support machines having multiple independently numbered PCI domains
and don't support reenumeration without ambiguity amongst the
devices as seen by the OS and represented by PCI location strings.
This includes introducing a function pci_find_dbsf(9) which works
like pci_find_bsf(9) but additionally takes a domain number argument
and limiting pci_find_bsf(9) to only search devices in domain 0 (the
only domain in single-domain systems). Bge(4) and ofw_pcibus(4) are
changed to use pci_find_dbsf(9) instead of pci_find_bsf(9) in order
to no longer report false positives when searching for siblings and
dupe devices in the same domain respectively.
Along with this change the sole host-PCI bridge driver converted to
actually make use of PCI domain support is uninorth(4), the others
continue to use domain 0 only for now and need to be converted as
appropriate later on.
Note that this means that the format of the location strings as used
by pciconf(8) has been changed and that consumers of <sys/pciio.h>
potentially need to be recompiled.
Suggested by: jhb
Reviewed by: grehan, jhb, marcel
Approved by: re (kensmith), jhb (PCI maintainer hat)
work present in FreeBSD 7.0 to refine the kernel privilege model:
- Introduce support for jail as a testing variable, in order to
confirm that privileges are properly restricted in the jail
environment.
- Restructure overall testing approach so that privilege and jail
conditions are set in the testing infrastructure before tests
are invoked, and done so in a custom-created process to isolate
the impact of tests from each other in a more consistent way.
- Tests now provide setup and cleanup hooks that occur before and
after the test runs.
- New privilege tests are now present for several audit
privileges, several credential management privileges, dmesg
buffer reading privilege, and netinet raw socket creation.
- Other existing tests are restructured and generally improved as
a result of better framework structure and jail as a variable.
For exampe, we now test that certain sysctls are writable only
outside jail, while others are writable within jail. On a
similar note, privileges relating to setting UFS file flags are
now better exercised, as with the right to chmod and utimes
files.
Approved by: re (bmah)
Obtained from: TrustedBSD Project
- Add the bind mtree to the TinyBSD build so that files
can be installed there (else the build fails)
- Change GEOM_GPT to GEOM_PART_GPT since that had been
renamed in current. The kernel configuration provided
by TinyBSD will not build without these changes.
PR: misc/115484
PR: misc/115405
Submitted by: Richard Arends <richard at unixguru dot nl>
Approved by: re (bmah)
Approved by: imp (mentor)
or replace (i.e., zdump) the environment after a call to setenv(), putenv()
or unsetenv() has been made, a few changes were made.
- getenv() will return the value from the new environ array.
- setenv() was split into two functions: __setenv() which is most of the
previous setenv() without checks on the name and setenv() which
contains the checks before calling __setenv().
- setenv(), putenv() and unsetenv() will unset all previous values and
call __setenv() on all entries in the new environ array which in turn
adds them to the end of the envVars array. Calling __setenv() instead
of setenv() is done to avoid the temporary replacement of the '=' in a
string with a NUL byte. Some strings may be read-only data.
Added more regression checks for clearing the environment array.
Replaced gettimeofday() with getrusage() in timing regression check for
better accuracy.
Fixed an off-by-one bug in __remove_putenv() in the use of memmove(). This
went unnoticed due to the allocation of double the number of environ
entries when building envVars.
Fixed a few spelling mistakes in the comments.
Reviewed by: ache
Approved by: wes
Approved by: re (kensmith)
- Solaris' setgroups(2) doesn't change process' effective gid, so set it
explicitly.
- POSIX doesn't define O_NOFOLLOW. FreeBSD returns EMLINK when target is
a symbolic link, but Solaris returns ELOOP then.
- Solaris doesn't define O_SHLOCK and O_EXLOCK flags.
Approved by: re (rwatson)
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
- Add and document the KVM and KVM_SUPPORT options that
are needed for the ifmcstats(3) makefile
- Garbage collect unused variables
- Add missing inclusion of bsd.own.mk where needed
Approved by: kan (mentor)
Reviewed by: ru
and protocol-independent host mode multicast. The code is written to
accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work.
