Commit Graph

34185 Commits

Author SHA1 Message Date
Alan Cox
20fb589d13 o The introduction of kevent() broke lio_listio(): _aio_aqueue() thought
that LIO_READ and LIO_WRITE were requests for kevent()-based
   notification of completion.  Modify _aio_aqueue() to recognize LIO_READ
   and LIO_WRITE.

Notes: (1) The patch provided by the PR perpetuates a second bug in this
code, a direct access to user-space memory.  This change fixes that bug
as well. (2) This change is to code that implements a deprecated interface.
It should probably be removed after an MFC.

PR:		kern/39556
2002-08-05 19:14:27 +00:00
Max Khon
0d13f401f4 Make driver portable:
- bus_space'ify
- generate fake ethernet address using read_random() instead of reading
from timer i/o ports

Other minor fixes:
- remove "hack" in connect_to_master()
- use M_ZERO
- remove unused variable in sbni_ioctl()
- properly release irq in sbni_attach_isa() on attach errors
2002-08-05 18:14:16 +00:00
Ian Dowse
98caa2e4e9 Don't call softdep_slowdown() if soft updates are not active on the
filesystem. This causes a panic for kernels compiled without
softupdates.

Reported by:	luigi
2002-08-05 17:59:20 +00:00
Max Khon
2fb48d6c87 back out one change that crept in (will be committed later) 2002-08-05 17:32:16 +00:00
Max Khon
cc99b6cf41 style fixes 2002-08-05 17:20:17 +00:00
Dag-Erling Smørgrav
ea4c8f8ca1 Check the far end before registering an EVFILT_WRITE filter on a pipe. 2002-08-05 15:03:03 +00:00
Mike Silbersack
aff8da7074 Make sure to set the DMA transfer length register, plus one
small style fix.

Submitted by:	Thomas Nystrom <thn@saeab.se>
2002-08-05 13:24:06 +00:00
Jeff Roberson
973a3f4b94 - Document more of the struct vnode locking protocol.
- Slightly reformat a comment block.
2002-08-05 10:25:56 +00:00
Jeff Roberson
8947be9ba0 - Move some logic from getnewvnode() to a new function vcanrecycle()
- Unlock the free list mutex around vcanrecycle to prevent a lock order
   reversal.
2002-08-05 10:15:56 +00:00
Jeff Roberson
18c6acee26 - Move a VOP assert to the right place.
Spotted by:	i386 tinderbox
2002-08-05 08:55:53 +00:00
Jeff Roberson
be12d7a61d - Add a missing VI_UNLOCK to an error case in nfs_flush. 2002-08-05 08:54:29 +00:00
Warner Losh
6edfb9d7cb Fix minor typo in ID number in last commit 2002-08-05 07:48:31 +00:00
Warner Losh
cb642e2945 A definition of regulatory domains that matches the docs. 2002-08-05 07:45:57 +00:00
Warner Losh
b04a43c87c Differentiate between AT45DB011 compatible large serial flash parts
and the AT24C08 small serial flash parts.  We still report these as
the same part (since we group things already), but now we recognize
the small serial versions as well.
2002-08-05 07:24:02 +00:00
Warner Losh
ae06c30e2b Add a comment that says it looks like lucent cards have a primary
firmware revision as well (not sure which firmware versions are needed
for this, but the 6.x and 8.x 'software' versions that I have seem to
support it).

Add dBm comm quality RID.  This is like the normal comm quality rid,
except the signal and noise numbers are normalized to dBm.  Some
revisions of the prism firmware, however, don't support this RID, and
some that do support it return 0 for quality and/or noise.  Your
milage may vary.
2002-08-05 07:19:27 +00:00
Peter Wemm
c679b309f1 Revert rev 1.356 and 1.352 (pmap_mapdev hacks). It wasn't worth the
pain.
2002-08-05 06:10:03 +00:00
Alfred Perlstein
a4be7ce2dd Add a macro for SLIST traversal 'SLIST_FOREACH_PREVPTR',
this macro keeps a pointer to the previous element's next
pointer to allow for search and O(1) removal.
2002-08-05 05:18:43 +00:00
Alfred Perlstein
4442e4a436 Cleanup:
Fix line wrapping.
Remove 'register'.
malloc(9) with M_WAITOK can't fail, so remove checks for that.
2002-08-05 05:16:09 +00:00
Alan Cox
8365d52166 o Introduce pmap_page_is_mapped(). Its purpose is to obsolete
the PG_MAPPED flag.
2002-08-05 03:40:28 +00:00
Luigi Rizzo
9e2518582d Use m_getcl() to allocate buffers for the receive ring.
MFC after: 3 days
2002-08-05 00:21:24 +00:00
Alan Cox
7ffcf9ec77 o Don't set PG_MAPPED or PG_WRITEABLE when a page is mapped
using pmap_kenter() or pmap_qenter().
 o Use VM_ALLOC_WIRED in pmap_new_thread().
2002-08-05 00:04:18 +00:00
Luigi Rizzo
c939f1aee7 Extend the interface to ether_input(): a NULL eh pointer means that
the mbuf contains the ethernet header (eh) as well, which ether_input()
will strip off as needed.

