Commit Graph

33908 Commits

Author SHA1 Message Date
Robert Watson
a87cdf8335 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
mount structures.  In particular, invoke entry points for
intialization and destruction in various scenarios (root,
non-root).  Also introduce an entry point in the boot procedure
following the mount of the root file system, but prior to the
start of the userland init process to permit policies to
perform further initialization.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:11:29 +00:00
Robert Watson
8a1d977d66 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement inter-process access control entry points for the MAC
framework.  This permits policy modules to augment the decision
making process for process and socket visibility, process debugging,
re-scheduling, and signaling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:48:24 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
4024496496 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
process credentials.  In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:39:19 +00:00
Robert Watson
47ac133d33 Regen. 2002-07-31 00:16:58 +00:00
Robert Watson
9453a033ff Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:03:26 +00:00
Josef Karthauser
7ebe6f9e2f Regen 2002-07-30 23:30:56 +00:00
Josef Karthauser
3fc6710b56 Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD
2002-07-30 23:30:15 +00:00
Ian Dowse
b4dc6ff9bc Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.
2002-07-30 23:26:22 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Robert Watson
549e4c9e4e Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:09:20 +00:00
Robert Watson
19930ae546 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:06:07 +00:00
Robert Watson
39bd868cc3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
Robert Watson
55fb783052 Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
Robert Watson
781caa8157 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
Robert Watson
87acada933 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
Warner Losh
abf24f80a6 Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
Robert Watson
fae89e29b1 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
Robert Watson
3b2e600940 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
Robert Watson
f8ef020e2e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
Robert Watson
f3cfa6072e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00
Robert Watson
f33168f292 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:03:57 +00:00
Bill Fenner
e34c1b84b7 Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump . 2002-07-30 21:47:14 +00:00
Robert Watson
95fab37ea8 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:36:05 +00:00
Robert Watson
ddcdf2650b Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:32:34 +00:00
Julian Elischer
4d492b4369 Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org
2002-07-30 21:13:48 +00:00
Bosko Milekic
c89137ff90 Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.
2002-07-30 21:06:27 +00:00
Alan Cox
1812190d09 o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
in vfs_busy_pages().
2002-07-30 20:41:10 +00:00
Julian Elischer
b8e45df779 Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.
2002-07-30 20:34:30 +00:00
Mitsuru IWASAKI
b69ed3f4c6 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
Mitsuru IWASAKI
432a633569 This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.
2002-07-30 19:33:39 +00:00
Mitsuru IWASAKI
da9df8d45e Vendor import of the Intel ACPI CA 20020725 drop. 2002-07-30 19:33:39 +00:00
Alan Cox
1161b86a15 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.
2002-07-30 18:51:07 +00:00
Robert Watson
e66c87b70e When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:48:25 +00:00
Robert Watson
e37b1fcdee Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:28:58 +00:00
Josef Karthauser
ca095220db Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>
2002-07-30 17:44:28 +00:00
John Baldwin
c038666eae If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp
2002-07-30 17:31:42 +00:00
Robert Watson
4266d0d0ce Regen. 2002-07-30 16:52:22 +00:00
Robert Watson
aedbd622fe Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 16:50:25 +00:00
Maxim Sobolev
47c7de587b Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks
2002-07-30 16:24:00 +00:00
Jacques Vidrine
89ab930718 For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>
2002-07-30 15:38:29 +00:00
Poul-Henning Kamp
9fbc6a330d Fix braino in last commit. 2002-07-30 12:02:41 +00:00
Poul-Henning Kamp
17b1994bbe Move ffs_isfreeblock() to ffs_alloc.c and make it static.
Sponsored by: DARPA & NAI Labs.
2002-07-30 11:54:48 +00:00
Maxim Sobolev
3c7d68acc8 Regen after usbdevs rev.1.95. 2002-07-30 11:03:50 +00:00
Maxim Sobolev
b8d95a688e Add ID for Luwen EasyDisk USB flash memory drive.
PR:		41081
Submitted by:	demon
MFC after:	5 days
2002-07-30 11:02:35 +00:00
Maxim Sobolev
b047aa218b Add a quick check that device actually has sound capabilities. The problem
is that some cards built around fm801 chip have the same device ID, only
have radio tuner onboard, but no sound capabilities. Therefore, with such
card inserted and `device pcm' in kernel the user has a big problem, as
the fm801 driver effectively hangs the machine when trying to initialise
nonexistent ac97 codecs (it does 500 retries with 1 second interval!).
It would be better if MediaForte's engeneers were smart enough to put
different device ID into such cards, but it isn't an option.

