Commit Graph

65169 Commits

Author SHA1 Message Date
Robert Watson
bda63e26d8 o Introduce pr_securelevel, which holds a per-jail securelevel.
Obtained from:	TrustedBSD Project
2001-09-26 20:36:08 +00:00
Robert Watson
6748bcc51e o Modify ufs_setattr() so that it uses securelevel_gt() instead of
direct variable access.

Obtained from:	TrustedBSD Project
2001-09-26 20:31:37 +00:00
Robert Watson
8c5d4fe829 o Modify access control checks in mmap() to use securelevel_gt() instead
of direct variable access.

Obtained from:	TrustedBSD Project
2001-09-26 20:29:39 +00:00
Robert Watson
3026f29e34 o securelevel_gt() patches came from pre-KSE alpha -- this revision
fixes the compile and uses td->td_proc instead of p.

Obtained from:	TrustedBSD Project
2001-09-26 20:27:23 +00:00
Robert Watson
e8a340cd9a o Modify pc98 syscons code to use securelevel_gt() instead of
direct variable checks.  (Yet another API to perform direct hardware I/O).

Obtained from:	TrustedBSD Project
2001-09-26 20:26:32 +00:00
Robert Watson
b9c6f21493 o Modify the access control checks for the ia64 /dev/mem (and friends)
to use securelevel_gt() instead of direct variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:24:23 +00:00
Jeroen Ruigrok van der Werven
54045486e0 Add ERRORS section.
Mention thread safety and async-cancel safety status [not].
Add standards compliancy references.
Note strtol() is preferred over atoi().

MFC after:	2 weeks
2001-09-26 20:22:44 +00:00
Robert Watson
41c42188c8 o Modify access control checks in linux_iopl() to use securelevel_gt()
rather than direct variable checks.  (Yet another API to perform
  direct hardware I/O.)

Obtained from:	TrustedBSD Project
2001-09-26 20:22:38 +00:00
Robert Watson
ce3a32b6da o Modify pcvt ioctl() security checks to use securelevel_gt() instead
of direct securelevel variable checks.  (Yet another API to perform
  direct hardware I/O using KDENABIO.)

Obtained from:	TrustedBSD Project
2001-09-26 20:21:28 +00:00
Robert Watson
9997f52470 o Modify spigot_open() to use securelevel_gt() instead of direct
securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:20:05 +00:00
Robert Watson
f86cf763ef o Modify generic specfs device open access control checks to use
securelevel_ge() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:18:26 +00:00
Robert Watson
8c7cc7234e o Modify syscons ioctl securelevel checks to use securelevel_gt() (oh look,
yet another API to do direct hardware I/O access.)

Obtained from:	TrustedBSD Project
2001-09-26 20:17:15 +00:00
Robert Watson
19f1565901 o Modify open() and close() for /dev/random to use securelevel_gt() instead
of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:15:42 +00:00
Robert Watson
8002488bd9 o Modify access control code for /dev/pci device to use securelevel_gt()
instead of direct securelevel variable test.

Obtained from:	TrustedBSD Project
2001-09-26 20:14:03 +00:00
Robert Watson
f7312ca2a9 o Modify access control code for the CAM SCSI pass-through device to
use securelevel_gt() instead of direct securelevel variable test.

Obtained from:	TrustedBSD Project
2001-09-26 20:13:16 +00:00
Jeroen Ruigrok van der Werven
5578cfa2fa Be explicit about the POSIX version it conforms to [in this case 1990].
Put the error comment under the more appropriate ERRORS section.
2001-09-26 20:10:10 +00:00
Robert Watson
330e78897a o Modify i386_set_ioperm() to use securelevel_gt() instead of
direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:08:15 +00:00
Robert Watson
1851c8fd41 o Modify device open access control for /dev/mem and friends to use
securelevel_gt() instead of direct securelevel variable checks.

Obtained from:	TrustedBSD Project
2001-09-26 20:08:02 +00:00
Robert Watson
785f9ffca3 o Modify IPFW and DUMMYNET administrative setsockopt() calls to use
securelevel_gt() to check the securelevel, rather than direct access
  to the securelevel variable.

