behave as expected.
Also:
- Return an error if WD_PASSIVE is passed in to the ioctl as only
WD_ACTIVE is implemented at the moment. See sys/watchdog.h for an
explanation of the difference between WD_ACTIVE and WD_PASSIVE.
- Remove the I_HAVE_TOTALLY_LOST_MY_SENSE_OF_HUMOR define. If you've
lost your sense of humor, than don't add a define.
Specific changes:
i80321_wdog.c
Don't roll your own passive watchdog tickle as this would defeat the
purpose of an active (userland) watchdog tickle.
ichwd.c / ipmi.c:
WD_ACTIVE means active patting of the watchdog by a userland process,
not whether the watchdog is active. See sys/watchdog.h.
kern_clock.c:
(software watchdog) Remove a check for WD_ACTIVE as this does not make
sense here. This reverts r1.181.
revision 1.199
date: 2004/09/24 08:30:57; author: phk; state: Exp; lines: +0 -1
Remove the cdevsw() function which is now unused.
(the log is wrong, it was really devsw that was removed).
# we really need to actually document the functions in sys/conf.h as well
# as things like d_open...
which allows to use it with different kinds of locks. For example it allows
to implement Solaris conditions variables which will be used in ZFS port on
top of sx(9) locks.
Reviewed by: jhb
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
suser(td) -> priv_check(td, priv)
suser_cred(cred, flags) -> priv_check_cred(cred, priv, flags)
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.
1.198 of "sys/sys/vnode.h". Remove a cross-reference to a manual
page that never existed.
---------------------------------------------------------------------- CVS:
PR: Fill this in if a GNATS PR is affected by the
change. CVS: Submitted by: Fill this in if someone else sent
in the change. CVS: Reviewed by: Fill this in if someone else
reviewed your modification. CVS: Approved by: Fill this in if
you needed approval for this commit. CVS: Obtained from: Fill
this in if the change is from third party software. CVS: MFC after:
N [day[s]|week[s]|month[s]] CVS: Fill in to get MFC notification
later. (days assumed unless specified) CVS:
---------------------------------------------------------------------- CVS:
Enter Log. Lines beginning with `CVS:' are removed automatically
pages existed only for the dynamic sysctl interfaces. There's probably
more complete and accurate content, better advice, etc, that could be added
here.
Per scottl's suggest, add a small piece of moralizing text regarding the
fact that sysctl names quickly get embedded in system configuration files,
libraries, third party applications, and even books, so renaming and
removing names after they've been published is a tricky issue.
MFC after: 1 month
- Describe msleep() as the primary sleep function now rather than tsleep()
and describe tsleep() and msleep_spin() as variations.
- Try to make the description of msleep() a bit closer to English
(sentences with actual subjects, etc.)
- Document that a priority of 0 now prevents the thread's priority from
being altered.
- Add a history note for wakeup_one().
It detects both: buffer underflows and buffer overflows bugs at runtime
(on free(9) and realloc(9)) and prints backtraces from where memory was
allocated and from where it was freed.
Tested by: kris
specially crafted module. There are several handrolled sollutions to this
problem in the tree already which will be replaced with this. They include
iwi(4), ipw(4), ispfw(4) and digi(4).
No objection from: arch
MFC after: 2 weeks
X-MFC after: some drivers have been converted
function in years.
- Change the 'ident' paramters to 'wchan' to match <sys/systm.h>.
- Use 'otherwise' in place of 'else' in one place so that this reads like
English rather than C.
- Document the new msleep_spin() function.
- Add history notes for msleep() and msleep_spin().
USB device drivers use to talk to USB devices. This is probably
still a bit rough and it does not yet include the functions specific
to HID, ethernet, hubs, host controller drivers, task threads or
debugging.
ago. Document the real behavior of bus_dma_tag_create, bus_dmamap_load,
and other functions. Also document their arguments and return values.
MFC After: 3 days
probed and attached, not on the first call to device_get_softc().
- Add a cross reference to DEVICE_PROBE regarding the caveats of using the
softc in a driver's probe routine.
- Fix a grammar bogon.
PR: docs/87176 (1)
Submitted by: Devon H. O'Dell dodell at offmyserver dot com (1)
MFC after: 3 days
microtime to bintime. However, one standaline .Nm wasn't changed, and as
a result, the manpage claimed that bintime was added in both 5.0 and 3.0.
Fix by listing microtime explicitly.
- Fix a grammar bogon.
PR: docs/87147 (1)
Submitted by: Matthew Luckie (1)
MFC after: 3 days
- Remove references to cpu_critical_*() as they no longer exist.
- Explain that any preemptions that occur during a critical section are
deferred until the current thread exits the section.
- Remove a bogus example usage of a critical section.
- Note that one can interlock critical sections with spin mutexes in
certain situations.
MFC after: 3 days
replacement and has additional features which make it superior.
