constants in question refer to the number of label slots, not the
maximum number of policies that may be loaded. This should reduce
confusion regarding an element in the MAC sysctl MIB, as well as
make it more clear what the affect of changing the compile-time
constants is.
Approved by: re (jhb)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
fully clean. This resulted in inserted garbage into the produced assembly code
when the gcc -pg and -fPIC options are used together.
PR: i386/50598
Submitted by: Don Lewis <truckman@freebsd.org>
that interrupts be disabled and remain disabled until %cr2 is read.
Otherwise we can preempt and another process can fault, and by the
time we read %cr2, we see a different processes fault address. This
Greatly Confuses vm_fault() (to say the least). The i386 port has
got this marked as a bug workaround for a Cyrix CPU, which is what
lead me astray. Its actually necessary for preemption, regardless
of whether Cyrix cpus had a bug or not.
As far as binutils is concerned, the amd64 platform is still called
"x86-64"/"x86_64". Setting things from ${MACHINE_ARCH} breaks that.
Approved by: re (scottl)
DT_NEEDED links is not flexible enough for cases where dynamically
loaded modules form a dependency cycle.
This should fix an infinite recursion problem encountered by Yahoo.
Approved by: re (jhb)
crashes, the config remains locked and causes all
subsequent start or read attempts to fail. This is part
of a fix for the recently reported hangs.
Approved by: re (scottl)
- Add a description of b0 / b1 fields.
- Do not use 'entry' to refer to both 'entry' and 'field'.
- Do not confuse people with heading 'Name' and entry 'Name'.
PR: 48104
Submitted by: Gary W. Swearingen <swear@attbi.com> (original version)
Approved by: re (blanket)
call handler before it was safe. It was possible for to lose context
and for something else to clobber the PCPU scratch variable. This
moves the interrupt enable *way* too late, but its better safe than
sorry for the moment.
ASIC revision is really the major number of the CHIPID. Also store
the chipid, asic rev and chip revision in the softc for later use.
- The write twice to send producer index workaround only applies to
the 5700_BX chips, so only do it there.
Requested by: jdp
- Do not initalize the LED's to 0x00. The default configuration
the chip comes up in should yeild proper operation of the LED's.
Confirmed by: John Cagle <john.cagle@hp.com>
Approved by: re (blanket)
- dumpon utility has not used kern.dumpdev sysctl
since rev. 1.14 (sbin/dumpon/dumpon.c) when phk@
updated it to use the DIOCSKERNELDUMP ioctl [1]
- remove obsolete reference to sysctl(3)
While I am there, fix two style nits:
- use .Nm instead of `dumpon'
- change NOTES to IMPLEMENTATION NOTES, to bring
it in line with recommended section headings in
mdoc(7)
Original patch by: Martin Faxer <gmh003532brfmasthugget.se> [1]
PR: docs/39293
Approved and Reviewed by: des (mentor), re (scottl, bmah)
1024-byte boundaries. For many years this was a reasonable
assumption. However, in recent years we have begun seeing
devices with 2048-byte sectors. These devices return errors
when dump tries to read starting in the middle of a sector
or when it tries to read only the first half of a sector.
Rather than change the native block size used by dump (and
thus create an incompatible dump format), this fix checks
for transfer requests that start and/or end on a non-sector
boundary. When such a read is detected, the new code reads
the entire sector and copies out just the part that dump
needs.
Reviewed by: Poul-Henning Kamp <phk@critter.freebsd.dk>
Approved by: re (John Baldwin <jhb@FreeBSD.org>)
Sponsored by: DARPA & NAI Labs.
(1) Accept that we're now going to use mutexes, so don't attempt
to avoid treating them as mutexes. This cleans up locking
accessor function names some.
(2) Rename variables to _mtx, _cv, _count, simplifying the naming.
(3) Add a new form of the _busy() primitive that conditionally
makes the list busy: if there are entries on the list, bump
the busy count. If there are no entries, don't bump the busy
count. Return a boolean indicating whether or not the busy
count was bumped.
(4) Break mac_policy_list into two lists: one with the same name
holding dynamic policies, and a new list, mac_static_policy_list,
which holds policies loaded before mac_late and without the
unload flag set. The static list may be accessed without
holding the busy count, since it can't change at run-time.
(5) In general, prefer making the list busy conditionally, meaning
we pay only one mutex lock per entry point if all modules are
on the static list, rather than two (since we don't have to
lower the busy count when we're done with the framework). For
systems running just Biba or MLS, this will halve the mutex
accesses in the network stack, and may offer a substantial
performance benefits.
(6) Lay the groundwork for a dynamic-free kernel option which
eliminates all locking associated with dynamically loaded or
unloaded policies, for pre-configured systems requiring
maximum performance but less run-time flexibility.
These changes have been running for a few weeks on MAC development
branch systems.
Approved by: re (jhb)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
sure that the MAC label on TCP responses during TIMEWAIT is
properly set from either the socket (if available), or the mbuf
that it's responding to.
Unfortunately, this is made somewhat difficult by the TCP code,
as tcp_twstart() calls tcp_twrespond() after discarding the socket
but without a reference to the mbuf that causes the "response".
Passing both the socket and the mbuf works arounds this--eventually
it might be good to make sure the mbuf always gets passed in in
"response" scenarios but working through this provided to
complicate things too much.
Approved by: re (scottl)
Reviewed by: hsu
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Note that the previous commit message for this file should have read:
"4.8-RELEASE is the latest release from the 4-STABLE branch." [1]
Pointed out by: Stijn Hoop <stijn@win.tue.nl> [1]
Approved by re (implicitly)
copying for mbuf headers now works properly in m_dup_pkthdr(), so
we don't need to do an explicit copy.
Approved by: re (jhb)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
