data for the file system on which the jail's root vnode is located.
Previous behavior (show data for all mountpoints) can be restored
by setting security.jail.getfsstatroot_only to 0. Note: this also
has the effect of hiding other mounts inside a jail, such as /dev,
/tmp, and /proc, but errs on the side of leaking less information.
called until DEVFS had a chance to initialize. Since DEVFS is mandatory
and things over in that department coincidentally works from without
any initialization now, this is safe.
could result in a panic "vm_page_cache: caching a dirty page, ...":
Access to the page must be restricted or removed before calling
vm_page_cache(). This race condition is identical in nature to that
which was addressed by vm_pageout.c's revision 1.251.
- Simplify the code surrounding the fix to this same race condition
in vm_pageout.c's revision 1.251. There should be no behavioral
change. Reviewed by: tegge
MFC after: 7 days
- don't unlock the vnode after vinvalbuf() only to have to relock it
almost immediately.
- don't refer to devices classified by vn_isdisk() as block devices.
is reserved by the loader, and thus any tunable name with that suffix will
be silently discarded.
Document this in the header and man page so that other developers do not
develop so many bumps on the head after banging it against the wall.
Detective work by: Mark Santcroos, grehan
- Document all the policy sysctl's.
- Note that mac_portacl(4) appeared in FreeBSD 5.1.
- A bit of mdoc(7) fixes.
Much of the new text was inspired by the source code comments.
Reviewed by: rwatson
the vnode around calls to vinvalbuf()). Apparently no one has tested
ext2fs with DEBUG_VOP_LOCKS. Vnode locking for vinvalbuf() might not
be required in non-soft-updates cases, but it is now asserted.
MFffs (uncommitted related and nearby cleanups: don't unlock the vnode
after vinvalbuf() only to have to relock it almost immediately; don't
refer to devices classified by vn_isdisk() as block devices).
them mostly with packet tags (one case is handled by using an mbuf flag
since the linkage between "caller" and "callee" is direct and there's no
need to incur the overhead of a packet tag).
This is (mostly) work from: sam
Silence from: -arch
Approved by: bms(mentor), sam, rwatson
ISA. npx has few isa dependencies, but it does unconditional outb()'s to
the isa bus in the !SMP case, and it attaches to isa if "device isa" is
configured in order to support PNP-ISA. The ifdef for the latter was
misplaced.
PR: 62595
dishonored in rev.1.1 by commenting out the code that honored it. This
gave the worst disadvantages of async mounts in an uncontrollable way.
Honoring the flag costs about 50% in real time in worst cases on a new
but not very fast ATA drive with write caching (probably more on drives
without write caching). The old misbehavior can be recovered using
async mounts after implementing them in mount_ext2fs(8) (just put the
MNT_ASYNC flag in mount_ext2fs's table of supported options like it
is in mount's table).
- rejects IPv6 packet toward IPv4-mapped address if its source address
is not an IPv4-mapped IPv6 address, since the converted IPv4 packets
would have an unexpected IPv4 source address.
- when V6ONLY socket option is set, discard packets destined to a
v4/ipv4 mapped ipv6 address.
- have PULLDOWN_TEST codepath.
- get rid of in6_mcmatch().
Obtained from: KAME
to one, DEBUG_FLAGS, which is also compatible with <bsd.prog.mk>.
Previously one had to set both DEBUG and DEBUG_FLAGS to build the
.ko.debug with debugging symbols which was boring when doing this
manually.
versions of the modules, and unconditionally putting -g in CFLAGS
has negative impact on the size of the resulting .ko object, even
now that debugging symbols are always stripped.
While I'm here, sync the usage() synopsis with the manual page synopsis:
make the [-i | -s] explicit and sort the options alphabetically.
Reminded by: ru
MFC after: 3 days