structure changes now rather then piecemeal later on. mnt_nvnodelist
currently holds all the vnodes under the mount point. This will eventually
be split into a 'dirty' and 'clean' list. This way we only break kld's once
rather then twice. nvnodelist will eventually turn into the dirty list
and should remain compatible with the klds.
that a buffer's b_blkno would be valid. This is true when vmiodirenable
is turned off because the B_MALLOC'd buffer's data is invalidated when
the buffer is destroyed. But when vmiodirenable is turned on a buffer
can be reconstituted from its VMIO backing store. The reconstituted buffer
will have no knowledge of the physical block translation and the result is
serious directory corruption of the CDROM.
The solution is to fix cd9660_blkatoff() to always BMAP the buffer if
b_lblkno == b_blkno.
MFC after: 0 days
etc. The only bit of debugging left is performing dual output to both
the screen and COM1. Also, the twiddle is still disabled since it seems
to do weird things to the serial dump. cdboot now has 880 bytes to spare.
to the El Torito standard for CD booting, a CD may boot in "No emulation"
mode without using a floppy image. In this mode, the BIOS loads a program
off of the CD into memory and creates a BIOS device using 2048 byte sectors
for the CD. According to the standard, this program can be up to 0xFFFF
virtual (512-byte) sectors long. The old cdldr depended on this by having
the BIOS load the entire loader and the small cdldr stub as one binary
similar to pxeboot so that cdldr didn't have to read the CD to find the
loader. However, the NT no emulation loader just uses 1 disk sector
(4 virtual sectors), so it seems that at least some BIOS writers just did
enough to get NT to boot by only loading 1 sector and ignoring the sector
count. Thus, while cdldr should have worked in theory, it doesn't in
practice. This replacment fits entirely in 1 sector and includes simple
ISO 9660 support. It looks for /boot/loader on the CD and loads it up
using the BIOS. This allows us to not have to depend on the limited size
of floppy images but use a full GENERIC kernel for CD-ROM installs in the
future, among other things.
This version of cdboot is a bit bloated as it includes some useful
debugging routines that people can pull to use in other x86 assembly
modules. Even with all the debugging cruft, we still have 272 bytes to
spare.
devices in 'lsdev' output rather than printing out a pointer to the
print function since the user really could care less about the pointer
value. Perhaps this was intended to be a debugging printf?
when debugging boot problems. It is not on by default but is enabled via
the BTX_SERIAL variable. The port and speed can be set via the same
variables used by boot2 and the loader.
be set to 1 to make FreeBSD and Tru64 coexist peacefully on a dual
boot system and not clobber each other's year in the TOY clock.
(Tru64 uses an offset 52 years higher than one would expect)
Obtained from: NetBSD
MFC After: 1 week
by one - see _SIG_IDX(). Revert part of my mis-correction in kern_sig.c
(but signal 0 still has to be allowed) and fix _SIG_VALID() (it was
rejecting ignal 128).
argument of 0. You cannot return EINVAL for signal 0. This broke
(in 5 minutes of testing) at least ssh-agent and screen.
However, there was a bug in the original code. Signal 128 is not
valid.
Pointy-hat to: des, jhb
Fix it by putting back the link of machine to sys/i386/include rather
than ../../include (aka sys/pc98/include). I had a stale machine link
on my first test.
Not sure what the "right" fix is, but this unbreaks things.
new files: kern.pre.mk, which contains most of the definitions, and
kern.post.mk, which contains most of the rules.
I've tested this on i386 and pc98. I have had feedback on the sparc64
port, but no reports from anybody on alpha, ia64 or powerpc. I
appologize in advance if I've broken you.
Reviewed by: jake, jhb, arch@
should also whine if the old pccardd is used, but that's a little
harder than it sounds.
