Commit Graph

34175 Commits

Author SHA1 Message Date
Orion Hodson
67a97e1522 Remove support for the vt8233. Specs for chipset changed mid-revision
so this code was not working for the newer VIA chipsets.
2002-08-17 16:13:29 +00:00
Robert Watson
d49fa1ca6e In continuation of early fileop credential changes, modify fo_ioctl() to
accept an 'active_cred' argument reflecting the credential of the thread
initiating the ioctl operation.

- Change fo_ioctl() to accept active_cred; change consumers of the
  fo_ioctl() interface to generally pass active_cred from td->td_ucred.
- In fifofs, initialize filetmp.f_cred to ap->a_cred so that the
  invocations of soo_ioctl() are provided access to the calling f_cred.
  Pass ap->a_td->td_ucred as the active_cred, but note that this is
  required because we don't yet distinguish file_cred and active_cred
  in invoking VOP's.
- Update kqueue_ioctl() for its new argument.
- Update pipe_ioctl() for its new argument, pass active_cred rather
  than td_ucred to MAC for authorization.
- Update soo_ioctl() for its new argument.
- Update vn_ioctl() for its new argument, use active_cred rather than
  td->td_ucred to authorize VOP_IOCTL() and the associated VOP_GETATTR().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-17 02:36:16 +00:00
Jeffrey Hsu
c068736a61 Cosmetic-only changes for readability.
Reviewed by:	(early form passed by) bde
Approved by:	itojun (from core@kame.net)
2002-08-17 02:05:25 +00:00
Doug Ambrisko
74495bcdab Revert change to detect multiply PHYs in mii code. There might be cases
when this is needed.  Work around bogus second PHY in the DFE-580 card
via a change in the if_ste.c driver.

Suggested by:	jdp
Reviewed by:	jdp
MFC after:	3 days
2002-08-16 23:19:16 +00:00
Nate Lawson
39c6a8beeb Updates to cmd6workaround:
* Only update cdb in place if not CDB_POINTER
* Correctly check for QFRZ before restarting CCB
* More accurate printf message
* style(9) changes at end

Patch tested successfully on Maxtor 4 G120J6 GAK8.
2002-08-16 22:05:19 +00:00
David Greenman
79cb7eb41c Further improved the performance of sbreserve() by moving the calculation
of the adjusted sb_max into a sysctl handler for sb_max and assigning it to
a variable that is used instead. This eliminates the 32bit multiply and
divide from the fast path that was being done previously.
2002-08-16 18:41:48 +00:00
Robert Watson
f050add5c1 Wrap maintenance of varios nmac{objectname} counters in MAC_DEBUG so we
can avoid the cost of a large number of atomic operations if we're not
interested in the object count statistics.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 14:21:38 +00:00
Robert Watson
49cde51dfd Correct white space nits that crept in during my recent merges of
trustedbsd_mac material.
2002-08-16 14:12:40 +00:00
Robert Watson
ea6027a8e1 Make similar changes to fo_stat() and fo_poll() as made earlier to
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential.  Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential.  Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument.  This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.

Trickle this change down into fo_stat/poll() implementations:

- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
  MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
  than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
  to vn_stat().  Pass active_cred to MAC and fp->f_cred to VOP_POLL()
  to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
  and consumers so that this distinction is maintained at the VFS
  as well as 'struct file' layer.  Pass active_cred instead of
  td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.

- fifofs: modify the creation of a "filetemp" so that the file
  credential is properly initialized and can be used in the socket
  code if desired.  Pass ap->a_td->td_ucred as the active
  credential to soo_poll().  If we teach the vnop interface about
  the distinction between file and active credentials, we would use
  the active credential here.

Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained.  It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-16 12:52:03 +00:00
Josef Karthauser
1e03ff6cf0 MFNetBSD: 1.51
Move a quirk tests so the message printed about directionality is
right.
2002-08-16 12:16:07 +00:00
Josef Karthauser
a6103a945a MFNetBSD: (1.50) Get rid of trailing white space. 2002-08-16 12:13:26 +00:00
Luigi Rizzo
99e5e64504 sys/netinet/ip_fw2.c:
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
    for firewall-generated packets (the constant has to go in sys/mbuf.h).

    Better comments on keepalive generation, and enforce dyn_rst_lifetime
    and dyn_fin_lifetime to be less than dyn_keepalive_period.

    Enforce limits (up to 64k) on the number of dynamic buckets, and
    retry allocation with smaller sizes.

    Raise default number of dynamic rules to 4096.