This change only pertains to FreeBSD's use as a multicast end-station and
does not concern multicast routing; for an IGMPv3/MLDv2 router
implementation, consider the XORP project.
The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6,
which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html
Summary
* IPv4 multicast socket processing is now moved out of ip_output.c
into a new module, in_mcast.c.
* The in_mcast.c module implements the IPv4 legacy any-source API in
terms of the protocol-independent source-specific API.
* Source filters are lazy allocated as the common case does not use them.
They are part of per inpcb state and are covered by the inpcb lock.
* struct ip_mreqn is now supported to allow applications to specify
multicast joins by interface index in the legacy IPv4 any-source API.
* In UDP, an incoming multicast datagram only requires that the source
port matches the 4-tuple if the socket was already bound by source port.
An unbound socket SHOULD be able to receive multicasts sent from an
ephemeral source port.
* The UDP socket multicast filter mode defaults to exclusive, that is,
sources present in the per-socket list will be blocked from delivery.
* The RFC 3678 userland functions have been added to libc: setsourcefilter,
getsourcefilter, setipv4sourcefilter, getipv4sourcefilter.
* Definitions for IGMPv3 are merged but not yet used.
* struct sockaddr_storage is now referenced from <netinet/in.h>. It
is therefore defined there if not already declared in the same way
as for the C99 types.
* The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF
which are then interpreted as interface indexes) is now deprecated.
* A patch for the Rhyolite.com routed in the FreeBSD base system
is available in the -net archives. This only affects individuals
running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces.
* Make IPv6 detach path similar to IPv4's in code flow; functionally same.
* Bump __FreeBSD_version to 700048; see UPDATING.
This work was financially supported by another FreeBSD committer.
Obtained from: p4://bms_netdev
Submitted by: Wilbert de Graaf (original work)
Reviewed by: rwatson (locking), silence from fenner,
net@ (but with encouragement)
Four tests currently fail:
test_ether_line_bad_1() and test_ether_line_bad_2() due to bugs in
ether_line(3).
test_ether_ntohost() and test_ether_hostton() due to not being fully
implemented tests.
on socket buffers is interruptible or not, which detacts the regression I
introduced recently in 7-CURRENT (spotted by alfred). This test passes
in older -CURRENT, and with the as-yet uncommitted sx_xlock_sig and
sblock fix patches.
o make some variables parameters (frequency of crack, and maximum channel)
o try to spoof mac if association fails
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
each file independently from other files. The new semantics are
desired in the most of practical cases, e.g.: delete lines 5-9
from each file.
Keep the previous semantics of -i under a new option, -I, which
uses a single continuous address space covering all files to edit
in-place -- they are too cool to just drop them.
Add regression tests for -i and -I.
Approved by: dds
Compared with: GNU sed
Discussed on: -hackers
MFC after: 2 weeks
* Break out the boot0 loader selection into a variable - NANO_BOOTLOADER -
so people like me with VGA consoles can override the default (which is
to use boot0sio)
* Put the boot0 configuration options in NANO_BOOT0CFG in case you want
to override the defaults.
* Modify nanobsd.8 to reflect the changes and hint the console default is
serial.
MFC after: 2 weeks
[Since the change to strict refcounting for in_multi objects, this test
began to fail; formerly the refcount was a count of the number of requests
for a given address, NOT a count of pointers to the object.]
that it might be worth fixing a couple of bugs in wesside and making
it use the new cracking technique. I think this enhancement makes
the tool quite usable. It is possible to recover keys in only a
couple of minutes.
* Fix ACKs. Firmware will ACK data [just set the MAC addr correctly].
* Fix RX routines. Process all packets read().
* Use aircrack-ptw [built-in] rather than external aircrack.
* Log data in pcap format so that it may be used by others [e.g. aircrack-ng].
