Commit Graph

61167 Commits

Author SHA1 Message Date
Yoshihiro Takahashi
14a2c27d00 MFi386: revisions 1.634 and 1.639. 2006-11-09 08:03:37 +00:00
Andrew Thompson
3df7fad0cf Add a new address cache type called sticky. On an interface marked sticky any
address learned by the bridge is made permanent, the address will not age out
and most importantly will not migrate to another interface.

This can be used to stop mac address poisoning or clients roaming in much the
same way as static entries without the hassle of preloading the table.
2006-11-09 06:32:38 +00:00
Kevin Lo
afe898bca2 Remove unused structures.
Reviewed by: cognet and imp
Approved by: cognet and imp
2006-11-09 02:19:30 +00:00
Kip Macy
42013c462c move panic_bad_hcall to its use site in support.S in attempt to un-break the
tinderbox
2006-11-08 22:16:05 +00:00
Kip Macy
dc4468ed17 Fix for ithread interrupt handling. Don't reset the interrupt vector until
after the interrupt has been handled. Also move panic_bad_hcall to local to
avoid complaints from the linker on the tinderbox.

Approved by: scottl (substituting for mentor rwatson)
2006-11-08 22:09:58 +00:00
Ruslan Ermilov
13039ada97 The NETSMBCRYPTO option has long gone. 2006-11-08 21:45:45 +00:00
Sam Leffler
4c2511374b add missing bits for crypto support
MFC after:	1 week
2006-11-08 20:51:01 +00:00
Alan Cox
49c3b92531 I misplaced the assertion that was added to vm_page_startup() in the
previous change.  Correct its placement.
2006-11-08 19:11:54 +00:00
Alan Cox
9ad3296a25 Simplify the construction of the free queues in vm_page_startup(). Add
an assertion to test a hypothesis concerning other redundant computation
in vm_page_startup().
2006-11-08 18:43:47 +00:00
Maxim Konovalov
f645b5da88 o Fix a couple of obvious typos. 2006-11-08 09:09:07 +00:00
Alan Cox
e288d71672 MFamd64/ia64/i386/sun4v
Use cnt.v_page_count, the actual count of available physical pages,
  instead of vm_page_array_size to compute the maximum number of pv
  entries.
2006-11-08 06:31:28 +00:00
Alan Cox
815bc69fb0 Ensure that the page's oflags field is initialized by contigmalloc(). 2006-11-08 06:23:29 +00:00
Olivier Houchard
c162ce855c Increate cnt.v_intr on interrupt. 2006-11-08 01:32:24 +00:00
Randall Stewart
03b0b02163 -Fixes first of all the getcred on IPv6 and V4. The
copy's were incorrect and so was the locking.
-A bug was also found that would create a race and
 panic when an abort arrived on a socket being read
 from.
-Also fix the reader to get MSG_TRUNC when a partial
 delivery is aborted.
-Also addresses a couple of coverity caught error path
 memory leaks and a couple of other valid complaints
Approved by:	gnn
2006-11-08 00:21:13 +00:00
Matt Jacob
0a480cf034 XPT_GET_TRAN_SETTINGS can fail- so check for an error and
don't blindly assume it succeeded.
2006-11-07 23:06:00 +00:00
Olivier Houchard
676b1fbdbf Identify the xscale 81342. 2006-11-07 22:36:57 +00:00
Olivier Houchard
08b91759f3 In the ARM_USE_SMALL_ALLOC case, vm_page_t may have an address < KERNBASE,
so adjust the KASSERT to reflect this.
2006-11-07 22:35:30 +00:00
Ruslan Ermilov
7eae4829bf Spelling. 2006-11-07 21:57:18 +00:00
Ruslan Ermilov
81490cbe6f Line up memory amount reporting that got broken when s/real/usable/. 2006-11-07 21:55:39 +00:00
Andre Oppermann
62b36a7fc2 Style cleanups to the sctp_* syscall functions. 2006-11-07 21:28:12 +00:00
Joe Marcus Clarke
1bc3d4c1d1 Fix TFTP NAT support by making sure the appropriate fingerprinting checks
are done.