This permits the removal (in a backward compatible way) of the
header removal code which right now is replicated in all drivers,
sometimes in an inconsistent way. Also, because many functions
called after ether_input() require the eh in the mbuf, eventually
we can propagate the interface and handle outdated drivers just
in ether_input().

Individual driver changes to use the new interface will follow as
we have a chance to touch them.

NOTE THAT THIS CHANGE IS FULLY BACKWARD COMPATIBLE AND DOES NOT BREAK
BINARY COMPATIBILITY FOR DRIVERS.

MFC after: 3 days
2002-08-04 23:55:06 +00:00
Luigi Rizzo
2b5989e943 Fix handling of Receiver Not Ready errors when doing polling.
Also take this chance to cleanup the code in fxp_intr_body.

Add a missing block of code to disable interrupts when
reinitializing the interface while doing polling (the RELENG_4
version was correct).

MFC after: 3 days
2002-08-04 22:33:28 +00:00
Luigi Rizzo
32d273402d Use m_getcl() to allocate mbuf+cluster for the receive ring.
Remove the sis_quick variable, as it was there for testing purposes
only.

MFC after: 3 days
2002-08-04 21:52:05 +00:00
Luigi Rizzo
fc1c73c21a Temporarily disable polling when no processes are active, while I
investigate the problem described below.

I am seeing some strange livelock on recent -current sources with
a slow box under heavy load, which disappears with this change.
This might suggest some kind of problem (either insufficient locking,
or mishandling of priorities) in the poll_idle thread.
2002-08-04 21:00:49 +00:00
Poul-Henning Kamp
e26ebcce25 Repond properly to NGM_TEXT_CONFIG messages. 2002-08-04 20:50:50 +00:00
Luigi Rizzo
1cbd978e96 bugfix: move check for udp_blackhole before the one for icmp_bandlim.
MFC after: 3 days
2002-08-04 20:50:13 +00:00
Mike Barcroft
2dd3656781 Fix typo in the last revision.
Noticed by:	i386 tinderbox
2002-08-04 19:34:38 +00:00
Jake Burkholder
ab1cee3d3d se -> sab. 2002-08-04 19:07:15 +00:00
Alan Cox
24c28f1ad6 o Acquire the page queues lock before checking the page's busy status
in vm_page_grab().  Also, replace the nearby tsleep() with an msleep()
   on the page queues lock.
2002-08-04 19:05:20 +00:00
Jake Burkholder
d5e6ffe8d2 Ported to FreeBSD. 2002-08-04 18:41:27 +00:00
Jake Burkholder
47029a19ea Add Jason L. Wright's driver for the SAB82532 serial chip, found in many
sun ultras.

Obtained from:	OpenBSD
2002-08-04 18:36:36 +00:00
Eric Anholt
2690c0bb32 Add device agp to GENERIC, filter it out of floppy builds
Approved by:	des (mentor)
2002-08-04 18:35:02 +00:00
Jake Burkholder
ab9d7ec432 Remove this abortive attempt. 2002-08-04 18:24:09 +00:00
Peter Wemm
3f3655b092 Fix a mistake in 1.352 - I was returning a pointer to the rounded down
address.  I expect this will fix acpica.
2002-08-04 18:11:38 +00:00
Warner Losh
35e58ed326 Remove commented out PCI_ENABLE_IO_MODES. It is gone now. 2002-08-04 18:06:15 +00:00
Scott Long
2bbe0d3617 Simplify the handling of a fragmented file_id descriptor. Also
de-obfuscate the file_char flags.
2002-08-04 16:42:20 +00:00
Jeff Roberson
e6e370a7fe - Replace v_flag with v_iflag and v_vflag
- v_vflag is protected by the vnode lock and is used when synchronization
   with VOP calls is needed.
 - v_iflag is protected by interlock and is used for dealing with vnode
   management issues.  These flags include X/O LOCK, FREE, DOOMED, etc.
 - All accesses to v_iflag and v_vflag have either been locked or marked with
   mp_fixme's.
 - Many ASSERT_VOP_LOCKED calls have been added where the locking was not
   clear.
 - Many functions in vfs_subr.c were restructured to provide for stronger
   locking.

