Commit Graph

128141 Commits

Author SHA1 Message Date
Doug Barton
a02f92e875 Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):

Description:
        Because of OpenSSL's recently announced vulnerabilities
        (CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
        we are announcing this workaround and releasing patches.  A proof of
        concept attack on OpenSSL has been demonstrated for CAN-2006-4339.

        OpenSSL is required to use DNSSEC with BIND.

Fix for version 9.3.2-P1 and lower:
        Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
        RSAMD5 keys for all old keys using the old default exponent
        and perform a key rollover to these new keys.

        These versions also change the default RSA exponent to be
        65537 which is not vulnerable to the attacks described in
        CAN-2006-4339.
2006-11-04 07:53:25 +00:00
Warner Losh
8e6c8e8c0c Doh! Actually commit checking against NULL for res.
Noticed by: dougb@
2006-11-04 06:56:51 +00:00
John Birrell
5051417909 Remove a bogus cast in an attempt to fix the tinderbox builds on
lots of arches.
2006-11-04 05:39:39 +00:00
John Birrell
5d5a1c7fb3 Backout the previous change. It was not intended to be part of the
commit and, while something like that is probably required for sparc64,
it hadn't been tested.
2006-11-04 05:27:21 +00:00
John Birrell
1f80cd9398 Build in kernel support for loading DTrace modules by default. This
adds the hooks that DTrace modules register with, and adds a few functions
which have the dtrace_ prefix to allow the DTrace FBT (function boundary
trace) provider to avoid tracing because they are called from the DTtrace
probe context.

Unlike other forms of tracing and debug, DTrace support in the kernel
incurs negligible run-time cost.

I think the only reason why anyone wouldn't want to have kernel support
enabled for DTrace would be due to the license (CDDL) under which DTrace
is released.
2006-11-04 04:58:10 +00:00
John Birrell
f4c93e2c4a Allow a makefile to set IGNORE_PRAGMA so that OpenSolaris code can
be built with other gcc warnings enabled.

Every Solaris source file has a #pragma ident in it. We can just
ignore those definitions.
2006-11-04 04:39:05 +00:00
Bruce A. Mah
fe36d5d298 Updated release note: em(4) 6.2.9. 2006-11-04 02:01:52 +00:00
Kip Macy
7b5cdd4faf - change ABI for user trap handler for sun4v (eventually will sync sparc64 no
hardware set up to test at the moment)

Approved by: scottl (standing in for mentor rwatson)
2006-11-03 23:43:18 +00:00
Kip Macy
45897edf72 - map hardware trap numbers to those used by by sparc64 for inter-compatibility
and to make user-level trap handlers work
- add new trap entry to trap table to enable fast fetching of floating point trap
  context
- remove unused debug code
- map unimplemented floating point trap to SIGFPE

Approved by: scottl (standing in for mentor rwatson)
2006-11-03 23:41:53 +00:00
Kip Macy
ef8f32e393 make pcb pad area accessible from asm
Approved by: scottl (standing in for rwatson as mentor)
2006-11-03 23:33:40 +00:00
Randall Stewart
562a89b562 More 64 bit pointer fun.
%p changed in multiple prints
the mtod() was also fixed.
2006-11-03 23:04:34 +00:00
John Birrell
34408d484b The relocation definitions are now defined in the machine independent
elf_common.h so that one arch can identify relocations on another
arch.
2006-11-03 23:03:46 +00:00
Ruslan Ermilov
add72477a4 Remove no longer existing opt_bdg.h and opt_bge.h. 2006-11-03 21:41:19 +00:00
Ruslan Ermilov
f42326c579 Regen. 2006-11-03 21:23:33 +00:00
Ruslan Ermilov
0b160a7d2b Fix build breakage introduced in previous commit (redeclatation
of sctp functions).
2006-11-03 21:21:28 +00:00
Randall Stewart
249820a7d8 Fix two of the 64bit errors on the printfs. 2006-11-03 21:19:54 +00:00
Ruslan Ermilov
9d1a95cd55 Nitpicking. 2006-11-03 21:09:03 +00:00
Randall Stewart
cef8ad061a Somehow I missed this one. The sys/cdef.h was out
of order with respect to the FSBID..
2006-11-03 19:48:56 +00:00
Randall Stewart
af99851047 This commits the remake in kern/ make sysent to get
the correct syscalls.master's $FreeBSD$ tag record and
a make sysent in sys/compat/freebsd32. Thanks Ruslan
for pointing out the steps I missed :-0
Approved by:	gnn
2006-11-03 18:57:49 +00:00
Randall Stewart
73932c69b6 Opps... in my fix up of all the $FreeBSD:$-> $FreeBSD$ I
inserted a few to the new files.. but I falied to
add the #include <sys/cdef.h>

Which causes a compile error.. sorry about that... got it
now :-)

Approved by:gnn
2006-11-03 17:21:53 +00:00
Randall Stewart
f8829a4a40 Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0

So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.

