Commit Graph

174780 Commits

Author SHA1 Message Date
Jung-uk Kim
04704c638e Remove fictitious support for 80386-class CPUs from bsd.cpu.mk and make(1).
It was removed from head more than 8 years ago (see r137784 and r137785).

Reviewed by:	imp, delphij, dim
2012-12-03 19:27:31 +00:00
Dimitry Andric
3861d79fd7 Upgrade our copy of llvm/clang to r168974, from upstream's release_32
branch.  This is effectively llvm/clang 3.2 RC2; the 3.2 release is
coming soon.
2012-12-03 19:24:08 +00:00
Xin LI
21fa654189 MFV: less v456. 2012-12-03 19:00:23 +00:00
Xin LI
fcf6d6d329 Vendor import of less v456 (beta). 2012-12-03 18:58:12 +00:00
Xin LI
2740382ebd Use SA_ZPL_CRTIME instead of SA_ZPL_CTIME for creation time.
Submitted by:	phil.stone at gmx.com
MFC after:	2 weeks
2012-12-03 04:25:37 +00:00
Ulrich Spörlein
67897cfb90 Fix make depend. 2012-12-02 22:18:01 +00:00
Robert Watson
e0fb6dc33f Specifically point at the Handbook instructions for world updates in
UPDATING by URL.

As there has been some confusion over the need to run "mergemaster -p",
part of our standard upgrade procedure, following the recent addition of
an "auditdistd" user, add a note about it to UPDATING explicitly.
2012-12-02 22:09:16 +00:00
Alexander V. Chernikov
f079a0fa8c Fix bpf_if structure leak introduced in r235745.
Move all such structures to delayed-free lists and
delete all matching on interface departure event.

MFC after:	1 week
2012-12-02 21:43:37 +00:00
Peter Wemm
248da532a4 Add auditdistd to the pre-install required uid check list. 2012-12-02 21:32:45 +00:00
Rui Paulo
c960a2ad1d Run cscope with the -v parameter to make it more user-friendly. 2012-12-02 20:51:24 +00:00
Antoine Brodin
047838e45a Add more obsolete files. 2012-12-02 18:57:02 +00:00
Eitan Adler
dec3a11b26 Add a few more translations from IDs to model name.
Submitted by:	"4721@hushmail.com" <4721@hushmail.com>
Approved by:	cperciva (implicit)
MFC after:	2 weeks
2012-12-02 18:41:22 +00:00
Eitan Adler
bff5138029 Add support for hdmi hda codec onboard nvidia gt 440 graphics card
PR:		kern/174059
Submitted by:	"4721@hushmail.com" <4721@hushmail.com>
Approved by:	cperciva (implicit)
MFC after:	2 weeks
2012-12-02 17:54:52 +00:00
Dimitry Andric
13cc256e40 Vendor import of clang release_32 branch r168974 (effectively, 3.2 RC2):
http://llvm.org/svn/llvm-project/cfe/branches/release_32@168974
2012-12-02 13:20:44 +00:00
Dimitry Andric
522600a229 Vendor import of llvm release_32 branch r168974 (effectively, 3.2 RC2):
http://llvm.org/svn/llvm-project/llvm/branches/release_32@168974
2012-12-02 13:10:19 +00:00
Adrian Chadd
974185bb13 Don't grab the PCU lock inside the TX lock. 2012-12-02 06:50:27 +00:00
Adrian Chadd
375307d411 Delete the per-TXQ locks and replace them with a single TX lock.
I couldn't think of a way to maintain the hardware TXQ locks _and_ layer
on top of that per-TXQ software queuing and any other kind of fine-grained
locks (eg per-TID, or per-node locks.)

So for now, to facilitate some further code refactoring and development
as part of the final push to get software queue ps-poll and u-apsd handling
into this driver, just do away with them entirely.