Idea stolen from:	BSD/OS
2002-08-04 10:29:36 +00:00
Alan Cox
7f0bf36a2e o Extend the scope of the page queues lock in contigmalloc1().
o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
   in vm_contig_launder().
2002-08-04 07:07:34 +00:00
Alan Cox
4453ada654 o Convert a vm_page_sleep_busy() into a vm_page_sleep_if_busy()
with appropriate page queue locking.
2002-08-04 06:27:37 +00:00
Alan Cox
ea5e5b13f8 o Request a wired page from vm_page_grab() in _pmap_allocpte(). 2002-08-04 04:55:31 +00:00
Jake Burkholder
7746cd480a Print out the strings in vers.o instead of hardcoding the loader banner. 2002-08-04 01:30:26 +00:00
Matthew N. Dodd
9ccba881d9 Kernel modifications necessary to allow to follow fork()ed children.
PR:		 bin/25587 (in part)
MFC after:	 3 weeks
2002-08-04 01:07:02 +00:00
Alan Cox
b9c51c912e o Ask for a prezeroed page in pmap_pinit() for the page directory page. 2002-08-03 20:24:51 +00:00
Alan Cox
3327872297 o Convert two instances of vm_page_sleep_busy() to vm_page_sleep_if_busy()
with appropriate page queue locking.
2002-08-03 18:59:19 +00:00
Luigi Rizzo
ea779ff36c Fix handling of packets which matched an "ipfw fwd" rule on the input side. 2002-08-03 14:59:45 +00:00
Alan Cox
5da2d6a46d o Don't set PG_MAPPED on the page allocated and mapped in _pmap_allocpte().
(Only set this flag if the mapping has a corresponding pv list entry,
   which this mapping doesn't.)
2002-08-03 06:42:30 +00:00
Peter Wemm
af932613d7 Ignore memory above 4GB for now due to unpleasant pci issues. 2002-08-03 03:35:06 +00:00
Alan Cox
aa9b1d9412 o Remove the setting of PG_MAPPED from vm_page_wire() and
vm_page_alloc(VM_ALLOC_WIRED).
2002-08-03 01:29:52 +00:00
Peter Wemm
8f1586dd65 Take advantage of the fact that there is a small 1MB direct mapped region
on x86 in between KERNBASE and the kernel load address.  pmap_mapdev()
can return pointers to this for devices operating in the isa "hole".
2002-08-03 01:02:37 +00:00
Peter Wemm
1af04fadd1 Take a shot at fixing a nasty bug in the pmap changes that I did. I
missed the pmap_kenter/kremove in this file, which leads to read()/write()
of /dev/mem using stale TLB entries. (gah!)  Fortunately, mmap of /dev/mem
wasn't affected, so it wasn't as bad as it could have been.  This throws
some light on the 'X server affects stability' thread....

Pointed out by:	bde
2002-08-03 00:59:15 +00:00
Warner Losh
a0cd6004a9 We now have opt_wi.h, so go ahead and add it. Default it to 1. 2002-08-03 00:21:29 +00:00
Warner Losh
073eef8ca2 Add code that will download firmware to a Symbol LA4100-series of CF
cards.  Since the firmware is hard coded into the kernel, I've made it
a kernel option (WI_SYMBOL_FIRMWARE).

Note: This only downloads into the RAM of these cards.  It doesn't
download into FLASH, and is somewhat limited.  There needs to be a
better way to deal, but this works for now.  My Symbol LA4132 CF card
works now.

Obtained from: NetBSD
2002-08-03 00:19:58 +00:00
Warner Losh
b8182b24d7 While PCI interrupts are shareable, this should not have been committed just
yet.
2002-08-02 22:26:03 +00:00
Maxime Henrion
f2b17113cf Make the consumers of the linker_load_file() function use
linker_load_module() instead.

This fixes a bug where the kernel was unable to properly locate and
load a kernel module in vfs_mount() (and probably in the netgraph
code as well since it was using the same function).  This is because
the linker_load_file() does not properly search the module path.