This also has the effect of fixing a typo that was in the last
version I committed.
as suser_td(td) works as well as suser_xxx(NULL, p->p_ucred, 0);
This simplifies upcoming changes to suser(), and causes this code
to use the right credential (well, largely) once the td->td_ucred
changes are complete. There remains some redundancy and oddness
in this code, which should be rethought after the next batch of
suser and credential changes.
in vfs_syscalls.c. Although it did save some indirection, many of
those savings will be obscured with the impending commit of suser()
changes, and the result is increased code complexity. Also, once
p->p_ucred and td->td_ucred are distinguished, this will make
vfs_mount() use the correct thread credential, rather than the
process credential.
debug another process based on their respective {effective,additional,
saved,real} gid's. p1 is only permitted to debug p2 if its effective
gids (egid + additional groups) are a strict superset of the gids of
p2. This implements properly the security test previously incorrectly
implemented in kern_ktrace.c, and is consistent with the kernel
security policy (although might be slightly confusing for those more
familiar with the userland policy).
o Restructure p_candebug() logic so that various results are generated
comparing uids, gids, credential changes, and then composed in a
single check before testing for privilege. These tests encapsulate
the "BSD" inter-process debugging policy. Other non-BSD checks remain
seperate. Additional comments are added.
Submitted by: tmm, rwatson
Obtained from: TrustedBSD Project
Reviewed by: petef, tmm, rwatson
o Make <stdint.h> a symbolic link to <sys/stdint.h>.
o Move most of <sys/inttypes.h> into <sys/stdint.h>, as per C99.
o Remove <sys/inttypes.h>.
o Adjust includes in sys/types.h and boot/efi/include/ia64/efibind.h
to reflect new location of integer types in <sys/stdint.h>.
o Remove previously symbolicly linked <inttypes.h>, instead create a
new file.
o Add MD headers <machine/_inttypes.h> from NetBSD.
o Include <sys/stdint.h> in <inttypes.h>, as required by C99; and
include <machine/_inttypes.h> in <inttypes.h>, to fill in the
remaining requirements for <inttypes.h>.
o Add additional integer types in <machine/ansi.h> and
<machine/limits.h> which are included via <sys/stdint.h>.
Partially obtain from: NetBSD
Tested on: alpha, i386
Discussed on: freebsd-standards@bostonradio.org
Reviewed by: bde, fenner, obrien, wollman
really be moved elsewhere: p_candebug() encapsulates the security
policy decision, whereas the P_INEXEC check has to do with "correctness"
regarding race conditions, rather than security policy.
Example: even if no security protections were enforced (the "uids are
advisory" model), removing P_INEXEC could result in incorrect operation
due to races on credential evaluation and modification during execve().
Obtained from: TrustedBSD Project
o Reorder and synchronize #include's, including moving "opt_cap.h" to
above system includes.
o Introduce #ifdef'd kern.security.capabilities sysctl tree, including
kern.security.capabilities.enabled, which defaults to 0.
The rest of the file remains stubs for the time being.
Obtained from: TrustedBSD Project
o POSIX.1e capabilities authorize overriding of VEXEC for VDIR based
on CAP_DAC_READ_SEARCH, but of !VDIR based on CAP_DAC_EXECUTE. Add
appropriate conditionals to vaccess() to take that into account.
o Synchronization cap_check_xxx() -> cap_check() change.
Obtained from: TrustedBSD Project
- Introduce cap_check_td() to reflect suser_td()
- Introduce non-portable cap_from_text2_np(), which converts a
text-form capability to an internal form relative to an existing
capability, and non-portable cap_to_text2_np(), which accepts
a flag argument specifying more about the text output format.
- Introduce CTT_* flags controlling the behavior of
cap_to_text2_np().
Submitted by: tmm
Obtained from: TrustedBSD Project
When we truncate the msgbuf size because the last chunk is too small,
correctly terminate the phys_avail[] array - the VM system tests
the *end* for zero, not the start. This leads the VM startup to
attempt to recreate a duplicate set of pages for all physical memory.
XXX the msgbuf handling is suspiciously different on i386 vs
alpha/ia64...
o Add reference to TrustedBSD Project in license header.
o Update dated comments, including comment in extattr.h claiming that
no file systems support extended attributes.
o Improve comment consistency.
credential selection, rather than reference via a thread or process
pointer. This is part of a gradual migration to suser() accepting
a struct ucred instead of a struct proc, simplifying the reference
and locking semantics of suser().