I may eventually bring them back at some point, when it looks slightly more
architectually cleaner to do so.  But as it stands at the present, it's
not really buying us much:

* in order to properly serialise things and not get bitten by scheduling
  and locking interactions with things higher up in the stack, we need to
  wrap the whole TX path in a long held lock.  Otherwise we can end up
  being pre-empted during frame handling, resulting in some out of order
  frame handling between sequence number allocation and encryption handling
  (ie, the seqno and the CCMP IV get out of sequence);

* .. so whilst that's the case, holding the lock for that long means that
  we're acquiring and releasing the TXQ lock _inside_ that context;

* And we also acquire it per-frame during frame completion, but we currently
  can't hold the lock for the duration of the TX completion as we need
  to call net80211 layer things with the locks _unheld_ to avoid LOR.

* .. the other places were grab that lock are reset/flush, which don't happen
  often.

My eventual aim is to change the TX path so all rejected frame transmissions
and all frame completions result in any ieee80211_free_node() calls to occur
outside of the TX lock; then I can cut back on the amount of locking that
goes on here.

There may be some LORs that occur when ieee80211_free_node() is called when
the TX queue path fails; I'll begin to address these in follow-up commits.
2012-12-02 06:24:08 +00:00
Alfred Perlstein
e002ac8f81 Document maxthreads and minthreads arguments 2012-12-02 05:57:53 +00:00
Rick Macklem
a3ef369298 Document the "-m" option added by r243783.
This is a content change.

Reviewed by:	alfred
MFC after:	2 weeks
2012-12-02 01:25:19 +00:00
Rick Macklem
a6c903b8d4 Add a "-m" option to nfsstat, which dumps out the
actual options used by all NFS mounts. Works for
the new/default NFS client only.

Reviewed by:	alfred
MFC after:	2 weeks
2012-12-02 01:20:43 +00:00
Rick Macklem
99d2727d67 Add an nfssvc() option to the kernel for the new NFS client
which dumps out the actual options being used by an NFS mount.
This will be used to implement a "-m" option for nfsstat(1).

Reviewed by:	alfred
MFC after:	2 weeks
2012-12-02 01:16:04 +00:00
Hans Petter Selasky
5e184962dd - Add support for Etron EJ168 USB 3.0 Host Controllers.
This brand of controllers expects that the number of
contexts specified in the input slot context points
to an active endpoint context, else it refuses to
operate.

- Ring the correct doorbell when streams mode is used.
- Wrap one or two long lines.

Tested by:	Markus Pfeiffer (DragonFlyBSD)
MFC after:	1 week
2012-12-01 22:13:38 +00:00
Marcel Moolenaar
daab0b01ed Protect against DoS attacks, such as being described in CVE-2010-2632.
The changes were derived from what has been committed to NetBSD, with
modifications. These are:
1.  Preserve the existsing GLOB_LIMIT behaviour by including the number
    of matches to the set of parameters to limit.
2.  Change some of the limits to avoid impacting normal use cases:
    GLOB_LIMIT_STRING - change from 65536 to ARG_MAX so that glob(3)
	can still provide a full command line of expanded names.
    GLOB_LIMIT_STAT - change from 128 to 1024 for no other reason than
	that 128 feels too low (it's not a limit that impacts the
	behaviour of the test program listed in CVE-2010-2632).
    GLOB_LIMIT_PATH - change from 1024 to 65536 so that glob(3) can
	still provide a fill command line of expanded names.
3.  Protect against buffer overruns when we hit the GLOB_LIMIT_STAT or
    GLOB_LIMIT_READDIR limits. We append SEP and EOS to pathend in
    those cases. Return GLOB_ABORTED instead of GLOB_NOSPACE when we
    would otherwise overrun the buffer.

This change also modifies the existing behaviour of glob(3) in case
GLOB_LIMIT is specifies by limiting the *new* matches and not all
matches. This is an important distinction when GLOB_APPEND is set or
when the caller uses a non-zero gl_offs. Previously pre-existing
matches or the value of gl_offs would be counted in the number of
matches even though the man page states that glob(3) would return
GLOB_NOSPACE when gl_matchc or more matches were found.