Reviewed by:	piso
2006-11-07 21:06:48 +00:00
John Baldwin
6b8de13ab4 Simplify operations with sync_mtx in sched_sync():
- Don't drop the lock just to reacquire it again to check rushjob, this
  only wastes time.
- Use msleep() to drop the mutex while sleeping instead of explicitly
  unlocking around tsleep.

Reviewed by:	pjd
2006-11-07 19:45:05 +00:00
Marius Strobl
2d58d44651 - Don't bother to include IDs of PCnet chips which are not supported
by this driver and largely are not even PCI devices in pcn_chipid.
- Use device_printf(9)/if_printf(9) rather than implementing their
  functionality with printf(9).
- Sprinkle some const.
2006-11-07 19:44:41 +00:00
John Baldwin
8064e5d71f Fix comment typo and function declaration. 2006-11-07 19:07:33 +00:00
John Baldwin
fa6f748fe3 Fix some edge cases in detach (including attach failures):
- Only call iwi_stop() if we got far enough along in iwi_attach() to
  alloc an ifnet.
- Release the firmware after stopping the interface and detaching the
  ifnet.

MFC after:	1 month
Reviewed by:	sam
2006-11-07 19:03:42 +00:00
John Baldwin
fe754f8f07 Remove extra forward declare of 'struct sem'.
Requested by:	bde
2006-11-07 18:56:48 +00:00
John Baldwin
d65926888d Various whitespace cleanups. 2006-11-07 18:55:51 +00:00
John Baldwin
6ddd7e6a5a Add a new 'union l_sigval' to use in place of 'union sigval' in the
linux siginfo structure.  l_sigval uses a l_uintptr_t for sival_ptr so
that sival_ptr is the right size for linux32 on amd64.  Since no code
currently uses 'lsi_ptr' this is just a cosmetic nit rather than a bug
fix.
2006-11-07 18:53:49 +00:00
John Baldwin
203886d93c Remove old XXX comment about possibly adding a print_Intel_info() function
to dump CPUID level=2 stuff.  A print_INTEL_info() function that does just
that was added a while ago.
2006-11-07 18:48:18 +00:00
John Baldwin
3900a3be21 Remove duplicate IDTVEC macro definition, it's already defined in
<machine/intr_machdep.h>.
2006-11-07 18:46:33 +00:00
Sam Leffler
83cc6b9ad2 honor nolockd flag in root mount options
MFC after:	2 weeks
2006-11-07 18:02:45 +00:00
Olivier Houchard
2c7b82c9dd Add atomic_cmpset_acq_32. 2006-11-07 11:53:44 +00:00
Robert Watson
46ee43b2ca Add priv.h include required to build FAST_IPSEC, which is not present in
LINT due to a conflict with KAME IPSEC.

Submitted by:	Pawel Worach <pawel dot worach at gmail dot com>
2006-11-07 08:58:06 +00:00
Matt Jacob
c144ae3e58 Fix the hanging chad if the NEW_TRAN_CODE change and change the
qualifier to force async from cur_spi to spi.
2006-11-07 05:51:40 +00:00
Tor Egge
40dee3da29 Don't drop reference to tty in tty_close() if TS_ISOPEN is already cleared.
Reviewed by:	bde
2006-11-06 22:12:43 +00:00
Andre Oppermann
bda8b1f3b8 Handle early errors in kern_sendfile() by introducing a new goto 'out'
label after the sbunlock() part.

This correctly handles calls to sendfile(2) without valid parameters
that was broken in rev. 1.240.

Coverity error:	272162
2006-11-06 21:53:19 +00:00
Ruslan Ermilov
4f32adad48 Sometimes the vty switching has to be delayed; the vty
to be switched to is saved in sc->delayed_next_scr and
the actual switch is performed later.  It was possible
to get into the endless loop when attempting to switch
to a closed vty (which is not allowed and beep-alerted
when attempted) and when the visual beep was in effect.
This caused sc->delayed_next_scr to never be reset and
endless attempts to switch to a closed vty and endless
visual beeping.  How to repeat:

- boot into single-user
- run "kbdcontrol -b visual"
- quickly press Alt+F2 two times

PR:		kern/68016
X-MFC after:	6.2-RELEASE
2006-11-06 19:06:07 +00:00
Robert Watson
43593547a3 Add missing includes of priv.h. 2006-11-06 17:43:10 +00:00
Robert Watson
b96fbb37da Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls.  Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.

