Commit Graph

36145 Commits

Author SHA1 Message Date
Mitsuru IWASAKI
4690674e12 Add new loader tunable hw.acpi.ec.event_driven so that we control
EcWaitEventIntr()'s behavior.
Some EC controllers require this for working properly (including
sleep/wakeup).
2002-10-24 10:56:33 +00:00
Maxime Henrion
56e77afa59 Fix kernel build on sparc64 in the IPDIVERT case. 2002-10-24 09:58:50 +00:00
David Xu
9991db0cb5 don't forget to remove kse from idle queue. 2002-10-24 09:16:46 +00:00
Julian Elischer
5c8329ed6c Move thread related code from kern_proc.c to kern_thread.c.
Add code to free KSEs and KSEGRPs on exit.
Sort KSE prototypes in proc.h.
Add the missing kse_exit() syscall.

ksetest now does not leak KSEs and KSEGRPS.

Submitted by:	(parts) davidxu
2002-10-24 08:46:34 +00:00
Jeff Roberson
bbee39c629 - Now that uma_zalloc_internal is not the fast path don't be so fussy about
extra function calls.  Refactor uma_zalloc_internal into seperate functions
   for finding the most appropriate slab, filling buckets, allocating single
   items, and pulling items off of slabs.  This makes the code significantly
   cleaner.
 - This also fixes the "Returning an empty bucket." panic that a few people
   have seen.

Tested On:	alpha, x86
2002-10-24 07:59:03 +00:00
Marcel Moolenaar
0761a64f29 o Fix a size calculation based on a 8KB page, while under EFI
pages are 4KB.
o  As a second order fix, don't assume we have enough space
   after the bootinfo block left in a page to hold the memory
   map.
o  A third order fix as that we removed the assumption that a
   bootinfo block fits in a single 8KB page.

PR: ia64/39415
submitted by: Espen Skoglund <esk@ira.uka.de>
2002-10-24 07:53:12 +00:00
Yoshihiro Takahashi
2ca2ca3af6 The rc driver is not needed for pc98. 2002-10-24 07:18:24 +00:00
Marcel Moolenaar
8c7cf505d7 Build the following modules on ia64 as well:
ar, asr, bktr, cardbus, cbb, ep, exca, hea, hfa, ipfilter, lomac,
netgraph, pccard, rc, sound, sppp, vinum.
2002-10-24 07:16:24 +00:00
Jeff Roberson
bba739abf9 - Move the destructor calls so that they are not called with the zone lock
held.  This avoids a lock order reversal when destroying zones.
   Unfortunately, this also means that the free checks are not done before
   the destructor is called.

Reported by:	phk
2002-10-24 06:17:30 +00:00
Kris Kennaway
9670fc7423 Remove gcc-specific optimization/debugging CFLAGS 2002-10-24 03:56:16 +00:00
Robert Watson
51a9219f57 Commit of Makefile missed in earlier pass.
Submitted by:	kuriyama
2002-10-24 02:04:03 +00:00
Ian Dowse
efac726eeb Unbreak the automatic remapping of an INADDR_ANY destination address
to the primary local IP address when doing a TCP connect(). The
tcp_connect() code was relying on in_pcbconnect (actually in_pcbladdr)
modifying the passed-in sockaddr, and I failed to notice this in
the recent change that added in_pcbconnect_setup(). As a result,
tcp_connect() was ending up using the unmodified sockaddr address
instead of the munged version.

There are two cases to handle: if in_pcbconnect_setup() succeeds,
then the PCB has already been updated with the correct destination
address as we pass it pointers to inp_faddr and inp_fport directly.
If in_pcbconnect_setup() fails due to an existing but dead connection,
then copy the destination address from the old connection.
2002-10-24 02:02:34 +00:00
Robert Watson
8c7327e183 Provide a simple sample labeled access control policy, mac_partition.
This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition.  Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf.  This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 23:36:27 +00:00
Robert Watson
5136300015 Provide a simple sample labeled access control policy, mac_partition.
This policy can be loaded dynamically, and assigns each process a
partition number, as well as permitting processes to operate outside
the partition.  Processes contained in a partition can only "see"
processes inside the same partition, so it's a little like jail.
The partition of a user can be set using the label mechanisms in
login.conf.  This sample policy is a good starting point for developers
wanting to learn about how to produce labeled policies, as it labels
only one kernel object, the process credential.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 23:36:26 +00:00
Kirk McKusick
c0762674c9 We must be careful to avoid recursive copy-on-write faults when
trying to clean up during disk-full senarios.

Sponsored by:	DARPA & NAI Labs.
2002-10-23 21:47:02 +00:00
John Baldwin
b6ca678e32 We always need sys/pcpu.h now, not just for the SMP case.
Approved by:	jake
2002-10-23 20:18:33 +00:00
Poul-Henning Kamp
bcc4e90a1b Remove NO_GEOM from sparc64.
Reminded by:	jhb
2002-10-23 18:27:37 +00:00
John Baldwin
599c57a971 - New-bussify the rc(4) device driver.
- Add detach support to the driver so that you can kldunload the module.
  Note that currently rc_detach() fails to detach a unit if any of its
  child devices are open, thus a kldunload will fail if any of the tty
  devices are currently open.
- sys/i386/isa/ic/cd180.h was moved to sys/dev/ic/cd180.h as part of
  this change.

Requested by:	rwatson
Tested by:	rwatson
2002-10-23 15:53:09 +00:00
Hidetoshi Shimokawa
3983050934 Don't send/recieve packets when the interface is down. 2002-10-23 15:16:37 +00:00
John Baldwin
08675def10 npx(4) doesn't honor port hints so don't provide an example one. 2002-10-23 14:52:53 +00:00
Hidetoshi Shimokawa
06a93bac4f - Dequeue OCBs more safely in sbp_abort_all_ocbs(). 2002-10-23 13:04:02 +00:00
Yoshihiro Takahashi
43b6e2a273 MFi386: revision 1.10 2002-10-23 12:54:05 +00:00
Poul-Henning Kamp
0eb5dd8cc0 Only define SEEK_{SET,CUR,END} if not already defined (by <stdio.h>) 2002-10-23 12:13:10 +00:00
Dag-Erling Smørgrav
f2c1ea8152 Whitespace cleanup. 2002-10-23 10:26:54 +00:00
Mark Murray
64f82235d8 Very minor whitespace/style nit. 2002-10-23 10:14:30 +00:00
Mark Murray
54b2b8a758 Put parentheses around function-like macros to shut up warnings. 2002-10-23 10:12:12 +00:00
Maxim Konovalov
ba3a9d459c Kill EOL spaces.
Approved by:	luigi
MFC after:	1 week
2002-10-23 10:07:55 +00:00
Maxim Konovalov
6b6874b20c Use syslog for messages about dropped sessions, do not flood a console.
Suggested by:	Eugene Grosbein <eugen@kuzbass.ru>
Approved by:	luigi
MFC after:	1 week
2002-10-23 10:05:19 +00:00
Kirk McKusick
2eff16f057 Missplaced FREE_LOCK causes a panic when hit while taking a snapshot.
Sponsored by:	DARPA & NAI Labs.
2002-10-23 05:14:06 +00:00
Alexander Kabaev
96725dd01a Handle binaries with arbitrary number PT_LOAD sections, not only
ones with one text and one data section.

The text and data rlimit checks still needs to be fixed to properly
accout for additional sections.

Reviewed by:	peter (slightly different patch version)
2002-10-23 01:57:39 +00:00
SUZUKI Shinsuke
2754d95d85 fixed a kernel crash by "ifconfig stf0 inet 1.2.3.4"
MFC after:	1 week
2002-10-22 22:50:38 +00:00
Thomas Quinot
e937fdbdcd Fill in missing parts of the ATAPI/CAM XPT: implement XPT_RESET_BUS
and XPT_RESET_DEV.

In order to properly handle reset requests whether they originate in the
ATA layer (atacontrol reinit) or from the CAM layer (camcontrol reset)
ata_reinit does not cause the SIM to be deallocated anymore. The SIM
is now unconditionnally created for each ATAPI bus.

This change may cause existing bus ids to change on some setups.

Reviewed by:	roberto
Approved by:	sos
2002-10-22 20:18:51 +00:00
Robert Watson
103bcded1d Style fix: space between 'switch' and '('. 2002-10-22 19:01:49 +00:00
John Baldwin
12f65109c8 Don't dereference the 'x' pointer if it is NULL, instead skip the
assignment.  The netsmb code likes to call these functions with a NULL
x argument a lot.