Submitted by: Andrea Bittau <a.bittau@cs.ucl.ac.uk>
- Close the new file objects created during socketpair() if the copyout of
the new file descriptors fails.
- Add a test to the socketpair regression test for this edge case.
and had no chance to match it by the 2nd address precisely.
Otherwise the unclosed range would bogusly extend to the end
of stream.
Add a basic regression test for the bug fixed. (This change
also fixes the more complex case 5.3 from `multitest.t'.)
Compared with: SUN and GNU seds
Tested by: regression tests
MFC after: 1 week
in a more reasonable way than BSD sed does: they properly
close the range even if we branched over its end. No doubt,
the range `1,5' should not match lines from 9 through 14.
them are related to the `c' function's need to know if we are at
the actual end of the address range. (It must print the text not
earlier than the whole pattern space was deleted.) It appears the
only sed function with this requirement.
There is `lastaddr' set by applies(), which is to notify the `c'
function, but it can't always help because it's false when we are
hitting the end of file early. There is also a bug in applies()
due to which `lastaddr' isn't set to true on degenerate ranges such
as `$,$' or `N,$' if N appears the last line number.
Handling early EOF condition in applies() could look more logical,
but it would effectively revert sed to the unreasonable behaviour
rev. 1.26 of main.c fought against, as it would require lastline()
be called for each line within each address range. So it's better
to call lastline() only if needed by the `c' function.
Together with this change to sed go regression tests for the bugs
fixed (c1-c3). A basic test of `c' (c0) is also added as it helped
me to spot my own error.
Discussed with: dds
Tested by: the regression tests
MFC after: 1 week
o make all crypto drivers have a device_t; pseudo drivers like the s/w
crypto driver synthesize one
o change the api between the crypto subsystem and drivers to use kobj;
cryptodev_if.m defines this api
o use the fact that all crypto drivers now have a device_t to add support
for specifying which of several potential devices to use when doing
crypto operations
o add new ioctls that allow user apps to select a specific crypto device
to use (previous ioctls maintained for compatibility)
o overhaul crypto subsystem code to eliminate lots of cruft and hide
implementation details from drivers
o bring in numerous fixes from Michale Richardson/hifn; mostly for
795x parts
o add an optional mechanism for mmap'ing the hifn 795x public key h/w
to user space for use by openssl (not enabled by default)
o update crypto test tools to use new ioctl's and add cmd line options
to specify a device to use for tests
These changes will also enable much future work on improving the core
crypto subsystem; including proper load balancing and interposing code
between the core and drivers to dispatch small operations to the s/w
driver as appropriate.
These changes were instigated by the work of Michael Richardson.
Reviewed by: pjd
Approved by: re
I have verified these with GNU sed 4.1.5 (and in some cases with Solaris
sed) and they are identical, with the following exceptions:
5.3: The result is unspecified and BSD sed behaves differently.
6.3: GNU sed gets it wrong
7.1: GNU sed gets it wrong
7.8: BSD sed gets it wrong
According to IEEE Std 1003.1, 2004 "Whenever the pattern space is
written to standard output or a named file, sed shall immediately
follow it with a <newline>."
An attempt at the same correction might have been made with r1.3,
which is however identical with r1.2.
NetBSD version is a feature-to-feature re-implementation of GNU
gzip using the freely-redistributable zlib and this version is
expected to be mostly bug-to-bug compatible with the GNU
implementation.
- Because this is a piece of mature code and we want to make
changes so it is added directly rather than importing to
src/contrib.
- Connect newly added code to src/usr.bin/ and rescue/rescue
build.
- Disconnect the GNU gzip code from build for now, they will
be eventually removed completely.
- Provide two new src.conf(5) knobs, WITHOUT_BZIP2_SUPPORT and
WITHOUT_BZIP2.
Tested by: kris (full exp-7 pointyhat build)
Approved by: core (importing a 4-clause BSD licensed file)
Approved by: re (adding new utility during -HEAD code slush)
effective group ID or to group ID of its parent directory.
- Add some comments from POSIX.