Problem found by:	peter
Reviewed by:		peter
Thanks to:		peter
2002-08-02 20:56:07 +00:00
Robert Watson
4b32dfdcd7 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating nd6 output on an interface, label the packet
appropriately.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 20:49:14 +00:00
Robert Watson
e316463a86 When preserving the IP header in extra mbuf in the IP forwarding
case, also preserve the MAC label.  Note that this mbuf allocation
is fairly non-optimal, but not my fault.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 20:45:27 +00:00
Robert Watson
01e990be89 Improve ordering of MAC entry points in mac_policy_op structure.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 20:33:05 +00:00
Alan Cox
00f9e8b421 o Convert two instances of vm_page_sleep_busy() into vm_page_sleep_if_busy()
with appropriate page queue locking.
2002-08-02 18:55:29 +00:00
Poul-Henning Kamp
14a3a6ea0b Move a prototype to the least wrong place.
Suggested by:	bde
2002-08-02 18:45:43 +00:00
Peter Wemm
6a905efed3 ptvmmap does not exist on alpha. 2002-08-02 18:40:01 +00:00
Robert Watson
09a555cbf9 Work to fix LINT build.
Reported by:	phk
2002-08-02 18:08:14 +00:00
Poul-Henning Kamp
5f9dcc4468 SYSINIT needs to be SI_SUB_PSEUDO. Add a printf to tell we are here. 2002-08-02 16:47:29 +00:00
Poul-Henning Kamp
007054391b typo. 2002-08-02 15:55:18 +00:00
Poul-Henning Kamp
927b6b099d Add the minimalist elan-mmcr device driver.
This driver allows a userland program to mmap the MMCR of the AMD
Elan sc520 CPU.
2002-08-02 15:53:04 +00:00
Mark Murray
052c7c89c2 Modernise the cdevsw WRT to (unused) kqueue. 2002-08-02 11:24:43 +00:00
Scott Long
8db4c2f20c Calculate the correct physical block number for files that are
embedded into their file_entry descriptor.  This is more for
correctness, since these files cannot be bmap'ed/mmap'ed anyways.
Enforce this restriction.

Submitted by:	tes@sgi.com
2002-08-02 06:22:20 +00:00
Scott Long
678d5effd3 Check for deleted files in udf_lookup(), not just udf_readdir().
Submitted by:	tes@sgi.com
2002-08-02 06:19:43 +00:00
Alan Cox
1e7ce68ff4 o Lock page queue accesses in nwfs and smbfs.
o Assert that the page queues lock is held in vm_page_deactivate().
2002-08-02 05:23:58 +00:00
Alan Cox
e5b95b1209 o Lock page queue accesses by vm_page_deactivate(). 2002-08-02 04:40:10 +00:00
Alan Cox
64a1b85efa o Lock page queue accesses by vm_page_deactivate(). 2002-08-02 04:14:19 +00:00
Alan Cox
91bb74a88c o Lock page queue accesses by vm_page_deactivate(). 2002-08-02 03:56:31 +00:00
Robert Watson
67d722ed73 Introduce support for Mandatory Access Control and extensible
kernel access control.

Teach devfs how to respond to pathconf() _POSIX_MAC_PRESENT queries,
allowing it to indicate to user processes that individual vnode labels
are available.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 03:12:40 +00:00
Robert Watson
bdc2cd1318 Hook up devfs_pathconf() for specfs devfs nodes, not just regular
devfs nodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:27:57 +00:00
Robert Watson
1dbad969fe Demonstrate that MAC modules can also be linked statically as
well as loaded as modules by hooking up mac_none if
'options MAC_NONE' is defined.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:26:38 +00:00
Robert Watson
eddc160e00 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points for a number of VFS-related
operations in the Linux ABI module.  In particular, handle uselib
in a manner similar to open() (more work is probably needed here),
as well as handle statfs(), and linux readdir()-like calls.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 22:23:02 +00:00
Robert Watson
85bb40473a Sample loader.conf lines for various MAC modules. 2002-08-01 22:03:19 +00:00
Jake Burkholder
4fbe520926 Forgot to commit this.
Spotted by:	scottl
2002-08-01 21:39:54 +00:00
Robert Watson
bdb3fa1832 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add MAC support for the UDP protocol.  Invoke appropriate MAC entry
points to label packets that are generated by local UDP sockets,
and to authorize delivery of mbufs to local sockets both in the
multicast/broadcast case and the unicast case.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:37:34 +00:00
Robert Watson
8f293a63ce Introduce support for Mandatory Access Control and extensible
kernel access control.