Reported by:	Vallo Kallaste <kalts@estpak.ee>
2002-10-22 18:44:59 +00:00
Robert Watson
11f0df9ed0 s/mls/biba/ in a copy+paste error for a printf. 2002-10-22 18:36:47 +00:00
Jake Burkholder
bb56f27799 - Expand struct trapframe to 256 bytes, make all fields fixed width and the
same size.  Add some fields that previously overlapped with something else
  or were missing.
- Make struct regs and struct mcontext (minus floating point) the same as
  struct trapframe so converting between them is easy (null).
- Add space for saving floating point state to struct mcontext.  This requires
  that it be 64 byte aligned.
- Add assertions that none of these structures change size, as they are part
  of the ABI.
- Remove some dead code in sendsig().
- Save and restore %gsr in struct trapframe.  Remember to restore %fsr.
- Add some comments to exception.S.
2002-10-22 18:03:15 +00:00
John Baldwin
e2ded8bbde - No need for pmtimer hint anymore.
- npx doesn't need an 'at' hint anymore.
2002-10-22 17:32:51 +00:00
John Baldwin
34bf8de99d No need for pmtimer hint anymore. 2002-10-22 17:32:27 +00:00
John Baldwin
8bbdb8e89f Add an identify method that creates a pmtimer0 device if it doesn't alreedy
exist.  Hints are no longer needed to instantiate a pmtimer(4) device.
2002-10-22 17:30:52 +00:00
Robert Watson
f0ed8fc408 Remove the mac_te policy bits from 'struct oldmac' -- we're not going
to merge mac_te, since the SEBSD port of SELinux/FLASK provides a much
more mature Type Enforcement implementation.  This changes the size
of the on-disk 'struct oldmac' EA labels, which may require regeneration.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 17:19:06 +00:00
Robert Watson
78704ef457 opt_mac.h is no longer required for any of these modules, remove from
the dependencies.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 17:10:15 +00:00
Robert Watson
f6f5401f61 Don't enforce MAC Biba policy for socket visibility if Biba is not
explicitly enabled.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 17:02:42 +00:00
Matthew N. Dodd
bd762c58db Reserve a major number for NVIDIA. 2002-10-22 16:42:16 +00:00
Robert Drehmel
d08926b1f6 Change the `mutex_prof' structure to use three variables contained
in an anonymous structure as counters, instead of an array with
preprocessor-defined names for indices.  Remove the associated XXX-
comment.
2002-10-22 16:06:28 +00:00
Robert Watson
3e732e7d7d Invoke mac_check_vnode_mmap() during mmap operations on vnodes,
permitting policies to restrict access to memory mapping based on
the credential requesting the mapping, the target vnode, the
requested rights, or other policy considerations.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 15:56:44 +00:00
Robert Watson
1cbfd977fd Introduce MAC_CHECK_VNODE_SWAPON, which permits MAC policies to
perform authorization checks during swapon() events; policies
might choose to enforce protections based on the credential
requesting the swap configuration, the target of the swap operation,
or other factors such as internal policy state.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 15:53:43 +00:00
Robert Watson
2789e47e2c Missed in previous merge: export sizeof(struct oldmac) rather than
sizeof(struct mac).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 15:33:33 +00:00
Yoshihiro Takahashi
53b8edec96 MFi386: revision 1.543. 2002-10-22 15:25:25 +00:00
Yoshihiro Takahashi
2ea0bd9562 Merged from sys/isa/syscons_isa.c revision 1.20. 2002-10-22 15:22:49 +00:00
Yoshihiro Takahashi
abf7bd9e91 MFi386: revisions 1.189 and 1.190. 2002-10-22 15:19:46 +00:00
Robert Watson
db83b66868 Move the label initialized flag into _label.h: it's no longer
exported to userspace.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:32:54 +00:00
Robert Watson
24e8d0d07b Adapt MAC policies for the new user API changes; teach policies how
to parse their own label elements (some cleanup to occur here in the
future to use the newly added kernel strsep()).  Policies now
entirely encapsulate their notion of label in the policy module.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:31:34 +00:00
John Baldwin
1c865ac70e - Check that a process isn't a new process (p_state == PRS_NEW) before
trying to acquire it's proc lock since the proc lock may not have been
  constructed yet.
- Split up the one big comment at the top of the loop and put the pieces
  in the right order above the various checks.

Reported by:	kris (1)
2002-10-22 14:31:32 +00:00
Robert Watson
f7b951a8e0 Support the new MAC user API in kernel: modify existing system calls
to use a modified notion of 'struct mac', and flesh out the new variation
system calls (almost identical to existing ones except that they permit
a pid to be specified for process label retrieval, and don't follow
symlinks).  This generalizes the label API so that the framework is
now almost entirely policy-agnostic.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:29:47 +00:00
Robert Watson
475b9d0a7c Revised APIs for user process label management; the existing APIs relied
on all label parsing occuring in userland, and knowledge of the loaded
policies in the user libraries.  This revision of the API pushes that
parsing into the kernel, avoiding the need for shared library support
of policies in userland, permitting statically linked binaries (such
as ls, ps, and ifconfig) to use MAC labels.  In these API revisions,
high level parsing of the MAC label is done in the MAC Framework,
and interpretation of label elements is delegated to the MAC policy
modules.  This permits modules to export zero or more label elements
to user space if desired, and support them in the manner they want
and with the semantics they want.  This is believed to be the final
revision of this interface: from the perspective of user applications,
the API has actually not changed, although the ABI has.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:27:44 +00:00
Robert Watson
5cb559a5e0 Regen. 2002-10-22 14:23:52 +00:00
Robert Watson
aad1cdc852 Flesh out prototypes for __mac_get_pid, __mac_get_link, and
__mac_set_link, based on __mac_get_proc() except with a pid,
and __mac_get_file(), __mac_set_file() except that they do
not follow symlinks.  First in a series of commits to flesh
out the user API.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-22 14:22:24 +00:00
Mike Barcroft
7a43ac45b2 Note that id_t can also hold a gid_t. Realign comments. 2002-10-22 13:26:35 +00:00
Sheldon Hearn
29b4d52653 Fix typo in comments (misspelled "necessary"). 2002-10-22 12:10:27 +00:00
Tim J. Robbins
2d7b9daffd Add back the typedefs for in_addr_t and in_port_t; some broken autoconf
scripts expect <sys/types.h> to define them.
2002-10-22 09:57:34 +00:00
Jake Burkholder
069604aa96 Start tick at the correct time (cpu_init_clocks), instead of cpu_startup. 2002-10-22 07:10:15 +00:00
Mike Silbersack
26c138c5e2 Add some magic bits necessary to turn the transmitter on for some
(newer) 556B chips.

Requested & tested by:	Dinesh Nambisan <dinesh@nambisan.net>
Magic bits found by:	Dave Dribin & Donald Becker

MFC After:	3 days
2002-10-22 02:33:50 +00:00
David Xu
81fd489272 detect idle kse correctly. 2002-10-22 02:27:19 +00:00
Kirk McKusick
0152387ade This update further fine tunes the locking of snapshot vnodes in
the ffs_copyonwrite routine to avoid a deadlock between the syncer
daemon trying to sync out a snapshot vnode and the bufdaemon
trying to write out a buffer containing the snapshot inode.
With any luck this will be the last snapshot race condition.

Sponsored by:	DARPA & NAI Labs.
2002-10-22 01:23:00 +00:00
Kirk McKusick
127ab960d5 This update is a performance improvement when allocating blocks on
a full filesystem. Previously, if the allocation failed, we had to
fsync the file before rolling back any partial allocation of indirect
blocks. Most block allocation requests only need to allocate a single
data block and if that allocation fails, there is nothing to unroll.
So, before doing the fsync, we check to see if any rollback will
really be necessary. If none is necessary, then we simply return.
This update eliminates the flurry of disk activity that got triggered
whenever a filesystem would run out of space.

Sponsored by:	DARPA & NAI Labs.
2002-10-22 01:14:25 +00:00
Kirk McKusick
9e4b381a54 This update removes a race between unmount and lookup. The lookup
locks the mount point directory while waiting for vfs_busy to clear.
Meanwhile the unmount which holds the vfs_busy lock tried to lock
the mount point vnode. The fix is to observe that it is safe for the
unmount to remove the vnode from the mount point without locking it.
The lookup will wait for the unmount to complete, then recheck the
mount point when the vfs_busy lock clears.

Sponsored by:	DARPA & NAI Labs.
2002-10-22 01:06:44 +00:00
Kirk McKusick
e03486d198 This checkin reimplements the io-request priority hack in a way
that works in the new threaded kernel. It was commented out of
the disksort routine earlier this year for the reasons given in
kern/subr_disklabel.c (which is where this code used to reside
before it moved to kern/subr_disk.c):

----------------------------
revision 1.65
date: 2002/04/22 06:53:20;  author: phk;  state: Exp;  lines: +5 -0
Comment out Kirks io-request priority hack until we can do this in a
civilized way which doesn't cause grief.

