148048 Commits

Author SHA1 Message Date
Robert Watson
3ad3d9c5ef Add one further check with mac_policy_count to an mbuf copying case
(limited to netatalk) to avoid MAC label lookup on both mbufs if no
policies are registered.

Obtained from:	TrustedBSD Project
2009-06-03 19:41:12 +00:00
Marius Strobl
506a380d0f Adjust the padding of struct pcpu to r193219.
Submitted by:	Eygene Ryabinkin
2009-06-03 19:31:26 +00:00
Robert Watson
3de4046939 Continue work to optimize performance of "options MAC" when no MAC policy
modules are loaded by avoiding mbuf label lookups when policies aren't
loaded, pushing further socket locking into MAC policy modules, and
avoiding locking MAC ifnet locks when no policies are loaded:

- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC
  Framework entry points.  We will still pay label lookup costs if MAC
  policies are present but don't require labels (typically a single mbuf
  header field read, but perhaps further indirection if IPSEC or other
  m_tag consumers are in use).

- Further push socket locking for socket-related access control checks and
  events into MAC policies from the MAC Framework, so that sockets are
  only locked if a policy specifically requires a lock to protect a label.
  This resolves lock order issues during sonewconn() and also in local
  domain socket cross-connect where multiple socket locks could not be
  held at once for the purposes of propagatig MAC labels across multiple
  sockets.  Eliminate mac_policy_count check in some entry points where it
  no longer avoids locking.

- Add mac_policy_count checking in some entry points relating to network
  interfaces that otherwise lock a global MAC ifnet lock used to protect
  ifnet labels.

Obtained from:	TrustedBSD Project
2009-06-03 18:46:28 +00:00
Stanislav Sedov
097695e97a - Remove unused sparc64-bitops.h file. Our ext2fs code doesn't use
sparc64-specific bitops implemetations and relies on generic ones.
  Furthermore, bitops implementations present in sparc64-bitops.h
  are written in C similarly to generic bitops.
2009-06-03 17:30:10 +00:00
Sam Leffler
309a3e4521 treat IEEE80211_S_CSA as a "running state"; this fixes
ap mode 11h channel switch announcements
2009-06-03 17:25:19 +00:00
Joseph Koshy
3b9626854a Trim an obsolete comment.
Noticed by:	lifengkai <lifengkai at huawei dot com>
2009-06-03 17:19:12 +00:00
Rafal Jaworowski
f439325342 Make GPT style partitiong endian-safe in U-Boot support library.
Submitted by:	Piotr Ziecik
Obtained from:	Semihalf
2009-06-03 16:28:29 +00:00
Stanislav Sedov
52d9a478fe - Style(9) improvements.
- Convert all K&R definitions to ANSI equialents.
- Retire bsd_malloc and bsd_free macros and
  use malloc/free directly.
- Drop some unused debugging calls.

This commit brings no functional changes.
2009-06-03 14:18:37 +00:00
Stanislav Sedov
22db14d54b - Sync our copies of ext2fs Linux headers to current Linux versions.
Minimize differencies between our ext2fs headers and relevant Linux
  versions by using EXT2_SB macro to access the superblock fields. Most
  of the differencies in access to these fields are now hidden inside
  this macro.
- Rename the s_db_per_group field of ext2fs_sb_info to s_gdb_count
  to reflect the similar change in Linux headers. New name also seem
  to be more appropriate for this field.
- Use proper types for s_first_inode and s_inode_size in-core superblock
  fields. Now they reflec types used in the on-disk superblock version.
- Add support for older filesystem revisions that doesn't have proper
  s_first_ino and s_inode_size fields in the on-disk superblock. In these
  cases predefined values for these fields are used.
- Add simple sanity checks for s_first_inode and s_inode_size correctness.

Reviewed by:	bde (previous version)
MFC after:	2 weeks
2009-06-03 13:25:50 +00:00
Sean Nicholas Barkas
af0adb8312 Add vm_lowmem event handler for dirhash. This will cause dirhashes to be
deleted when the system is low on memory. This ought to allow an increase to
vfs.ufs.dirhash_maxmem on machines that have lots of memory, without
degrading performance by having too much memory reserved for dirhash when
other things need it. The default value for dirhash_maxmem is being kept at
2MB for now, though.

This work was mostly done during the 2008 Google Summer of Code.