MFC after:	2 weeks
2002-07-30 10:54:19 +00:00
Seigo Tanimura
133267776c In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may
be swapped out.  Do not put such the thread directly back to the run
queue.

Spotted by:	David Xu <davidx@viasoft.com.cn>

While I am here, s/PS_TIMEOUT/TDF_TIMEOUT/.
2002-07-30 10:12:11 +00:00
Jeff Roberson
c72f085d04 - Add vfs_badlock_{print,panic} support to the remaining VOP_ASSERT_*
macros.
2002-07-30 09:57:37 +00:00
Jeff Roberson
cf409a0a98 - Add automatic post vop debug checks. These work in both the success and
failure cases.
2002-07-30 08:52:00 +00:00
Jeff Roberson
1e4c7a1368 - Acknowledge recursive vnode locks in the vop_unlock specification. The
vnode may not be unlocked even if the operation succeeded.
2002-07-30 08:50:52 +00:00
Alan Cox
32585dd617 o In vm_object_madvise() and vm_object_page_remove() replace
vm_page_sleep_busy() with vm_page_sleep_if_busy().  At the same time,
   increase the scope of the page queues lock.  (This should significantly
   reduce the locking overhead in vm_object_page_remove().)
 o Apply some style fixes.
2002-07-30 07:23:04 +00:00
Seigo Tanimura
9eb881f804 - Optimize wakeup() and its friends; if a thread waken up is being
swapped in, we do not have to ask for the scheduler thread to do
  that.

- Assert that a process is not swapped out in runq functions and
  swapout().

- Introduce thread_safetoswapout() for readability.

- In swapout_procs(), perform a test that may block (check of a
  thread working on its vm map) first.  This lets us call swapout()
  with the sched_lock held, providing a better atomicity.
2002-07-30 06:54:05 +00:00
Alan Cox
bfd2867046 o Lock page queue accesses by pmap_release_free_page(). 2002-07-30 06:45:39 +00:00
Jake Burkholder
61f869600d Add definitions for statistical and high-resolution profiling. The calling
conventions for _mcount and __cyg_profile_func_enter are different, so
statistical profiling kernels build and link but don't actually work.
IWBNI one could tell gcc to only generate calls to the former.

Define uintfptr_t properly for userland, but not for the kernel (I hope).
2002-07-30 06:14:34 +00:00
Jake Burkholder
c465faf9d4 The data cache on UltraSPARC III is not directly mapped, so don't assert
that.  This breaks assumptions made by some of the cache flushing code,
but UltraSPARC III has different methods for invalidating cache lines
anyway.
2002-07-30 05:48:33 +00:00
Mike Silbersack
c4441bc769 Update docs to reflect change in count of procs reserved for root
from 1 to 10.

PR:             kern/40515
Submitted by:   David Schultz <dschultz@uclink.Berkeley.EDU>
MFC after:      1 day
2002-07-30 05:37:00 +00:00
Jake Burkholder
4cfeb177e8 Panic if the data cache has too many virtual colors (more than 2). 2002-07-30 04:19:07 +00:00
Jake Burkholder
7968e6d2b2 Use _ALIGN_DATA and _ALIGN_TEXT. 2002-07-30 02:27:24 +00:00
Robert Watson
03a719dcd1 Rebuild of files generated from syscalls.master.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:09:24 +00:00
Robert Watson
5d37d00afc Prototype function arguments, only with MAC-specific structures
replaced with void until we bring in the actual structure definitions.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:06:34 +00:00
Robert Watson
e35b3494da Hook up kern_mac.c to the build.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:04:56 +00:00
Robert Watson
7bc8250003 Stubs for the TrustedBSD MAC system calls to permit TrustedBSD MAC
userland code to operate on kernel's from the main tree.  Not much
in this file yet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:04:05 +00:00
Alan Cox
e5f8bd9418 o Introduce vm_page_sleep_if_busy() as an eventual replacement for
vm_page_sleep_busy().  vm_page_sleep_if_busy() uses the page
   queues lock.
2002-07-29 19:41:22 +00:00
Julian Elischer
b7f2cf173e Remove a XXXKSE comment. the code is no longer a problem.. 2002-07-29 18:47:19 +00:00
Julian Elischer
1d7b9ed2e6 Create a new thread state to describe threads that would be ready to run
except for the fact tha they are presently swapped out. Also add a process
flag to indicate that the process has started the struggle to swap
back in. This will be  needed for the case where multiple threads
start the swapin action top a collision. Also add code to stop
a process fropm being swapped out if one of the threads in this
process is actually off running on another CPU.. that might hurt...