Obtained from: TrustedBSD Project
- Now that apm loadable module can inform its existence to other kernel
components (e.g. i386/isa/clock.c:startrtclock()'s TCS hack).
- Exchange priority of SI_SUB_CPU and SI_SUB_KLD for above purpose.
- Add simple arbitration mechanism for APM vs. ACPI. This prevents
the kernel enables both of them.
- Remove obsolete `#ifdef DEV_APM' related code.
- Add abstracted interface for Powermanagement operations. Public apm(4)
functions, such as apm_suspend(), should be replaced new interfaces.
Currently only power_pm_suspend (successor of apm_suspend) is implemented.
Reviewed by: peter, arch@ and audit@
us a lot on older Alphas.
Andrew Gallatin, Thomas V. Crimi, and Peter Jeremy contributed to this
work along with the submitter.
Submitted by: Andrew M. Miklic <miklic@home.com>
dedicated" mode. This was specifying that there are 256 (illegal!)
heads on the disk. If bioses store that in a byte, and it gets truncated
to 0, then that almost certainly causes the infamous divide-by-zero
nightmare.
This is also most likely the reason why the Thinkpad T20/A20 series
were locking up when FreeBSD was installed. This is also the most likely
reason why a boot1 being present causes an IA64 box to lock up at boot.
(removing the "part4" stuff from boot1.s fixes the IA64 boxes and would
most likely have fixed the T20/A20 and some TP600E series thinkpads)
booted from it when doing an installkernel.
Only change kern.bootfile from ${DESTDIR}${KODIR}/${KERNEL_KO}
to ${DESTDIR}${KODIR}.old/${KERNEL_KO}, and only when we're renaming
a booted ${DESTDIR}${KODIR}/${KERNEL_KO} kernel.
a temporary fix so that we can compile kernels. I waited 30 minutes
for a response from the person who would likely know, but any longer
is too long to wait with breakage at ToT.
(allocating pv entries w/ zalloci) when called in a loop due to
an madvise(). It is possible to completely exhaust the free page list and
cause a system panic when an expected allocation fails.
called and ip_output() encounters an error and bails (i.e. host
unreachable), we will leak an mbuf. This is because the code calls
m_freem(m0) after jumping to the bad: label at the end of the function,
when it should be calling m_freem(m). (m0 is the original mbuf list
_without_ the options mbuf prepended.)
Obtained from: NetBSD
ifconfig, which expects the address returned by the SIOCGIFNETMASK ioctl
to have a valid sa_family. Similar changes may be necessary for IPv6.
While we're here, get rid of an unnecessary temp variable.
MFC after: 2 weeks
this accross suspend/resume events and this was causing the dreaded false
positive hit on my "static bug" test.
Note: the PCI bus code should do this for us.
Note2: We don't do the same for I/O based pci devices since it is
more code and doesn't appear to be necessary.
Submitted by: Toshiyuki Kawashima-san <tos@fa2.so-net.ne.jp>
Obtained from: bsd-nomads:16012
function symbols in the kernel in a list of C strings, with an extra
nul-termination at the end.
This sysctl requires addition of a new linker operation. Now,
linker_file_t's need to respond to "each_function_name" to export
their function symbols.
Note that the sysctl doesn't currently allow distinguishing multiple
symbols with the same name from different modules, but could quite
easily without a change to the linker operation. This will be a nicety
to have when it can be used.
Obtained from: NAI Labs CBOSS project
Funded by: DARPA
by the profiler on a running system. This is not done sparsely, as
memory is cheaper than processor speed and each gprof mcount() and
mexitcount() operation is already very expensive.
Obtained from: NAI Labs CBOSS project
Funded by: DARPA
- Add a new MIB for battery info expire time in order to make it changeable.
Battery info expire time can be specified by
hw.acpi.battery.info_expire in sec.
- Add own MALLOC type and fix some potential memory leakages.
- Change some frequent printings to verbose printing.
