print potentially sensitive keying material to stdout. With the new
802.11 support, ifconfig(8) is now capable of printing 802.11 keys,
and did by default for the root user, which is undesirable in some
environments. Now it will not print keying material unless requested
(and available to the user).
MFC after: 1 week
o Add sys/dev/kbdmux/kbdmux.c to the source tree
o Add sys/modules/kbdmux/Makefile to the source tree
These are not yet connected to the build. Man page and other changes to follow.
MFC after: 1 week
channel devices. This should fix Dell 2450/2550/2650 systems that have RAID
enabled. This will likely not fix 2400 systems though as I don't have the
appropriate PCI Id info for them.
MFC After: 3 day
applications in tracking kernel memory statistics. It provides an
abstracted interface to uma(9) and malloc(9) statistics, wrapped
around the recently added binary stream sysctls for the allocators.
Using this interface, it is easy to build monitoring tools, query
specific memory types for usage information, etc. Facilities are
provided for binding caller-provided data to memory types,
incremental updates of memory types, and queries that span multiple
allocators.
Support for additional allocators is (relatively) easy to add.
The API for libmemstat(3) will probably change some over time as
consumers are written, and requirements evolve. It is written to
avoid encoding ABIs for data structure layout into consuming
applications for this reason.
MFC after: 1 week
statistics via a binary structure stream:
- Add structure 'uma_stream_header', which defines a stream version,
definition of MAXCPUs used in the stream, and the number of zone
records in the stream.
- Add structure 'uma_type_header', which defines the name, alignment,
size, resource allocation limits, current pages allocated, preferred
bucket size, and central zone + keg statistics.
- Add structure 'uma_percpu_stat', which, for each per-CPU cache,
includes the number of allocations and frees, as well as the number
of free items in the cache.
- When the sysctl is queried, return a stream header, followed by a
series of type descriptions, each consisting of a type header
followed by a series of MAXCPUs uma_percpu_stat structures holding
per-CPU allocation information. Typical values of MAXCPU will be
1 (UP compiled kernel) and 16 (SMP compiled kernel).
This query mechanism allows user space monitoring tools to extract
memory allocation statistics in a machine-readable form, and to do so
at a per-CPU granularity, allowing monitoring of allocation patterns
across CPUs in order to better understand the distribution of work and
memory flow over multiple CPUs.
While here, also export the number of UMA zones as a sysctl
vm.uma_count, in order to assist in sizing user swpace buffers to
receive the stream.
A follow-up commit of libmemstat(3), a library to monitor kernel memory
allocation, will occur in the next few days. This change directly
supports converting netstat(1)'s "-mb" mode to using UMA-sourced stats
rather than separately maintained mbuf allocator statistics.
MFC after: 1 week
zone whenever it was moving buckets between the zone and the cache,
or when coalescing statistics across the CPU. Remove flushing of
statistics to the zone when coalescing statistics as part of sysctl,
as we won't be running on the right CPU to write to the cache
statistics.
Add a missed gathering of statistics: when uma_zalloc_internal()
does a special case allocation of a single item, make sure to update
the zone statistics to represent this. Previously this case wasn't
accounted for in user-visible statistics.
MFC after: 1 week
- Introduce a helper function if_setflag() containing the code common
to ifpromisc() and if_allmulti() instead of duplicating the code poorly,
with different bugs.
- Call ifp->if_ioctl() in a consistent way: always use more compatible C
syntax and check whether ifp->if_ioctl is not NULL prior to the call.
MFC after: 1 month
statistics via a binary structure stream:
- Add structure 'malloc_type_stream_header', which defines a stream
version, definition of MAXCPUS used in the stream, and a number of
malloc_type records in the stream.
- Add structure 'malloc_type_header', which defines the name of the
malloc type being reported on.
- When the sysctl is queried, return a stream header, followed by a
series of type descriptions, each consisting of a type header
followed by a series of MAXCPUS malloc_type_stats structures holding
per-CPU allocation information. Typical values of MAXCPUS will be 1
(UP compiled kernel) and 16 (SMP compiled kernel).
This query mechanism allows user space monitoring tools to extract
memory allocation statistics in a machine-readable form, and to do so
at a per-CPU granularity, allowing monitoring of allocation patterns
across CPUs in order to better understand the distribution of work and
memory flow over multiple CPUs.
While here:
- Bump statistics width to uint64_t, and hard code using fixed-width
type in order to be more sure about structure layout in the stream.
We allocate and free a lot of memory.