Obtained from:	TrustedBSD Project
2006-11-06 14:54:06 +00:00
Randall Stewart
f4ad963c9f This changes tracks down the EEOR->NonEEOR mode failure
to wakeup on close of the sender. It basically moves
the return (when the asoc has a reader/writer) further
down and gets the wakeup and assoc appending (of the
PD-API event) moved up before the return.  It also
moves the flag set right before the return so we can
assure only once adding the PD-API events.

Approved by:	gnn
2006-11-06 14:34:21 +00:00
Robert Watson
403b781e2d Add stub entry point implementations of mpo_priv_check and mpo_priv_grant to
the mac_stub policy.

Obtained from:	TrustedBSD Project
2006-11-06 13:45:45 +00:00
Robert Watson
acd3428b7d Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges.  These may
require some future tweaking.

Sponsored by:           nCircle Network Security, Inc.
Obtained from:          TrustedBSD Project
Discussed on:           arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                        Alex Lyashkov <umka at sevcity dot net>,
                        Skip Ford <skip dot ford at verizon dot net>,
                        Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:42:10 +00:00
Robert Watson
800c940832 Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials.  Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed.  Two interfaces are provided, replacing the
existing suser(9) interface:

suser(td)                 ->   priv_check(td, priv)
suser_cred(cred, flags)   ->   priv_check_cred(cred, priv, flags)

A comprehensive list of currently available kernel privileges may be
found in priv.h.  New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.

The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag.  For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail.  As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.

The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.

The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated.  The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.

This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.

Sponsored by:		nCircle Network Security, Inc.
Obtained from:		TrustedBSD Project
Discussed on:		arch@
Reviewed (at least in part) by:	mlaier, jmg, pjd, bde, ceri,
			Alex Lyashkov <umka at sevcity dot net>,
			Skip Ford <skip dot ford at verizon dot net>,
			Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
Rink Springer
42a4336a90 Added PCI ID's for:
- 0x1065: Intel 82562ET/EZ/GT/GZ PRO/100 VE Ethernet [1], as found on
  Tyan GS14 barebones.
- 0x1094: Intel Pro/100 946GZ (ICH7) Network Connection [2], as found on
  Intel 946GZis motherboards.

[1] Submitted by:	myself
[2] Submitted by:	Mike Tancsa <mike@sentex.net>
Reviewed by:		imp (mentor), jfv
Approved by:		imp (mentor)
MFC after:		3 days
2006-11-06 12:19:43 +00:00
Takanori Watanabe
7687221959 Prevent freeing wild pointer when bailing out. 2006-11-06 12:14:27 +00:00
Konstantin Belousov
a0396f2797 Set up the context for the dbbe_trace callback in the ddb. Otherwise,
trap caused by backtracing would lead to panic.

Noted and reviewed by:	bde
2006-11-06 11:10:57 +00:00
Christian S.J. Peron
130b146814 Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage.  This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.

We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
MFC after:	2 weeks
2006-11-06 00:15:44 +00:00
Marcel Moolenaar
0463b4a2fb Major rework of the ia64 loaders. The two primary objectives are:
1. Make libefi portable by removing ia64 specific code and build
   it on i386 and amd64 by default to prevent regressions. These
   changes include fixes and improvements over previous code to
   establish or improve APIs where none existed or when the amount
   of kluging was unacceptably high.
2. Increase the amount of sharing between the efi and ski loaders
   to improve maintainability of the loaders and simplify making
   changes to the loader-kernel handshaking in the future.

The version of the efi and ski loaders are now both changed to 1.2
as user visible improvements and changes have been made.
2006-11-05 22:03:04 +00:00
Christian S.J. Peron
67be76c039 Fix possible leak when bridge is in monitor mode. Use m_freem() which will
free the entire chain, instead of using m_free() which will free just the
mbuf that was passed.

Discussed with:	thompsa
MFC after:	3 days
2006-11-05 17:56:25 +00:00
Ruslan Ermilov
9274ba8a1f Revert previous commit, and instead make the expression in rev. 1.2
match the style of this file.

OK'ed by:	rrs
2006-11-05 14:36:59 +00:00