- Stop timeout during acpi_cmbat_get_bst() too. This should reduce
the races with BIF evaluation.
- Remove acpi_cmbat_get_bif() invocation from acpi_cmbat_attach().
This was redundant because this should be called from
acpi_cmbat_timeout() now.
hooks depending on ethertype. Great for prototyping protocols.
connects to the lower and upper hooks of an ethernet type of node.
Obtained from: Monzoon Networks.
Thanks to Andre Oppermann, May 2001.
Remove asm functions to call the openfirmware and kernel entry points;
we can just call them directly.
Don't use the stack pointer for an intermediate result in setx.
Put the stack in the bss.
- Give a guaranteed minimum cooling run time to avoid too frequent
cooling system On/Off switching. The minimum cooling run time can be
specified by hw.acpi.thermal.min_runtime in sec.
- Refine message printing (_AC-1 -> NONE).
- Add verbose mode enable/disable capability by hw.acpi.verbose in bool.
Reviewed by: acpi-jp@ folks
is npx.c's job and setting it here breaks the edit-time option of not
setting it in npx.c. (It is not set in the right places for the SMP
case, but always setting it here is harmless because there isn't even
an edit-time option to not set it.)
* Implement a fairly simplistic parser for unwinding stack frames.
* Use unwind records for DDB's 'trace' command. Also add support for
tracing past exceptions to the context which generated the exception.
The stack unwind code requires a toolchain based on binutils-2.11.2 or
later and gcc-3.0.1 or later.
starts at offset 8; not 6. Hence the structure is 12 bytes and
not 10 bytes. Adjust the definition so that the ProcessorEnabled
flag is moved from bit 15 to bit 31 in the Flags field.
The definition now matches ACPI 2.0 Errata 1.5.
do it as a side-effect of probing for MP hardware. This allows
us to scan for local SAPICs early (especially before MBUF
initialization).
o Fix the Local SAPIC structure so that matches the Local SAPIC
table entry. Now that the Local SAPIC info is the same as the
Local APIC info, stop dumping the Local APIC entries.
o For every Local SAPIC entry in the MADT that's not disabled,
let the SMP code know about it. They represent actual CPUs.
o Register the OS_BOOT_RENDEZ entry point and provide a (bogus)
implementation for the entry point.
o Provide a mapping for internal IPI numbers to ExtINT vectors.
o In a MP system, announce the CPUs and start them by sending
IPI_AP_WAKEUP to each of them. Not that it makes a difference
at this time :-)
o Miscellaneous style fixes and other adjustments.
number) instead of allocating next free unit for them. If someone needs
fixed place, he must specify it correctly. "Allocating next" is especially bad
because leads to double device detection and to "repeat make_dev panic" as
result. This can happens if the same devices present somewhere on PCI bus,
hints and ACPI. Making them present in one place only not always
possible, "sc" f.e. can't be removed from hints, it results to no console at
all.
2) In make_device(), detect when devclass_add_device() fails, free dev and
return. I.e. add missing error checking. This part needed to finish fix in 1),
but must be done this way in anycase, with old variant too.
non-existent disk in a legacy /dev on a DEVFS system would panic the system
if stat(2)'ed.
Do not whine about anonymous device nodes not having a si_devsw, they're
not supposed to.
Make it a panic to repeat make_dev() or destroy_dev(), this check
should maybe be neutered when -current goes -stable.
Whine if devsw() is called on anon dev_t's in a devfs system.
Make a hack to avoid our lazy-eval disk code triggering the above whine.
Fix the multiple make_dev() in disk code by making ${disk}${unit}s${slice}
an alias/symlink to ${disk}${unit}s${slice}c
linux_emul_path anyway. Linux_emul_find() has interesting bugs in its
prefix handling (which luckily are not currently exploitable); this
commit is preliminary to an attempt at cleaning it up.
Approved by: marcel
it has not yet returned. Use this flag to deny debugging requests while
the process is execve()ing, and close once and for all any race conditions
that might occur between execve() and various debugging interfaces.
Reviewed by: jhb, rwatson