31001 Commits

Author SHA1 Message Date
John Baldwin
f2ae7368ea Use explicit Giant locks and unlocks for rather than instrumented ones for
code that is still not safe.  suser() reads p_ucred so it still needs
Giant for the time being.  This should allow kern.giant.proc to be set
to 0 for the time being.
2002-03-22 21:02:02 +00:00
Robert Watson
29dc1288b0 Merge from TrustedBSD MAC branch:
Move the network code from using cr_cansee() to check whether a
    socket is visible to a requesting credential to using a new
    function, cr_canseesocket(), which accepts a subject credential
    and object socket.  Implement cr_canseesocket() so that it does a
    prison check, a uid check, and add a comment where shortly a MAC
    hook will go.  This will allow MAC policies to seperately
    instrument the visibility of sockets from the visibility of
    processes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-03-22 19:57:41 +00:00
Ruslan Ermilov
e3f406b3c1 Prevent icmp_reflect() from calling ip_output() with a NULL route
pointer which will then result in the allocated route's reference
count never being decremented.  Just flood ping the localhost and
watch refcnt of the 127.0.0.1 route with netstat(1).

Submitted by:	jayanth

Back out ip_output.c,v 1.143 and ip_mroute.c,v 1.69 that allowed
ip_output() to be called with a NULL route pointer.  The previous
paragraph shows why this was a bad idea in the first place.

MFC after:	0 days
2002-03-22 16:45:54 +00:00
Alfred Perlstein
db51256707 When "cloning" a pipe's buffer bcopy the data after dropping the pipe's
lock as the data may be paged out and cause a fault.
2002-03-22 16:09:22 +00:00
Andrew Gallatin
60c406ad95 only read from the possibly bad address if we did not get a machine
check.  I don't know how this went unnoticed for so long.

obtained from: NetBSD
MFC after: 7 days
2002-03-22 15:55:56 +00:00
Andrew Gallatin
496ffc90e4 Allow SMP kernels (like GENERIC..) to boot on UP kernels on the alpha.
Pointy hat to: jeff
2002-03-22 15:54:31 +00:00
Robert Watson
7906271f25 In sysctl, req->td is believed always to be non-NULL, so there's no need
to test req->td for NULL values and then do somewhat more bizarre things
relating to securelevel special-casing and suser checks.  Remove the
testing and conditional security checks based on req->td!=NULL, and insert
a KASSERT that td != NULL.  Callers to sysctl must always specify the
thread (be it kernel or otherwise) requesting the operation, or a
number of current sysctls will fail due to assumptions that the thread
exists.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
Discussed with:	bde
2002-03-22 14:58:27 +00:00
Robert Watson
4584bb3945 Since cred never appears to be passed into the securelevel calls as
NULL, turn warning printf's into panic's, since this call has been
restructured such that a NULL cred would result in a page fault anyway.

There appears to be one case where NULL is explicitly passed in in the
sysctl code, and this is believed to be in error, so will be modified.
Securelevels now always require a credential context so that per-jail
securelevels are properly implemented.

Obtained from:	TrustedBSD Project
Sponsored by:	NAI Labs
Discussed with:	bde
2002-03-22 14:49:12 +00:00
Bill Paul
98b28ee5b4 Teach the bge driver about the BCM5701 (specifically, the 3Com
3c996B-T, with the 5701 rev B5 ASIC). One thing that confuses me
still is that the 'link state change' bit in the status block seems
to change state an awful lot. I have a workaround for this in place
now, but it needs more investigation. For the moment though, this
is enough to get the driver to work with this card.
2002-03-22 06:45:40 +00:00
Bill Paul
6577eb9103 regenerate 2002-03-22 06:39:13 +00:00
Bill Paul
15f962ed42 Teach the brgphy driver about the BCM5701's internal copper PHY. 2002-03-22 06:38:52 +00:00
Andrew R. Reiter
fe3240e9aa - Back out the commit to make the linker_load_file() securelevel check
made aware in jail environments.  Supposedly something is broken, so
  this should be backed out until further investigation proves otherwise,
  or a proper fix can be provided.
2002-03-22 04:56:09 +00:00
Mike Silbersack
9e5a5ed4c5 Change the ephemeral port range from 1024-5000 to 49152-65535.
This increases the number of concurrent outgoing connections from ~4000
to ~16000.  Other OSes (Solaris, OS X, NetBSD) and many other NAT
products have already made this change without ill effects, so we
should not run into any problems.