The problem is that it is not generally safe to cast a "struct bio
*" to a "struct buf *".  Things like ccd, vinum, ata-raid and GEOM
constructs bio's which are not entrails of a struct buf.

Also, curthread may or may not have anything to do with the I/O request
at hand.

The correct solution can either be to tag struct bio's with a
priority derived from the requesting threads nice and have disksort
act on this field, this wouldn't address the "silly-seek syndrome"
where two equal processes bang the diskheads from one edge to the
other of the disk repeatedly.

Alternatively, and probably better: a sleep should be introduced
either at the time the I/O is requested or at the time it is completed
where we can be sure to sleep in the right thread.

The sleep also needs to be in constant timeunits, 1/hz can be practicaly
any sub-second size, at high HZ the current code practically doesn't
do anything.
----------------------------

As suggested in this comment, it is no longer located in the disk sort
routine, but rather now resides in spec_strategy where the disk operations
are being queued by the thread that is associated with the process that
is really requesting the I/O. At that point, the disk queues are not
visible, so the I/O for positively niced processes is always slowed
down whether or not there is other activity on the disk.

On the issue of scaling HZ, I believe that the current scheme is
better than using a fixed quantum of time. As machines and I/O
subsystems get faster, the resolution on the clock also rises.
So, ten years from now we will be slowing things down for shorter
periods of time, but the proportional effect on the system will
be about the same as it is today. So, I view this as a feature
rather than a drawback. Hence this patch sticks with using HZ.

Sponsored by:	DARPA & NAI Labs.
Reviewed by:	Poul-Henning Kamp <phk@critter.freebsd.dk>
2002-10-22 00:59:49 +00:00
Semen Ustimenko
52d0ed1d0d Remove the OpenBSD comatibility stuff. Many changes to be more style(9)
compilant. Split two pieces if code into separate functions to do not
exceed line length due to indentation.
2002-10-22 00:57:51 +00:00
Robert Watson
57e2f49300 mac_none is a stub policy without any functional implementation.
Various cleanups, no functional changes:

	- Fix a type in an entry point stub, socket checks accept
	  sockets, not vnodes.
	- Trailing whitespace
	- Entry point sort order

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 23:16:23 +00:00
Julian Elischer
1dab89f156 Remove the process state PRS_WAIT.
It is never used. I left it there from pre-KSE days as I didn't know
if I'd need it or not but now I know I don't.. It's functionality
is in TDI_IWAIT in the thread.
2002-10-21 22:27:36 +00:00
Peter Wemm
dbd72e23c5 psl.h isn't referenced anywhere that I could find on the alpha, so remove
this stub.
2002-10-21 21:08:32 +00:00
Robert Watson
36cf29fd8d Introduce mac_biba_copy() and mac_mls_copy(), which conditionally
copy elements of one Biba or MLS label to another based on the flags
on the source label element.  Use this instead of
mac_{biba,mls}_{single,range}() to simplify the existing code, as
well as support partial label updates (we don't update if none is
requested).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 20:55:39 +00:00
John Baldwin
01a4d0197d Grrr, s/PBP/BPB/ here as well.
Noticed by:	peter
2002-10-21 20:52:51 +00:00
Mike Barcroft
bb8345d65b Add the ability to specify a strict C99 environment with the
_C99_SOURCE constant, which should be defined before including any
standard headers.
2002-10-21 20:50:30 +00:00
Ian Dowse
c557ae16ce Implement a new IP_SENDSRCADDR ancillary message type that permits
a server process bound to a wildcard UDP socket to select the IP
address from which outgoing packets are sent on a per-datagram
basis. When combined with IP_RECVDSTADDR, such a server process can
guarantee to reply to an incoming request using the same source IP
address as the destination IP address of the request, without having
to open one socket per server IP address.

Discussed on:	-net
Approved by:	re
2002-10-21 20:40:02 +00:00
Mike Barcroft
06f0dd00a0 Add id_t, a new type capable of representing a pid_t or a uid_t. Move
the definition of rlim_t to <sys/_types.h> so that it can be shared.
2002-10-21 20:35:29 +00:00
Ian Dowse
90162a4e87 Remove the "temporary connection" hack in udp_output(). In order
to send datagrams from an unconnected socket, we used to first block
input, then connect the socket to the sendmsg/sendto destination,
send the datagram, and finally disconnect the socket and unblock
input.

We now use in_pcbconnect_setup() to check if a connect() would have
succeeded, but we never record the connection in the PCB (local
anonymous port allocation is still recorded, though). The result
from in_pcbconnect_setup() authorises the sending of the datagram
and selects the local address and port to use, so we just construct
the header and call ip_output().

Discussed on:	-net
Approved by:	re
2002-10-21 20:10:05 +00:00
Poul-Henning Kamp
c177d125bf GEOM does not (and shall not) propagate flags like D_MEMDISK, so we will
revert to checking the name to determine if our root device is a ramdisk,
md(4) specifically to determine if we should attempt the root-mount RW

Sponsored by:	DARPA & NAI Labs.
2002-10-21 20:09:59 +00:00
Poul-Henning Kamp
8689acc48c We want /dev/md0 for ramdisk roots, not /dev/md0c.
Sponsored by:	DARPA & NAI Labs
2002-10-21 20:08:28 +00:00
John Baldwin
8a88248d57 Spell the BPB member of the 7.10 bootsector as bsBPB rather than bsPBP to
be like all the other bootsectors.  Apple has done the same it seems.
2002-10-21 19:00:50 +00:00
Dag-Erling Smørgrav
6d0369001a Reduce the overhead of the mutex statistics gathering code, try to produce
shorter lines in the report, and clean up some minor style issues.
2002-10-21 18:48:28 +00:00
Robert Watson
2a1c79af92 Add compartment support to Biba and MLS policies. The logic of the
policies remains the same: subjects and objects are labeled for
integrity or sensitivity, and a dominance operator determines whether
or not subject/object accesses are permitted to limit inappropriate
information flow.  Compartments are a non-hierarchal component to
the label, so add a bitfield to the label element for each, and a
set check as part of the dominance operator.  This permits the
implementation of "need to know" elements of MLS.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 18:42:01 +00:00
Olivier Houchard
e3bf3aea25 One #include <sys/sysctl.h> should be enough.
Approved by:	mux (mentor)
2002-10-21 18:40:40 +00:00
Julian Elischer
ee9788c70a Add a flag needed for recovery of excess allocated KSEs.
(not used in non KSE processes).

Submitted by:	davidxu
2002-10-21 18:37:34 +00:00
Robert Watson
b382fe8964 More in the way of minor consistency improvements: trim 'mac_mls_'
from another variable to line this up with mac_biba.c

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 18:14:30 +00:00
Robert Watson
2f7f04362b Demote sockets to single-label objects rather than maintaining a
range on them, leaving process credentials as the only kernel
objects with label ranges in the Biba and MLS policies.  We
weren't using the range in any access control decisions, so this
lets us garbage collect effectively unused code.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 18:05:12 +00:00
Robert Watson
6157bb02e8 Synchonize variable spelling with the MAC tree: we shortened some of
the names.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 17:05:48 +00:00
Robert Watson
5f9f912a3a White space nit the crept in during merge. 2002-10-21 17:01:30 +00:00
Robert Watson
b7c2a7f406 Since the Biba and MLS access checks are identical to the open checks,
collapse the two cases more cleanly: rather than wrapping an access
check around open, simply provide the open implementation for the
access vector entry.  No functional change.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 16:39:12 +00:00
Robert Watson
b5f072b5e1 Cleanup of relabel authorization checks -- almost identical logic,
we just break out some of the tests better.  Minor change in that
we now better support incremental update of labels.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 16:35:54 +00:00
Hidetoshi Shimokawa
8e484a62c8 - Abort all OCBs for timeout.
- Improve warning message.
2002-10-21 15:36:59 +00:00
Brooks Davis
db394c7a54 Use if_printf() instead of printf() to print diagnositic messages in the
form "rdp#: blah".
2002-10-21 14:38:28 +00:00
Brooks Davis
36cee51404 Use if_printf(ifp, "blah") instead of
printf("%s%d: blah", ifp->if_name, ifp->if_unit).
2002-10-21 14:37:31 +00:00
Ian Dowse
5200e00e72 Replace in_pcbladdr() with a more generic inner subroutine for
in_pcbconnect() called in_pcbconnect_setup(). This version performs
all of the functions of in_pcbconnect() except for the final
committing of changes to the PCB. In the case of an EADDRINUSE error
it can also provide to the caller the PCB of the duplicate connection,
avoiding an extra in_pcblookup_hash() lookup in tcp_connect().

This change will allow the "temporary connect" hack in udp_output()
to be removed and is part of the preparation for adding the
IP_SENDSRCADDR control message.

