Commit Graph

114639 Commits

Author SHA1 Message Date
Robert Watson
7f53207b92 Introduce three additional MAC Framework and MAC Policy entry points to
control socket poll() (select()), fstat(), and accept() operations,
required for some policies:

        poll()          mac_check_socket_poll()
        fstat()         mac_check_socket_stat()
        accept()        mac_check_socket_accept()

Update mac_stub and mac_test policies to be aware of these entry points.
While here, add missing entry point implementations for:

        mac_stub.c      stub_check_socket_receive()
        mac_stub.c      stub_check_socket_send()
        mac_test.c      mac_test_check_socket_send()
        mac_test.c      mac_test_check_socket_visible()

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 18:46:29 +00:00
Tom Rhodes
932d3e21cc Those who are ungodlike should be returned an error. 2005-04-16 18:41:00 +00:00
Robert Watson
f0c2044bd9 In mac_get_fd(), remove unconditional acquisition of Giant around copying
of the socket label to thread-local storage, and replace it with
conditional acquisition based on debug.mpsafenet.  Acquire the socket
lock around the copy operation.

In mac_set_fd(), replace the unconditional acquisition of Giant with
the conditional acquisition of Giant based on debug.mpsafenet.  The socket
lock is acquired in mac_socket_label_set() so doesn't have to be
acquired here.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 18:33:13 +00:00
Nate Lawson
2626a56934 Extend a local buffer to prevent an overflow of the XSDT address.
Submitted by:	Joerg Sonnenberger
Obtained from:	DragonflyBSD
MFC after:	1 day
2005-04-16 17:38:24 +00:00
Giorgos Keramidas
5970af4cd4 Reduce the width of the THR column to 4 characters, to avoid wrap-around
of lines in SMP machines (which are wider), until we have a better way
of handling window sizes & columns in top.

Caught by:	ache, Andre Guibert de Bruet <andy@siliconlandmark.com>
Point hat:	keramida
2005-04-16 15:43:38 +00:00
Marius Strobl
ea35b592d4 Increase default HZ for sparc64 to 1000. 2005-04-16 15:07:41 +00:00
Marius Strobl
2f15864c85 - MFi386: sys/i386/i386/intr_machdep.c rev. 1.11
Don't use atomic ops to increment interrupt stats.
  On sparc64 this reduces delay until tick interrupts are service by 1/10th
  on average. In turn this reduces the clock drift caused by these delays
  so there's less drift which has to be compensated in tick_hardclock().
  This includes switching from atomically incrementing the global cnt.v_intr
  to the asm equivalent of PCPU_LAZY_INC(cnt.v_intr) in exception.S
- Correct some comments to match the registers actually used.
- Correct some format specifiers, interrupt levels passed in are u_int.
- Use FBSDID.

Ok'ed by:	jhb
2005-04-16 15:05:56 +00:00
Marius Strobl
197bb5864f Some changes to intr_execute_handlers():
- Fix NULL pointer dereferences caused when an ithread or a handler is
  NULL which happens when a stray interrupt triggers after the respective
  device interrupt was torn down.
- Remove the critical section around INTR_FAST handlers which actually
  was a nested critical section. Both tl0_intr() and tl1_intr() already
  enter a critical section for calling intr_execute_handlers().