MFC after:	1 week
2002-03-22 03:28:11 +00:00
Robert Watson
1b350b4542 Break out the "see_other_uids" policy check from the various
method-based inter-process security checks.  To do this, introduce
a new cr_seeotheruids(u1, u2) function, which encapsulates the
"see_other_uids" logic.  Call out to this policy following the
jail security check for all of {debug,sched,see,signal} inter-process
checks.  This more consistently enforces the check, and makes the
check easy to modify.  Eventually, it may be that this check should
become a MAC policy, loaded via a module.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-03-22 02:28:26 +00:00
Benno Rice
bf76ba7826 Collect all functions for copying to and from userspace into the one file.
This allows me to reimplement [sf]u{byte,word} as separate functions and not
as calls to copy{in,out}.
2002-03-21 23:45:59 +00:00
Matt Jacob
371777b161 Limit fabric search to a default 256 entries. This will all go away
soon because it's just getting harder and harder to find switches
that correctly implement the GET ALL NEXT subcommands for the SNS
protocol.

Latch up result out pointer and set a busy flag when we're looking
at the response queue. This allows for a cleaner way to make sure
we don't get multiple CPUs trying to read the same response queue
entries.

Change how isp_handle_other_response returns values (clarity).

Make PORT UNAVAILABLE the same as PORT LOGOUT (force a LIP).

Do some formatting changes.

MFC after:	0 days
2002-03-21 21:10:16 +00:00
Alan Cox
8fcaddd792 o Use the MI vm_map_growstack() instead of grow_stack() in trap_pfault()
and trapwrite().
 o On i386/pc98, remove the (now) unused grow_stack().
2002-03-21 19:27:15 +00:00
David E. O'Brien
8fb3f3f682 Remove 'register' keyword. 2002-03-21 18:49:23 +00:00
Andrew Gallatin
ddf23aa842 shut up the compiler 2002-03-21 18:48:00 +00:00
Andrew R. Reiter
e85b9ae9ac - Fix a logic error in checking the securelevel that was introduced in the
previous commit.

Pointy hats to: arr, rwatson
2002-03-21 15:27:39 +00:00
Benno Rice
6da4e60a23 - Make all inlines for manipulating supervisor-level registers accept/return
register_t values.
- Implement an inline for isync.
2002-03-21 13:07:31 +00:00
Benno Rice
54551c77ee GC some unused, bogus interrupt functions and replace them with proper
implementations of intr_disable and intr_restore.
2002-03-21 12:04:58 +00:00
Doug Rabson
6720311838 Change critical_t to register_t for intr_disable/restore. 2002-03-21 09:50:11 +00:00
Doug Rabson
77b51ddfcd Change cpu_critical_enter/exit to intr_disable/restore. 2002-03-21 09:35:18 +00:00
Ruslan Ermilov
7a43a96ab0 Replaced hacks in sbin/Makefile,v 1.99 and usr.sbin/Makefile,v 1.217
with the NO_IPFILTER make.conf(5) knob.

(So that we can "make the-rest-of-the-world" again.)
2002-03-21 09:15:39 +00:00
Peter Wemm
c302e53c27 In UP mode, the primary cpu's per-cpu current_pmap was not initialized -
this was only done as a side effect of calling cpu_mp_start().  I haven't
actually tested that this fixes UP kernels, but it feels about right.
2002-03-21 07:41:02 +00:00
Warner Losh
03742795eb intr_disable returns register_t 2002-03-21 06:21:32 +00:00
Warner Losh
ba74981e71 Fix abuses of cpu_critical_{enter,exit} by converting to
intr_{disable,restore} as well as providing an implemenation of
intr_{disable,restore}.

Reviewed by: jake, rwatson, jhb
2002-03-21 06:19:08 +00:00
Warner Losh
b70c0e8b00 Fix abuses of cpu_critical_{enter,exit} by converting to
intr_{disable,restore} as well as providing an implemenation of
intr_{disable,restore}.
2002-03-21 06:14:58 +00:00
Warner Losh
cb9a238a8a Remove last two abuses of cpu_critical_{enter,exit} in the MI code.
Reviewed by: jake, jhb, rwatson
2002-03-21 06:11:09 +00:00
Benno Rice
565ab9395f Add a change mirroring that made to kern/subr_trap.c and others.
This makes kernel builds with DIAGNOSTIC work again.