Introduce two ioctls, SIOCGIFMAC, SIOCSIFMAC, which permit user
processes to manage the MAC labels on network interfaces.  Note
that this is part of the user process API/ABI that will be revised
prior to 5.0-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:15:53 +00:00
Robert Watson
64c2d84570 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add MAC support for if_ppp.  Label packets as they are removed from
the raw PPP mbuf queue.  Preserve the mbuf MAC label across various
PPP data-munging and reconstitution operations.  Perform access
control checks on mbufs to be transmitted via the interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:13:47 +00:00
Robert Watson
10722b852b Introduce support for Mandatory Access Control and extensible
kernel access control.

Label packets generated by the gif virtual interface.

Perform access control on packets delivered to gif virtual interfaces.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 21:00:05 +00:00
Robert Watson
18b770b2fb Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC framework entry points to authorize readdir()
operations in the native ABI.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 20:44:52 +00:00
Julian Elischer
67759b33f6 Fix a comment. 2002-08-01 19:10:40 +00:00
Julian Elischer
04774f2357 Slight cleanup of some comments/whitespace.
Make idle process state more consistant.
Add an assert on thread state.
Clean up idleproc/mi_switch() interaction.
Use a local instead of referencing curthread 7 times in a row
(I've been told curthread can be expensive on some architectures)
Remove some commented out code.
Add a little commented out code (completion coming soon)

Reviewed by:	jhb@freebsd.org
2002-08-01 18:45:10 +00:00
Robert Watson
ee0812f320 Since we have the struct file data pointer cached in vp, use that
instead when invoking VOP_POLL().
2002-08-01 18:29:30 +00:00
Alan Cox
46086ddf91 o Acquire the page queues lock before calling vm_page_io_finish().
o Assert that the page queues lock is held in vm_page_io_finish().
2002-08-01 17:57:42 +00:00
Robert Watson
f9d0d52459 Include file cleanup; mac.h and malloc.h at one point had ordering
relationship requirements, and no longer do.

Reminded by:	bde
2002-08-01 17:47:56 +00:00
Robert Watson
ebbd4fa8c8 Introduce support for Mandatory Access Control and extensible
kernel access control.

Hook up various policy modules to the kernel build.

Note that a number of these modules require futher entry point commits
in the remainder of the kernel to become fully functional, but enough
of the pieces are in place to allow experimentation.

Note also that it would be desirable to not build the mac_*.ko modules
if 'options MAC' is not defined in the kernel configuration, because
the resulting modules are not useful without the kernel option.  There
doesn't appear to be precedent for a way to do this -- for example,
we allow ipfw.ko to be built even if 'options NETINET' isn't defined.
Suggests welcomed on the "best" way to do this.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:41:27 +00:00
Robert Watson
4b826b4cfc Change macop_t to const, use macop_t in MAC policy entry point definition
structure.  This prevents a boatload of warnings in the MAC modules,
so we can hook them up to the build.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:32:01 +00:00
Robert Watson
4a58340e98 Introduce support for Mandatory Access Control and extensible
kernel access control

Invoke appropriate MAC framework entry points to authorize a number
of vnode operations, including read, write, stat, poll.  This permits
MAC policies to revoke access to files following label changes,
and to limit information spread about the file to user processes.

Note: currently the file cached credential is used for some of
these authorization check.  We will need to expand some of the
MAC entry point APIs to permit multiple creds to be passed to
the access control check to allow diverse policy behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:23:22 +00:00
Marc Fonvieille
c0727dcbfe Fix the link to the Handbook 2002-08-01 17:21:18 +00:00
Robert Watson
37bde6c0a3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Restructure the vn_open_cred() access control checks to invoke
the MAC entry point for open authorization.  Note that MAC can
reject open requests where existing DAC code skips the open
authorization check due to O_CREAT.  However, the failure mode
here is the same as other failure modes following creation,
wherein an empty file may be left behind.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 17:14:28 +00:00
Robert Watson
f4d2cfdda6 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke appropriate MAC entry points to authorize the following
operations:

        truncate on open()                      (write)
        access()                                (access)
        readlink()                              (readlink)
        chflags(), lchflags(), fchflags()       (setflag)
        chmod(), fchmod(), lchmod()             (setmode)
        chown(), fchown(), lchown()             (setowner)
        utimes(), lutimes(), futimes()          (setutimes)
        truncate(), ftrunfcate()                (write)
        revoke()                                (revoke)
        fhopen()                                (open)
        truncate on fhopen()                    (write)
        extattr_set_fd, extattr_set_file()      (setextattr)
        extattr_get_fd, extattr_get_file()      (getextattr)
        extattr_delete_fd(), extattr_delete_file() (setextattr)