MFC after:	3 days
2005-04-16 15:02:16 +00:00
Marius Strobl
50f046e614 - In sparc64_init() remove the call to tick_stop(). There's no need to
call tick_stop() again after tick_init() as tick interrupts already
  have been disabled as part of tick_init().
- In spinlock_enter() replace the magic value for PIL TICK with the
  respective macro.
- Use FBSDID.
2005-04-16 15:00:09 +00:00
Marius Strobl
7bed9b320b - Add a workaround for a bug in BlackBird CPUs (said to be part of the
SpitFire erratum #54) which can cause writes to the TICK_CMPR register
  to fail. This seems to fix the dying clocks problem reported by jhb@
  and kris@. [1]
- In tick_start() don't reset the tick counter of the boot processor to
  zero. It's initially reset in _start() and afterwards but _before_
  tick_start() is called on the BSP the APs synchronise with the tick
  counter of the BSP in mp_startup(). Resetting the tick counter of the
  BSP in tick_start() probably also was the cause of problems seen when
  using the CPU tick counter as timecounter on SMP machines.
  Not resetting the tick counter of the BSP in mp_startup() makes the
  tick counters and tick interrupts between the BSP and APs be pretty
  much in sync as it's supposed to be. This also means there's no longer
  a real reason to have separate tick_start() and tick_start_ap() so
  merge them and zap tick_start_ap(). This is also a first step in
  simplifying the interface to the tick counters in preparation to use
  alternate clock hardware where available.
- Switch to the algorithm used on FreeBSD/ia64 for updating the tick
  interrupt register and which compensates the clock drift caused by
  varying delays between when the tick interrupts actually trigger and
  when they are serviced. Not compensating the clock drift mainly hurts
  interactive performance especially when using WITNESS. [2]
  For further information about the algorithm also see the commit log
  of sys/ia64/ia64/interrupt.c rev. 1.38.
  On sparc64 the sysctls for monitoring the behaviour of the tick
  interrupts are machdep.tick.adjust_edges, machdep.tick.adjust_excess,
  machdep.tick.adjust_missed and machdep.tick.adjust_ticks.
- In tick_init() just use tick_stop() for stopping the tick interrupts
  until a proper handler is set up later. This also stops the system
  tick interrupt on USIII systems earlier.
- In tick_start() check for a rough upper limit of HZ.
- Some minor changes, e.g. use FBSDID, remove unused headers, etc.

Info obtained from:	Linux [1]
Ok'ed by:		marcel [2]
Additional testing by:	kris (earlier version of the workaround), jhb
X-MFC after:		3 days [1]
2005-04-16 14:57:38 +00:00
Marius Strobl
c066bca62d Fix a style(9) bug in the stxa_sync() macro (DO NOT use function calls
in initializers).
2005-04-16 14:47:50 +00:00
Robert Watson
030a28b3b5 Introduce new MAC Framework and MAC Policy entry points to control the use
of system calls to manipulate elements of the process credential,
including:

        setuid()                mac_check_proc_setuid()
        seteuid()               mac_check_proc_seteuid()
        setgid()                mac_check_proc_setgid()
        setegid()               mac_check_proc_setegid()
        setgroups()             mac_check_proc_setgroups()
        setreuid()              mac_check_proc_setreuid()
        setregid()              mac_check_proc_setregid()
        setresuid()             mac_check_proc_setresuid()
        setresgid()             mac_check_rpoc_setresgid()

MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points.  The mac_test and mac_stub policies are updated.

Submitted by:	Samy Al Bahra <samy@kerneled.org>
Obtained from:	TrustedBSD Project
2005-04-16 13:29:15 +00:00
Christian Brueffer
a431f9bb61 Xref ataraid(4). 2005-04-16 12:43:17 +00:00
Christian Brueffer
4b40473f20 Manual page for the ataraid(4) software RAID driver.
Reviewed by:	sos
2005-04-16 12:40:38 +00:00
Dag-Erling Smørgrav
02dcaf2fd1 Unbreak the build on 64-bit architectures. 2005-04-16 12:37:16 +00:00
Robert Watson
453ffeef5e Add ALQ and KTR_ALQ to NOTES so that they are built into LINT. 2005-04-16 12:14:43 +00:00
Robert Watson
e551d45211 Modify the alq(9) alq_open() API to accept a file creation mode, rather
than defaulting the cmode argument to vn_open() to 0.  Supply a default
argument of ALQ_DEFAULT_CMODE (0600) in current callers.

Discussed with/pointed out by:	hmp
Reveiwed by:	jeff, hmp
MFC after:	3 days
2005-04-16 12:12:27 +00:00
Robert Watson
babcc5ad79 Starting point for a regression test for mac_bsdextended(4)/libugidfw(3).
Currently only performs basic tests against the library string routines,
and queries less important kernel state.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
MFC after:	3 days
2005-04-16 12:06:40 +00:00
Robert Watson
a6c2bc8bcb When parsing the second {uid,gid} in an identity phrase for ugidfw,
check the password or group database before attempting to parse as an
integer, as is done for the first {uid,gid} in an identity phrase.

