Commit Graph

36009 Commits

Author SHA1 Message Date
Robert Watson
9e913ebd0a Centrally manage enforcement of {reboot,swapon,sysctl} using the
mac_enforce_system toggle, rather than several separate toggles.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 15:50:49 +00:00
Maxime Henrion
4caad4e81d Fix a bunch of warnings on 64 bit platforms in the
CISS_DEBUG case by appropriately using %z and %j.
2002-10-27 12:27:04 +00:00
Maxime Henrion
5d10e1f7df - Comment a line which sets CISS_DEBUG by default.
- Use -DCISS_DEBUG rather than -DCISS_DEBUG=0.
2002-10-27 12:09:51 +00:00
Maxime Henrion
e6fccf7adf Fix a warning when CISS_DEBUG is defined. 2002-10-27 12:05:11 +00:00
Poul-Henning Kamp
b2758b2f23 Don't truncate on large disks. 2002-10-27 10:17:38 +00:00
Robert Watson
d3fc69ee6a Implement mac_check_system_sysctl(), a MAC Framework entry point to
permit MAC policies to augment the security protections on sysctl()
operations.  This is not really a wonderful entry point, as we
only have access to the MIB of the target sysctl entry, rather than
the more useful entry name, but this is sufficient for policies
like Biba that wish to use their notions of privilege or integrity
to prevent inappropriate sysctl modification.  Affects MAC kernels
only.  Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c,
we can't assert the SYSCTL subsystem lockin the MAC Framework.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 07:12:34 +00:00
Robert Watson
a2ecb9b790 Hook up mac_check_system_reboot(), a MAC Framework entry point that
permits MAC modules to augment system security decisions regarding
the reboot() system call, if MAC is compiled into the kernel.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 07:03:29 +00:00
Robert Watson
03ce2c0c9b Merge from MAC tree: rename mac_check_vnode_swapon() to
mac_check_system_swapon(), to reflect the fact that the primary
object of this change is the running kernel as a whole, rather
than just the vnode.  We'll drop additional checks of this
class into the same check namespace, including reboot(),
sysctl(), et al.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 06:54:06 +00:00
Poul-Henning Kamp
077f9aa12e Make geom_mbr.c optional on PC98, use GEOM_MBR option to include it.
Disable check for supposedly magic "IPL1" string for PC98 labels, its
thaumaturgical power is in doubt.
2002-10-26 20:17:59 +00:00
Maxime Henrion
5b8ee62bc2 Fix a style nit. 2002-10-26 18:19:46 +00:00
Maxime Henrion
6d2eae5731 In VOP_LOOKUP, don't deny DELETE and RENAME operations
when ISLASTCN is not set.  The actual file which is being
looked up may live in a different filesystem.
2002-10-26 18:16:19 +00:00
Maxime Henrion
a8cdde69c2 Add a missing destroy_dev(). 2002-10-26 18:09:30 +00:00
Jake Burkholder
8d9faed03e Allow deprecated or unimplemented system call vectors to deliver SIGSYS,
as suggested by the sparc v9 ABI.
2002-10-26 17:38:20 +00:00
Jake Burkholder
5b412c08c2 Remove an unused macro. 2002-10-26 17:36:37 +00:00
Yoshihiro Takahashi
4b8d81b418 MFi386: revisions 1.544 and 1.545. 2002-10-26 15:44:06 +00:00
Robert Watson
763bbd2f4f Slightly change the semantics of vnode labels for MAC: rather than
"refreshing" the label on the vnode before use, just get the label
right from inception.  For single-label file systems, set the label
in the generic VFS getnewvnode() code; for multi-label file systems,
leave the labeling up to the file system.  With UFS1/2, this means
reading the extended attribute during vfs_vget() as the inode is
pulled off disk, rather than hitting the extended attributes
frequently during operations later, improving performance.  This
also corrects sematics for shared vnode locks, which were not
previously present in the system.  This chances the cache
coherrency properties WRT out-of-band access to label data, but in
an acceptable form.  With UFS1, there is a small race condition
during automatic extended attribute start -- this is not present
with UFS2, and occurs because EAs aren't available at vnode
inception.  We'll introduce a work around for this shortly.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-26 14:38:24 +00:00
Thomas Moestl
08e0fdeb39 Call bpf_mtap() on outgoing packets. 2002-10-26 12:32:07 +00:00
Peter Wemm
3556388d17 Add COMPAT_FREEBSD4 here too. It has COMPAT_43 as well. 2002-10-26 04:58:36 +00:00
Peter Wemm
c69d7e2f4f Add COMPAT_FREEBSD4 for the transition. COMPAT_43 was already present. 2002-10-26 04:57:19 +00:00
Julian Elischer
053effc60e iBack out david's last commit. the suspension code needs to be called
for non KSE processes too.
2002-10-26 04:44:17 +00:00
David Xu
3139ada54c Move suspension checking code from userret() into thread_userret(). 2002-10-26 02:56:51 +00:00
David Xu
56a6a23ea6 Backout revision 1.48. 2002-10-26 01:26:36 +00:00
Sam Leffler
57b6353534 o m_adj rx buffer so IP header is 32-bit aligned
o replace EPIC_MGETCLUSER with m_getcl

