d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
130,523 Commits 6 Branches 133 Tags 2.6 GiB
9622f4d439
Commit Graph

130523 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Watson
5b950deabc Break introductory comment into two paragraphs to separate material on the 
garbage collection complications from general discussion of UNIX domain
sockets.

Staticize unp_addsockcred().

Remove XXX comment regarding Giant and v_socket -- v_socket is protected
by the global UNIX domain socket lock.
 2007-02-20 10:50:02 +00:00
Robert Watson
d24c76d1f5 Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in 
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
 2007-02-20 10:21:27 +00:00
Robert Watson
afdb42748d Rename two identically named log_in_vain variables: tcp_input.c's static 
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
 2007-02-20 10:20:03 +00:00
Robert Watson
3329b23659 Gratuitous UDP restyling toward style(9) in 7.x. 2007-02-20 10:13:11 +00:00
Robert Watson
3bb153ea78 Remove discontinuity in network privilege number space. 
Spotted by:	emaste (ages ago)
 2007-02-20 00:28:19 +00:00
Robert Watson
95420afea4 Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. 2007-02-20 00:12:52 +00:00
Robert Watson
2390d78f74 Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with 
kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.
 2007-02-20 00:06:59 +00:00
Robert Watson
b12c55ab92 Restore sysv_ipc.c:1.30, which was backed out due to interactions with 
System V shared memory, now believed fixed in sysv_shm.c:1.109:

  date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
  Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
  specific privilege names to a broad range of privileges.  These may
  require some future tweaking.

  Sponsored by:           nCircle Network Security, Inc.
  Obtained from:          TrustedBSD Project
  Discussed on:           arch@
  Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                          Alex Lyashkov <umka at sevcity dot net>,
                          Skip Ford <skip dot ford at verizon dot net>,
                          Antoine Brodin <antoine dot brodin at laposte dot net>

This restores fine-grained privilege support to System V IPC.

PR:	106078
 2007-02-19 22:59:23 +00:00
Robert Watson
3d50b06b8e Remove call to ipcperm() in shmget_existing(). The flags argument is 
ignored on other systems I investigated when accessing an existing
memory segment rather than creating a new one.  This call to ipcperm()
is the only one to pass in a complete mode flag to the permission
checks rather than a simple access request mask, and caused problems
for the revised ipcperm() based on the priv(9) interface, which can
now be restored.

PR:	106078
 2007-02-19 22:56:10 +00:00
Nate Lawson
699e491f50 Note problems I had with bsnmpd while updating from an older -current. 
There may be better ways to fix/work around these issues but this worked
for me.
 2007-02-19 22:49:43 +00:00
Robert Watson
19913888ad Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize 
adding a netatalk address to an interface.
 2007-02-19 22:40:02 +00:00
Robert Watson
95b091d2f2 Rename three quota privileges from the UFS privilege namespace to the 
VFS privilege namespace: exceedquota, getquota, and setquota.  Leave
UFS-specific quota configuration privileges in the UFS name space.