Approved by:	dwmalone (mentor), re
MFC after:	3 months
2009-06-03 09:44:22 +00:00
Pawel Jakub Dawidek
195ebc7e9e Where if not in examples we should follow style(9)? 2009-06-03 09:28:58 +00:00
Pawel Jakub Dawidek
bf64a6b6b4 lchflags(2) takes int, not u_long like chflags(2) and fchflags(2).
Strange, isn't it?

Pointed out by:	bde
2009-06-03 09:24:58 +00:00
Pawel Jakub Dawidek
2b2dc3a904 Correct comment. 2009-06-03 09:23:31 +00:00
Robert Watson
15141acc67 By default, label all network interfaces as biba/equal on attach. This
makes it easier for first-time users to configure and work with biba as
remote acess is still allowed.  Effectively, this means that, by default,
only local security properties, not distributed ones, are enforced.

Obtained from:	TrustedBSD Project
2009-06-03 08:49:44 +00:00
Ed Schouten
b492f2899f Use ISO C99 style inline semantics in msun.
Because we use ISO C99 nowadays, we can just get rid of enforcing
GNU89-style inlining.
2009-06-03 08:16:34 +00:00
Weongyo Jeong
38812f8ee6 calls callout_drain(9) to un-schedule a scan timer to prevent a page
fault in softclock.

Submitted by:	sam
Reviewed by:	jhb, sam (original version), thompsa
2009-06-03 04:10:22 +00:00
Jung-uk Kim
37e4078685 Merge ACPI utilities as well. 2009-06-02 22:52:58 +00:00
Jung-uk Kim
aaac74527c Chase ACPICA API changes (for kernel and boot loader). 2009-06-02 22:31:57 +00:00
Robert Watson
5f51fb4871 Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings that
might arise from WITNESS not understanding its locking protocol, which
should be deadlock-free.  Currently these warnings generally don't occur,
but as object locking is pushed into policies for some object types, they
would otherwise occur more often.

Obtained from:	TrustedBSD Project
2009-06-02 22:22:09 +00:00
Rick Macklem
f0a011a1b1 Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
  nfsv4_server_enable - set to "YES" to run the experimental server
  nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
    server
  nfsuserd_flags - command line flags for nfsuserd
  nfscbd_enable - set to "YES" to run the experimental nfs client's
    NFSv4 callback daemon
  nfscbd_flags - command line flags for nfscbd

Reviewed by:	dougb
Approved by:	kib (mentor)
2009-06-02 22:15:47 +00:00
Sam Leffler
3050678410 improve raw xmit failure handling 2009-06-02 21:17:56 +00:00
Sam Leffler
9cb930760c count frag tx failures as an ifnet error 2009-06-02 21:13:57 +00:00
Sam Leffler
09be6601b5 fix comment 2009-06-02 21:12:07 +00:00
Sam Leffler
c89b957a1c restart tdma beacons after vap destroy 2009-06-02 21:11:26 +00:00
Sam Leffler
35f434b2a4 remove another vestige of the null if_softc on detach hack 2009-06-02 20:51:59 +00:00
Sam Leffler
3cdd9880a0 fix typo 2009-06-02 20:48:12 +00:00
Jung-uk Kim
c2928952c9 Remove function redeclaration. It was upstreamed but lost somehow. 2009-06-02 20:44:21 +00:00
Sam Leffler
e6c3129877 fix setting of ni_txrate
Submitted by:	"Paul B. Mahol" <onemda@gmail.com>
2009-06-02 20:32:13 +00:00
Jung-uk Kim
ab6f3bf9cb Canonify include paths again. 2009-06-02 20:02:58 +00:00
Sam Leffler
0a310468af partially fix mode setting; this no longer returns an error but still
needs to handle the case where the vap is up+running

Noticed by:	"Paul B. Mahol" <onemda@gmail.com>
2009-06-02 20:00:43 +00:00
Jung-uk Kim
3c4bac86de Fix include path fixup for contrib/dev/acpica/include/platform/*.h. 2009-06-02 20:00:32 +00:00
Andrew Thompson
e13e19fa23 Place the fifo and ref counting variables on the stack to prevent races.
Submitted by:	Hans Petter Selasky
2009-06-02 19:28:26 +00:00
Sam Leffler
5c600a90de move if_detach to the top of ieee80211_ifdetach to close various races
Reviewed by:	jhb
2009-06-02 18:55:27 +00:00
Jung-uk Kim
a9f12690a1 MFV: ACPICA 20090521 2009-06-02 18:53:21 +00:00
Sam Leffler
c9dd371765 move ifq_detach from if_detach to if_free; this permits callers to
reference if_snd in the period between detach+free which helps simplify
detach code

Reviewed by:	jhb, rwatson
2009-06-02 18:53:21 +00:00
Robert Watson
bd875f5f13 Remove MAC kernel config files and add "options MAC" to GENERIC, with the
goal of shipping 8.0 with MAC support in the default kernel.  No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.