Discussed on:	-net
Approved by:	re
2002-10-21 13:55:50 +00:00
Andrew Gallatin
cde1a63db3 Add a bus_space_unmap() for the puc (and possibly other) drivers. 2002-10-21 13:48:29 +00:00
Hidetoshi Shimokawa
481df042ff fix prototype of asyreqq(). 2002-10-21 10:21:49 +00:00
Hidetoshi Shimokawa
41d45c5235 These (userland) files shouldn't be here. 2002-10-21 10:14:26 +00:00
Peter Grehan
f86c114f3d Add the USER_SR segment register to pcb state. Initialize correctly,
and save/restore during a context switch.

The USER_SR could be overwritten when the current thread was switched
out with a faulting copyin/copyout.

Approved by: Benno
2002-10-21 05:27:41 +00:00
Brooks Davis
11e1ea96f6 All bpf.h/NBPF consumers are gone so stop generating bpf.h 2002-10-21 05:09:04 +00:00
Brooks Davis
a5066cff3a Don't include the depricated "bpf.h" and always compile in bpf support
as per current practice.
2002-10-21 05:05:43 +00:00
Robert Watson
0b9b85b91d Add a twiddle to create PTY's with a biba/equal or mls/equal label
instead of the default biba/high, mls/low, making it easier to use
ptys with these policies.  This isn't the final solution, but does
help.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-21 04:15:40 +00:00
Brooks Davis
8e9dc28535 Use if_printf(ifp, "blah") instead of printf("ppp%d: blah", ifp->if_unit). 2002-10-21 03:41:58 +00:00
Brooks Davis
28a1a7c6cc Use if_printf(ifp, "blah") instead of printf("vlan%d: blah", ifp->if_unit). 2002-10-21 03:40:30 +00:00
Brooks Davis
63dd8be938 Use if_printf(ifp, "blah") instead of printf("sl%d: blah", sc->sc_if.if_unit). 2002-10-21 03:35:25 +00:00
Brooks Davis
4051b0fec6 Use if_printf(ifp, "blah") and device_printf(dev, "blah") instead of
printf("%s%d: blah", ifp->if_name, ifp->if_xname).  This eliminates the
need to store the unit number in the softc.
2002-10-21 02:54:50 +00:00
Brooks Davis
29e1b85f97 Use if_printf(ifp, "blah") instead of
printf("%s%d: blah", ifp->if_name, ifp->if_xname).
2002-10-21 02:51:56 +00:00
Bruce Evans
42d6ed038e Fixed some unsorting. 2002-10-21 00:38:18 +00:00
Marcel Moolenaar
b019ad1bc0 In cb_dumphdr() we were calling buf_write() with di->priv as the
pointer to a dumperinfo instead of di. A brainfart, surely. This
bug went unnoticed for all this time because the pointer is only
used by buf_write() when it can write a completely filled buffer
to the dump device. This depends on the number of memory chunks
that needs to be dumped. This has apparently been low enough that
it has never happened up until this point.
2002-10-20 23:39:43 +00:00
Thomas Moestl
5775150869 Fix the calculations of the length of the unread message buffer
contents. The code was subtracting two unsigned ints, stored the
result in a log and expected it to be the same as of a signed
subtraction; this does only work on platforms where int and long
have the same size (due to overflows).
Instead, cast to long before the subtraction; the numbers are
guaranteed to be small enough so that there will be no overflows
because of that.
2002-10-20 23:13:05 +00:00
Robert Watson
e585282846 Hook up opt_mac.h to the build dependencies. The way we currently
handle this stuff is dangerous. :-)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:59:17 +00:00
Robert Watson
c530b092cb Add opt_mac.h to dependencies for if_stf.c module.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:57:22 +00:00
Poul-Henning Kamp
53be11f680 Fix two instances of variant struct definitions in sys/netinet:
Remove the never completed _IP_VHL version, it has not caught on
anywhere and it would make us incompatible with other BSD netstacks
to retain this version.

Add a CTASSERT protecting sizeof(struct ip) == 20.

Don't let the size of struct ipq depend on the IPDIVERT option.

This is a functional no-op commit.

Approved by:	re
2002-10-20 22:52:07 +00:00
Robert Watson
e6a5564ee2 Missed a case of _POSIX_MAC_PRESENT -> _PC_MAC_PRESENT rename.
Pointed out by:	phk
2002-10-20 22:50:43 +00:00
Robert Drehmel
47e40520dd Do not try to work around ``poor (un)sign extension code''
creation by GCC-2.6.3.  Casting pointers to unsigned char
to volatile pointers to unsigned char seemed to produce
better results on the ia32 architecture with old versions
of GCC.
The current FreeBSD system compiler GCC-3.2.1 emits
better sign extension code for non-volatile variables:

volatile char c;
int i = c;

is compiled to:
...
movb	-1(%ebp), %al
movbsl	%al, %eax
movl	%eax, -8(%ebp)
...

char c;
int i = c;

is compiled to:
...
movbsl	-1(%ebp), %eax
movl	%eax, -8(%ebp)
...

The same holds for zero-extension of dereferenced pointers
to volatile unsigned char.
When compiled on alpha or sparc64, the code produced for the
two examples above does not differ.
2002-10-20 22:50:13 +00:00
Poul-Henning Kamp
d8be0570d0 Always put the "access" macro argument in (), it might be an expression.
This is a purely stylistic change.
2002-10-20 22:48:08 +00:00
Poul-Henning Kamp
6adb748875 No need to specify CTLTYPE_INT when we use SYSCTL_INT. 2002-10-20 22:46:50 +00:00
Robert Watson
6b459e4956 When packets pass in and out of six-to-four (STF) tunnels, perform
labeling checks and operations as with other network interfaces.
Eventually, if it proves desirable, we might want to offer special
casing of this or other tunnel interfaces where we have an existing
label of interest, rather than treating it as though it's an
entirely fresh mbuf in the incoming/outgoing encapsulation directions.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:39:55 +00:00
Poul-Henning Kamp
33f9080f82 We have mem{cpy,cmp,set} functions in the kernel, don't #define them to
b{copy,zero,cmp} functions anymore.

Spotted by:	FlexeLint.
2002-10-20 22:35:20 +00:00
Poul-Henning Kamp
962414a120 We have memset() and memcpy() in the kernel now, so we don't need to
#define them to bzero and bcopy.

Spotted by:	FlexeLint
2002-10-20 22:33:42 +00:00
Robert Watson
4141b621ac When a packet is sent via a FDDI interface, perform appropriate MAC
transmission checks; when it is received, label the packet appropriately.
Although we don't have a local FDDI setup to test this with, the
labeling and checks are identical to other interface classes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:27:59 +00:00
Robert Watson
9476111d3a When a packet is destined for delivery via an ATM medium, perform
appropriate interface transmission checks and delivery labeling.  While
we don't have a local ATM configuration, this code is almost identical
to all other interface classes.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:20:48 +00:00
Robert Watson
be36629d5c Rename _POSIX_FOO_PRESENT and friends from POSIX.1e to _PC_FOO_PRESENT
and related friends.  This would have been corrected had POSIX.1e
progressed to a standard.

Pointed out by:	wollman
2002-10-20 22:11:13 +00:00
Robert Watson
6f54838539 Implement _POSIX_ACL_PATH_MAX, which returns the maximum number of ACL
entries for a file system node using pathconf().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 22:08:26 +00:00
Robert Watson
c740509854 When a packet is multicast encapsulated, give labeled policies the
opportunity to preserve the label.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 21:59:00 +00:00
Maxime Henrion
822b4f22fb Set kernelname in sparc64_init() so that the kern.bootfile
sysctl works.  This stuff should probably be made MI.

Reviewed by:	jake
2002-10-20 21:55:35 +00:00
Poul-Henning Kamp
6999d2ef6d Don't examine an un-initialized variable.
Spotted by:	FlexeLint.
2002-10-20 21:52:05 +00:00
Robert Watson
e0c12d4c23 Teach UFS to respond to pathconf() tests for _POSIX_ACL_EXTENDED and
_POSIX_MAC_PRESENT based on available mount flags, if the services are
available.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 21:49:41 +00:00
Robert Watson
e8e5bc4ef9 Correct mis-spelling in pathconf constant _POSIX_ACL_CAP_PRESENT to
be the more correct _POSIX_CAP_PRESENT.
2002-10-20 21:45:07 +00:00
Ian Dowse
4b932371f4 Split out most of the logic from in_pcbbind() into a new function
called in_pcbbind_setup() that does everything except commit the
changes to the PCB. There should be no functional change here, but
in_pcbbind_setup() will be used by the soon-to-appear IP_SENDSRCADDR
control message implementation to check or allocate the source
address and port.