These entry points permit MAC policies to enforce a variety of
protections on vnodes.  More vnode checks to come, especially in
non-native ABIs.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 15:37:12 +00:00
Robert Watson
339b79b939 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke an appropriate MAC entry point to authorize execution of
a file by a process.  The check is placed slightly differently
than it appears in the trustedbsd_mac tree so that it prevents
a little more information leakage about the target of the execve()
operation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 14:31:58 +00:00
Bosko Milekic
abc1263a51 Move the MAC label init/destroy stuff to more appropriate places so that
the inits/destroys are done without the cache locks held even in the
persistent-lock calls.  I may be cheating a little by using the MAC
"already initialized" flag for now.
2002-08-01 14:24:41 +00:00
John Baldwin
12240b1159 Revert previous revision which accidentally snuck in with another commit.
It just removed a comment that doesn't make sense to me personally.
2002-08-01 13:44:33 +00:00
John Baldwin
0711ca46c5 Revert previous revision which was accidentally committed and has not been
tested yet.
2002-08-01 13:39:33 +00:00
John Baldwin
fbd140c786 If we fail to write to a vnode during a ktrace write, then we drop all
other references to that vnode as a trace vnode in other processes as well
as in any pending requests on the todo list.  Thus, it is possible for a
ktrace request structure to have a NULL ktr_vp when it is destroyed in
ktr_freerequest().  We shouldn't call vrele() on the vnode in that case.

Reported by:	bde
2002-08-01 13:35:38 +00:00
Mitsuru IWASAKI
6a7ef08763 Fix a bug about stack manipulation at ACPI wakeup.
This should avoid kernel panic on kernel compiled w/o
NO_CPU_COPTFLAGS.

Suggested by:	optimized code by -mcpu=pentiumpro
2002-08-01 09:48:01 +00:00
Warner Losh
3d976872ed Don't set the IFF_PROMISC bit when in hostap mode like the previous
commit bogusly did.  Instead, don't set PROMSIC in the hardware if
we're in hostap mode.  This matches more closely what openbsd did as
well.
2002-08-01 07:37:52 +00:00
Robert Watson
d00e44fb4a Document the undocumented assumption that at least one of the PCB
pointer and incoming mbuf pointer will be non-NULL in tcp_respond().
This is relied on by the MAC code for correctness, as well as
existing code.

Obtained from:	TrustedBSD PRoject
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:54:43 +00:00
Robert Watson
0070e096d7 Introduce support for Mandatory Access Control and extensible
kernel access control.

Add support for labeling most out-going ICMP messages using an
appropriate MAC entry point.  Currently, we do not explicitly
label packet reflect (timestamp, echo request) ICMP events,
implicitly using the originating packet label since the mbuf is
reused.  This will be made explicit at some point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:53:04 +00:00
Robert Watson
b3e13e1c3f Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument chdir() and chroot()-related system calls to invoke
appropriate MAC entry points to authorize the two operations.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:50:08 +00:00
Robert Watson
b827919594 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement two IOCTLs at the socket level to retrieve the primary
and peer labels from a socket.  Note that this user process interface
will be changing to improve multi-policy support.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 03:45:40 +00:00
Peter Wemm
8fe52021c2 Remove duplicate 'modules-tags' rule 2002-08-01 03:13:10 +00:00
Robert Watson
c1ff2d9baf Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify procfs so that (when mounted multilabel) it exports process MAC
labels as the vnode labels of procfs vnodes associated with processes.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 02:03:21 +00:00
Scott Long
0d74300cae Allow the ahc and ahd drivers to be built as modules. This also
breaks the ahc driver into a core back-end and pci and eisa
front-ends.
2002-08-01 01:36:39 +00:00
Robert Watson
dee93f2c52 Introduce support for Mandatory Access Control and extensible
kernel access control.

Modify pseudofs so that it can support synthetic file systems with
the multilabel flag set.  In particular, implement vop_refreshlabel()
as pn_refreshlabel().  Implement pfs_refreshlabel() to invoke this,
and have it fall back to the mount label if the file system does
not implement pn_refreshlabel() for the node.  Otherwise, permit
the file system to determine how the service is provided.