This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
 2007-02-19 13:33:10 +00:00
Robert Watson
e82d0201bd Limit quota privileges in jail to PRIV_UFS_GETQUOTA and 
PRIV_UFS_SETQUOTA.
 2007-02-19 13:26:39 +00:00
Robert Watson
8bd5639f18 Do allow bypass of mac_seeotheruids in jail in order to be consistent 
with other uses of PRIV_SEEOTHERUIDS.  This will automatically be
scoped to the jail by the jail policy.
 2007-02-19 13:25:17 +00:00
Robert Watson
ea04d82da8 Do allow privilege to create over-sized messages on System V IPC 
message queues in jail.
 2007-02-19 13:23:45 +00:00
Robert Watson
86138fc742 Use priv_check(9) instead of suser(9) for checking the privilege to 
set real-time priority on a thread.  It looks like this suser(9)
call was introduced after my first pass through replacing superuser
checks with named privilege checks.
 2007-02-19 13:22:36 +00:00
Robert Watson
c3c1b5e62a For now, reflect practical reality that Audit system calls aren't 
allowed in Jail: return a privilege error.
 2007-02-19 13:10:29 +00:00
Robert Watson
969e5bdcd0 Do allow PIOCSFL in jail for setguid processes; this is more consistent 
with other debugging checks elsewhere.  XXX comment on the fact that
p_candebug() is not being used here remains.
 2007-02-19 13:04:25 +00:00
Konstantin Belousov
3c97ab97bf Unbreak ddb stepping over special frames after the following commit: 
Revision  Changes    Path
  1.113     +4 -2      src/sys/i386/i386/apic_vector.s
  1.117     +7 -1      src/sys/i386/i386/exception.s
  1.36      +7 -7      src/sys/i386/i386/local_apic.c
  1.298     +61 -63    src/sys/i386/i386/trap.c
  1.62      +15 -22    src/sys/i386/i386/vm86.c
  1.32      +4 -2      src/sys/i386/i386/vm86bios.s
  1.21      +2 -2      src/sys/i386/include/apicvar.h
  1.27      +2 -2      src/sys/i386/isa/atpic.c
  1.50      +2 -1      src/sys/i386/isa/atpic_vector.s
  1.35      +1 -1      src/sys/i386/isa/icu.h

Tested by:	kris, Peter Holm
No objections from:	kmacy
 2007-02-19 10:57:47 +00:00
Konstantin Belousov
9b2f1a0740 Remove union_dircheckp hook, it is not needed by new unionfs code anymore. 
As consequence, getdirentries() no longer needs to drop/reacquire
directory vnode lock, that would allow it to be reclaimed in between.

Reported and tested by:	Peter Holm
Approved by:		rodrigc (unionfs)
MFC after:		1 week
 2007-02-19 10:56:09 +00:00
Konstantin Belousov
e277569ee2 MFi386 rev. 1.544 of i386/i386/pmap.c: 
Rounding addr upwards to next 2M boundary in pmap_growkernel() could
cause addr to become 0, resulting in an early return without populating
the last PDE.

Reported and tested by:	kris
Suggested by:	alc
MFC after:	1 week
 2007-02-19 10:55:16 +00:00
Bruce A. Mah
98d8f299a3 It'd be kind of nice if we installed the hardware notes to their 
own directory, rather than overwriting the release notes.  :-p
Fix this.

Pointy hat to:	bmah
 2007-02-19 02:46:12 +00:00
Olivier Houchard
f59ae8e84a Add two new options, FLASHADDR, which defines the address the flash is 
mapped at, and LOADERRAMADDR, the address at which the loader maps the ram at
at the time the kernel is booted.
They are used to detect if the kernel is booted from the onboard flash.
Define those for the IQ31244
 2007-02-19 01:03:08 +00:00
Olivier Houchard
db599c2f20 Teach the kernel and the ELF trampoline how to boot from onboard flash. 2007-02-19 00:57:27 +00:00
Olivier Houchard
0d9fc1e6e1 There's no such thing as a GENERIC kernel on arm. 
Spotted out by:	csjp
MFC After:	3 days
 2007-02-19 00:37:25 +00:00
Ceri Davies
aaf6f0feaa Bring these files up-to-date. 
PR:		docs/108536
 2007-02-18 22:41:41 +00:00
Ceri Davies
c12e775489 Clarify the description of the shutdown command. 2007-02-18 22:04:14 +00:00
Ceri Davies
e1854a84ad Correct typos containing my login name (plus one more in expr.y). 
Found courtesy of a recursive grep in the wrong directory.
 2007-02-18 19:48:59 +00:00
Marcel Moolenaar
9bc4cd63f3 The table of known CPU models ends with an entry that has a version 
of 0, not with an entry that has an empty CPU name.

Submitted by: Andrew Turner (andrew@fubar.geek.nz)
 2007-02-18 17:40:09 +00:00
Robert Watson
03dc38a48b #ifdef INET6 printing of inpcb IPv6 addresses in DDB. Patch committed 
with minor adjustments.