Discussed on: -arch
Reviewed by: thompsa
X-MFC-after: never (RELENG_6 as transition period)
- Add arm and ppc to the list of archs not supporting operations on 64-bit
integers.
- Update the sample code for acquiring a mutex to be more recent and to
take into account the recent atomic_foo_ptr() changes.
MFC after: 1 week
- Replace 'process' with 'thread' everywhere.
- Update several places to note that that the fact that default mutexes
may adaptively spin isn't necessarily MD, but is just part of the
implementation as a whole.
- Clarify the text about MTX_SPIN mutexes only being appropriate for
INTR_FAST interrupts or other low level scheduler code to make the
jargon more FreeBSD-ish rather than BSD/OS-ish.
- Also, note that it is possible that interrupts aren't blocked but just
deferred when a spin lock is held (the whole blocked vs. deferred bit is
an MD implementation detail).
- Remove statements saying that spin locks must be released in the exact
opposite order that they were acquired. This stopped being true several
years ago when we first added critical sections that stored their state
in the current thread rather than in struct mtx.
- Note that a mutex must be initialized before it is passed to any other
mutex function, not just mtx_lock.
- Clarify that mtx_trylock() only operates on MTX_DEF mutexes.
- Simplify the text about possible preemption during a mtx_unlock().
- Use complete English sentences in place of phrases in a few places.
- Clarify that it isn't ever safe to sleep with a mutex held. The kernel
tends to panic when you do that.
Requested by: scottl (7)
MFC after: 3 days
does not return a list of ASCII NUL terminated strings.
Instead, a list of attribute names is returned, where each
list entry consists of one byte for the name length, followed
by the name, without a terminating ASCII NUL.
This in similar to change 1.17 to extattr_get_file.2
Reviewed by: rwatson, ru
and return a printable representation.
This fixes recognition of the PC Engines WRAP and improves the
recognition of the Soekris boards (Bios version can now be
seen in the dmesg output for instance).
Also, add watchdog support for PCM-582x platforms.
Submitted by: Adrian Steinmann <ast@marabu.ch>
Slightly changed by: phk
PR: 81360
implementation. I took the NetBSD man page, and hacked it to, I hope,
to reflect the preliminary version of the bus space that Justin Gibbs
committed as part of the CAM integration in FreeBSD 3.0.
This isn't perfect, but it is better than we have now (which is, ahem,
nothing). Please coordinate changes to the file through me through
the 6.0 release.
Approved by: re (blanket for this one file)
phys_start and phys_end.
Remove a stale documentation not about dis/uncontiguous memory.
Update manual page date while I am around these ends.
Reviewed by: alc
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.
This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.
Other changes of note:
- Struct arpcom is no longer referenced in normal interface code.
Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
To enforce this ac_enaddr has been renamed to _ac_enaddr.
- The second argument to ether_ifattach is now always the mac address
from driver private storage rather than sometimes being ac_enaddr.
Reviewed by: sobomax, sam
than defaulting the cmode argument to vn_open() to 0. Supply a default
argument of ALQ_DEFAULT_CMODE (0600) in current callers.
Discussed with/pointed out by: hmp
Reveiwed by: jeff, hmp
MFC after: 3 days
instances in a given devclass. This is useful for systems that want to
call code in driver static methods, similar to device_identify().
Reviewed by: dfr
MFC after: 2 weeks
alignment restrictive, and help performance on some ethernet cards which
currently copy the entire packet a couple bytes to get the packet aligned
properly...
Wordsmithing by: dwhite
Obtained from: NetBSD (code only)
I'll clean it up later: rwatson
is the highest acceptable value for the ending of the resource being
allocated. One could also believe that it is the highest starting
value of the resource. The code definitely expects the former, but I
could find no documentation of this apart from TFSC.
clock time to uptime because wall clock time may go backwards.
This is a change in the API which will impact SNMP agents who are using
ifi_epoch to set RFC2233's ifCounterDiscontinuityTime. None are know to
exist today. This will not impact applications that are using the
<index, epoch> tuple to verify interface uniqueness except that it
eliminates a race which could lead to a false assumption of uniqueness.
Because this is a behavior change, bump __FreeBSD_version.
Discussed with: re (jhb, scottl)
MFC after: 3 days
Pointed out by: pkh (way back at EuroBSDCon)
Pointy hat: brooks
holding the mutex, say it will "block". Later in this manual page
we say that sleeping while holding a mutex isn't allowed, and this
can be confusing.
Submitted by: jhb
with other profiling and debugging options, such as INVARIANTS, WITNESS,
kernel profiling, etc. They all interfere with each other nastily and
will generate fairly useless results.
callout is first initialised, using a new function callout_init_mtx().
The callout system will acquire this mutex before calling the callout
function and release it on return.
In addition, the callout system uses the mutex to avoid most of the
complications and race conditions inherent in asynchronous timer
facilities, so mutex-protected callouts have much simpler semantics.
As long as the mutex is held when invoking callout_stop() or
callout_reset(), then these functions will guarantee that the callout
will be stopped, even if softclock() had already begun to process
the callout.