Submitted by:	Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
2002-07-29 18:33:32 +00:00
Mike Barcroft
49545b3891 Create a new header <machine/_stdint.h> for storing MD parts of
<stdint.h>.  Previously, parts were defined in <machine/ansi.h> and
<machine/limits.h>.  This resulted in two problems:
  (1) Defining macros in <machine/ansi.h> gets in the way of that
      header only defining types.
  (2) Defining C99 limits in <machine/limits.h> adds pollution to
      <limits.h>.
2002-07-29 17:41:23 +00:00
Warner Losh
08c0f3d917 If we are in hostap mode, do not go into promisc mode. This causes
problems with the firmware and will result in a) poor performance and
b) the inability to associate certain types of cards (most notibly
cisco).

Idea obtained from OpenBSD, but I implemented it by clearing the
IFF_PROMISC flag rather than the refusing to honor it downstream.
2002-07-29 15:36:22 +00:00
Ruslan Ermilov
d2893b161b Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
Maxim Konovalov
d46a53126c Use a common way to release locks before exit.
Reviewed by:	hsu
2002-07-29 09:01:39 +00:00
Jeff Roberson
3b82505bb2 - Add VBAD to the list of vnodes that are ignored on locking operations. 2002-07-29 07:45:57 +00:00
Jeff Roberson
a562685f65 - Backout the patch made in revision 1.75 of vfs_mount.c. The vputs here
were hiding the real problem of the missing unlock in sync_inactive.
 - Add the missing unlock in sync_inactive.

Submitted by:	iedowse
2002-07-29 06:26:55 +00:00
Alan Cox
14f8ceaa07 o Pass VM_ALLOC_WIRED to vm_page_grab() rather than calling vm_page_wire()
in pmap_new_thread(), pmap_pinit(), and vm_proc_new().
 o Lock page queue accesses by vm_page_free() in pmap_object_init_pt().
2002-07-29 05:42:44 +00:00
Mike Silbersack
e2102ae475 Revert rev 1.131.
1.131 is slightly broken, and I would commit the fix to that here, but it
has been reported that any deviation from the original code is causing
problems with some 82557 chips, causing them to lock hard.

Until those issues have been figured out, going back to the original
code is the best plan.

Frustrated:	Silby
2002-07-29 04:32:35 +00:00
Luigi Rizzo
e823d3404b whitespace commit: fix indentation in fxp_intr_body.
This is also done in preparation of a subsequent fix
for the handling of RNR conditions in polling mode.
2002-07-29 02:48:09 +00:00
Jake Burkholder
55328d51ba Add routines needed for high resolution profiling. 2002-07-29 00:45:13 +00:00
Jake Burkholder
fa4a902a13 Add a symbol for btext. 2002-07-29 00:42:00 +00:00
Jake Burkholder
7cde6cc16c Remove a stale comment. 2002-07-29 00:40:48 +00:00
Jake Burkholder
edfdadb6c3 Use _ALIGN_TEXT. Implement __cyg_profile_func_enter and
__cyg_profile_func_exit for GUPROF.
2002-07-29 00:39:46 +00:00
Jake Burkholder
d40e229819 Add _ALIGN_DATA and _ALIGN_TEXT macros. 2002-07-29 00:38:07 +00:00
Jake Burkholder
45b84327f9 Remove some stuff that snuck in last commit. 2002-07-29 00:37:05 +00:00
Søren Schmidt
b3d86d9ca2 OK, dont rely on the upper layers handling iosize_max correctly,
instead rely on ATAPI devices ability to do the work instead.