Approved by:	des
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:33:12 +00:00
Robert Watson
b285e7f9a8 Improve formatting and variable use consistency in extattr system
calls.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:29:03 +00:00
Robert Watson
956fc3f8a5 Simplify the logic to enter VFS_EXTATTRCTL().
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:26:07 +00:00
Robert Watson
d03db4290d Introduce support for Mandatory Access Control and extensible
kernel access control.

Authorize vop_readlink() and vop_lookup() activities during recursive
path lookup via namei() via calls to appropriate MAC entry points.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:21:40 +00:00
Robert Watson
6ea48a903c Introduce support for Mandatory Access Control and extensible
kernel access control.

Authorize the creation of UNIX domain sockets in the file system
namespace via an appropriate invocation a MAC framework entry
point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:18:42 +00:00
Robert Watson
b65f6f6b69 When invoking NDINIT() in preparation for CREATE, set SAVENAME since
we'll use nd.ni_cnp later.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:16:22 +00:00
Robert Watson
62b24bcc26 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument ctty driver invocations of various vnode operations on the
terminal controlling tty to perform appropriate MAC framework
authorization checks.

Note: VOP_IOCTL() on the ctty appears to be authorized using NOCRED in
the existing code rather than td->td_ucred.  Why?

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:09:54 +00:00
Robert Watson
467a273ca0 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the ktrace write operation so that it invokes the MAC
framework's vnode write authorization check.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:07:03 +00:00
Robert Watson
c86ca022eb Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the kernel ACL retrieval and modification system calls
to invoke MAC framework entry points to authorize these operations.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-01 01:04:16 +00:00
Jake Burkholder
256e0b2bbb Modify the cache handling code to assume 2 virtual colours, which is much
simpler and easier to get right.  Add comments.  Add more statistic
gathering on cacheable and uncacheable mappings.
2002-08-01 00:16:22 +00:00
Jake Burkholder
b519494ef1 Add some statistic gathering for cache flushes. 2002-07-31 23:39:50 +00:00
Robert Watson
5aae45c2e6 The ppp and tunnel modules now rely on opt_mac.h. Missed in a previous
commit.

Submitted by:	Anders Andersson <anders@hack.org>
2002-07-31 20:19:28 +00:00
Jake Burkholder
f739b33f57 Stash various networking paramters in the environment for the kernel
to pick up, ala pxe.
2002-07-31 20:17:06 +00:00
Warner Losh
db351cca83 Add 16-bit before bus to keep the words card and bus apart. 2002-07-31 20:01:11 +00:00
Mike Silbersack
16afddabdc Make sure to set both sets of registers which control the RX and TX buffer
sizes.  Previously, the end result was at the mercy of the card's default
setting.  This change will reduce the number of buffer underruns for
some users.

PR:		kern/37929
Submitted by:	Thomas Nystrom <thn@saeab.se>
MFC after:	7 days
2002-07-31 19:58:36 +00:00
John Baldwin
7e71ff5ea7 - Split the unaligned access check flags out of md_flags in struct mdthread
and move them into md_uac in struct mdproc.  mdproc is protected by the
  proc lock.  md_flags now is only ever modified by the current thread, so
  it doesn't need a lock.
- Rename the constants for all the per-thread MD flags to use MDTD_*
  instead of MDP_*.
2002-07-31 19:37:03 +00:00
Robert Watson
c488362e1a Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the TCP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check socket and
mbuf labels before permitting delivery to a socket.  Assign labels
to newly accepted connections when the syncache/cookie code has done
its business.  Also set peer labels as convenient.  Currently,
MAC policies cannot influence the PCB matching algorithm, so cannot
implement polyinstantiation.  Note that there is at least one case
where a PCB is not available due to the TCP packet not being associated
with any socket, so we don't label in that case, but need to handle
it in a special manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 19:06:49 +00:00
Alan Cox
239b5b9707 o Setting PG_MAPPED and PG_WRITEABLE on pages that are mapped and unmapped
by pmap_qenter() and pmap_qremove() is pointless.  In fact, it probably
   leads to unnecessary pmap_page_protect() calls if one of these pages is
   paged out after unwiring.