Submitted by:	Florian C. Smeets <flo at kasimir dot com>
 2007-02-18 08:57:23 +00:00
Alan Cox
ae0663a383 Eliminate some acquisitions and releases of the page queues lock that are 
no longer necessary.
 2007-02-18 06:33:02 +00:00
Tim Kientzle
6bf00d8bc7 Andrew and Colin each pointed out to me that truncating the backup 
of a growing file should not be considered a "bad thing."

PR: bin/108990
MFC after: 7 days
Pointy hat: /me
 2007-02-18 06:23:57 +00:00
Alan Cox
711585d087 Enable vm_page_free() and vm_page_free_zero() to be called on some pages 
without the page queues lock being held, specifically, pages that are not
contained in a vm object and not a member of a page queue.
 2007-02-18 05:54:42 +00:00
Robert Watson
497057eeea Add "show inpcb", "show tcpcb" DDB commands, which should come in handy 
for debugging sblock and other network panics.
 2007-02-17 21:02:38 +00:00
Alan Cox
ba000fb2c1 Remove a stale comment. Add punctuation to a nearby comment. 2007-02-17 19:37:00 +00:00
Sam Leffler
aa388b9d49 correct type definition of option routine callback 2007-02-17 18:22:20 +00:00
Sam Leffler
a74d2fb50e remove (now) duplicate definition of IEEE80211_IS_CHAN_PASSIVE 2007-02-17 18:21:52 +00:00
Søren Schmidt
cfaed55fd5 Add support for chipsets that has NULL'd BAR's for legacy ports. 
This allows DMA to be used on a fine little geode system I got here and
most like on lots of older systems like that.

HW donated by:  Paul Ghering
 2007-02-17 16:56:39 +00:00
Joel Dahl
ba20889705 Oops, fix minor braino. 
Noticed by:	ariff
 2007-02-17 11:31:58 +00:00
Joel Dahl
4704be40c8 Link snd_sb16.4 and snd_sb8.4 to snd_sbc.4. 
Submitted by:	ariff
 2007-02-17 10:30:00 +00:00
Kirk McKusick
5a86fe5361 This README file is obsolete. The cited problems were fixed long ago 
and the code is installed by default so no longer requires action by
the administrator to be included.
 2007-02-17 08:25:43 +00:00
Tom Rhodes
13d8c69070 Fix mis-reference of incorrect manual page in ERRORS section. 
Noticed by:	Harlan Stenn <stenn@ntp.isc.org>
 2007-02-17 01:54:00 +00:00
Joel Dahl
205faebf10 Add Sigmatel STAC9271D. 2007-02-16 18:23:17 +00:00
Ariff Abdullah
885d6cfbc1 Add codec id for Sigmatel STAC9271D. 
Submitted by:	Michael Fuckner <michael@fuckner.net>
 2007-02-16 17:43:29 +00:00
Pawel Jakub Dawidek
2c7b0f41ec Remove VFS_VPTOFH entirely. API is already broken and it is good time to 
do it.

Suggested by:	rwatson
 2007-02-16 17:32:41 +00:00
Pawel Jakub Dawidek
eb62f84553 VFS_VPTOFH(9) was replaced with VOP_VPTOFH(9). 
VFS_VPTOFH.9 was repo-copied to VOP_VPTOFH.9.

Repo-copy done by:	joe
 2007-02-16 14:27:59 +00:00
Robert Watson
8ca5b13f2f Remove unused inp6_ifindex field from inpcb, as well as unused macro 
shortcut for it.
 2007-02-16 14:09:24 +00:00
Robert Watson
1f9b46facf Remove unused in6p_ip6_hlim macro shortcut for non-present 
inp_depend6.inp6_hlim field in the inpcb.
 2007-02-16 13:56:06 +00:00
Christian Brueffer
c956fd0e74 Xref altq(4) 2007-02-16 13:53:45 +00:00
Warner Losh
12cb46ce81 CompUSA mutli-format pcmica flash reader/writer 2007-02-16 07:51:23 +00:00