The limits that cannot be circumvented are GLOB_LIMIT_STRING and
GLOB_LIMIT_PATH all others can be crossed by simply calling glob(3)
again and with GLOB_APPEND set.

The entire description above applies only when GLOB_LIMIT has been
specified of course. No limits apply when this flag isn't set!

Obtained from: Juniper Networks, Inc
2012-12-01 21:26:46 +00:00
Andriy Gapon
ff08349df5 ioapic_program_intpin: program high bits before low bits
Programming the low bits has a side-effect if unmasking the pin if it is
not disabled.  So if an interrupt was pending then it would be delivered
with the correct new vector but to the incorrect old LAPIC.

This fix could be made clearer by preserving the mask bit while
programming the low bits and then explicitly resetting the mask bit
after all the programming is done.

Probability to trip over the fixed bug could be increased by bootverbose
because printing of the interrupt information in ioapic_assign_cpu
lengthened the time window during which an interrupt could arrive while
a pin is masked.

Reported by:	Andreas Longwitz <longwitz@incore.de>
Tested by:	Andreas Longwitz <longwitz@incore.de>
MFC after:	12 days
2012-12-01 18:16:14 +00:00
Andriy Gapon
289b3b96ac zfs_getpages: make use of vm_page_readahead_finish
Suggested by:	kib
MFC after:	5 days
2012-12-01 18:13:53 +00:00
Andriy Gapon
992ffc58ae gfs_file_inactive: replace bad code with ugly code
Also, make it explicit that V_XATTRDIR is not properly supported in gfs
code yet.

The bad code was plain incorrect: (a) it spoiled handling of v_usecount
reaching zero and (b) it leaked v_holdcnt.

The ugly code employs potentially unsafe locking tricks.

Ideally we should separate vnode lifecycle and gfs node lifecycle.
A gfs node should have its own reference count where its child nodes
should be accounted.

PR:		kern/151111
Reviewed by:	kib
MFC after:	13 days
2012-12-01 18:12:55 +00:00
Andriy Gapon
30bf6110b5 acpi_cpu_notify: disable acpi_cpu_idle while updating C-state data
... to avoid any races or inconsistencies.
This should fix a regression introduced in r243404.

Also, remove a stale comment that has not been true for quite a while
now.

Pointyhat to:	avg
Teested by:	trociny, emaste, dumbbell (earlier version)
MFC after:	 1 week
2012-12-01 18:06:05 +00:00
Andriy Gapon
09424d43c1 acpi_cpu: change cpu_disable_idle to be a per-cpu flag...
and make it safe to manipulate and check the flag

With help from:	jhb
Tested by:	trociny, emaste, dumbbell
MFC after:	1 week
2012-12-01 18:01:01 +00:00
Marcel Moolenaar
43cc14e088 In globextend(), take advantage of the fact that realloc(NULL, size) is
equivalent to malloc(size). This eliminates the conditional expression
used for calling either realloc() or malloc() when realloc() will do
all the time.
2012-12-01 17:50:39 +00:00
Marcel Moolenaar
b628fac5ea In globextend() when the pathv vector cannot be (re-)allocated, don't
free and clear the gl_pathv pointer in the glob_t structure. Such
breaks the invariant of the glob_t structure, as stated in the comment
right in front of the globextend() function. If gl_pathv was non-NULL,
then gl_pathc was > 0. Making gl_pathv a NULL pointer without also
setting gl_pathc to 0 is wrong.

Since we otherwise don't free the memory associated with a glob_t in
error cases, it's unlikely that this change will cause a memory leak
that wasn't already there to begin with. Callers of glob(3) must
call globfree(3) irrespective of whether glob(3) returned an error
or not.
2012-12-01 17:44:06 +00:00
Eitan Adler
8c039ae154 The getline function returns the number of characters read, not
written. Use clearer text for this.

