Commit Graph

102882 Commits

Author SHA1 Message Date
Christian S.J. Peron
8bac4dbf71 Add a warning note to security.jail.allow_raw_sockets
about the risks of enabling raw sockets in prisons.

Because raw sockets can be used to configure and interact
with various network subsystems, extra caution should be
used where privileged access to jails is given out to
untrusted parties. As such, by default this option is disabled.

A few others and I are currently auditing the kernel
source code to ensure that the use of raw sockets by
privledged prison users is safe.

Approved by:	bmilekic (mentor)
2004-06-01 00:25:44 +00:00
Doug Barton
7934cbe0d3 Remove duplicates of the "wherever you go, there you are" fortune,
quote directly from the movie, and give a better attribution (with
correct spelling) for Buckaroo Banzai.
2004-06-01 00:16:32 +00:00
Max Laier
1fb675e712 "Get rid of the nested include of <sys/module.h> from <sys/kernel.h>" or
better do no longer depend on it.

Requested-by:	phk
Approved-by:	bms(mentor)
2004-05-31 22:48:19 +00:00
Bosko Milekic
099a0e588c Bring in mbuma to replace mballoc.
mbuma is an Mbuf & Cluster allocator built on top of a number of
extensions to the UMA framework, all included herein.

Extensions to UMA worth noting:
  - Better layering between slab <-> zone caches; introduce
    Keg structure which splits off slab cache away from the
    zone structure and allows multiple zones to be stacked
    on top of a single Keg (single type of slab cache);
    perhaps we should look into defining a subset API on
    top of the Keg for special use by malloc(9),
    for example.
  - UMA_ZONE_REFCNT zones can now be added, and reference
    counters automagically allocated for them within the end
    of the associated slab structures.  uma_find_refcnt()
    does a kextract to fetch the slab struct reference from
    the underlying page, and lookup the corresponding refcnt.

mbuma things worth noting:
  - integrates mbuf & cluster allocations with extended UMA
    and provides caches for commonly-allocated items; defines
    several zones (two primary, one secondary) and two kegs.
  - change up certain code paths that always used to do:
    m_get() + m_clget() to instead just use m_getcl() and
    try to take advantage of the newly defined secondary
    Packet zone.
  - netstat(1) and systat(1) quickly hacked up to do basic
    stat reporting but additional stats work needs to be
    done once some other details within UMA have been taken
    care of and it becomes clearer to how stats will work
    within the modified framework.

From the user perspective, one implication is that the
NMBCLUSTERS compile-time option is no longer used.  The
maximum number of clusters is still capped off according
to maxusers, but it can be made unlimited by setting
the kern.ipc.nmbclusters boot-time tunable to zero.
Work should be done to write an appropriate sysctl
handler allowing dynamic tuning of kern.ipc.nmbclusters
at runtime.

Additional things worth noting/known issues (READ):
   - One report of 'ips' (ServeRAID) driver acting really
     slow in conjunction with mbuma.  Need more data.
     Latest report is that ips is equally sucking with
     and without mbuma.
   - Giant leak in NFS code sometimes occurs, can't
     reproduce but currently analyzing; brueffer is
     able to reproduce but THIS IS NOT an mbuma-specific
     problem and currently occurs even WITHOUT mbuma.
   - Issues in network locking: there is at least one
     code path in the rip code where one or more locks
     are acquired and we end up in m_prepend() with
     M_WAITOK, which causes WITNESS to whine from within
     UMA.  Current temporary solution: force all UMA
     allocations to be M_NOWAIT from within UMA for now
     to avoid deadlocks unless WITNESS is defined and we
     can determine with certainty that we're not holding
     any locks when we're M_WAITOK.
   - I've seen at least one weird socketbuffer empty-but-
     mbuf-still-attached panic.  I don't believe this
     to be related to mbuma but please keep your eyes
     open, turn on debugging, and capture crash dumps.

This change removes more code than it adds.

