no such thing as a GENERIC kernel on arm.
Spotted out by:	csjp
MFC After:	3 days
2007-02-19 00:37:25 +00:00
Ceri Davies
aaf6f0feaa Bring these files up-to-date.
PR:		docs/108536
2007-02-18 22:41:41 +00:00
Ceri Davies
c12e775489 Clarify the description of the shutdown command. 2007-02-18 22:04:14 +00:00
Ceri Davies
e1854a84ad Correct typos containing my login name (plus one more in expr.y).
Found courtesy of a recursive grep in the wrong directory.
2007-02-18 19:48:59 +00:00
Marcel Moolenaar
9bc4cd63f3 The table of known CPU models ends with an entry that has a version
of 0, not with an entry that has an empty CPU name.

Submitted by: Andrew Turner (andrew@fubar.geek.nz)
2007-02-18 17:40:09 +00:00
Robert Watson
03dc38a48b #ifdef INET6 printing of inpcb IPv6 addresses in DDB. Patch committed
with minor adjustments.

Submitted by:	Florian C. Smeets <flo at kasimir dot com>
2007-02-18 08:57:23 +00:00
Alan Cox
ae0663a383 Eliminate some acquisitions and releases of the page queues lock that are
no longer necessary.
2007-02-18 06:33:02 +00:00
Tim Kientzle
6bf00d8bc7 Andrew and Colin each pointed out to me that truncating the backup
of a growing file should not be considered a "bad thing."

PR: bin/108990
MFC after: 7 days
Pointy hat: /me
2007-02-18 06:23:57 +00:00