    Improved handling of set of rules -- now you can atomically
    enable/disable multiple sets, move rules from one set to another,
    and swap sets.

sbin/ipfw/ipfw2.c:

    userland support for "noerror" pipe attribute.

    userland support for sets of rules.

    minor improvements on rule parsing and printing.

sbin/ipfw/ipfw.8:

    more documentation on ipfw2 extensions, differences from ipfw1
    (so we can use the same manpage for both), stateful rules,
    and some additional examples.
    Feedback and more examples needed here.
2002-08-16 10:31:47 +00:00
Josef Karthauser
3a89188b79 MFNetBSD:
revision 1.127
	date: 2002/08/07 20:03:19;  author: augustss;  lines: +4 -8
	Fix some braindead calls to free memory (only encountered
	under low memory conditions).  From OpenBSD.
2002-08-16 09:10:43 +00:00
Alfred Perlstein
e88894d39a make the strings for tcptimers, tanames and prurequests const to silence
warnings.
2002-08-16 09:07:59 +00:00
Alfred Perlstein
f341f36a88 forgot to actually commit the DK/FS TYPES split, do it now. 2002-08-16 09:07:15 +00:00
Alfred Perlstein
d5968c2a66 fix comment typo: naem -> name 2002-08-16 07:42:18 +00:00
Alfred Perlstein
aa22cbfea7 Hide 'struct ucred' behind '#ifdef _KERNEL', this should stop userland
from attempting to use it for good.  There is a catch, kvm_proc.c needs
to '#define _KERNEL' to get at the ucred.

Requested by: rwatson
2002-08-16 07:01:43 +00:00
Tom Rhodes
b5cdbc6dae When a cluster entry for ``.'' is set to 0, msdosfs fails to handle it
correctly.

PR:		24393
Submitted by:	semenu
Approved by:	rwatson (mentor)
MFC after:	1 week
2002-08-16 05:13:42 +00:00
David Greenman
8c71ce8a4e Rewrote the space check algorithm in sbreserve() so that the extremely
expensive (!) 64bit multiply, divide, and comparison aren't necessary
(this came in originally from rev 1.19 to fix an overflow with large
sb_max or MCLBYTES).
The 64bit math in this function was measured in some kernel profiles as
being as much as 5-8% of the total overhead of the TCP/IP stack and
is eliminated with this commit. There is a harmless rounding error (of
about .4% with the standard values) introduced with this change,
however this is in the conservative direction (downward toward a
slightly smaller maximum socket buffer size).

MFC after:	3 days
2002-08-16 05:08:46 +00:00
Jake Burkholder
83d5cede4f Use symbolic constants instead of magic address constants. 2002-08-16 01:37:49 +00:00
Jake Burkholder
6856ac3294 Minor style. Removed unused declaration. 2002-08-16 01:35:00 +00:00
Jake Burkholder
51d5509a62 Removed unneeded pmap_initialized flag. 2002-08-16 01:33:03 +00:00
Jake Burkholder
6df1fae014 Demark sections of code that need special fault handling with labels.
Check if the trapped pc is inside of the demarked sections to implement
fault recovery for copyin etc, instead of pcb_onfault.  Handle recovery
from data access exceptions as well as page faults.

Inspired by:	bde's sys.dif
2002-08-16 00:57:37 +00:00
Josef Karthauser
c5849647cc UHCI_DEBUG -> USB_DEBUG. 2002-08-15 22:41:20 +00:00
Robert Watson
c6a3f1fc92 For some reason, the flags and td arguments in the fo_read prototype
were reversed.  Correct this with no functional change.
2002-08-15 22:12:53 +00:00
Robert Watson
365433d9b8 Code formatting sync to trustedbsd_mac: don't perform an assignment
in an if clause.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:
MFC after:
2002-08-15 22:04:31 +00:00
Alfred Perlstein
f898f7c5b2 Remove a case of exposing 'struct ucred' to userspace. Use a struct xucred
for LOCKD_MSG instead.

Requested by: rwatson
2002-08-15 21:52:22 +00:00
Alfred Perlstein
97b0a9a249 Remove cam_extend.c from sources to unbreak modules.
Missed by: kern/39809,njl
2002-08-15 21:41:59 +00:00
Robert Watson
2b94185b82 Correct a minor whitespace nit that sneaked in with my previous commit. 2002-08-15 21:41:20 +00:00
Nate Lawson
f0769ef9fd Remove cam_extend.[ch] after all references to them were removed.
PR:		kern/39809
Approved by:	gibbs
2002-08-15 20:55:38 +00:00
Robert Watson
9ca435893b In order to better support flexible and extensible access control,
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:

- Change fo_read() and fo_write() to accept "active_cred" instead of
  "cred", and change the semantics of consumers of fo_read() and
  fo_write() to pass the active credential of the thread requesting
  an operation rather than the cached file cred.  The cached file
  cred is still available in fo_read() and fo_write() consumers
  via fp->f_cred.  These changes largely in sys_generic.c.