MFC material.
2002-07-28 23:59:00 +00:00
Alan Cox
2c071f61f0 o Modify vm_page_grab() to accept VM_ALLOC_WIRED. 2002-07-28 23:46:19 +00:00
Don Lewis
9e74cba35a Make a temporary copy of the output data in the generic sysctl handlers
so that the data is less likely to be inconsistent if SYSCTL_OUT() blocks.
If the data is large, wire the output buffer instead.

This is somewhat less than optimal, since the handler could skip the copy
if it knew that the data was static.

If the data is dynamic, we are still not guaranteed to get a consistent
copy since another processor could change the data while the copy is in
progress because the data is not locked.  This problem could be solved if
the generic handlers had the ability to grab the proper lock before the
copy and release it afterwards.

This may duplicate work done in other sysctl handlers in the kernel which
also copy the data, possibly while a lock is held, before calling they call
a generic handler to output the data.  These handlers should probably call
SYSCTL_OUT() directly.
2002-07-28 21:06:14 +00:00
Alan Cox
e43c2eab07 o Lock page queue accesses by vm_page_free().
o Apply some style fixes.
2002-07-28 20:13:48 +00:00
Don Lewis
5c38b6dbce Wire the sysctl output buffer before grabbing any locks to prevent
SYSCTL_OUT() from blocking while locks are held.  This should
only be done when it would be inconvenient to make a temporary copy of
the data and defer calling SYSCTL_OUT() until after the locks are
released.
2002-07-28 19:59:31 +00:00
Jake Burkholder
b44ba1a844 Fix a bug introduced in previous commit. Due to the interaction of the
direct physical mappings with virtual page colour, we need to flush the
data cache when a page changes colour.  I missed one case which broke
pipes.
2002-07-28 19:15:34 +00:00
Alan Cox
6a684ecf05 o Lock page queue accesses by vm_page_free(). 2002-07-28 19:01:38 +00:00
Mike Barcroft
7a415ec906 Revert the previous delta; uintfptr_t needs to be available to
userland for libc/gmon to compile, so the typedef in <machine/types.h>
isn't good enough.  This is really ugly since we end up with the
actual value which uintfptr_t is typedef'd from, in multiple places.
This is bug for bug compatible with the other FreeBSD architectures.

Noticed by:	sparc64 tinderbox
2002-07-28 15:59:51 +00:00
Alan Cox
1e8fabc097 Lock page queue accesses by vm_page_free(). 2002-07-28 08:01:48 +00:00
Dima Dorfman
ec7e38fb22 Correct misindentation of DRA_UID. 2002-07-28 06:57:57 +00:00
Alan Cox
299018d3b6 o Lock page queue accesses by vm_page_free().
o Increment cnt.v_dfree inside vm_pageout_page_free() rather than
   at each call.
2002-07-28 05:46:47 +00:00
Alan Cox
57123de641 o Lock page queue accesses by vm_page_free(). 2002-07-28 04:23:03 +00:00
Dima Dorfman
af13e3abb9 Unimplement panic(8) by making sure that we don't recurse into a
ruleset.  If we do, that means there's a ruleset loop (10 includes 20
include 30 includes 10), which will quickly cause a double fault due
to stack overflow (since "include" is implemented by recursion).
(Previously, we only checked that X didn't include X.)
2002-07-28 03:52:44 +00:00
Jake Burkholder
839b2e106a Add declarations for btext and etext. 2002-07-28 01:01:14 +00:00
Peter Wemm
23efa1f8ca Unwind the syscall_with_err_pushed tweak that jake did some time back.
OK'ed by:	jake
2002-07-28 00:27:51 +00:00
Jake Burkholder
7d8a5be3ea uintfptr_t has moved to machine/types.h. 2002-07-27 23:36:51 +00:00
Alan Cox
55df3298c6 o Require that the page queues lock is held on entry to vm_pageout_clean()
and vm_pageout_flush().
 o Acquire the page queues lock before calling vm_pageout_clean()
   or vm_pageout_flush().
2002-07-27 23:20:32 +00:00
David Malone
d7a2a73c84 Make bn_name a const char * to quieten some warnings.
Approved by:	bp (long ago)
2002-07-27 23:16:49 +00:00
David Malone
53d4d67c98 Make spxnames a const char * to quieten some warnings in netstat. 2002-07-27 23:15:08 +00:00
David Malone
25dec7474c If a socket is disconnected for some reason (like a TCP connection
not responding) then drop any data on the outgoing queue in
soisdisconnected because there is no way to get it to its destination
any longer.