- Verify that after successful O_TRUNC open, size is equal to 0.
he is the file's owner, he can't set set-gid bit.
POSIX requires to return 0 and clear the bit, but FreeBSD returns
EPERM for UFS in such case. For now do the same in ZFS.
This only works if there is no significant drift and all processors are
running at the same frequency. Fortunately, schedgraph traces on MP
machines tend to cover less than a second so drift shouldn't be an issue.
- KTRFile::synchstamp() iterates once over the whole list to determine the
lowest tsc value and syncs adjusts all other values to match. We assume
that the first tick recorded on all cpus happened at the same instant to
start with.
- KTRFile::monostamp() iterates again over the whole file and checks for
a cpu agnostic monotonically increasing clock. If the time ever goes
backwards the cpu responsible is adjusted further to fit. This will
make the possible incorrect delta between cpus as small as the shortest
time between two events. This time can be fairly large due to sched_lock
essentially protecting all events.
- KTRFile::checkstamp() now returns an adjusted timestamp.
- StateEvent::draw() detects states that occur out of order in time and
draws them as 0 pixels after printing a warning.
from the tsc.
- Set skipnext = 1 for yielding and preempted events so we don't show the
event that adds us back to the run queue. It used to be 2 so we would
skip the ksegrp run queue addition and the system run queue addition
but the ksegrp run queue has gone away.
- Don't display down to nanosecond resolution for scheduling events right
now. This can sometimes cause a division by zero.
Almost all regression tests are based on very flexible fstest tool.
They verify correctness (POSIX conformance) of almost all file
system-related system calls.
The motivation behind this work is my ZFS port and POSIX, who doesn't
provide free test suites.
Runs on: FreeBSD/UFS, FreeBSD/ZFS, Solaris/UFS, Solaris/ZFS
To try it out:
# cd fstest
# make
# find tests/* -type d | xargs prove
various types, as well as pipes and fifos for good measure. RELENG_6
currently passes all of these tests, but 7-CURRENT fails 0-byte writes
and sends on all stream socket types (and fifos, as they are based on
stream sockets).
Bumped into by: peter
Diagnosed by: jhb
Problem of: andre
to floating-point, the result is a quiet NaN. The current implementation
may return a signaling NaN, and the vendor has no plans for changing this,
for reasons explained in the comment I added.
mbuf is dropped, to preserve the invariant in the PR_ADDR case.
Add a regression test to detect this condition, but do not hook it
up to the build for now.
PR: kern/38495
Submitted by: James Juran
Reviewed by: sam, rwatson
Obtained from: NetBSD
MFC after: 2 weeks
wildcard specifications. Earlier the only wildcard syntax
was "-j 0" for "any jail". There were at least
two shortcomings in it: First, jail ID 0 was abused; it
meant "no jail" in other utils, e.g., ps(1). Second, it
was impossible to match processed not in jail, which could
be useful to rc.d developers. Therefore a new syntax is
introduced: "-j any" means any jail while "-j none" means
out of jail. The old syntax is preserved for compatibility,
but now it's deprecated because it's limited and confusing.
Update the respective regression tests. While I'm here,
make the tests more complex but sensitive: Start several
processes, some in jail and some out of jail, so we can
detect that only the right processes are killed by pkill
or matched by pgrep.
Reviewed by: gad, pjd
MFC after: 1 week
nature of implied connect via sendto(). Oddly, uipc_usrreq.c implements
this for stream sockets, but doesn't set the flag in its protocol
definition so that it can actually be used. As such, the stream test is
implemented but doesn't run for now.
prints out if bootverbose is set. This is to facilitate the code being
removed from the kernel at a later date.
While we're here, fix the __packed structures, and add some other
PCI interrupt router IDs.
Submitted by: jhb (with some tweaks)
MFC after: 3 weeks
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:
NANO_KERNEL=../../../../software/nanobsd/default/SOEKRIS
MFC: after 6.2
to WITH_CDDL.