I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)

There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..

If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)

Reviewed by:	gnn
Approved by:	gnn
2006-11-03 15:23:16 +00:00
Ruslan Ermilov
957d7c8f9c Remove the -C option as it does more harm than good. To be fully
compatible, it would have to (at least):

- support the "compat-compat" -T option,
- *not* support the -l, -O, and -v options,
- default to soft updates being disabled.

Worse, the compatibility mode makes it impossible to mount_mfs(8)
a file system from fstab(5) with soft updates disabled (-S).  [1]

Now, the only difference when called as "mount_mfs" or "mfs" (as
opposed to "mdmfs") is that the file mode of the mount point is
set by default to 01777.  All options available to mdmfs(8) are
also available to mount_mfs(8); the -C option is still recognized
but ignored for backward compatibility.

PR:		bin/98860 [1]
MFC after:	2 weeks
2006-11-03 12:02:24 +00:00
Warner Losh
8cd5dc08c3 MFp4:
o Fix the packet statistics
	o Make sure we set the FD bit when in full duplex
	o Improve TX side efficency by eliminating a data copy for
	  unfragmented mbufs (the hardware can't do s/g).
	o Minor busdma pedantry
	o better comments in some places, more XXX in others
	o Minor style nits.

This solves a problem I was seeing where I'd get no ethernet when not
booting with a NFS root.  Well, unless I unplugged the cable and
plugged it back in first so I'd get the same up down up messages I get
for NFS root...

Thanks to sam and scottl for suggestions on making this driver more
efficient through better use of approrpiate APIs.
2006-11-03 07:39:37 +00:00
Kip Macy
1df1b94714 Fix initialization sequence for console
Fix commenting convention slightly
Approved by: rwatson (mentor)
Reviewed by: jb
2006-11-03 07:29:09 +00:00
Kip Macy
00a8f0b4ff make sure physmem is initialized
add clarifying comments
Reviewed by: jb
Approved by: rwatson (mentor)
2006-11-03 07:27:55 +00:00
Christian Brueffer
0bf113a6ee Document IBM ServeRAID 8k support. 2006-11-03 06:50:03 +00:00
John Birrell
fd77f832c7 Add a low level function to write a string to the hypervisor
console directly.

Discussed with: kmacy
2006-11-03 06:31:56 +00:00
John Birrell
35b927a8c4 Always init the console before trying to cnadd it to
avoid the case where the console name isn't set and
cnadd wants to use printf to complain about it.
2006-11-03 06:23:53 +00:00
Nate Lawson
76f3dbcac7 Remove extra whitespace 2006-11-03 05:42:15 +00:00
Scott Long
eae94b6727 Add PCI Id for ServeRAID 8k.
Submitted by: Danny Braniss
2006-11-03 04:57:23 +00:00
Marcel Moolenaar
aa08c7e56e Make this compile on EFI32. The EFI_PHYSICAL_ADDRESS type is always
64-bit, even when sizeof(void *) is 32-bit.
2006-11-03 04:19:31 +00:00
Marcel Moolenaar
5910f6cc85 Make sure kern_envp is never NULL. If we don't get a pointer to
the environment from the loader, use the static environment.
2006-11-03 04:06:17 +00:00
Marcel Moolenaar
11f8548a0d Properly calculate the checksum of the APIC table. 2006-11-03 04:04:19 +00:00
Andrew Thompson
f935a26d9f Defer sending the bpdu from bstp_update_info as all code paths will test this
flag anyway.
2006-11-03 03:34:04 +00:00
Matt Jacob
162eef1f09 Fix some negotiation issues (like not being able to negotiate async) 2006-11-02 23:19:00 +00:00
Matt Jacob
d993cb4daf add some missing MPT<>CAM and CAM<>MPT bogolocks 2006-11-02 23:18:25 +00:00
Matt Jacob
84d67ea566 Add a tunable that allows one to turn off the automatic sending of
the ORDERED tag. This recoups significant performance gains for many
arrays.

The default is still to send out the ORDERED tag periodically.

Reviewed by:	scsi (justin+timeout)
2006-11-02 21:12:37 +00:00
Nick Hibma
1a82ee2eb9 Only use the filename part of the kernel configuration file as an argument to
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:

	NANO_KERNEL=../../../../software/nanobsd/default/SOEKRIS

MFC: after 6.2
2006-11-02 20:43:20 +00:00
Robert Watson
29a055ac65 Cross-reference libmemstat(3), malloc(9), uma(9). 2006-11-02 19:53:57 +00:00
Ceri Davies
b873ae5ca9 Fix typo. 2006-11-02 19:10:05 +00:00
Maksim Yevmenkin
a85871a72c Properly htole16() PSM in sockaddr_l2cap
MFC after:	3 days
2006-11-02 18:57:09 +00:00
Ruslan Ermilov
000a0f2a71 Unbreak compile with ELF_VERBOSE defined, and fix format warnings. 2006-11-02 17:52:43 +00:00
Andre Oppermann
1ae4d97d51 Use the improved m_uiotombuf() function instead of home grown sosend_copyin()
to do the userland to kernel copying in sosend_generic() and sosend_dgram().

sosend_copyin() is retained for ZERO_COPY_SOCKETS which are not yet supported
by m_uiotombuf().