The only objection to this patch I got on -net was from Terry, who
wasn't sure that the condition in question could arise, so I provided
some example code.
2002-07-27 23:06:52 +00:00
Jake Burkholder
30bbe52432 Implement a direct mapped address region, like alpha and ia64. This
basically maps all of physical memory 1:1 to a range of virtual addresses
outside of normal kva.  The advantage of doing this instead of accessing
phsyical addresses directly is that memory accesses will go through the
data cache, and will participate in the normal cache coherency algorithm
for invalidating lines in our own and in other cpus' data caches.  So
we don't have to flush the cache manually or send IPIs to do so on other
cpus.  Also, since the mappings never change, we don't have to flush them
from the tlb manually.
This makes pmap_copy_page and pmap_zero_page MP safe, allowing the idle
zero proc to run outside of giant.

Inspired by:	ia64
2002-07-27 21:57:38 +00:00
Bill Fenner
11ae409d07 Fix location and name of if_an_pci.c in comment. 2002-07-27 21:28:40 +00:00
Robert Watson
586261a30f Reserve VCACHEDLABEL vnode flag for use by the TrustedBSD MAC
implementation.  This flag will indicate that the security label
in the vnode is currently valid, and therefore doesn't need to
be refreshed before an access control decision can be made.  Most
file systems (or stdvops) will set this flag after they load the
MAC label from disk the first time to prevent redundant disk I/O;
some file synthetic file systems (procfs, for example) may not.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 19:56:27 +00:00
Robert Watson
4581821b9a Remote socheckproc(), which was removed when p_can*() was introduced
ages ago.  The prototype was missed.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 19:54:15 +00:00
Robert Watson
4a583fd480 Slight whitespace cleanup. Whitespace sync to MAC tree. 2002-07-27 19:53:02 +00:00
Robert Watson
12e9f256e3 Kernel options for Mandatory Access Control (MAC).
MAC support will be merged into the main tree over the next week in
reasonable size chunks; much more to follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 19:50:28 +00:00
Robert Watson
d06c0d4d40 Slight restructuring of the logic for credential change case identification
during execve() to use a 'credential_changing' variable.  This makes it
easier to have outstanding patchsets against this code, as well as to
add conditionally defined clauses.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-27 18:06:49 +00:00
John Baldwin
ce39e722ec Disable optimization of spinlocks on UP kernels w/o debugging for now
since it breaks mtx_owned() on spin mutexes when used outside of
mtx_assert().  Unfortunately we currently use it in the i386 MD code
and in the sio(4) driver.

Reported by:	bde
2002-07-27 16:54:23 +00:00
John Baldwin
b34dc73be6 Whitespace nit in previous revision. 2002-07-27 16:51:00 +00:00
Mike Barcroft
6f0dc1fd51 Catch up to rev 1.339 of src/sys/conf/options (PCI_ENABLE_IO_MODES is
now a sysctl and is enabled by default).
2002-07-27 16:25:30 +00:00
Mike Barcroft
601016470b Catch up to rev 1.339 of src/sys/conf/options (PCI_ENABLE_IO_MODES is
now a sysctl and is enabled by default).
2002-07-27 15:28:35 +00:00
Søren Schmidt
23a5f1b91a Properly change the block_size on different CD media, and use that
to calculate the max amount of data in one IO request.