This option enables building code that is licensed under Sun's CDDL.
The DTrace code is licensed that way, so by default it will get built
unless the WITHOUT_CDDL option is used.
There is another build toggle, NO_CTF, which turns off execution of
ctfconvert and ctfmerge in sys.mk, but this can't be implemented as
WITH_/WITHOUT because bsd.own.mk isn't included in all Makefiles and
sys.mk is included automatically by make.
This allows the user to specify that the root filoesystem should be
an MFS or teh actual medium itself.
Also a new command syntax, along with an interactive mode by default,
with crossinvocation memory of the last used values as defaults for the
current invocation.
Submitted by:jmeloatfreebsdbrasil,com-br
implemented properly for a number of kernel subsystems. In general, they
try to exercise the privilege first as the root user, then as a test user,
in order to determine when privilege is being checked.
Currently, these tests do not compare inside/outside jail, and probably
should be enhanced to do that.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Add "-C <column>" and "-d <delims>" options to chop up input lines.
Make '#' a comment character, rest of line is ignored.
Submitted by: Dmitry Morozovsky <marck@rinet.ru>
separate function which is called right after install_etc(). This makes
it simpler to (ab)use nanobsd.sh as a framework to build more normal
FreeBSD images where a normal /etc is used, since setup_nanobsd_etc()
can just be redefined.
OK'ed in principle by: phk
MFC after: 1 week
It is by no means expected to perform a complete test of the library
for correctness, but is meant to test the API to make sure libmp (or
libcrypto) updates don't totally break the library.
instead of setup_nanobsd(), because this gives customize tasks a chance
to fiddle the details.
Inspired & tested by: Jordan Coleman <jordan@JordanColeman.com>
o If something is wrong with options, then output short usage help message.
o Output errstr returned from strtonum(3).
PR: bin/98141
Submitted by: Andrey Simonenko
It uses doxygen to generate the API documentation. For each subsystem
a very small (about 20 lines with comments) subsystem specific Doxyfile
has to be written (have a look at the README for more). All common doxygen
options are specified in a separate file.
The framework is configured to not only generate the HTML version, but also
a PDF version (the paper size is hardcoded to DIN A4 currently and depending
on the subsystem you have to increase some limits in the latex configuration
of your system, the README tells more about this).
It also allows cross-references between the subsystems (it generates doxygen
tag files).
Currently the docs are generated in OBJDIR, but this may change after
coordination with doc@. The makefile is prepared to generate/move various
parts of the generated docs to different destinations.
TARGET_ARCH is respected and some env-vars are set for architecture specific
handling of the source (the README tells more).
Subsystems for which docs are generated:
- cam - crypto - dev_pci
- dev_sound - dev_usb - geom
- i4b - kern - libkern
- linux - net80211 - netgraph
- netinet - netinet6 - netipsec
- opencrypto - vm
Requested by: gnn
o Introduce -r and -w keys which allow to load and save a worklist.
o Replace README by man page.
PR: bin/96677
Submitted by: Ulrich Spoerlein
Approved by: phk
MFC after: 1 month
case). Can be useful for recovering in some cases;
o use SBLOCK_UFS2 instead of SBLOCK_UFS1 to calculate likely start of the UFS2
partition from the beginning of disk.
subject: ranges of uid, ranges of gid, jail id
objects: ranges of uid, ranges of gid, filesystem,
object is suid, object is sgid, object matches subject uid/gid
object type
We can also negate individual conditions. The ruleset language is
a superset of the previous language, so old rules should continue
to work.
These changes require a change to the API between libugidfw and the
mac_bsdextended module. Add a version number, so we can tell if
we're running mismatched versions.
Update man pages to reflect changes, add extra test cases to
test_ugidfw.c and add a shell script that checks that the the
module seems to do what we expect.