Discussed on:	-net
Approved by:	re
2002-10-20 21:44:31 +00:00
Poul-Henning Kamp
0c183c5a56 Remove extern declarations of stuff which is static in nfs_node.c
Move related macro to nfs_node.c

Spotted by:	FlexeLint
2002-10-20 21:40:55 +00:00
Alan Cox
f3a01463b9 - Replace two instances of vm_page_sleep_busy() with the page queue
mutex-friendly vm_page_sleep_if_busy().
 - Introduce page queue locking in pmap_page_lookup() and
   pmap_release_free_page().
 - Simplify the invalidation of the pmap's ptphint in
   pmap_release_free_page().  (MFi386 pmap.c revision 1.362.)
2002-10-20 21:40:17 +00:00
Poul-Henning Kamp
ce2fb5776b '&' not used for pointers to functions.
Spotted by:	FlexeLint
2002-10-20 21:31:16 +00:00
Poul-Henning Kamp
659d5e21c7 Remove even more '&' from pointers to functions.
Spotted by:	FlexeLint
2002-10-20 21:30:02 +00:00
Julian Elischer
2f030624b1 Add an actual implementation of kse_wakeup()
Submitted by:	Davidxu
2002-10-20 21:08:47 +00:00
Andrew Gallatin
2ea9877c1b give alpha a bus_space_subregion() so that ahd_pci compiles and moves
LINT one file further on.  Only 999,999 or so more files to go..
2002-10-20 20:55:37 +00:00
Poul-Henning Kamp
083019ba97 Don't us an array[1], it just hides where '&' isn't used right.
Be consistent about functions being static.

Verified by:	md5 hash of generated .o file.
2002-10-20 20:53:42 +00:00
Poul-Henning Kamp
975b628f27 Use ENOSPC error return, not ENOMEM.
Use %jd rather than %lld.
2002-10-20 20:50:31 +00:00
Poul-Henning Kamp
50c026e579 Change the definition of the debugging registers to be an array, so
that we can index into it, rather than do pointer gymnastics on a
structure containing 8 elements.

Verified by:	MD5 hash on the produced .o files.
2002-10-20 20:48:56 +00:00
Poul-Henning Kamp
858b84f550 '&' is not needed to pointerize functions.
Spotted by:	FlexeLint
2002-10-20 20:42:25 +00:00
Alexander Kabaev
51d123d69b Connect ubsa module to build.
Forgotten by:	kan
2002-10-20 20:35:14 +00:00
Poul-Henning Kamp
3f12caa180 Now that the sectorsize and mediasize are properties of the provider,
don't take the detour over the I/O path to discover them using getattr(),
we can just pick them out directly.

Do note though, that for now they are only valid after the first open
of the underlying disk device due compatibility with the old disk_create()
API.  This will change in the future so they will always be valid.

Sponsored by:   DARPA & NAI Labs.
2002-10-20 20:28:24 +00:00
Poul-Henning Kamp
943305f753 The g_id*() functions are not needed in the userland test-suite so
#ifdef _KERNEL them rather than deal with a copyin simulation.

Sponsored by:	DARPA & NAI Labs
2002-10-20 20:08:44 +00:00
Alan Cox
f3b676f0ad o Reinline vm_page_undirty(), reducing the kernel size. (This reverts
a part of vm_page.h revision 1.87 and vm_page.c revision 1.167.)
2002-10-20 19:57:55 +00:00
Thomas Moestl
10a3514a2e Use microuptime() instead of microtime() to bound the flush wait to
avoid hiccups in case of system time adjustment.
2002-10-20 19:41:21 +00:00
Poul-Henning Kamp
48444d6262 Make the sectorsize a property of providers so we can include it in the XML
output.

Sponsored by:	DARPA & NAI Labs
2002-10-20 19:18:07 +00:00
Poul-Henning Kamp
14ac6812b9 Use %jd instead of %lld now that we have it. 2002-10-20 18:48:12 +00:00
Poul-Henning Kamp
9e2ebaa081 It makes more sense for the fwheads and fwsectors properties to be in
the provider stanza rather than the geom stanza.
2002-10-20 18:46:25 +00:00
Tor Egge
0a676b7eb6 Fix data corruption caused by last byte in oddly sized transfers being read
to wrong location in RxBuf and written from wrong location in TxBuf.
2002-10-20 18:43:11 +00:00
Poul-Henning Kamp
8f9628a126 Include fwsectors and gfwheads in the XML output for the disks we know.
Sponsored by:	DARPA & NAI Labs.
2002-10-20 18:09:01 +00:00
Poul-Henning Kamp
05f6411a98 Remove a boatload of '&' which are surplus to the requirements.
Validated by:	md5 hash is unchanged.
2002-10-20 18:02:46 +00:00
Poul-Henning Kamp
7f30cdf366 Revert last commit, there actually was a -1 waaaaay down in pcireg_cfgread(). 2002-10-20 17:54:17 +00:00
Poul-Henning Kamp
218565dc75 Hide inline assembly if lint is defined. 2002-10-20 17:30:30 +00:00
Poul-Henning Kamp
a67ee49294 "id" is never going to be -1 when it is unsigned.
Spotted by:	FlexeLint
2002-10-20 17:21:43 +00:00
Thomas Moestl
e381d2455b Add kernel dump support, based on the ia64 version (which was committed
as sparc64/sparc64/dump_machdep.c a while back).
Other than ia64 (which uses ELF), sparc64 uses a homegrown format for
the dumps (headers are required because the physical address and size of
the tsb must be noted, and because physical memory may be discontiguous);
ELF would not offer any advantages here.

Reviewed by:	jake
2002-10-20 17:03:15 +00:00
Poul-Henning Kamp
58f07abfc9 Don't declare mb_statpcpu, it is static in subr_mbuf.c
Spotted by:	FlexeLint
2002-10-20 16:55:52 +00:00
Poul-Henning Kamp
4294d700d6 Fix mis-indentation.
Approved by:	scottl
2002-10-20 16:00:43 +00:00
Poul-Henning Kamp
87d4861cc5 Be consistent about functions being static.
Spotted by:	FlexeLint
2002-10-20 14:30:28 +00:00
Poul-Henning Kamp
8e91949016 Constify input to the arc4 seed function.
Implement the lockfile hunting in sector zero.

Sponsored by:	DARPA & NAI Labs.
2002-10-20 11:09:58 +00:00
Poul-Henning Kamp
ab33958276 #unifdef the code for checking blessed lock collisions until we need it.
Spotted by:	DARPA & NAI Labs.
2002-10-20 08:48:39 +00:00
Poul-Henning Kamp
18a084cf21 Fix mis-indentation.
Spotted by:	FlexeLint
2002-10-20 08:46:56 +00:00
Poul-Henning Kamp
0355b86e33 Don't track bio allocation in debug output.
Sponsored by:	DARPA & NAI Labs.
2002-10-20 08:45:17 +00:00
Poul-Henning Kamp
96b2c14b41 Style(9) and english(9) fixes.
Submitted by:	schweikh
2002-10-20 08:43:56 +00:00
Poul-Henning Kamp
9b232f1493 Make it possible to specify also via geom_t ID in the geom.ctl config ioctl.
Sponsored by:	DARPA & NAI Labs.
2002-10-20 08:42:18 +00:00
Scott Long
f9d186edc8 After much delay and anticipation, welcome RAIDFrame into the FreeBSD
world.  This should be considered highly experimental.

Approved-by:	re
2002-10-20 08:17:39 +00:00
Alan Cox
6f36eba2da - Lock page queue accesses in pmap_release(). 2002-10-20 07:19:25 +00:00
Marcel Moolenaar
bfc937c758 Remove the special casing for IP addresses that are within the IVT
or the do_syscall() function. We have unwind directives to stop the
unwinder.
2002-10-20 06:03:05 +00:00
Marcel Moolenaar
341572f4bd Define IVT_ENTRY and IVT_END as special versions of ENTRY and END
for defining vectors. As a result, each vector will be a global
function with unwind directives to notify the unwinder that we're
in an interrupt handler. In the debugger this will show up something
like:

Debugger(0xe000000000a211d8, 0xe000000000748960) at Debugger+0x31
panic(0xe000000000a36858, 0xe0000000021d32d0, 0xe000000000ae42e8, ...
trap(0x14, 0x100000, 0xe0000000021d32d0, 0x0, 0xa0000000002095f0, ...
ivt_Data_TLB(0x14, 0x100000, 0xe0000000021d32d0) at ivt_Data_TLB+0x1f0
2002-10-20 06:00:09 +00:00
Robert Watson
a13c67da35 If MAC_MAX_POLICIES isn't defined, don't try to define it, just let the
compile fail.  MAC_MAX_POLICIES should always be defined, or we have
bigger problems at hand.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-20 03:41:09 +00:00
Peter Wemm
8556393bb2 Stake a claim on 418 (__xstat), 419 (__xfstat), 420 (__xlstat) 2002-10-19 22:25:31 +00:00
Maxime Henrion
43ab972150 Put back NORMAL_C_NOWERROR, it was actually used.
Pointy hat to:	mux
2002-10-19 22:24:43 +00:00
Alexander Kabaev
c3f8ce77e0 umap_sync is empty and is identical to vfs_stdsync. Remove it and
use generic function instead.