Obtained from:	TrustedBSD Project
Sponsored by:	SPAWAR, SPARTA
2005-04-16 11:58:55 +00:00
Robert Watson
89afecd482 In practice, you need to include <sys/types.h> and
<security/mac_bsdextended/mac_bsdextended.h> in order to include
<ugidfw.h>, so document that.

MFC after:	3 days
2005-04-16 11:32:46 +00:00
Pawel Jakub Dawidek
231b1be179 - Plug memory leak.
- Fix two style nits.

Found by:	Coverity Prevent analysis tool
Reviewed by:	rwatson
MFC after:	1 week
2005-04-16 10:57:49 +00:00
Marcel Moolenaar
e190f6efc8 Return better "error" values for UWX_BOTTOM and UWX_ABI_FRAME in
unw_step(). Both errors denote the end of a stack trace (i.e. no
prior frame), but are otherwise not error conditions.
Have db_trace() return 0 when the trace ends due to one of these
return codes as they are really normal termination conditions.

This change especially improves the output of the "show thread"
command in DDB when there are threads in fork_trampoline() and
previously db_trace() would return an error, causing the show
command to emit '***'.
2005-04-16 05:38:59 +00:00
Ruslan Ermilov
df98ba00cd Grr, fix another braino. 2005-04-16 05:34:48 +00:00
Ruslan Ermilov
644a4ae9d0 Fix braino in previous revision. 2005-04-16 05:33:42 +00:00
Bill Paul
d84ed2322c When setting up the new stack for a function in x86_64_wrap(), make
sure to make it 16-byte aligned, in keeping with amd64 calling
convention requirements.

Submitted by:	Mikore Li at sun dot com
2005-04-16 04:47:15 +00:00
Eric Anholt
b8aa843c63 Update to DRM CVS as of 2005-04-12, bringing many changes:
- Split core DRM routines back into their own module, rather than using the
  nasty templated system like before.
- Development-class R300 support in radeon driver (requires userland pieces, of
  course).
- Mach64 driver (haven't tested in a while -- my mach64s no longer fit in the
  testbox).  Covers Rage Pros, Rage Mobility P/M, Rage XL, and some others.
- i915 driver files, which just need to get drm_drv.c fixed to allow attachment
  to the drmsub device.  Covers i830 through i915 integrated graphics.
- savage driver files, which should require minimal changes to work.  Covers the
  Savage3D, Savage IX/MX, Savage 4, ProSavage.
- Support for color and texture tiling and HyperZ features of Radeon.

Thanks to:	scottl (much p4 handholding)
		Jung-uk Kim (helpful prodding)
PR:		[1] kern/76879, [2] kern/72548
Submitted by:	[1] Alex, lesha at intercaf dot ru
		[2] Shaun Jurrens, shaun at shamz dot net
2005-04-16 03:44:47 +00:00
Nate Lawson
58ad326be6 Fix mbnambuf support for multi-byte characters. If a substring is larger
than WIN_CHARS bytes, we shift the suffix (previous substrings) upwards
by the amount this substring exceeds its WIN_CHARS slot.  Profiling shows
this change is indistinguishable from the previous code at 95% confidence.
This bug would result in attempts to access or create files or directories
with multi-byte characters returning an error but no data loss.

Reported and tested by:	avatar
MFC after:	3 days
2005-04-16 01:49:50 +00:00
Pawel Jakub Dawidek
d37ed29c98 Document 'clear' and 'dump' subcommands.
MFC after:	1 week
2005-04-15 23:51:20 +00:00
John Baldwin
3c3edcb445 Add a vm.blacklist tunable which can hold a space or comma seperated list
of physical addresses.  The pages containing these physical addresses will
not be added to the free list and thus will effectively be ignored by the
VM system.  This is mostly useful for the case when one knows of specific
physical addresses that have bit errors (such as from a memtest run) so
that one can blacklist the bad pages while waiting for the new sticks of
RAM to arrive.  The physical addresses of any ignored pages are listed in
the message buffer as well.
2005-04-15 21:45:02 +00:00
Simon L. B. Nielsen
514ff253c2 - Add Dell PERC 4ei to the list of supported devices. It's an
alias used by Dell sometimes for PERC 4e/Si. [1]
- Delete some trailing whitespace.