Suggestions from: rwatson, trhodes
Reviewed by: trhodes
MFC after: 2 months
o Add mount and umount actions so that partitions can be in use.
o Extend the testing of the add verb to include overlapping
partitions.
o Add tests for the remove verb. this includes tests to remove
a partition when in use (i.e. is mounted).
o Add a MD5 checksum to the output of the conf action so that
it can be tested. Make sure the MD5 doesn't vary based on
certain dynamic behaviour that is irrelevant to the output.
o Add MD5 checksums to the expected result of conf actions.
Add support for read-write parameters. Allow an optional initializer
for read-write parameters. Print the value of those parameters on
success following the PASS.
in the commit log) submitted support for some NO_* knobs for delete-old*
and check-old. I converted it to the new WITHOUT_* knobs (more correctly:
MK_*) and added some dummy ones so that people can see what's missing.
Volunteers can have a look at http://phk.freebsd.dk/misc/build_options/
for a list of files.
The location looks a little bit odd to me, but I don't care about the
color of this bikeshed and follow the suggestion of our build
infrastructure guru to place it "somewhere under src/tools/ please". [1]
The build/mk/ directory looks more sane to me than the other ones there.
Submitted by: milosz.galazka@gmail.com
Suggested by: ru [1]
the first part before starting, or the TCP port we want to bind may be in
use still. Sleep for a short period between tests.
Use SIGTERM instead of SIGKILL.
pru_abort() by closing a listen socket while completed connections are
presenting in its listen queue. Unfortunately, it's difficult to
trigger the other two pru_abort() cases using user APIs, so they are
not covered by this test.
mode. Support both connection via connect() and sendto(), but don't
compile in sendto() for now, since netipx doesn't appear to actually
implement that (doh).
times, with variable length sleeps between socket() and close(). This
will help to ensure that IPX/SPX timers fire while the sockets are
open, and hence have PCB's on the IPX pcb list, so that if timers are
going to stumble over PCB types they don't expect, it will happen as
part of this test.
an empty addenda section.
Handle kernel configs that lack a "machine" line by guessing at the location
of GENERIC (assuming that it is in the same directory as the config file)
two reasons:
(1) juggle is now maintained in CVS, not P4, so the CVS revision number is
the authoritative one.
(2) Apparently $P4$ requires special handling and juggle was not marked
as needing it, resulting in problems for the P4 importer.
Requested by: gordon
# Size of the /etc ramdisk in 512 bytes sectors
NANO_RAM_ETCSIZE=10240
# Size of the /tmp+/var ramdisk in 512 bytes sectors
NANO_RAM_TMPVARSIZE=10240
And a last_orders() shell function which can be redefined to copy
finished images away, order peanuts or whatever else is appropriate
in the first place).
- Add some XXX lines as a TODO.
- Add a cvs diff command to the generated commit script.
- Add cdiff/colordiff to the list of optional dependencies.
- Fix a problem when giving the commit mail without the headers to
mfc.pl -f, it should now work correctly.
- Bump version.
Approved by: ssouhlal (implicit)
generates a patchset along with a commit message and a commit script if the user has
commit rights.
- Add a README file to give a quick description of each script's purpose.
Approved by: netchild
similar the the Solaris implementation. Repackage the krb5 GSS mechanism
as a plugin library for the new implementation. This also includes a
comprehensive set of manpages for the GSS-API functions with text mostly
taken from the RFC.
Reviewed by: Love Hörnquist Åstrand <lha@it.su.se>, ru (build system), des (openssh parts)
perform varying number of small IPC operations. It runs using a single
process and one thread, a single process and two threads, and using
multiple processes. Critical to its performance measure are the cost and
frequency of context switches, locking overhead, and threading
performance. The benchmark generates .csv output appropriate for reading
into a spreadsheet to generate summary statistics and perform statistical
tests easily.
of struct uma_zone. It is declared as an array of size [1], but then
sized at run-time by UMA to include room for mp_maxid+1 CPUs. We have to
copy the uma_zone first at the declared structure size, then check to make
sure it's not an internal zone before copying the larger size (UMA
internal zones don't use per-CPU caches). This fixes umastat for SMP.