For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:

- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
  pipe_read/write() now authorize MAC using active_cred rather
  than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
  VOP_READ/WRITE() with fp->f_cred

Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred.  Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not.  If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.

Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.

These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.

Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 20:55:08 +00:00
Nate Lawson
e2a5fdf911 Remove usage of cam_extend.c, replace with dev->si_drv1
PR:		kern/39809
Approved by:	gibbs
2002-08-15 20:54:03 +00:00
Robert Watson
909610a5c1 Move mac.h include to match the MAC tree location. Both locations
are about equally as alphabetized.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 19:02:17 +00:00
Robert Watson
a7320549ac Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:58:44 +00:00
Robert Watson
fb95b5d3c3 Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 18:51:27 +00:00
Robert Watson
d61198e422 Rename mac_check_socket_receive() to mac_check_socket_deliver() so that
we can use the names _receive() and _send() for the receive() and send()
checks.  Rename related constants, policy implementations, etc.

PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
MFC after:
2002-08-15 18:51:26 +00:00
Robert Watson
4b9c2fa1fb Fix return case for negative namelen by jumping to normal exit processing
rather than immediately returning, or we may not unlock necessary locks.

Noticed by:	Mike Heffner <mheffner@acm.vt.edu>
2002-08-15 17:34:03 +00:00
Jeffrey Hsu
b5addd8564 Reset dupack count in header prediction.
Follow-on to rev 1.39.

Reviewed by: jayanth, Thomas R Henderson <thomas.r.henderson@boeing.com>, silby, dillon
2002-08-15 17:13:18 +00:00
Luigi Rizzo
4bbf3b8b3a Kernel support for a dummynet option:
When a pipe or queue has the "noerror" attribute, do not report
drops to the caller (ip_output() and friends).
(2 lines to implement it, 2 lines to document it.)

This will let you simulate losses on the sender side as if they
happened in the middle of the network, i.e. with no explicit feedback
to the sender.

manpage and ipfw2.c changes to follow shortly, together with other
ipfw2 changes.

Requested by: silby
MFC after: 3 days
2002-08-15 16:53:43 +00:00
Robert Watson
6835e7427c On MAC check failure for readdir, use 'goto out' to use the common exit
handling, rather than returning directly to prevent leaking of vnode
reference/lock.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 15:46:10 +00:00
Robert Watson
ecd3e8ff5a It's now sufficient to rely on a nested include of _label.h to make sure
all structures in ip_var.h are defined, so remove include of mac.h.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:34:45 +00:00
Robert Watson
9daf40feaa Perform a nested include of _label.h if #ifdef _KERNEL. This will
satisfy consumers of ip_var.h that need a complete definition of
struct ipq and don't include mac.h.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:34:02 +00:00
Robert Watson
3b6aad64bf Add mac.h -- raw_ip.c was depending on nested inclusion of mac.h which
is no longer present.

Pointed out by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-15 14:27:46 +00:00
Bosko Milekic
5fee904c3c Make m_flags an int instead of a short, this is consistent with the
type of the 'flags' argument m_getcl() was using anyway; m_extadd()
needed to be changed to accept an int instead of a short for 'flags.'
This makes things more consistent and also gives us more bits to
use for m_flags in the future (we have almost run out).

Requested by: sam (Sam Leffler)
2002-08-15 14:09:16 +00:00
Warner Losh
6319263d7b pccbb->cbb 2002-08-15 08:05:40 +00:00
Warner Losh
f5a9ae40ce No longer needed 2002-08-15 08:04:06 +00:00
Warner Losh
6c596e8d0b pccbb -> cbb 2002-08-15 08:02:23 +00:00
Warner Losh
b35cf6719f Rename the pccbb device to cbb. 2002-08-15 08:01:24 +00:00
Warner Losh
6f6efa5165 Move the symbol firmware loading routines into if_wi.
Define some basic firmware downloading commands.
2002-08-15 07:13:17 +00:00
Jake Burkholder
e4f5294e18 Fixed 64bit big endian bugs relating to abuse of ioctl argument passing.
This makes truss work on sparc64.
2002-08-15 06:16:10 +00:00