Apparently forgotten by:	jhb
Might want to be checked by:	jhb
2002-03-21 02:47:51 +00:00
Jeff Roberson
eca80f82ea Remove references to vm_zone.h and switch over to the new uma API.
Approved by:	peter
2002-03-21 02:46:56 +00:00
Jeff Roberson
74cbb73ba8 Remove references to vm_zone.h and switch over to the new uma API.
Reviewed by:	jake
2002-03-21 02:30:27 +00:00
Mike Smith
0a702a9b3a Fix error introduced in the 20020217 update, where GetPossibleResources
was spammed with GetCurrentResources.

Submitted by:	Munehiro Matsuda <haro@h4.dion.ne.jp>
2002-03-21 02:02:31 +00:00
Jeff Roberson
378862a72d Remove references to vm_zone.h and switch over to the new uma API. 2002-03-21 01:11:31 +00:00
Jeff Roberson
46d0abf370 Remove references to vm_zone.h and switch over to the new uma API. 2002-03-21 00:48:25 +00:00
Alfred Perlstein
91f5bcb812 Remove __P.
profile.h and bus.h were excluded because there is currently WIP.

Reviewed by: tmm
2002-03-21 00:06:55 +00:00
Alfred Perlstein
e41ed5da90 Remove __P.
Reviewd by: peter
2002-03-20 23:30:31 +00:00
Alfred Perlstein
812344bc0b Remove __P.
Reveiwed by: benno
2002-03-20 23:17:50 +00:00
Jeff Roberson
59295dba57 UMA permited us to utilize the 'waitok' flag to soalloc. 2002-03-20 21:23:26 +00:00
John Baldwin
01c04d2de9 Change the way we ensure td_ucred is NULL if DIAGNOSTIC is defined.
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount.  Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case.  In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place.  This also removse td_cache_ucred from struct thread.  This is
still only done #ifdef DIAGNOSTIC.

[ missed this file in the previous commit ]

Tested on:	i386, alpha
2002-03-20 21:12:04 +00:00
John Baldwin
f25fcd64b8 Change the way we ensure td_ucred is NULL if DIAGNOSTIC is defined.
Instead of caching the ucred reference, just go ahead and eat the
decerement and increment of the refcount.  Now that Giant is pushed down
into crfree(), we no longer have to get Giant in the common case.  In the
case when we are actually free'ing the ucred, we would normally free it on
the next kernel entry, so the cost there is not new, just in a different
place.  This also removse td_cache_ucred from struct thread.  This is
still only done #ifdef DIAGNOSTIC.

Tested on:	i386, alpha
2002-03-20 21:09:09 +00:00
John Baldwin
c1a513c951 - Push down Giant into crfree() in the case that we actually free a ucred.
- Add a cred_free_thread() function (conditional on DIAGNOSTICS) that drops
  a per-thread ucred reference to be used in debugging code when leaving
  the kernel.
2002-03-20 21:00:50 +00:00
John Baldwin
565f27f116 Add PCI ID for the SeaLevel Ultra 530.PCI single port card.
Sponsored by:	The Weather Channel
2002-03-20 19:38:26 +00:00
Warner Losh
d82f87481f Minor cleanups to post.mk from bde. Mostly ordering 2002-03-20 19:18:42 +00:00
Warner Losh
c38b6719e5 No need to conditionalize on pci being in the kernel for this 2002-03-20 19:13:13 +00:00
Warner Losh
e7b110dcf7 Fix minor style(9) violation in de__Ping 2002-03-20 19:04:56 +00:00
Warner Losh
91f60fd74f Better power code and better power diagnostics 2002-03-20 19:02:08 +00:00
Warner Losh
285ed29005 Define masks for the VCC an VPP voltages 2002-03-20 19:01:16 +00:00
David E. O'Brien
d0ce7d0078 Remove __P(). This was tested on the GENERIC kernel. 2002-03-20 18:58:47 +00:00