A paper is available detailing the change and considering
various performance issues, it was presented at BSDCan2004:
http://www.unixdaemons.com/~bmilekic/netbuf_bmilekic.pdf
Please read the paper for Future Work and implementation
details, as well as credits.

Testing and Debugging:
    rwatson,
    brueffer,
    Ketrien I. Saihr-Kesenchedra,
    ...
Reviewed by: Lots of people (for different parts)
2004-05-31 21:46:06 +00:00
Hajimu UMEMOTO
251b48a1bb Treat IPv4 private address as global scope rather than site scope.
Though it breaks RFC 3484, without this change, dest addr selection
doesn't work well under NAT environment.
2004-05-31 21:09:14 +00:00
Robert Watson
e79962dbce Assert Giant in vn_start_write() and vn_finished_write(). 2004-05-31 20:56:10 +00:00
Tim Kientzle
e5572b4b7c Correction: -h should be a synonym for -L, not -H.
(as specified by Linux Standards Base, GNU tar, and 4.4BSD documentation)
2004-05-31 20:22:41 +00:00
Bosko Milekic
d1fd2228b8 Giant wasn't dropped here if we have to return EBUSY. This is bad. 2004-05-31 20:21:06 +00:00
Hajimu UMEMOTO
4d489f472b use source address as a hint to determine destination address.
Obtained from:	KAME
2004-05-31 19:27:54 +00:00
Robert Watson
69af1dccdc Release NFS subsystem lock and acquire Giant when calling into
vn_start_write().
2004-05-31 19:08:22 +00:00
Robert Watson
9e6127fe3b Assert Giant in vrele(). 2004-05-31 19:06:01 +00:00
Yaroslav Tykhiy
95e7417b25 MFC: cron(8) -j and -J options. 2004-05-31 17:27:01 +00:00
Kirill Ponomarev
b4a1d9299a - Fix typo
Approved by:	tobez
2004-05-31 16:55:12 +00:00
Robert Watson
4fa649df8e Add an assertion that nfssvc() isn't called with Giant.
Add two additional pairs of assertions, one at the end of the NFS
server event loop, and one one exit from the NFS daemon, that
assert that if debug.mpsafenet is enabled, Giant is not held, and
that if it is not enabled, Giant will be held.  This is intended
to support debugging scenarios where Giant is "leaked" during NFS
processing.
2004-05-31 16:32:49 +00:00
Nicolas Souchu
4f16b8b190 Necessary modifications do get pcf working again for ISA. Tested with
my Elektor card. Note that the hints are necessary to specify the
IO base of the pcf chip. This enables to check the IO base when the
probe routine is called during ISA enumeration.

The interrupt driven code is mixed with polled mode, which is wrong
and produces supposed spurious interrupts at each access. I still have
to work on it.
2004-05-31 14:24:21 +00:00
Tim J. Robbins
58d122c2e5 Use __isctype() instead of __istype() for iswdigit() and iswxdigit() for
consistency with <ctype.h>.
2004-05-31 12:44:50 +00:00
Denis Peplin
e6deb0d6ab Add russian translation for hardware notes and connect it to the build
Build proc-alpha from english sources

Obtained from:	The FreeBSD Russian Documentation Project
2004-05-31 11:43:25 +00:00
Takanori Watanabe
92fae6e79e Devclass have to be shared with same 'pcm' devclass, or
unit management will corrupt.
2004-05-31 11:38:46 +00:00
Kris Kennaway
0adbaf30d9 Add common share/locale directories (everything used by >= 5 ports [1]) and
/usr/local/www

[1] Semi-arbitrary cutoff, but I didn't want to add every locale directory
    used by ports, because a lot are only used by one or two, and it's less
    intrusive for these ports to just clean up after themselves.