- Add kmemcount, a counter of the number of registered malloc types,
in order to avoid excessive manual counting of types. Export via a
new sysctl to allow user-space code to better size buffers.
- De-XXX comment on no longer maintaining the high watermark in old
sysctl monitoring code.
A follow-up commit of libmemstat(3), a library to monitor kernel memory
allocation, will occur in the next few days. Likewise, similar changes
to UMA.
process that caused the clone event to take place for the device driver
creating the device. This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.
- Add a cred reference to struct cdev, so that when a device node is
instantiated as a vnode, the cloning credential can be exposed to
MAC.
- Add make_dev_cred(), a version of make_dev() that additionally
accepts the credential to stick in the struct cdev. Implement it and
make_dev() in terms of a back-end make_dev_credv().
- Add a new event handler, dev_clone_cred, which can be registered to
receive the credential instead of dev_clone, if desired.
- Modify the MAC entry point mac_create_devfs_device() to accept an
optional credential pointer (may be NULL), so that MAC policies can
inspect and act on the label or other elements of the credential
when initializing the skeleton device protections.
- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
so that the pty clone credential is exposed to the MAC Framework.
While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty. This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.
Submitted by: Andrew Reisse <andrew.reisse@sparta.com>
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
MFC after: 1 week
MFC note: Merge to 6.x, but not 5.x for ABI reasons
o Add two new ioctl's KBADDKBD and KBRELKBD. These are used to add and remove
keyboard to (and from) kbdmux(4) keyboard multiplexer;
o Introduce new kbd_find_keyboard2() function. It does exactly the same job
as kbd_find_keyboard() function except it allows to specify starting index.
This function can be used to iterate over keyboards array;
o Re-implement kbd_find_keyboard() as call to kbd_find_keyboard2() with starting
index of zero;
o Make sure syscons(4) passed KBADDKBD and KBRELKBD ioctl's onto currently
active keyboard.
These changes should not have any visible effect.
MFC after: 1 week
syscalls.master for the master list and the Alpha/OSF1 compat ABI to be
consistent with all the other compat ABIs where 'make sysent' already
works.
MFC after: 3 days
we can only bridge interfaces with the same value it meant that all members had
to be set at ETHERMTU as well.
Allow the first member to be added to define the MTU for the bridge, the check
still applies to all additional members.
Print an informative message if the MTU is incorrect [1]
Requested by: Niki Denev [1]
Approved by: mlaier (mentor)
MFC after: 3 days
from this socket
* Enable non-blocking I/O on devd.pipe to keep clients from wedging devd.
If a write(2) on devd.pipe would block, the client in question will be
removed [1]
Requested by: rwatson [1]
Approved by: imp
1) An unquoted space is always a separator, even when not "in_arg".
2) When a new destination buffer must be allocated during variable
substitution, only copy data from the active buffer to the new
one when we *are* "in_arg".
These were noticed when testing variable-substitution of variables
which have null values, and are not inside quoted strings...
MFC plans: after a few days, and re@ approval...
- Make sure timer0_max_count is set to a correct value in the lapic case.
- Revert i8254_restore() to explicitly reprogram timer 0 rather than
calling set_timer_freq() to do it. set_timer_freq() only reprograms
the counter if the max count changes which it never does on resume. This
unbreaks suspend/resume for several people.
Tested by: marks, others
Reviewed by: bde
MFC after: 3 days
in the PCI config registers) that are > 15 as $PIR can only route PCI
interrupts to ISA IRQs which are limited to the 0 to 15 range.
- Remove an extra word from a printf.
Reported by: othermark atkin901 at yahoo dot com
MFC after: 3 days
since it calls into VFS and VM. This makes the freebsd32_mmap() routine
MP safe and the extra Giants here can be revisited later.
Glanced at by: marcel
MFC after: 3 days
o Use pf more consistantly for pccard_function.
o Make sure we quote the strings properly (maybe this function belongs in
subr_bus.c)
o Tweak a comment to be more accurate after code changed.
and combine the old xe_pccard_{probe,attach} into one routine _attach.
Create a lookup function to lookup items in the table. Eliminate the
check for network cards, since many modems were eliminated by it.
Tweak a few printfs as well.
This gets many of my older cards working again CEM2, CEM28, CEM36,
etc.
support for them can really be added. Eliminate the check for network
card, because many of the cards in the commented out section are combo
cards and report themselves as either multifunction or modem. They
will be added back as I obtain hardware and test them more fully.
few other cards need. This firmware was obtained from the Linux
pcmica-cs project, but Ositech Communications, Inc has been kind
enough to grant permission to change the license to a pure BSDL type.