Approved by:	obrien
2002-10-19 22:22:42 +00:00
Alexander Kabaev
3e8cedc35f style(9)
Approved by:	obrien
2002-10-19 22:12:19 +00:00
Peter Wemm
c8447553b5 Grab 416/417 real estate before I get burned while testing again.
This is for the not-quite-ready signal/fpu abi stuff.  It may not see
the light of day, but I'm certainly not going to be able to validate it
when getting shot in the foot due to syscall number conflicts.
2002-10-19 22:09:23 +00:00
Alexander Kabaev
87e89c7595 Whitespace fixes per style(9)
Approved by:	obrien
2002-10-19 21:58:11 +00:00
Robert Watson
94998f80fe Set the NOMACCHECK flag for namei()'s generated by the NFS server code.
We currently don't enforce protections on NFS-originated VOP's.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 21:27:40 +00:00
Robert Watson
b614dd131a Add a new 'NOMACCHECK' flag to namei() NDINIT flags, which permits the
caller to indicate that MAC checks are not required for the lookup.
Similar to IO_NOMACCHECK for vn_rdwr(), this indicates that the caller
has already performed all required protections and that this is an
internally generated operation.  This will be used by the NFS server
code, as we don't currently enforce MAC protections against requests
delivered via NFS.

While here, add NOCROSSMOUNT to PARAMASK; apparently this was used at
one point for name lookup flag checking, but isn't any longer or it
would have triggered from the NFS server code passing it to indicate
that mountpoints shouldn't be crossed in lookups.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 21:25:51 +00:00
Robert Watson
3ab93f0958 Regen from addition of execve_mac placeholder. 2002-10-19 21:15:10 +00:00
Marcel Moolenaar
60d04085cf Implement the CDROMREADAUDIO ioctl. 2002-10-19 21:11:43 +00:00
Robert Watson
bc5245d94c Add a placeholder for the execve_mac() system call, similar to SELinux's
execve_secure() system call, which permits a process to pass in a label
for a label change during exec.  This permits SELinux to change the
label for the resulting exec without a race following a manual label
change on the process.  Because this interface uses our general purpose
MAC label abstraction, we call it execve_mac(), and wrap our port of
SELinux's execve_secure() around it with appropriate sid mappings.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 21:06:57 +00:00
Robert Watson
89c61753a0 Drop in the MAC check for file creation as part of open().
Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:56:44 +00:00
Robert Watson
9aeffb2b28 Make sure to clear the 'registered' flag for MAC policies when they
unregister.  Under some obscure (perhaps demented) circumstances,
this can result in a panic if a policy is unregistered, and then someone
foolishly unregisters it again.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:30:12 +00:00
Robert Watson
7587203c2f Hook up most of the MAC entry points relating to file/directory/node
creation, deletion, and rename.  There are one or two other stray
cases I'll catch in follow-up commits (such as unix domain socket
creation); this permits MAC policy modules to limit the ability to
perform these operations based on existing UNIX credential / vnode
attributes, extended attributes, and security labels.  In the rename
case using MAC, we now have to lock the from directory and file
vnodes for the MAC check, but this is done only in the MAC case,
and the locks are immediately released so that the remainder of the
rename implementation remains the same.  Because the create check
takes a vattr to know object type information, we now initialize
additional fields in the VATTR passed to VOP_SYMLINK() in the MAC
case.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-19 20:25:57 +00:00
Marcel Moolenaar
0635b341f2 Remove the _ia64_unwind_start and _ia64_unwind_end symbols. We now
find the unwind table through the ELF program headers.
2002-10-19 19:32:21 +00:00
Marcel Moolenaar
c8a4afbc11 Update the unwind information when modules are loaded and unloaded
by using the linker hooks. Since these hooks are called for the
kernel as well, we don't need to deal with that with a special
SYSINIT. The initialization implicitly performed on the first
update of the unwind information is made explicit with a SYSINIT.
We now don't need the _ia64_unwind_{start|end} symbols.
2002-10-19 19:30:38 +00:00
Marcel Moolenaar
1aeb23cdfa Add two hooks to signal module load and module unload to MD code.
The primary reason for this is to allow MD code to process machine
specific attributes, segments or sections in the ELF file and
update machine specific state accordingly. An immediate use of this
is in the ia64 port where unwind information is updated to allow
debugging and tracing in/across modules. Note that this commit
does not add the functionality to the ia64 port. See revision 1.9
of ia64/ia64/elf_machdep.c.

Validated on: alpha, i386, ia64
2002-10-19 19:16:03 +00:00
Marcel Moolenaar
c143d6c24a Reduce code duplication by moving the common actions in
link_elf_init(), link_elf_link_preload_finish() and
link_elf_load_file() to link_elf_link_common_finish().
Since link_elf_init() did initializations as a side-effect
of doing the common actions, keep the initialization in
that function. Consequently, link_elf_add_gdb() is now also
called to insert the very first link_map() (ie the kernel).
2002-10-19 18:59:33 +00:00
Marcel Moolenaar
1720979bc5 Non-functional change in preparation of the next commit:
Move link_elf_add_gdb(), link_elf_delete_gdb() and link_elf_error()
near the top of the file. The *_gdb() functions are moved inside
the #ifdef DDB already present there.
2002-10-19 18:43:37 +00:00
Alan Cox
f4ecdf056e Complete the page queues locking needed for the page-based copy-
on-write (COW) mechanism.  (This mechanism is used by the zero-copy
TCP/IP implementation.)
 - Extend the scope of the page queues lock in vm_fault()
   to cover vm_page_cowfault().
 - Modify vm_page_cowfault() to release the page queues lock
   if it sleeps.
2002-10-19 18:34:39 +00:00
Poul-Henning Kamp
b6a185302e Fix a missing initialization. 2002-10-19 17:19:41 +00:00
Poul-Henning Kamp
19b5c7bc4b Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.

Major features:

   * Based on AES, MD5 and ARC4 algorithms.
   * Four cryptographic barriers:
        1) Pass-phrase encrypts the master key.
        2) Pass-phrase + Lock data locates master key.
        3) 128 bit key derived from 2048 bit master key protects sector key.
        3) 128 bit random single-use sector keys protect data payload.
   * Up to four different changeable pass-phrases.
   * Blackening feature for provable destruction of master key material.
   * Isotropic disk contents offers no information about sector contents.
   * Configurable destination sector range allows steganographic deployment.

This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.

This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc.  under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.

Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.

Sponsored by:   DARPA & NAI Labs.
2002-10-19 17:02:17 +00:00
Robert Watson
c7063e5913 Permits UFS ACLs to be used with the GENERIC kernel. Due to recent
ACL configuration changes, this shouldn't result in different code paths
for file systems not explicitly configured for ACLs by the system
administrator.  For UFS1, administrators must still recompile their
kernel to add support for extended attributes; for UFS2, it's sufficient
to enable ACLs using tunefs or at mount-time (tunefs preferred for
reliability reasons).  UFS2, for a variety of reasons, including
performance and reliability, is the preferred file system for use with
ACLs.

Approved by:	re
2002-10-19 16:54:15 +00:00
Maxime Henrion
d6fd08cc3b - Remove ${NORMAL_C_NOWERROR}, it is not used anymore. To build
without -Werror, we do "make WERROR=", which doesn't need this
  variable.
- Use ${.IMPSRC} instead of $< in ${NORMAL_M} for consistency with
  the rest of the file.
- Add ${WERROR} for the ${NORMAL_M} case.

Tested on:	i386, sparc64
2002-10-19 16:47:13 +00:00
Robert Watson
f683d75342 Clarify that the UFS1 extended attribute configuration steps do not apply
to UFS2 file systems.