MFC after:	2 days
2004-05-31 07:34:40 +00:00
Robert Watson
30bef9add8 The NFS server modevent code manually patches the system call table to
install nfssvc().  It also updates the argument count, but did so
without setting SYF_MPSAFE, effectively removing the MPSAFE flag even
when syscalls.master indicates it doesn't require Giant.  This change
forces the modevent to set MPSAFE as a flag to its internal notion of
an argument coutn.

Note: this duplication of information is a bad thing, but is a more
general problem I'm not currently willing to address.
2004-05-31 00:59:10 +00:00
Warner Losh
a757985cec Include <machine/bus.h> and <machine/resource.h> here (only in the
kernel).  No other sys/*.h file requires machine/foo.h to be included
before it.  In addition, all the files that include rman.h would need
to include those two anyway.  From these two perspectives, it is
traditional to include things like this.

This lets us stop treating sys/rman.h specially in every bus frontend
file.
2004-05-30 23:08:53 +00:00
Robert Watson
73a4c21f28 One more case where we want to drop the NFS server lock and acquire
Giant when entering VFS.  Discovered by code inspection; still not
hit without debug.mpsafenet=1.

Reported by:	bmilekic
2004-05-30 22:59:54 +00:00
Robert Watson
53f137e9d3 Acquire Giant around two more cases when calling into VFS to vput()
a vnode.  Not bumped into with asserts in the main tree because we
run the NFS server with Giant by default.  Discovered by inspection.

Complete annotations of Giant acquisition/release to note that it's
only because of VFS that we acquire Giant in most places in the NFS
server.
2004-05-30 22:41:43 +00:00
Scott Long
2c81db6cb5 Turn down the queue size by 8 until I can figure out why the 512th command
keeps on getting lost.
2004-05-30 22:40:28 +00:00
Alan Cox
e363785643 Remove a stale comment: PG_DIRTY and PG_FILLED were removed in
revisions 1.17 and 1.12 respectively.
2004-05-30 20:48:15 +00:00
Poul-Henning Kamp
77409fe148 Add missing #include <sys/module.h> 2004-05-30 20:34:58 +00:00
Brian Somers
ba8271157b Describe pkg_version_index
Reviewed by:	joe
2004-05-30 20:32:00 +00:00
Poul-Henning Kamp
5dba30f15a add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
Poul-Henning Kamp
fe12f24bb0 Add missing <sys/module.h> includes 2004-05-30 20:08:47 +00:00
Poul-Henning Kamp
f11d01c3bc Add missing <sys/module.h> includes 2004-05-30 20:00:41 +00:00
Poul-Henning Kamp
887ae9a1d2 Zap a redundant NULL 2004-05-30 18:04:06 +00:00
Poul-Henning Kamp
41ee9f1c69 Add some missing <sys/module.h> includes which are masked by the
one on death-row in <sys/kernel.h>
2004-05-30 17:57:46 +00:00
Lukas Ertl
b3db79c7a1 Fix typo. 2004-05-30 17:40:39 +00:00
David Malone
bde800e688 Make the comment for DLT_NULL slightly more accurate.
PR:		62272
Submitted by:	Radim Kolar <hsn@netmag.cz>
MFC after:	1 week
2004-05-30 17:03:48 +00:00
David Malone
b0286e3d31 Use miligram rather than mg in the definition of carats.
PR:		61451
Submitted by:	Tony Monroe <tmonroe+freebsd@nog.net>
2004-05-30 16:09:12 +00:00
Poul-Henning Kamp
a041b840d2 struct cpu_nameclass is a private to identcpu.c, move it there. 2004-05-30 15:16:07 +00:00
Yoshihiro Takahashi
a83e8010cc Merged from sys/dev/fdc/fdc.c revision 1.272. 2004-05-30 13:56:06 +00:00
David Malone
2b1071b296 Also terminate program names if we hit a '/' - this is to be slightly
more friendly to postfix log messages.