MFC after:	1 week
2002-10-25 22:06:03 +00:00
John Baldwin
fbc9740955 Cast si_drv2 to intptr_t instead of int to quiet warnings.
Tested on:	alpha
Reported by:	marcel (on an ia64)
2002-10-25 20:49:24 +00:00
Robert Watson
a67fe518a1 Comment describing the semantics of mac_late.
Trim trailing whitespace.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-25 20:45:27 +00:00
John Baldwin
4c86c028ac Use the newer "+" modifier on output contraints when a register or
memory datum is used for both input and output instead of using
matching constraints.
2002-10-25 20:22:12 +00:00
Poul-Henning Kamp
3d5500fc51 Reduce the GEOM verbosity under bootverbose to something more sufferable.
This is not quite the set of information I would want, but the tree where
I have the "correct" version is messed up with conflicts.

Sponsored by:	DARPA & NAI Labs.
2002-10-25 20:09:45 +00:00
John Baldwin
6de4b3c6cb Don't copy td_md. Instead, let the MD code handle it just like it
handles the MD fields of all the other MD portions of proc-related
structures.

Tested on:	i386, alpha, sparc64
2002-10-25 20:07:52 +00:00
John Baldwin
ab79480392 Note that the sched_lock protects md_ldt of struct mdproc. 2002-10-25 20:06:16 +00:00
Maxime Henrion
4578a2e652 - Rename the DDB specific %z printf format to %y.
- Make DDB use %y instead of %z.
- Teach GCC about %y.
- Implement support for the C99 %z format modifier.

Approved by:	re@
Reviewed by:	peter
Tested on:	i386, sparc64
2002-10-25 19:41:32 +00:00
Peter Wemm
331e4823a2 Finish fixing the 5.x FPU code for dealing with signal handlers.
Obtained from:  bde
2002-10-25 19:12:16 +00:00
Peter Wemm
23eeeff7be Split 4.x and 5.x signal handling so that we can keep 4.x signal
handling clean and functional as 5.x evolves.  This allows some of the
nasty bandaids in the 5.x codepaths to be unwound.

Encapsulate 4.x signal handling under COMPAT_FREEBSD4 (there is an
anti-foot-shooting measure in place, 5.x folks need this for a while) and
finish encapsulating the older stuff under COMPAT_43.  Since the ancient
stuff is required on alpha (longjmp(3) passes a 'struct osigcontext *'
to the current sigreturn(2), instead of the 'ucontext_t *' that sigreturn
is supposed to take), add a compile time check to prevent foot shooting
there too.  Add uniform COMPAT_43 stubs for ia64/sparc64/powerpc.

Tested on: i386, alpha, ia64.  Compiled on sparc64 (a few days ago).
Approved by: re
2002-10-25 19:10:58 +00:00
Mitsuru IWASAKI
fb3a308a4a Change method to determine base memory size.
Try INT 15H/E820H first, then fall back to the old compatibility
method (INT 12H).
This is a workaround for newer machines which have broken INT 12H BIOS
service implementation.

Reviewed by:	-current ML
MFC after:	3 days
2002-10-25 18:46:36 +00:00
Poul-Henning Kamp
df6b615a42 #include <geom/geom.h> to get proper prototypes. Contrary to my fears we
seem to have all the prerequisites already.

Call g_waitidle() as the first thing in vfs_mountroot() so that we have
it out of the way before we even decide if we should call .._ask() or
.._try().