Existing Giant-locked callouts will automatically pick up the new
race-free semantics. This should close a number of race conditions
in the USB code and probably other areas of the kernel too.
There should be no change in behaviour for "MP-safe" callouts; these
still need to use the techniques mentioned in timeout(9) to avoid
race conditions.
when using the callout subsystem. Show how the callout_pending(),
callout_active() and callout_deactivate() macros can be used to
achieve simpler race-free callout semantics in many situations.
location of a PCI device in the system chassis.
Remove the note about PAE.
Update document date.
Update my email address.
Update copyright.
MFC after: 1 week
descriptions of items from each other and have related things appear
in the same nesting 'level'.
The .Fn function/macro, and bump document date.
Reviewed by: jkoshy
list for the valid flag values. This way, if VFS_UNMOUNT(9) supports
more flags in the future, adding a single list item is going to be
easy and all the flags are going to be in one place.
and copyright statements in a comment that begins with /*-. Document
this tradition. A strict adherence to this rule will help resellers
that wish to publish all copyright notices, generated automatically
from the tree. There are too many variant licenses to do it purely
by more complicated pattern matching.
indicate how m_tags might be used, and what their high level properties
are. This may help developers using tags get a more clear picture
before delving into the technical details of ABI cookies and API calls.
Suggested by: Rene de Vries <rene at canyon dot xs4all dot nl>
and make it visible (same way as in OpenBSD). Describe usage in manpage.
This change is useful for creating custom free methods, which
call default free method at their end.
While here, make malloc declaration for mbuf tags more informative.
Approved by: julian (mentor), sam
MFC after: 1 month
We return ENOBUF to indicate the problem, which is an errno that should be
handled well everywhere.
Requested & Submitted by: green
Silently okay'ed by: The rest of the firewall gang
MFC after: 3 days
- remove RTF_PRCLONING
- add rt_mtx field
- rename rt_metrics -> rt_metrics_lite
- mention that only 3 metrics are really used in rt_metrics_lite
Reviewed by: ru, andre
passing along socket information. This is required to work around a LOR with
the socket code which results in an easy reproducible hard lockup with
debug.mpsafenet=1. This commit does *not* fix the LOR, but enables us to do
so later. The missing piece is to turn the filter locking into a leaf lock
and will follow in a seperate (later) commit.
This will hopefully be MT5'ed in order to fix the problem for RELENG_5 in
forseeable future.
Suggested by: rwatson
A lot of work by: csjp (he'd be even more helpful w/o mentor-reviews ;)
Reviewed by: rwatson, csjp
Tested by: -pf, -ipfw, LINT, csjp and myself
MFC after: 3 days
LOR IDs: 14 - 17 (not fixed yet)
compile option. All FreeBSD packet filters now use the PFIL_HOOKS API and
thus it becomes a standard part of the network stack.
If no hooks are connected the entire packet filter hooks section and related
activities are jumped over. This removes any performance impact if no hooks
are active.
Both OpenBSD and DragonFlyBSD have integrated PFIL_HOOKS permanently as well.
when it won't be called. The old wording was correct, but not
sufficiently specific to understand when and how it would be called.
The new wording describes the current implementation's usage (which
should be updated if other appropriate times are decided upon),
specifically that it is called only when the load operation is
deferred to keep the locking state consistent. When the operation
isn't deferred, the calling routine is assumed to have a coherent
locking world.
Reviewed by: scottl
the arguments to bus_dmamap_load, so don't use '...' but list the
actual args. '...' usually means a variable number of args (cf
printf(3)), but bus_dmamap_load takes a fixed number of arguments.
to just before bus_dmamem_free, which is (a) more logical; (b) likely
what was originally intended and (c) matches the order in the NAME and
FUNCTIONS sections.
consumer and 'bio_pflags' which can be used by provider.
- Remove BIO_FLAG1 and BIO_FLAG2 flags. From now on new fields should be
used for internal flags.
- Update g_bio(9) manual page.
- Update some comments.
- Update GEOM_MIRROR, which was the only one using BIO_FLAGs.
Idea from: phk
Reviewed by: phk
somewhat clearer, but more importantly allows for a consistent naming
scheme for suser_cred flags.
The old name is still defined, but will be removed in a few days (unless I
hear any complaints...)
Discussed with: rwatson, scottl
Requested by: jhb
Add a MOD_QUIESCE event for modules. This should return error (EBUSY)
of the module is in use.
MOD_UNLOAD should now only fail if it is impossible (as opposed to
inconvenient) to unload the module. Valid reasons are memory references
into the module which cannot be tracked down and eliminated.
When kldunloading, we abandon if MOD_UNLOAD fails, and if -force is
not given, MOD_QUIESCE failing will also prevent the unload.
For backwards compatibility, we treat EOPNOTSUPP from MOD_QUIESCE as
success.
Document that modules should return EOPNOTSUPP for unknown events.