MFC after:	1 day
Rapported by:	Jon Kuster <kwsn@earthlink.net> [1]
2005-04-15 21:18:31 +00:00
Peter Wemm
8f98d260f1 Remove NO_MIXED_MODE option 2005-04-15 18:48:27 +00:00
Peter Wemm
ae692d88c4 MFi386: sync rtc code - don't setup an interrupt handler for irq0 when
the lapic timer is active.  Don't enable periodic interrupts unless we are
using them.  Replace spl protection with a spinlock.
2005-04-15 18:46:53 +00:00
Peter Wemm
e137a5d63a MFi386: remove NO_MIXED_MODE 2005-04-15 18:45:07 +00:00
Peter Wemm
ba5f6b61da MFi386: use the lapic timer for UP systems that are using the apic so that
IRQ0 and mixed mode isn't a problem anymore.  This removes mixed mode
support because nothing is left that uses it.
2005-04-15 18:44:53 +00:00
Peter Wemm
0501844603 MFi386: use c99 types 2005-04-15 18:41:32 +00:00
Peter Wemm
7234adbe8e Show that I can actually count. 2005-04-15 18:39:31 +00:00
Peter Wemm
2fc8e0f037 MFi386: track bus.h changes (unsplit bus_${machine}.h) 2005-04-15 18:38:59 +00:00
Hajimu UMEMOTO
62e8b17d72 Now, our getservbyname(3) is thread-safe. So, we don't need
to protect it with mutex lock.
2005-04-15 18:15:12 +00:00
Hajimu UMEMOTO
96f79dca76 - add getserv{byname,byport,ent}_r for internal use within libc.
- make getserv{byname,byport,ent} thread-safe.

Reviewed by:	gnn
2005-04-15 18:09:39 +00:00
Giorgos Keramidas
38afdcbc3c Various sh(1) enhancements:
- Move the description of the ``-c string'' option closer to the option itself.
- Add an ENVIRONMENT section (1)
- Add more .Xr cross references to the SEE ALSO section.

Obtained from:  NetBSD (1)
2005-04-15 14:53:29 +00:00
Joseph Koshy
3bbf58f9be Add a 'SEE ALSO' section. 2005-04-15 14:46:59 +00:00
Hajimu UMEMOTO
159d2a98c5 hostalias() is not thread-safe. So, introduce _res_hostalias()
and use it.

Obtained from:	BIND9
2005-04-15 14:42:29 +00:00
Simon L. B. Nielsen
dd91e9eb42 Document FreeBSD-SA-05:04.ifconf.
MFC after:	1 day
2005-04-15 14:27:26 +00:00
Yoshihiro Takahashi
e1bb7d0dfc MFi386: revision 1.219. 2005-04-15 14:24:49 +00:00
Søren Schmidt
d1719942b3 Make things compile again with ATA_STATIC_ID. 2005-04-15 14:19:41 +00:00
Maxim Konovalov
f305048664 Fix a typo in the comment.
Noticed by:	Samy Al Bahra
2005-04-15 14:01:43 +00:00
Denis Peplin
3eb1247ba7 Typo fix 2005-04-15 13:13:08 +00:00
Denis Peplin
546b321d76 Merge the following from the English version:
1.832 -> 1.843 relnotes/common/new.sgml

Obtained from:	The FreeBSD Russian Documentation Project
2005-04-15 12:03:46 +00:00
Pawel Jakub Dawidek
ba9bc36af1 Add missing links.
MFC after:	2 weeks
2005-04-15 10:57:34 +00:00
Søren Schmidt
9f2ea2bcd5 Move the creation of ata_channel child devices to the channel code.
This allows to attach to the children (ATA devices) even without a
driver being attached. This allows atapi-cam to do its work both
with and without the pure ATAPI driver being present.

ATA patches by /me
ATAPI-cam pathes by Thomas
2005-04-15 10:20:52 +00:00