PR:		docs/174023
Submitted by:	Paul Procacci <pprocacci@gmail.com>
Approved by:	bcr (mentor)
MFC after:	1 week
2012-12-01 15:25:41 +00:00
Robert Watson
16648b4fff Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 15:11:46 +00:00
Robert Watson
d0c2e5bd23 Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
src/sys/{bsm,security/audit}.  There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM.  No
significant functional changes appear on the kernel side.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 13:46:37 +00:00
Robert Watson
aa77200569 Merge OpenBSM 1.2-alpha2 from vendor branch to FreeBSD 10-CURRENT; the
primary new feature is auditdistd.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 11:58:08 +00:00
Pawel Jakub Dawidek
8909f88d28 Fix one more compilation issue. 2012-12-01 08:59:36 +00:00
Pawel Jakub Dawidek
ceaea52f0c IFp4 @219811:
VFS is now fully MPSAFE, fix compilation.
2012-12-01 08:51:40 +00:00
Adrian Chadd
e5d63a99bc Add a new HAL capability - check and enforce whether the NIC supports
enforcing the TXOP and TBTT limits:

* Frames which will overlap with TBTT will not TX;
* Frames which will exceed TXOP will be filtered.

This is not enabled by default; it's intended to be enabled by the
TDMA code on 802.11n capable chipsets.
2012-12-01 03:48:11 +00:00
Jack F Vogel
39aa926bb3 Patch #12 OK, I said there was only 11 patches, but unfortunately
the revamped sysctl code did not work, and needed a change. This
makes the limit get set at the time that all sysctl stats are
created and is actually more elegant imho anyway.
2012-12-01 01:24:40 +00:00
Jung-uk Kim
7609e73ca0 Remove duplicate code. Reduce diff between amd64 and i386. 2012-12-01 00:56:19 +00:00
Jack F Vogel
5a5d90a268 Patch #11 - The final patch: this one greatly improves the
TX hot path by getting rid of index calculations and simply
managing pointers. Much of the creative code is due to my
coworker here at Intel, Alex Duyck, thanks Alex!

Also, this whole series of patches was given the critical
eye of Gleb Smirnoff and is all the better for it, thanks
Gleb!
2012-12-01 00:11:24 +00:00
Jack F Vogel
d777904f05 Patch #10 Performance - this changes the protocol offload
interface and code in the TX path,making it tighter and
hopefully more efficient.
2012-12-01 00:03:58 +00:00
Robert Watson
399d3f65db Merge a number of post-1.2-alpha2 changes to OpenBSM into the OpenBSM
vendor area; these sort out various post-release issues, largely to do
with integrating OpenBSM with the base FreeBSD build.  All of these
changes will appear in a future 1.2-alpha3:

Change 219846 on 2012/11/26 by rwatson@rwatson_cinnamon

        Update several instances of Apple Computer to Apple; a change made
        in the FreeBSD tree some years ago but not propagated to OpenBSM.

Change 219845 on 2012/11/26 by rwatson@rwatson_cinnamon

        Remove Apple acknowledgement clause from file with Christian
        Peron copyright (with permission from Christian).

Change 219836 on 2012/11/23 by rwatson@rwatson_cinnamon

        Replace further instances of <> with "" for local includes in
        auditdistd.

Change 219834 on 2012/11/23 by rwatson@rwatson_cinnamon

        For current-directory headers, use #include "" rather than #include
        <>.

Change 219832 on 2012/11/23 by rwatson@rwatson_cinnamon

        Be more consistent with the remainder of OpenBSM and include
        config/config.h rather than config.h.

        Don't include config.h from synch.h, which is included only from
        .c files that already include config.h.

Change 219831 on 2012/11/23 by pjd@pjd_anger

        Add Xref to auditdistd(8).