Submitted by:	jedgar
Obtained from:	TrustedBSD Project
2002-10-19 16:09:16 +00:00
Thomas Moestl
50d97927da Explicitely specify an alignment for struct pcb. While all regular pcb's
are positioned and aligned by md code, dumppcb is just a static
variable and requires this.
2002-10-19 15:54:34 +00:00
Thomas Moestl
2408cfebf9 The argument to the DIOCGMEDIASIZE ioctl() is an off_t, not an u_int.
Reviewed by:	phk
2002-10-19 15:40:39 +00:00
Mark Murray
b07cd97ea8 Style(9). Make some function declarations consistent with the rest,
and remove some nearby extraneous {}'s.
2002-10-19 11:57:38 +00:00
Maxime Henrion
d7f4d27a7a Several malloc() calls were passing the M_DONTWAIT flag
which is an mbuf allocation flag.  Use the correct
M_NOWAIT malloc() flag.  Fortunately, both were defined
to 1, so this commit is a no-op.
2002-10-19 11:31:50 +00:00
Marcel Moolenaar
f5b07e11ad In link_elf_load_file(), when SPARSE_MAPPING is defined and we
cannot allocate ef->object, we freed ef before bailing out with
an error. This is wrong because ef=lf and when we have an error
and lf is non-NULL (which holds if we try to alloc ef->object),
we free lf and thus ef as part of the bailing-out.
2002-10-19 05:01:54 +00:00
Marcel Moolenaar
db55d99d36 Make this compile when DDB is not defined by conditionally compiling
all references to ksym_start and ksym_end.
2002-10-19 04:14:08 +00:00
Marcel Moolenaar
628d99be0d Make the unwind functions standard and not optional on ddb. They
will eventually be used for ktrace(2) too.
2002-10-19 04:02:16 +00:00
Alfred Perlstein
871de19fab Don't leak memory in semop(2). (Fix a bug I introduced in rev 1.55.)
Detective work by: jake
2002-10-19 02:07:35 +00:00
Thomas Moestl
789a449d14 Pass the right number of tlb slots to the kernel. The allocation scheme
was changed in r1.4, but I neglected to update most of the code in
metadata.c.

Pointy hat to:	tmm
2002-10-18 23:49:18 +00:00
Matthew Dillon
1b7e3dafdf Fix a file-rewrite performance case for UFS[2]. When rewriting portions
of a file in chunks that are less then the filesystem block size, if the
data is not already cached the system will perform a read-before-write.
The problem is that it does this on a block-by-block basis, breaking up the
I/Os and making clustering impossible for the writes.  Programs such
as INN using cyclic file buffers suffer greatly.  This problem is only going
to get worse as we use larger and larger filesystem block sizes.

The solution is to extend the sequential heuristic so UFS[2] can perform
a far larger read and readahead when dealing with this case.

(note: maximum disk write bandwidth is 27MB/sec thru filesystem)
(note: filesystem blocksize in test is 8K (1K frag))
dd if=/dev/zero of=test.dat bs=1k count=2m conv=notrunc

Before:  (note half of these are reads)
      tty             da0              da1             acd0             cpu
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   0   76 14.21 598  8.30   0.00   0  0.00   0.00   0  0.00   0  0  7  1 92
   0   76 14.09 813 11.19   0.00   0  0.00   0.00   0  0.00   0  0  9  5 86
   0   76 14.28 821 11.45   0.00   0  0.00   0.00   0  0.00   0  0  8  1 91

After:	(note half of these are reads)
      tty             da0              da1             acd0             cpu
 tin tout  KB/t tps  MB/s   KB/t tps  MB/s   KB/t tps  MB/s  us ni sy in id
   0   76 63.62 434 26.99   0.00   0  0.00   0.00   0  0.00   0  0 18  1 80
   0   76 63.58 424 26.30   0.00   0  0.00   0.00   0  0.00   0  0 17  2 82
   0   76 63.82 438 27.32   0.00   0  0.00   0.00   0  0.00   1  0 19  2 79

Reviewed by:	mckusick
Approved by:	re
X-MFC after:	immediately (was heavily tested in -stable for 4 months)
2002-10-18 22:52:41 +00:00
Nate Lawson
76ba4ecdad * Add CDRIOC{READ,WRITE}SPEED ioctls to cd(4). Units are in KB/sec.
* Change atapi-cd ioctls to use the same units.
* Change burncd, cdcontrol to convert CDROM speed to KB/sec before
calling the ioctl.  Add a "max" speed option for their command lines.

This change does not break ABI but does change the units passed through
the ioctl so 3rd party software that uses cdrio.h will have to convert
(most likely by multiplying CDROM speed by 177 to get KB/s).

PR:		kern/36845
Submitted by:	Philipp Mergenthaler <p@i609a.hadiko.de> (CAM ioctls)
Reviewed by:	sos, ken
MFC after:	1 month
2002-10-18 22:03:39 +00:00
Bruce Evans
eb5b0bc42e MFufs 1.33:
In the 'found' case for ext2_lookup() the underlying bp's data was
    being accessed after the bp had been releaed.  A simple move of the
    brelse() solves the problem.

The PR reports that this caused panics running the GDB testsuite unless
NO_GEOM is configured.

PR:		44060
Reported by:	Mark Kettenis <kettenis@chello.nl>
MFC after:	3 days
2002-10-18 21:41:41 +00:00
Eric Moore
1a6b414672 (1) added LSI Logic copyright, and legal line 3 in license, and string
changes for "LSILogic"
(2) enabled non-disk support through CAM interface
(3) HA_INQ (a) enabled tagged queuing (b) disable reset during
	driver loading (b) renamed BSDi string to LSI
(4) disabled detecting disk devices during SCSI INQUIRY
(5) changed dcdb single element sglist to send one entire buffer chunk
(6) nsgelem not set in sglist
(7) ap_data_transfer_length not set for dcdb
(8) changed "struct thread" to "d_thread_t" for compatibliity { xxx_open,
	xxx_close, xxx_ioctl }
(9) miscellaneous compatiblity fixes
(10) bug fix for 0x0409/0x1000 card
(11) added compiling amr_cam.c in sys/conf/files
(12) added compiling amr_cam.c in sys/modules/amr/Makefile

Reviewed by:ps
MFC after:1 week
1 week
2002-10-18 21:29:14 +00:00
Robert Watson
61eef6c245 Update extended attribute readme file to note that no special configuration
is required to use EAs with UFS2, and that UFS2 is recommend for EA use
for a variety of reasons.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-18 21:11:36 +00:00
Robert Watson
f5b1000b8f Update instructions for ACLs given recent tunefs, mount changes. Also
note that UFS2 doesn't require explicit extended attribute configuration,
and is recommends for this and other reasons if you plan to use ACLs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-18 21:09:57 +00:00
Robert Watson
16eac5b95c Use 'size_t' instead of 'int' for the result of sizeof(). 2002-10-18 21:03:30 +00:00
John Baldwin
6222047300 Do not lock the process when calling fdfree() (this would have recursed on
a non-recursive lock, the proc lock, before) since we don't need it to
change p_fd.
2002-10-18 17:45:41 +00:00
John Baldwin
6d345e2a45 fdfree() clears p_fd for us, no need to do it again. 2002-10-18 17:44:39 +00:00
John Baldwin
4562d72638 Don't lock the proc lock to clear p_fd. p_fd isn't protected by the proc
lock.
2002-10-18 17:42:28 +00:00
Matthew Dillon
b86ec922be Replace the vm_page hash table with a per-vmobject splay tree. There should
be no major change in performance from this change at this time but this
will allow other work to progress:  Giant lock removal around VM system
in favor of per-object mutexes, ranged fsyncs, more optimal COMMIT rpc's for
NFS, partial filesystem syncs by the syncer, more optimal object flushing,
etc.  Note that the buffer cache is already using a similar splay tree
mechanism.

Note that a good chunk of the old hash table code is still in the tree.
Alan or I will remove it prior to the release if the new code does not
introduce unsolvable bugs, else we can revert more easily.

Submitted by:	alc	(this is Alan's code)
Approved by:	re
2002-10-18 17:24:30 +00:00
Thomas Moestl
a8250941eb Build openfirmio on sparc64. 2002-10-18 15:27:02 +00:00
Thomas Moestl
de540622df Add a pseudo device which allows to access the OpenFirmware device tree
via ioctl()s. This was ported from NetBSD and adapted a bit to better
match our OpenFirmware support code.
2002-10-18 15:23:43 +00:00
Thomas Moestl
89492ca471 Add an #ifdef _KERNEL to make it possible to include this file from
userland (to get the typedefs).
2002-10-18 15:21:09 +00:00
Yoshihiro Takahashi
0399c2578e typo.
Submitted by:	SAWADA Hodaka <hoda@tail.gr.jp>
MFC after:	1 day
2002-10-18 12:06:01 +00:00
Jim Pirzyk
669dc4a5e7 Backout my previous "brain cramp" commit.
Requested by: Most developers
Apologies to: Most developers, with special note to <ken@kdm.org>
Collabroation in the future with: Kenneth D. Merry <ken@kdm.org>
2002-10-18 04:53:46 +00:00
Marcel Moolenaar
5d3ac4cae7 Cover the ELF headers with the text segment so that they get loaded
into memory. This brings us in line with the other architectures and
more easily allows us to do machine dependent processing on the ELF
file (such as scanning for unwind information).
2002-10-18 04:46:36 +00:00
Kirk McKusick
3a096f6c09 Have lockinit() initialize the debugging fields of a lock
when DEBUG_LOCKS is defined.

