Commit Graph

129212 Commits

Author SHA1 Message Date
Robert Watson
e66fe0e1db Remove mac_enforce_subsystem debugging sysctls. Enforcement on
subsystems will be a property of policy modules, which may require
access control check entry points to be invoked even when not actively
enforcing (i.e., to track information flow without providing
protection).

Obtained from:	TrustedBSD Project
Suggested by:	Christopher dot Vance at sparta dot com
2006-12-21 09:51:34 +00:00
Marcel Moolenaar
94632b9fe1 Unbreak 64-bit little-endian systems that do require alignment.
The fix involves using le16dec(), le32dec(), le16enc() and
le32enc(). This eliminates invalid casts and duplicated logic.
2006-12-21 05:40:46 +00:00
Bjoern A. Zeeb
6f3914bcf4 ia64 is nit-picking according to tinderbox so temporary disconnect
the bridge module from the build until this is fixed.
2006-12-21 01:58:22 +00:00
Robert Watson
8425ae1208 Comment LABEL_TO_SLOT() macro, including observing that we'd like to improve
this policy API to avoid encoding struct label binary layout in policy
modules.

Obtained from:	TrustedBSD Project
2006-12-20 23:41:59 +00:00
Robert Watson
19d0ec0330 Trim trailing white space, clean up comment line wrapping and formatting.
Document mac_associate_nfsd_label().

Obtained from:	TrustedBSD Project
2006-12-20 23:18:17 +00:00
Robert Watson
27c24b4e88 Trim trailing white space. 2006-12-20 23:17:34 +00:00
Robert Watson
df3c68e479 Document socket labeling model.
Clean up comment white space and wrapping.

Obtained from:	TrustedBSD Project
2006-12-20 23:16:41 +00:00
Robert Watson
1f00b646ec Clean up comment white space and line wrapping. 2006-12-20 23:16:01 +00:00
Robert Watson
23c3d46ae8 Additional comments regarding the interaction between the kernel privilege
model and the MAC Framework.

Obtained from:	TrustedBSD Project
2006-12-20 23:15:27 +00:00
Robert Watson
e678cce940 Document that we could allocate the mbuf label as part of the tag rather
than from the slab, but don't.

Document mac_mbuf_to_label(), mac_copy_mbuf_tag().

Clean up white space/wrapping for other comments.

Obtained from:	TrustedBSD Project
2006-12-20 23:14:33 +00:00
Robert Watson
5c700f29d9 Staticize and comment zone_label.
Obtained from:	TrustedBSD Project
2006-12-20 23:13:04 +00:00
Robert Watson
5c5a98199b Clean up comments, trailing white space.
Provide a comment describing MAC_EXTERNALIZE().

Obtained from:	TrustedBSD Project
2006-12-20 23:12:36 +00:00
Robert Watson
95c8c170f3 Re-wrap comment at 77 character columns. 2006-12-20 23:11:01 +00:00
Shteryana Shopova
fd0e516eda Add a (disabled) configuration line to enable snmp_bridge(3) module.
Approved by:	bz (mentor)
2006-12-20 22:10:34 +00:00
Shteryana Shopova
814c25f3ad Connect the snmp_bridge(3) module to the build.
Approved by:	bz (mentor)
2006-12-20 22:08:35 +00:00
Shteryana Shopova
3c6bf05583 Keep in sync with the if_bridge(4) module (rev. 1.20 if_bridgevar.h,
1.12 bridgestp.h) and rename all PointToPoint related variables
from P2P to PTP (s/P2P/PTP/g s/p2p/ptp/g).

Approved by:	bz (mentor)
2006-12-20 22:02:45 +00:00
Shteryana Shopova
42910bde6c Remove an unused variable.
Approved by:	bz (mentor)
2006-12-20 21:31:28 +00:00
Robert Watson
9caab7a262 Comment and white space cleanup.
Exapnd comments on System V IPC labeling methods, which could use improved
consistency with respect to other object types.

Obtained from:	TrustedBSD Project
2006-12-20 20:43:19 +00:00
Jung-uk Kim
5e448826b7 Regen (just to fix 'generated from' line from the previous commit). 2006-12-20 20:42:58 +00:00
Robert Watson
8f3476b39b Externalize local stack copy of the ifnet label, rather than the copy on
the ifnet itself.  The stack copy has been made while holding the mutex
protecting ifnet labels, so copying from the ifnet copy could result in
an inconsistent version being copied out.