        Suggested by:   rwatson

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 00:02:31 +00:00
Jack F Vogel
df51baf38f Patch #9 Performance - improve the tx dma failure
path, similar to a change done in igb long ago.
2012-11-30 23:54:57 +00:00
Jilles Tjoelker
5ba651f004 libc: Allow setting close-on-exec in fopen/freopen/fdopen.
This commit adds a new mode option 'e' that must follow any 'b', '+' and/or
'x' options. C11 is clear about the 'x' needing to follow 'b' and/or '+' and
that is what we implement; therefore, require a strict position for 'e' as
well.

For freopen() with a non-NULL path argument and fopen(), the close-on-exec
flag is set iff the 'e' mode option is specified. For freopen() with a NULL
path argument and fdopen(), the close-on-exec flag is turned on if the 'e'
mode option is specified and remains unchanged otherwise.

Although the same behaviour for fopen() can be obtained by open(O_CLOEXEC)
and fdopen(), this needlessly complicates the calling code.

Apart from the ordering requirement, the new option matches glibc.

PR:		kern/169320
2012-11-30 23:51:33 +00:00
Robert Watson
c5119f5dec Import OpenBSM 1.2-alpha2:
OpenBSM 1.2 alpha 2

- auditdistd, a distributed audit trail management daemon, has now been
  merged.  This allows trail files to be securely and reliably synced from
  audited hosts to an audit server, and employs TLS encryption.  Where
  available, it uses Capsicum to sandbox the service.  This work was
  contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
  Foundation.

OpenBSM 1.2 alpha 1

- Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
- Add Capsicum, process descriptor audit events for FreeBSD.
- Allow 0% minspace.
- Fixes from the clang static analyser.
- Fix expiration of trail files when the host parameter is used.
- Various typo fixes.
- Support for Solaris privilege and privilege set tokens.
- Documentation for getachost(), improvements for getacfilesz().
- Fix a directory descriptor leak that happened when audit trail partitions
  filled.
- Support for more Linux distributions with a partial contemporary endian.h.
- Improved escaping of XML-encapsulated BSM.
- A variety of minor documentation, style, and functional.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-11-30 23:50:07 +00:00
Jack F Vogel
47dd71a877 Patch #8 Performance changes - this one improves locality,
moving some counters and data to the ring struct from
the adapter struct, also compressing some data in the
move.
2012-11-30 23:45:55 +00:00
Jack F Vogel
27329b1a91 Patch #7 This is primarily about processing limit control.
- add a limit for both RX and TX, change the default to 256
- change the sysctl usage to be common, and now to be called
during init for each ring.
- the TX limit is not yet used, but the changes in the last
patch in this series uses the value.
- the motivation behind these changes is to improve data
locality in the final code.
- rxeof interface changes since it now gets limit from the
ring struct
2012-11-30 23:28:01 +00:00
Pawel Jakub Dawidek
80a044ea46 IFp4 @208452:
Audit handling for missing events:
- AUE_READLINKAT
- AUE_FACCESSAT
- AUE_MKDIRAT
- AUE_MKFIFOAT
- AUE_MKNODAT
- AUE_SYMLINKAT

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 23:21:55 +00:00
Pawel Jakub Dawidek
499f0f4d55 IFp4 @208451:
Fix path handling for *at() syscalls.

Before the change directory descriptor was totally ignored,
so the relative path argument was appended to current working
directory path and not to the path provided by descriptor, thus
wrong paths were stored in audit logs.

Now that we use directory descriptor in vfs_lookup, move
AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2() calls to the place where
we hold file descriptors table lock, so we are sure paths will
be resolved according to the same directory in audit record and
in actual operation.

Sponsored by:	FreeBSD Foundation (auditdistd)
Reviewed by:	rwatson
MFC after:	2 weeks
2012-11-30 23:18:49 +00:00
Jack F Vogel
01816c875d Patch #6 Whitespace cleanup, and removal of some very old
defines (at Gleb's request). Also, change the defines around
the old transmit code to IXGBE_LEGACY_TX, I do this to make
it possible to define this regardless of the OS level (it is
not defined by default). There are also a couple changed
comments for clarity.
2012-11-30 23:13:56 +00:00