Obtained from:	TrustedBSD Project
2001-09-26 19:58:29 +00:00
Robert Watson
d501d04b9e o Modify static settime() to accept the proc * for the process requesting
a time change, and callers so that they provide td->td_proc.
o Modify settime() to use securevel_gt() for securelevel checking.

Obtained from:	TrustedBSD Project
2001-09-26 19:53:57 +00:00
Robert Watson
c2f413af19 o Modify sysctl access control check to use securelevel_gt(), and
clarify sysctl access control logic.

Obtained from:	TrustedBSD Project
2001-09-26 19:51:25 +00:00
Jeroen Ruigrok van der Werven
99e8131545 Change standards compliancy order so that C and POSIX are grouped. 2001-09-26 19:42:39 +00:00
Matthew Dillon
46cad5761c Enable vmiodirenable by default. Remove incorrect comment from sysctl.conf.
MFC after:	1 week
2001-09-26 19:35:04 +00:00
Guido van Rooij
775b007440 Redo patch in 1.22 such that the header printing is reset when the
process gets a SIGCONT

Reviewed by:	kris@freebs.org
MFC after:	2 weeks
2001-09-26 19:35:03 +00:00
Doug Rabson
fa129a40db Tidy up and fix a runtime warning. 2001-09-26 16:15:20 +00:00
Ruslan Ermilov
43e09ab2db WARNSify. 2001-09-26 11:34:14 +00:00
Ruslan Ermilov
1b00c916a1 The "cat - -" feature was broken by the last commit.
Restore the code that avoided closing and reopening
stdin.  This is also required by POSIX.  As a bonus,
enable multiple stdin reads with the -benstv flags,
by resetting the EOF condition on stdin.
2001-09-26 11:32:23 +00:00
Matthew Dillon
3418ebebfe Make uio_yield() a global. Call uio_yield() between chunks
in vn_rdwr_inchunks(), allowing other processes to gain an exclusive
lock on the vnode.  Specifically: directory scanning, to avoid a race to the
root directory, and multiple child processes coring simultaniously so they
can figure out that some other core'ing child has an exclusive adv lock and
just exit instead.

This completely fixes performance problems when large programs core.  You
can have hundreds of copies (forked children) of the same binary core all
at once and not notice.

MFC after:	3 days
2001-09-26 06:54:32 +00:00
Poul-Henning Kamp
c36b0a4edb Give people a chance to do things before fsck is run.
MFC after:	2 weeks
2001-09-26 06:17:25 +00:00
David E. O'Brien
364f9ab989 Run rc.devfs a little bit earlier.
Many people like to use generic devices in rc.syscons, etc..
So rc.devfs needs to run before those rc files.

Requested by:	Jos Backus <josb@cncdsl.com>
2001-09-26 06:01:40 +00:00
Marcel Moolenaar
b18013f823 The arg parameter is passed by value in Linux, but not in FreeBSD.
We still have to account for a copyin. Make sure the copyin will
succeed by passing the FreeBSD syscall a pointer to userspace,
albeit one that's automagically mapped into kernel space.

Reported by: mr, Mitsuru IWASAKI <iwasaki@jp.FreeBSD.org>
Tested by: Mitsuru IWASAKI <iwasaki@jp.FreeBSD.org>
2001-09-26 05:39:59 +00:00
Paul Saab
88b1d98f31 Lock the vnode while truncating the corefile. This fixes a panic
with softupdates dangling deps.

Submitted by:	peter
MFC:		ASAP :)
2001-09-26 01:24:07 +00:00
Brooks Davis
9efaa0ae62 Add a standard hack in the spirit of PCI_ENABLE_IO_MODES to allow systems
with weird PCI-PCI bridge configurations to work.  Defining
PCI_ALLOW_UNSUPPORTED_IO_RANGE causes the sanity checks to pass even
with out of range values.