Reported by:	Todd.Miller@sparta.com
Obtained from:	TrustedBSD Project
MFC after:	3 weeks
2006-12-20 20:40:29 +00:00
Robert Watson
17041e6708 Expand commenting on label slots, justification for the MAC Framework locking
model, interactions between locking and policy init/destroy methods.

Rewrap some comments to 77 character line wrap.

Obtained from:	TrustedBSD Project
2006-12-20 20:38:44 +00:00
Jung-uk Kim
8187e7d7ad Add linux_nanosleep() and regen. 2006-12-20 20:21:48 +00:00
Kip Macy
a7a6fa29bd reduce padding to compensate for recent change to sys/pcpu.h (tinderbox fix) 2006-12-20 20:18:07 +00:00
Jung-uk Kim
77424f4177 MFP4: 109655
- Move linux_nanosleep() from src/sys/amd64/linux32/linux32_machdep.c to
src/sys/compat/linux/linux_time.c.
- Validate timespec ranges before use as Linux kernel does.
- Fix l_timespec structure.
- Clean up style(9) nits.
2006-12-20 20:17:35 +00:00
Jung-uk Kim
34ec45fe0d MFP4: 110179
Add rudimentary IPC_INFO/MSG_INFO command support for linux_msgctl()
to pacify Linux ipcs(1).  While I am here, add more bound checks
for linux_msgsnd() and linux_msgrcv().
2006-12-20 20:08:45 +00:00
Jung-uk Kim
5e868cbb79 Regen. 2006-12-20 19:39:10 +00:00
Jung-uk Kim
127891cab9 MFP4: (part of) 110058
Fix 32-bit msgsnd(3) and msgrcv(3) emulations for amd64.
2006-12-20 19:36:03 +00:00
Jung-uk Kim
f61480ecf5 MFP4: (part of) 110058
Use new kern_msgsnd()/kern_msgrcv() to fix linux32 emulation on amd64.
2006-12-20 19:30:52 +00:00
Jung-uk Kim
4e4de5e43c MFP4: (part of) 110058
copyin()/copyout() for message type is separated from msgsnd()/msgrcv() and
it is done from its wrapper functions to support 32-bit emulations.  After I
implemented this, I have briefly referenced NetBSD and Darwin.  NetBSD passes
copyin()/copyout() function pointers from wrappers.  Darwin passes size of
message type as an argument, which is actually similar to my first
implementation (P4 109706).  We may revisit these implementations later.
2006-12-20 19:26:30 +00:00
Jung-uk Kim
22a09fe4d1 MFP4: (part of) 109714
Add SYSCALL_MODULE_PRESENT() macro.  The idea was borrowed from
syscall_register().
2006-12-20 19:00:52 +00:00
Warner Losh
6be1e1ff38 MFp4: differences for bwct ethernet attachment 2006-12-20 18:26:37 +00:00
Warner Losh
452f9afb5e MFp4: Differences in flash part for bwct. need a more generic way to cope. 2006-12-20 18:25:16 +00:00
Warner Losh
a9295f4074 MFp4: Add timeout to eeprom access for lame eeprom that go awol 2006-12-20 18:19:52 +00:00
Warner Losh
a082bf6243 MFp4: bwct memory size and PLL parameters 2006-12-20 18:18:24 +00:00
Warner Losh
b0785d970d MFp4: bwct boot rom is different. need a more generic way to cope long term. 2006-12-20 18:16:49 +00:00
Warner Losh
1962e68df3 MFp4: Delay a second or two after the upload before printing Done.
Add an automatic reset for remote operational luvin' goodness.
2006-12-20 17:50:02 +00:00
Warner Losh
ea705f59a6 MFp4: bwct is a new board choice. 2006-12-20 17:47:54 +00:00
Xin LI
ca7d624355 On amd64 platform, use linux32 headers so 32-bit Linux applications
would be able to work with aac(4).

This approach is used by some other drivers as well.  However, we
need a more generic way to do this in order to avoid having to
special case headers in individual drivers for each platform.