While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.

Approved by:	re (kensmith)
Obtained from:	TrustedBSD Project
2009-06-02 18:31:08 +00:00
Pawel Jakub Dawidek
923f9901b4 Initialize iov and iovlen before use.
Reported by:	Lucius Windschuh <lwindschuh@googlemail.com>
2009-06-02 18:30:09 +00:00
Robert Watson
f93bfb23dc Add internal 'mac_policy_count' counter to the MAC Framework, which is a
count of the number of registered policies.

Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.

This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.

Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.

Obtained from:	TrustedBSD Project
2009-06-02 18:26:17 +00:00
Ulf Lilleengen
fd02a3b5c9 - Use volatile for signal variables.
Suggested by:	Jaakko Heinonen <jh -at- saunalahti.fi>
2009-06-02 17:57:24 +00:00
Andrew Thompson
115df0b6d2 Reorgansise the logic for tranversing the pipe list.
Submitted by:	Hans Petter Selasky
2009-06-02 17:31:59 +00:00
Andrew Thompson
017eb6e4b2 Fix compile after the removal of bsd_udev.
Submitted by:	Hans Petter Selasky
2009-06-02 17:31:16 +00:00
Andrew Thompson
a488edb567 Fix multithread issue where the is_uref variable was not set and cleared
properly in the CDEV private data.

Submitted by:	Hans Petter Selasky
2009-06-02 17:30:18 +00:00
Andrew Thompson
7b8b6d352f Staticize ukbd_detach and fix indentation.
Submitted by:	Sylvestre Gallon
2009-06-02 17:29:15 +00:00
Xin LI
9ceb784eaf Re-enable WARNS=6 after my universe test. 2009-06-02 17:27:54 +00:00
Andrew Thompson
545b01ad3a Add libusb20_tr_get_length to get the transfer length.
Submitted by:	Hans Petter Selasky
2009-06-02 17:27:51 +00:00
Sam Leffler
1da89db5d6 Remove hack used to deal with ifnet teardown now that if_detach and the
bridge do a better job.
o move ether_ifdetach to the top of ieee80211_detach
o do not clear if_softc at the top of ieee80211_detach; we no longer need
  this because we are safeguarded against calls coming back through if_ioctl
o simplify the bpf tracker now that we don't null if_softc

This also fixes an issue where having a bpf consumer active when a vap
is destroyed would cause a crash because bpf referenced free'd memory.

Reviewed by:	imp
2009-06-02 16:57:27 +00:00
Andrew Gallatin
869c7348e5 Buf-ring fixes for mxge
- always maintain byte/mcast/drop stats via drbr
- move #define of IFNET_BUF_RING so that its picked
  up by all files in the driver
- conditionalize IFNET_BUF_RING on the FreeBSD_version
  bump just after it appeared in the tree.

Sponsored by: Myricom Inc.
2009-06-02 16:52:33 +00:00
Warner Losh
37c3e5226c In bwi_newstate, only zero the bssid when we stop a STA. And only
when we've not stopped the card.  It hangs the system when we touch
the CSR after bwistop.

This fixes the hanging on kldunload.
2009-06-02 16:48:10 +00:00
Robert Watson
e499bd28dd Remove unneeded include.
MFC after:	3 days
2009-06-02 15:59:46 +00:00
Ed Schouten
89f98d57d6 Remove window(1) from the base system.
Some time ago Tom Rhodes sent me an email that he was willing to perform
various cleanups to the window(1) source code. After some discussion, we
both decided the best thing to do, was to move window(1) to the ports
tree. The application isn't used a lot nowadays, mainly because it has
been superseeded by screen, tmux, etc.

A couple of hours ago Tom committed window(1) to ports (misc/window), so
I'm removing it from the tree. I don't think people will really miss it,
but I'm describing the change in UPDATING anyway.

Discussed with:	trhodes, pav, kib
Approved by:	re
2009-06-02 13:44:36 +00:00