Correct the max size on atapi floppies/tapes as well.
2002-07-27 12:22:39 +00:00
Peter Wemm
4c4a48ec03 Do not try and probe random PNP devices, This Is Bad.
Display reasons why probe/attach fails.
2002-07-27 08:46:28 +00:00
Peter Wemm
4682cd8f5e Make si_debug tunable. 2002-07-27 08:17:29 +00:00
Alan Cox
4abd55b296 o Lock page queue accesses by vm_page_activate(). 2002-07-27 07:20:27 +00:00
Alan Cox
ce18aebde4 o Lock page queue accesses by vm_page_activate() and vm_page_deactivate()
in vm_pageout_object_deactivate_pages().
 o Apply some style fixes to vm_pageout_object_deactivate_pages().
2002-07-27 06:41:03 +00:00
Jeff Roberson
0ea5e55265 - The default for lock, unlock, and islocked is now std* instead of no*. 2002-07-27 05:16:20 +00:00
Jeff Roberson
17f888f15f - Explicitly state that specfs does not support locking by using
vop_no{lock,unlock,islocked}.  This should be the only vnode opv that does
   so.
2002-07-27 05:14:59 +00:00
Alan Cox
eb13174a6b o Lock page queue accesses by vm_page_activate() and vm_page_deactivate(). 2002-07-27 05:08:49 +00:00
Alan Cox
9d52288860 o Lock page queue accesses by vm_page_activate() and vm_page_deactivate(). 2002-07-27 04:30:46 +00:00
Warner Losh
ffd283ae15 Send a disassoc packet for a STA that we don't know about that claims to
be associated with us.  From millert@openbsd.org

Obtained from: OpenBSD (I think)
2002-07-26 22:56:04 +00:00
Warner Losh
bec60c0fd8 Only INTERSIL 0.8.3 and newer firmware is supported with hostap mode.
While earlier versions can be made to work, they require various work
arounds not in the driver right now.
2002-07-26 22:54:30 +00:00
Warner Losh
3722c8ed3d No doubt about it, I gotta get a better hat:
Add the definition for sockbase that I accidentally removed two
revisions ago and didn't notice until some kind soul pointed it out to
me.
2002-07-26 20:28:58 +00:00
Søren Schmidt
aafa7ea069 Fix the max transfer size for ATAPI devices. The spec says to
transfer at most 65534 bytes, thats 126 times DEV_BSIZE not 252 :(

Pointed out by: Ian Dowse <iedowse@maths.tcd.ie>
2002-07-26 19:13:05 +00:00
Warner Losh
8948a4fd3d Looks like a last second change wasn't completely backed out. 2002-07-26 17:50:01 +00:00
Takanori Watanabe
7850154fdd Add ALLIED TELESIS,K.K. LA-ISA V2 ISA PnP ID.
Submitted by:	nork
MFC after: 3 days
2002-07-26 17:33:58 +00:00
Jake Burkholder
dab4349561 Remove the tlb argument to tlb_page_demap (itlb or dtlb), in order to better
match the pmap_invalidate api.
2002-07-26 15:54:04 +00:00
Robert Drehmel
e25dadb05d Fix -Werror build for sparc64: Use the appropriate conversion
specifier for an 'unsigned int' argument.
2002-07-26 12:57:57 +00:00
Warner Losh
4376ee32ba MFp4:
o reduce the extra-long ID names.
	o TI-1510, 1520 and 4510 support.
	o MFUNC is the name of the register on TI 1200 and newer chips (except
	  125x and 1450).  Initialize it in the func routine, but only
	  if NO_MFUNC isn't set.
	o better comments about above workaround
	o register definitions for MFUNC.
	o move zoom video disable to a better place.
2002-07-26 08:07:55 +00:00
Warner Losh
e4188e915d MFp4:
o Rename the insanely long PCIC bridge ids.
	o Add my copyright to pccbb.c
	o Add support for the TI-1510, TI-1520 and TI-4510 series of upcoming
	  bridges.
	o Init MFUNC if it is zero and the TI part has a MFUNC register
	  at offset 0x8c (1030, 1130 and 1131 don't have anything there, the
	  1250,1251,1251B and 1450 have a different thing there.  The rest
	  have it.  TI is likely to only do MFUNC from now on.  The IRQMUX
	  in the 1250 series of chips needs no tweaks.
	o Adjust to new exca interface.
	o Add comments about TI chips that I learned in talking to an
	  engineer at TI.
	o Add register definitions for MFUNC.
	o Create CB_TI125X chipset type.
2002-07-26 08:05:25 +00:00
Warner Losh
6dfd31d460 MFp4:
o Protect .h against multiple includes.
	o eliminate the pointers to the read/write routines.  The
	  bus_space_read routines can cope since we have the offset
	  field.
	o Print a warning if the requested map address is > 16M and
	  your chipset doesn't support the extended ExCA registers.
2002-07-26 08:01:08 +00:00
Warner Losh
a850203de0 Make PCI_ENABLE_IO_MODES a sysctl hw.pci.enable_io_modes. It can also
be set at boot time.  It defaults to 1 now since it can be set in the
boot loader.  If this proves unwise, we can reset it to defaulting to 0.
2002-07-26 07:58:16 +00:00
Peter Wemm
93c9745e20 gethints.awk is a machine-specific 4.x->5.x transition aid. We cannot
use a common one because pc98 has got very different values.  This only
needs to exist on platforms that existed under 4.x.
2002-07-26 03:52:30 +00:00
John Polstra
470bd96a07 Recognize the Altima AC9100 chip, which is used in current versions
of the Netgear GA302-T.  I changed the symbolic names in the
submitter's patch to reflect the part number of the chip instead
of the board.

