include a new entry point available for enforcement:
mac_bsdextended_check_system_swapon() - Apply extended access
control checks to the file target of swap.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
points available for enforcement:
mac_biba_check_sysarch_ioperm() - Require Biba privilege to make
use of privileged machine-dependent interfaces, protecting against
bypass of the policy via various mechanisms.
mac_biba_check_system_swapoff() - Require Biba privilege to disable
swapping against a vnode target.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
where physical addresses larger than virtual addresses, such as i386s
with PAE.
- Use this to represent physical addresses in the MI vm system and in the
i386 pmap code. This also changes the paddr parameter to d_mmap_t.
- Fix printf formats to handle physical addresses >4G in the i386 memory
detection code, and due to kvtop returning vm_paddr_t instead of u_long.
Note that this is a name change only; vm_paddr_t is still the same as
vm_offset_t on all currently supported platforms.
Sponsored by: DARPA, Network Associates Laboratories
Discussed with: re, phk (cdevsw change)
flexible process_fork, process_exec, and process_exit eventhandlers. This
reduces code duplication and also means that I don't have to go duplicate
the eventhandler locking three more times for each of at_fork, at_exec, and
at_exit.
Reviewed by: phk, jake, almost complete silence on arch@
is set to 0, it now has the same affect as setting witness_dead used to
have.
- Added a sysctl handler that allows root to change witness_watch from a
non-zero value to zero to disable witness at runtime. Note that you
can't turn witness back on once it is off. You can only turn it off as
a one-way switch.
- Added a comment describing the possible values of witness_watch.
Otherwise sysbeep() makes an annoying clicking sound on some systems.
'kbdcontrol -b off' just sets the duration and pitch to zero, it doesn't
set the QUIET_BELL flag.
Tested by: SorAlx <soralx@cydem.zp.ua>
PR: misc/41772
MFC after: 1 week
fifo_open() waiting for another reader or writer if one arrived and
departed while we were waiting (or a little earlier).
Rev.1.79 broke blocking opens of fifos by making them time out after 1
second. This was bad for at least apsfilter.
Tested by: "Simon 'corecode' Schubert" <corecode@corecode.ath.cx>,
Alexander Leidinger <Alexander@leidinger.net>,
phk
MFC after: 4 weeks
doesn't do it. This fixes all known causes of "Context switches not
allowed in the debugger" in mi_switch(). The main cause was trap_fatal()
calling kdb_trap() with interrupts enabled. Switching to ithreads for
interrupt handling then made fatal traps more fatal and harder to debug.
The problem was limited in -current because most interrupt handlers are
blocked by Giant, but it occurred almost deterministically for me because
my clock interrupt handlers are non-fast and not blocked by Giant.
- Clear PCIM_CMD_MWRICEN:
some chips seem to have problem with write invalidate.
clearing this bit fixes SBP timeout problem.
Tested by: Michael Reifenberger <Michael.Reifenberger@Plaut.de>
- Set PCIM_CMD_SERRESPEN and PCIM_CMD_PERRESPEN
- Moderate value for latency timer.
which are no longer required now that we have UFS2 with extended
attribute transactions.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
Change 27224 by imp@imp_hammer on 2003/03/22 00:16:22
Put what I think are the correct TX RATE translation tables
in place for LUCENT firmware. This is based on the 4.x driver.
Maybe it should be table driven?
ifconfig wi0 media DS/11Mbps still fails, but it fails before
we even get to the txrate stuff, so other things are wrong.
Change 27225 by imp@imp_hammer on 2003/03/22 00:45:11
Default ic_fixed_rate to -1. This is the same thing as autoselect.
There really should be a #define for this...
- Use it in atacontrol(8) when listing ATA devices instead of
stopping at the first ENXIO received.
This makes atacontrol list work on my sparc64 where the two ATA
channels I have are numbered 2 and 3.
Reviewed by: sos
functions are now all basically identical except that alpha linux uses
Elf64 arguments and svr4 and i386 linux use Elf32. The fixups include
changing the first argument to be a register_t ** to match the prototype
for fixup functions, asserting that the process in the image_params struct
is always curproc and removing unnecessary locking to read credentials as a
result, and a few style fixes.