Call the g_dev_print() function to provide better guidance for the
root-mount prompt.
2002-10-25 18:44:42 +00:00
Poul-Henning Kamp
ce225127b9 Add a g_dev_print() function which prints all the /dev entries GEOM
know about.
2002-10-25 18:42:42 +00:00
Thomas Moestl
db44ef5176 Initialize tick_MHz and related variables much earlier. After the last
revision of tick.c, this was done at SI_SUB_CLOCKS, which is too late
because tick_MHz is required for DELAY() to work.

Reviewed by:	jake
2002-10-25 17:42:14 +00:00
Thomas Moestl
736b63df0d Fix iommu_dvmamap_sync() to use the right address when flushing the
streaming cache. This bug could have the potential to cause data
corruption on systems with Psycho U2P bridges (Sabre bridges have no
streaming cache).
However, due to the usual driver architecture, it is believed that
corruption did occur only in rare cases (if at all).
2002-10-25 17:31:31 +00:00
Hidetoshi Shimokawa
6fe6a00661 Don't check IFF_RUNNING in previous change.
The flag is sometimes unset if the interface has IPv6 link-local
address only.
2002-10-25 17:31:03 +00:00
Poul-Henning Kamp
c03bf4f225 Loose the g_dev_clone() noise. 2002-10-25 17:00:15 +00:00
Jake Burkholder
4d961d24e1 Greatly improve readability of trap() by using a table to convert between
trap types and signals to send.  Rearrange KASSERTs to better handle faults
early before curthread is setup, or in the case that it gets corrupted or
set to 0.
2002-10-25 16:00:47 +00:00
David Xu
ddc4f28155 suspend thread only when it can be interrupted. 2002-10-25 13:12:36 +00:00
David Xu
0cf609706f let thread_schedule_upcall() handle idle kse. 2002-10-25 12:50:31 +00:00
Poul-Henning Kamp
fa669ab7b8 Disable the kernacc() check in mtx_validate() until such time that kernacc
does not require Giant.

This means that we may miss panics on a class of mutex programming bugs,
but only if running with a Chernobyl setting of debug-flags.

Spotted by:	Pete Carah <pete@ns.altadena.net>
2002-10-25 08:40:20 +00:00
Poul-Henning Kamp
0d6dc414b4 In vrele() we can actually have a VCHR with v_rdev == NULL if we
came from the bottom of addaliasu().  Don't panic.
2002-10-25 07:58:25 +00:00
Julian Elischer
de4723f6e8 fix style-o 2002-10-25 07:17:07 +00:00
Julian Elischer
9d10277721 More work on the interaction between suspending and sleeping threads.
Also clean up some code used with 'single-threading'.

Reviewed by:	davidxu
2002-10-25 07:11:12 +00:00
Warner Losh
d793791855 Use the correct values for LDBL_*. Libc doesn't completely support
long doubles at the moment (printf truncates them to doubles).
However, long doubles to appear to work to the ranges listed in this
commit on both -stable (4.5) and -current.  There may be some slight
rounding issues with long doubles, but that's an orthogonal issue to
these constants.

I've had this in my local tree for 3 months, and in my company's local
tree for 15 months with no ill effects.

Obtained from: NetBSD
Not likely to like it: bde
2002-10-25 07:02:52 +00:00
Jake Burkholder
81784fad7a Minor cleanups.
- use fields in sysent instead of PS_STRINGS
- set TSTATE_PRIV in frame0.tf_tstate for what its worth
2002-10-25 06:26:34 +00:00
Kirk McKusick
9ab73fd11a Within ufs, the ffs_sync and ffs_fsync functions did not always
check for and/or report I/O errors. The result is that a VFS_SYNC
or VOP_FSYNC called with MNT_WAIT could loop infinitely on ufs in
the presence of a hard error writing a disk sector or in a filesystem
full condition. This patch ensures that I/O errors will always be
checked and returned.  This patch also ensures that every call to
VFS_SYNC or VOP_FSYNC with MNT_WAIT set checks for and takes
appropriate action when an error is returned.

Sponsored by:   DARPA & NAI Labs.
2002-10-25 00:20:37 +00:00
David Xu
4c40dcd4d7 fix typo. 2002-10-25 00:13:46 +00:00