Reviewed by:	msmith
2001-09-26 01:11:33 +00:00
Bill Fenner
bd5b9e17b0 Fix (typo? pasteo?): panic("ffs_mountroot..." -> panic("ntfs_mountroot...") 2001-09-26 00:36:33 +00:00
Peter Wemm
4d7552180d Make this 'make obj' safe 2001-09-26 00:13:08 +00:00
John Baldwin
21377ce065 Remove superflous parens after de-macroizing. 2001-09-26 00:05:18 +00:00
John Baldwin
6b12d30f28 Include sys/ktr.h before sys/_lock.h to ensure LOCK_DEBUG is set to its
proper value.
2001-09-25 23:52:30 +00:00
John Baldwin
9ba567a07c Move the definition of LOCK_DEBUG from sys/lock.h to sys/_lock.h. 2001-09-25 23:51:54 +00:00
Scott Long
a3484cc54c Clarify how to determine the firmware version.
Submitted by:	Anders Andersson <anders@codefactory.se>
MFC after:	3 days
2001-09-25 22:33:53 +00:00
Robert Watson
75bc5b3f22 o So, when <dd> e-mailed me and said that the comment was inverted
for securelevel_ge() and securelevel_gt(), I was a little surprised,
  but fixed it.  Turns out that it was the code that was inverted, during
  a whitespace cleanup in my commit tree.  This commit inverts the
  checks, and restores the comment.
2001-09-25 21:08:33 +00:00
Ian Dowse
3f48bf186f RFC2132 is not clear about whether the "Maximum DHCP Message Size"
refers to the size of the whole ethernet packet, just the DHCP
message within the UDP payload, or something else. bootpd interpreted
it as a maximum UDP payload size, so it could end up sending
fragmented packets to clients (such as some versions of Etherboot)
that used different interpretations of the maximum message size.

Switch to the most conservative interpretation: ensure that the
ethernet packet containing the response is no larger than the
specified maximum message size. This matches the behaviour of
the ISC dhcpd.

MFC after:	1 week
2001-09-25 21:02:10 +00:00
Ian Dowse
2510719736 The -A option (beep when packets are dropped) didn't work quite
right; after a single packet was dropped it beeped after every
transmission.

Change its implementation to only output a bell when there is an
increase in the maximum value of the number of packets that were
sent but not yet received. This has the benefit that even for very
long round-trip times, ping -A will do roughly the right thing
after a few inital false-positives.

Reviewed by:	ru
2001-09-25 20:22:33 +00:00
Doug Rabson
5f802bfc9f Calculate the valid flag for ITRs and DTRs correctly. Also fix a couple
of minor problems and remove some debugging code.
2001-09-25 19:44:19 +00:00
Bruce A. Mah
99a7ea5c0e New release notes: aac(4) update, Yahoo! coredump patch, touch(1) -h. 2001-09-25 19:09:24 +00:00
Brooks Davis
2f65332817 The faith(4) device is no longer a count device so don't specify a count. 2001-09-25 18:56:40 +00:00
Wilko Bulte
7bdd46e6a1 Clarify that it is the SRM console that disables onboard USB on DS10.
Applies to newer SRM versions only. Verified by checking various SRM
revs.
2001-09-25 18:44:31 +00:00
Brooks Davis
9494d5968f Make faith loadable, unloadable, and clonable. 2001-09-25 18:40:52 +00:00
Ruslan Ermilov
0ec8be8404 mdoc(7) police: fixed markup. 2001-09-25 18:10:18 +00:00
Søren Schmidt
72c2f499ce Add a fix for the VIA82C686B data corruption bug.
This fixed the problem on the 3 platforms I've been able to test on.

I'm still of the oppinion that the BIOS should take care of this,
however some board makers only apply this when they spot a
SBLive! soundcard, but the problem exists even without a SBLive!.

This fix should probably go somewhere else, but for now I'll
keep it here since we havn't got a central place to put
such things.
2001-09-25 17:10:39 +00:00
Kazutaka YOKOTA
d4b248f23e Yet another turn of workaround for psm/ACPI/PnP BIOS
problems currently experienced in -CURRENT.

This should fix the problem that the PS/2 mouse is detected
twice if the acpi module is not loaded on some systems.
2001-09-25 16:59:28 +00:00