Benchmaring shows significant improvements (95% confidence):
 66% less cpu (or 2.9 times better) with new sosend vs. old sosend (non-TSO)
 65% less cpu (or 2.8 times better) with new sosend vs. old sosend (TSO)

(Sender AMD Opteron 852 (2.6GHz) with em(4) PCI-X-133 interface and receiver
DELL Poweredge SC1425 P-IV Xeon 3.2GHz with em(4) LOM connected back to back
at 1000Base-TX full duplex.)

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 month
2006-11-02 17:45:28 +00:00
Andre Oppermann
5e20f43d31 Rename m_getm() to m_getm2() and rewrite it to allocate up to page sized
mbuf clusters.  Add a flags parameter to accept M_PKTHDR and M_EOR mbuf
chain flags.  Provide compatibility macro for m_getm() calling m_getm2()
with M_PKTHDR set.

Rewrite m_uiotombuf() to use m_getm2() for mbuf allocation and do the
uiomove() in a tight loop over the mbuf chain.  Add a flags parameter to
accept mbuf flags to be passed to m_getm2().  Adjust all callers for the
extra parameter.

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 month
2006-11-02 17:37:22 +00:00
Ruslan Ermilov
593bbd2195 Revert the last change. Masking only 2 MSBs of the virtual address
to get the physical address doesn't work for all values of KVA_PAGES,
while masking 8 MSBs works for all values of KVA_PAGES that are
multiple of 4 for non-PAE and 8 for PAE.  (This leaves us limited
with 12MB for non-PAE kernels and 14MB for PAE kernels.)

To get things right, we'd need to subtract the KERNBASE from the
virtual address (but KERNBASE is not easy to figure out from here),
or have physical addresses set properly in the ELF headers.

Discussed with:	jhb
2006-11-02 17:28:38 +00:00
Andre Oppermann
d99b0dd2c5 Rewrite kern_sendfile() to work in two loops, the inner which turns as many
VM pages into mbufs as it can -- up to the free send socket buffer space.
The outer loop then drops the whole mbuf chain into the send socket buffer,
calls tcp_output() on it and then waits until 50% of the socket buffer are
free again to repeat the cycle. This way tcp_output() gets the full amount
of data to work with and can issue up to 64K sends for TSO to chop up in
the network adapter without using any CPU cycles. Thus it gets very efficient
especially with the readahead the VM and I/O system do.

The previous sendfile(2) code simply looped over the file, turned each 4K
page into an mbuf and sent it off. This had the effect that TSO could only
generate 2 packets per send instead of up to 44 at its maximum of 64K.

Add experimental SF_MNOWAIT flag to sendfile(2) to return ENOMEM instead of
sleeping on mbuf allocation failures.

Benchmarking shows significant improvements (95% confidence):
 45% less cpu (or 1.81 times better) with new sendfile vs. old sendfile (non-TSO)
 83% less cpu (or 5.7 times better) with new sendfile vs. old sendfile (TSO)

(Sender AMD Opteron 852 (2.6GHz) with em(4) PCI-X-133 interface and receiver
DELL Poweredge SC1425 P-IV Xeon 3.2GHz with em(4) LOM connected back to back
at 1000Base-TX full duplex.)

Sponsored by:	TCP/IP Optimization Fundraise 2005
MFC after:	3 month
2006-11-02 16:53:26 +00:00
Pawel Jakub Dawidek
95de128d55 Fix ia64 build breakage. 2006-11-02 16:24:18 +00:00
Ruslan Ermilov
f19110addc Replace the SEE ALSO xrefs with a more reasonable set stolen from POSIX. 2006-11-02 14:10:56 +00:00
Konstantin Belousov
9641e38966 On trap while inside ddb, the trap handler calls kdb_reenter(), that
longjmp to the default context. As result, "alltrace" command may
be prematurely terminated (without error message). This is happens,
for instance, when system is low on memory and referenced page in
kernel-mode thread stack is swapped out.

Protect "alltrace" against termination on trap by setting temporary
kdb_jmpbuf context.

Submitted by:	Peter Holm
2006-11-02 11:47:38 +00:00
Ceri Davies
42db1b70c5 Bump .Dd for -f|-F. 2006-11-02 10:44:02 +00:00