PR:		kern/38988
Submitted by:	Brad Chapman <chapmanb@arches.uga.edu>
MFC after:	2 days
2002-07-26 03:47:08 +00:00
Matt Jacob
e277218592 Frequency default should be '25' for 25MHz, not 25000000.
Through the PITA of endiannness, clock has to be MHz freq << 8.

Don't trust NVRAM on SBus cards.

Set a default initiator ID sensibly.

SBus/ISP now working, what with the change to sbus.c earlier today.
2002-07-25 20:49:30 +00:00
Matt Jacob
43722a425a Don't test against default_iid being zero as a test for whether we
set something- iid 0 is valid.
2002-07-25 20:47:40 +00:00
Hajimu UMEMOTO
7b79862463 correct comment for setsockopt arg size.
Reported by:	Martin Laabs <martin@martin.erfurt.thur.de>
Obtained from:	KAME
MFC after:	1 week
2002-07-25 20:40:09 +00:00
Matt Jacob
1936600631 Set interrupt clear pointer for SBus slots to point to correct spot. 2002-07-25 20:14:59 +00:00
Alan Cox
f4f5cb1ffb o Remove a vm_page_deactivate() that is immediately followed by a
vm_page_rename() from vm_object_backing_scan().  vm_page_rename()
   also performs vm_page_deactivate() on pages in the cache queues,
   making the removed vm_page_deactivate() redundant.
2002-07-25 19:09:07 +00:00
Hajimu UMEMOTO
66ef17c4b6 make setsockopt(IPV6_V6ONLY, 0) actuall work for tcp6.
MFC after:	1 week
2002-07-25 18:10:04 +00:00
Hajimu UMEMOTO
eccb7001ee cleanup usage of ip6_mapped_addr_on and ip6_v6only. now,
ip6_mapped_addr_on is unified into ip6_v6only.

MFC after:	1 week
2002-07-25 17:40:45 +00:00
Matt Jacob
72429e49f5 Make sure that if are in fact using 'full SMP', make the interrupt
flags include INTR_MPSAFE. Put the flags in a common place so that
both isp_sbus && isp_pci DTRT.

In isp_mbxdma setup, drop any locks prior to calling things like
bus_dmatag_create. This gets rid of these obnoxious WITNESS messages
about 'sleeping with locks held' blah blah blah blah blah.
2002-07-25 16:02:09 +00:00
Matt Jacob
4eb494274f Put MODULE_VERSION back here so that ispfw is happy. 2002-07-25 16:00:24 +00:00
Hajimu UMEMOTO
dcaecffe69 Change the default setting of an IPv4-mapped IPv6 address to off.
Requested by:	many people
2002-07-25 15:44:01 +00:00
Takanori Watanabe
2e673adddb Regen. 2002-07-25 14:16:47 +00:00
Takanori Watanabe
86b3064d09 MFNetBSD: FTDI USB-serial converter chips description. 2002-07-25 14:15:49 +00:00
Brian Feldman
ca33ae2367 Fix some of the places where sound(4) can sleep with a lock held. (Help
courtesy of fenner).
2002-07-25 04:49:45 +00:00
Julian Elischer
8625e3721f get suspension counting right.
fix an error message

Submitted by:	David Xu <bsddiy@yahoo.com>
2002-07-25 03:21:35 +00:00
Julian Elischer
e3b9bf7198 fix some style problems and remove a mis-merged assert. 2002-07-25 00:27:39 +00:00
Julian Elischer
294e6308bf slight stylisations to take into account recent code changes. 2002-07-24 23:59:15 +00:00