Obtained from:	Adaptec (version b11518)
Approved by:	scottl
2006-12-20 17:10:53 +00:00
Ruslan Ermilov
c8c3587578 Markup cosmetics. 2006-12-20 16:57:13 +00:00
Ruslan Ermilov
44fce1caa1 Document some details better, making it easier to translate. 2006-12-20 15:34:01 +00:00
Yaroslav Tykhiy
a9e42d31b7 Syscons cannot be stopped, so provide a no-op stop method.
The default stop method from rc.subr isn't suited for this
case and produces a bogus warning: "syscons not running".

Suggested by:	matteo
2006-12-20 12:59:50 +00:00
Bruce Evans
5b01e77c64 In bge_txeof(), cancel the watchdog timeout if all descriptors have
been handled instead of when at least one descriptor was just handled.
For bge, it is normal to get a txeof when only a small fraction of the
queued tx descriptors have been handled, so the bug broke the watchdog
in a usual case.
2006-12-20 12:03:21 +00:00
Ruslan Ermilov
0f07cf12ac Be more accurate in the description of the -I option:
signaling to a process doesn't necessarily kill it.
2006-12-20 11:57:22 +00:00
Yaroslav Tykhiy
51f1dbba96 Improve rc.d conformance:
- don't play a needless trick with prestart, just use start method;
- provide no-op stop method so that we don't get bogus "abi not running" error.
2006-12-20 11:37:15 +00:00
Bruce Evans
b848e03260 Avoid a race and a pessimization in bge_intr():
- moved the synchronizing bus read to after the bus write for the first
  interrupt ack so that it actually synchronizes everything necessary.

  We were acking not only the status update that triggered the interrupt
  together with any status updates that occurred before we got around
  to the bus write for the ack, but also any status updates that occur
  after we do the bus write but before the write reaches the device.
  The corresponding race for the second interrupt ack resulted in
  sometimes returning from the interrupt handler with acked but
  unserviced interrupt events.  Such events then remain unserviced
  until further events cause another interrupt or the watchdog times
  out.

  The race was often lost on my 5705, apparently since my 5705 has broken
  event coalescing which causes a status update for almost every packet,
  so another status update is quite likely to occur while the interrupt
  handler is running.  Watchdog timeouts weren't very noticeable,
  apparently because bge_txeof() has one of the usual bugs resetting the
  watchdog.

- don't disable device interrupts while bge_intr() is running.  Doing this
  just had the side effects of:
  - entering a device mode in which different coalescing parameters apply.
    Different coalescing parameters can be used to either inhibit or
    enhance the chance of getting another status update while in the
    interrupt handler.  This feature is useless with the current
    organization of the interrupt handler but might be useful with a
    taskqueue handler.
  - giving a race for ack+reenable/return.  This cannot be handled
    by simply rearranging the order of bus accesses like the race for
    ack+keepenable/entry.  It is necessary to sync the ack and then
    check for new events.
  - taking longer, especially with the extra code to avoid the race on
    ack+reenable/return.

Reviewed by:	ru, gleb, scottl
2006-12-20 11:14:45 +00:00
Konstantin Belousov
cc570216bb In rev. 1.514, iodone on async buffer may happen before code checks the
vnode v_flag. For cluster buffers this would result in dereferencing NULL
b_vp. To prevent the panic, cache relevant vnode flag before calling
bstrategy.

Reported by:	Peter Holm, kris
Tested by:	Peter Holm
Reviewed by: tegge
Pointy hat to:	kib
2006-12-20 09:22:31 +00:00
Colin Percival
6d3d33dd7a Remove -F option from getopts string -- this option has never done
anything apart from invoking usage(), and apparently slipped in by
accident.

Approved by:	kientzle
MFC after:	3 days
2006-12-20 06:56:25 +00:00
Yaroslav Tykhiy
b8115f0517 Make grammar a bit more consistent in this document. 2006-12-20 06:21:51 +00:00
Yaroslav Tykhiy
736304033d Allow for module-path being a semicolon-separated list of dirs.
This is consistent with kern.module_path sysctl and also compensates
for the unconventional syntax of asf(8) where the last of multiple
arguments is the output file, which prevents us from using the
traditional Unix syntax "foo file ..." to specify multiple module
dirs.

Submitted by:	emaste
MFC after:	1 week
2006-12-20 06:20:04 +00:00
David Xu
74c751131b get LIBPTHREAD_ADAPTIVE_SPIN early, so it can be used for some global
mutexes.
2006-12-20 05:05:44 +00:00