PR:		50912
Submitted by:	Stanislav Lapshansky <slapsh@slapsh.pp.ru>
2004-05-30 10:34:58 +00:00
David Malone
2c8aff0a04 Use a better way to calculate POINTER_WIDTH suggested by pjd@. 2004-05-30 10:10:41 +00:00
David Malone
0f2ffc4e31 A log file name may now be prefixed by a '-' if it should not be
explicitly fsynced after kernel messages are logged. This option
should be syntax compatible with a similar option in Linux syslogd.

I've made some small changes to Pekka's patch, hoepfully I haven't
goofed anything.

PR:		66790
Submitted by:	Pekka Savola <pekkas@netcore.fi>
Obtained from:	Martin Schulze's syslogd
MFC after:	1 month
2004-05-30 10:04:03 +00:00
Stefan Farfeleder
8b5cd5a662 Add implementations for cimag{,f,l}, creal{,f,l} and conj{,f,l}. They are
needed for cases where GCC's builtin functions cannot be used and for
compilers that don't know about them.

Approved by:	das (mentor)
2004-05-30 09:21:56 +00:00
Stefan Farfeleder
2e3cf2039b Include <string.h> rather than <strings.h> for string function prototypes.
Approved by:	das (mentor)
2004-05-30 08:59:10 +00:00
Stefan Farfeleder
1eff217426 The file pt_tcplisten.c lacks the $FreeBSD$ keyword. Use the opportunity to
change all files to __FBSDID.

Approved by:	das (mentor)
2004-05-30 08:54:27 +00:00
Stefan Farfeleder
fe1737b6f3 Remove the macros for creal{,f} and cimag{,f}. They failed to convert their
arguments to the needed type and so the result type depended on the argument
type.  Fixing them isn't really worth the effort because GCC emits the same
assembler code with or without them.

Not minded by:	ru
Approved by:	das (mentor)
2004-05-30 08:47:12 +00:00
Alan Cox
b59f545aa2 MFi386 revision 1.6
Reenable ithread preemption for interrupts that occur while executing in
 the kernel.
2004-05-30 04:49:39 +00:00
Scott Long
dd83a01e81 Use a unique malloc type rather than M_DEVBUF. 2004-05-30 04:01:29 +00:00
MIHIRA Sanpei Yoshiro
f7ec9a7547 check interface number
Kyocera AH-K3001V has 2 data interface.  But we could use only one
interface(id = 0)

PR:		kern/66779
Submitted by:	Togawa Satoshi <toga@puyo.org>
2004-05-30 01:48:04 +00:00
Hiten Pandya
76ce6ff787 Correct typo, vm_page_list_find() is called vm_pageq_find() for quite a
long time, i.e., since the cleanup of the VM Page-queues code done two
years ago.

Reviewed by:	Alan Cox <alc at freebsd.org>,
            	Matthew Dillon <dillon at backplane.com>
2004-05-30 00:42:38 +00:00
Tim Kientzle
de10ed4154 Permit (but ignore) -Z with -x or -t, now that libarchive
recognizes and decompresses .Z format.
2004-05-30 00:09:43 +00:00
David Malone
3b7e120185 Try to be more careful about using using the file descriptor f_file.
Syslogd should ensure that f_file is a valid file descriptor when
f_type is FILE, CONSOLE, TTY and for a PIPE where f_pid > 0. If the
descriptor is closed/invalid then the type should be set to UNUSED
or the pid should be set to 0.

To this end:
1) Don't close(f->f_file) if we can't send a message to a remote
   host because the file descriptor used for remote logging is
   stored in finet, not in f->f_file. f->f_file is probably
   uninitialised, so I guess we usually end up closing fd 0.
2) Don't close PIPE file descriptors if they are invalid.
3) If the call to p_open fails, don't set the pid.

The OpenBSD patches in this area set f_file to -1 after the fd is
closed and then avoids calling close if f_file < 0. I haven't done
this, but it might be a good idea too.

Inspired by:	PR 67139/OpenBSD
2004-05-30 00:02:19 +00:00