Sponsored by:	DARPA & NAI Labs.
2002-10-18 01:34:10 +00:00
Kirk McKusick
bc7bdd50c1 When the number of dirty buffers rises too high, the buf_daemon runs
to help clean up. After selecting a potential buffer to write, this
patch has it acquire a lock on the vnode that owns the buffer before
trying to write it. The vnode lock is necessary to avoid a race with
some other process holding the vnode locked and trying to flush its
dirty buffers. In particular, if the vnode in question is a snapshot
file, then the race can lead to a deadlock. To avoid slowing down the
buf_daemon, it does a non-blocking lock request when trying to lock
the vnode. If it fails to get the lock it skips over the buffer and
continues down its queue looking for buffers to flush.

Sponsored by:	DARPA & NAI Labs.
2002-10-18 01:29:59 +00:00
Kirk McKusick
ef6c0bb296 With the revised single-lock method used in snapshots, the
BA_NOWAIT flag is no longer needed.

Sponsored by:	DARPA & NAI Labs.
2002-10-18 01:17:28 +00:00
Maxim Sobolev
2e307eb8c9 Separate fiels reported by disk_err() with spaces, so that output doesn't
look cryptic.

MFC after:	1 week
2002-10-17 23:48:29 +00:00
Jim Pirzyk
c463814756 Changed the scsi mode command to use 10 bytes scsi commands instead
of the 6 byte ones.  This helps with using a IDE cdrom behind a USB
interface.

PR: kern/43885
2002-10-17 23:37:03 +00:00
Robert Drehmel
f9067a4978 Replace the conventional usage of strncpy() by using strlcpy(). 2002-10-17 22:27:21 +00:00
Robert Drehmel
75e8f2dad8 - Use strlcpy() rather than strncpy() to copy NUL terminated
strings.
 - Pass the correct buffer size to getcredhostname().
2002-10-17 22:00:30 +00:00
Poul-Henning Kamp
37e7c03d19 Be consistent and return the NUL at the end of kern.geom.conf{xml,dot}.
Spotted by:	sam
2002-10-17 21:39:06 +00:00
Robert Drehmel
bb8992b32c Instead of (sizeof(source_buffer) - 1) bytes, copy at most
(sizeof(destination_buffer) - 1) bytes into the destination buffer.
This was not harmful because they currently both provide space for
(MAXCOMLEN + 1) bytes.
2002-10-17 21:02:02 +00:00
Robert Drehmel
e80fb43467 Use strlcpy() instead of strncpy() to copy NUL terminated strings
for safety and consistency.
2002-10-17 20:03:38 +00:00
Poul-Henning Kamp
aed99af2a3 NUL terminate sysctl kern.disks 2002-10-17 19:27:02 +00:00
Jim Pirzyk
b2eb172cc3 Add the !define(COMPILING_LINT)
pass the pointy hat...

Requested by: Juli Mallett <jmallett@FreeBSD.org>
2002-10-17 18:17:28 +00:00
Thomas Moestl
61ef27e978 When entering the firmware mappings into the kernel tlb, clear all 'soft'
bits that might be set in the firmware tte data field, and set the soft
flag TD_EXEC to mark the page executable. Failing to do the latter would
cause fatal instruction faults in the prom in certain situations.

Reviewed by:	jake
2002-10-17 18:16:21 +00:00
Thomas Moestl
b08cb104df Allocate major 177 for the OpenFirmware control device, which I have
ported from NetBSD and plan to commit soon.
2002-10-17 18:11:49 +00:00
Nate Lawson
9dbcd1ae75 Quirk for HP 315 USB Digital Camera
Submitted by:	Keith White <kwhite@uottawa.ca>
PR:		kern/41010

MFC after:	1 week
2002-10-17 18:04:41 +00:00
Hajimu UMEMOTO
b6e2845324 last arg of in6?_gif_output() is not used any more.
Obtained from:	KAME
MFC after:	3 weeks
2002-10-17 17:47:55 +00:00
Hajimu UMEMOTO
3bb61ca669 - drop too short IPv6 frame
- NULL != 0

Obtained from:	KAME
MFC after:	3 weeks
2002-10-17 17:42:46 +00:00
Hajimu UMEMOTO
21fb391fdb s/gifp/ifp/
Obtained from:	KAME
MFC after:	3 weeks
2002-10-17 17:39:56 +00:00
Sam Leffler
3b132a615f fix kldload error return when a module is rejected because it's statically
linked in the kernel.  When this condition is detected deep in the linker
internals the EEXIST error code that's returned is stomped on and instead
an ENOEXEC code is returned.  This makes apps like sysinstall bitch.
2002-10-17 17:28:57 +00:00
John Baldwin
fbfed1cf09 Fix compile with options SC_NO_SUSPEND_VTYSWITCH. 2002-10-17 16:09:13 +00:00
Robert Drehmel
55c8556834 - Allocate only enough space for a temporary buffer to hold
the path including the terminating NUL character from
   `struct sockaddr_un' rather than SOCK_MAXADDRLEN bytes.
 - Use strlcpy() instead of strncpy() to copy strings.
2002-10-17 15:52:42 +00:00
Maxim Sobolev
d3d67116a6 my(4) requires miibus, so that move it into proper section and also add a
verbose description into comment area.
2002-10-17 15:32:03 +00:00
Yoshihiro Takahashi
ab014f15fa Switch from the bs driver to the ct driver. 2002-10-17 13:57:57 +00:00
Mitsuru IWASAKI
0ebefa8c4e 1. Fix a comment. Locking _is_ needed (but not done).
2. Update a comment.  We now restore much more than RTC updates and
   interrupts.
3. Order change.  Stop interrupts by writing to RTC_STATUSB,
   restore rate bits for the interrupts by writing to RTC_STATUSA,
   then enable interrupts again.
   This seems to be done perfectly backwards in startrtclock().
   Otherwise, the idea for this change was obtained from
   startrtclock().
4. Don't stop the clock (RTCB_HALT).  We only program some control bits
   and don't want to stop the clock.
5. (Not really related.)  Add caveats to the comment about timer_restore().
   The update is non-atomic since locking is not done.

On locking:
6. rtcin() and writertc() are locked() adequately by splhigh() in RELENG_4,
   but this locking is null in -current.
7. Doing things in the correct order in (3) combined with (6) is probably
   enough locking for rtcrestore() in RELENG_4.  In -current, the
   writertc()'s race with rtcintr() unless the BIOS disables RTC interrupts.

Submitted by:	bde (including commit message)
MFC after:	1 week
2002-10-17 13:55:39 +00:00
Bruce Evans
25388b6cc4 Fixed the quoting of the value of SC_CUT_SEPCHARS. The double quotes
needed to be quoted (to get a C string literal), not the value itself.

Fixed the value of SC_CUT_SEPCHARS.  Setting this value would have had no
effect even if it were used, since the value was the same as the default.

The above bugs had no effect except to set bad examples, since test
coverage of SC_CUT_SEPCHARS is broken by enabling a negative option.

Removed (unquoted) double quotes for all options.  They were all bogus
since they had no effect except to make non-strings look like strings.
Most of the non-strings were expressions.  The value of INIT_PATH is
a non-string since it is stringified later (unlike SC_CUT_SEPCHARS).

Fixed parenthesization errors inside bogus quotes (parenthesize values
if they have more than one token in them but don't parenthesize single
tokens).
2002-10-17 13:47:31 +00:00
Yoshihiro Takahashi
971475a2da Merged from sys/isa/syscons_isa.c revision 1.19. 2002-10-17 12:54:51 +00:00
Yoshihiro Takahashi
1f47349cf1 Merged from sys/dev/syscons/syscons.c revision 1.390. 2002-10-17 12:51:43 +00:00
Mitsuru IWASAKI
c42946c4c1 Add new syscons option SC_NO_SUSPEND_VTYSWITCH.
This disables vty switch during suspend/resume.
2002-10-17 07:04:31 +00:00
Jim Pirzyk
c8c1cf0ca7 put an #error directive when SMP and CPU_DISABLE_CMPXCHG are set
together.

Requested by: Lars Eggart <larse@isi.edu>
Enlighted how to do it by: John Baldwin <jhb@freebsd.org>
2002-10-17 05:51:36 +00:00
Kelly Yancey
30c0d52181 Make kqueue(2) work for virtual terminals.
PR:		40486
Submitted by:	Jilles Tjoelker <jilles+fbsd-bugs@stack.nl>
2002-10-17 05:48:56 +00:00
Marcel Moolenaar
e9be79d69c Suppress the uninitialized variable warning on ia64 introduced by
the previous commit by initializing i and j. These initializations
will normally be eliminated by the compiler.
2002-10-17 03:45:34 +00:00