Note: setting PG_MAPPED asserts that the page's pv list may be
non-empty.  Since checking the status of the page's pv list isn't any
harder than checking this flag, the flag should probably be eliminated.
Alternatively, PG_MAPPED could be set by pmap_enter() exclusively
rather than various places throughout the kernel.
2002-07-31 18:46:47 +00:00
Robert Watson
4ea889c666 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the raw IP socket code for packet generation and delivery:
label outgoing mbufs with the label of the socket, and check the
socket and mbuf labels before permitting delivery to a socket,
permitting MAC policies to selectively allow delivery of raw IP mbufs
to various raw IP sockets that may be open.  Restructure the policy
checking code to compose IPsec and MAC results in a more readable
manner.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 18:30:34 +00:00
Søren Schmidt
c4d86885af Byteswap the serial # 2002-07-31 18:29:34 +00:00
Søren Schmidt
1d6213f9cc Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID
controller. Some testing has already been done, but its still greenish.
RAID's has to be setup via the BIOS on the SuperTrak, but all RAID
types are supported by the driver. The SuperTrak rebuilds failed arrays
on the fly and supports spare disks etc etc...

Add "device     pst" to your config file to use.

As usual bugsreports, suggestions etc are welcome...

Development sponsored by:       Advanis
Hardware donated by:            Promise Inc.
2002-07-31 18:27:30 +00:00
Søren Schmidt
27da7e6f24 Finally first shot at a driver for the Promise SuperTrak SX6000 ATA RAID
controller. Some testing has already been done, but its still greenish.
RAID's has to be setup via the BIOS on the SuperTrak, but all RAID
types are supported by the driver. The SuperTrak rebuilds failed arrays
on the fly and supports spare disks etc etc...

Add "device	pst" to your config file to use.

As usual bugsreports, suggestions etc are welcome...

Development sponsored by:	Advanis
Hardware donated by:		Promise Inc.
2002-07-31 18:26:30 +00:00
Robert Watson
d8a7b7a3cd Introduce support for Mandatory Access Control and extensible
kernel access control.

Provide implementations of some sample operating system security
policy extensions.  These are not yet hooked up to the build as
other infrastructure is still being committed.  Most of these
work fairly well and are in daily use in our development and (limited)
production environments.  Some are not yet in their final form,
and a number of the labeled policies waste a lot of kernel memory
and will be fixed over the next month or so to be more conservative.
They do give good examples of the flexibility of the MAC framework
for implementing a variety of security policies.

mac_biba:	Implementation of fixed-label Biba integrity policy,
		similar to those found in a number of commercial
		trusted operating systems.  All subjects and objects
		are assigned integrity levels, and information flow
		is controlled based on a read-up, write-down
		policy.  Currently, purely hierarchal.

mac_bsdextended:	Implementation of a "file system firewall",
		which allows the administrator to specify a series
		of rules limiting access by users and groups to
		objects owned by other users and groups.  This
		policy is unlabeled, relying on existing system
		security labeling (file permissions/ownership,
		process credentials).

mac_ifoff:	Secure interface silencing.  Special-purpose module
		to limit inappropriate out-going network traffic
		for silent monitoring scenarios.  Prevents the
		various network stacks from generating any output
		despite an interface being live for reception.

mac_mls:	Implementation of fixed-label Multi-Level Security
		confidentiality policy, similar to those found in
		a number of commercial trusted operating systems.
		All subjects and objects are assigned confidentiality
		levels, and information flow is controlled based on
		a write-up, read-down policy.  Currently, purely
		hiearchal, although non-hierarchal support is in the
		works.

mac_none:	Policy module implementing all MAC policy entry
		points with empty stubs.  A good place to start if
		you want all the prototypes types in for you, and
		don't mind a bit of pruning.  Can be loaded, but
		has no access control impact.  Useful also for
		performance measurements.

mac_seeotheruids:	Policy module implementing a security service
		similar to security.bsd.seeotheruids, only a slightly
		more detailed policy involving exceptions for members
		of specific groups, etc.  This policy is unlabeled,
		relying on existing system security labeling
		(process credentials).

mac_test:	Policy module implementing basic sanity tests for
		label handling.  Attempts to ensure that labels are
		not freed multiple times, etc, etc.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 18:07:45 +00:00
Robert Watson
4ed84624a2 Introduce support for Mandatory Access Control and extensible
kernel access control.

When fragmenting an IP datagram, invoke an appropriate MAC entry
point so that MAC labels may be copied (...) to the individual
IP fragment mbufs by MAC policies.

When IP options are inserted into an IP datagram when leaving a
host, preserve the label if we need to reallocate the mbuf for
alignment or size reasons.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 17:21:01 +00:00
Robert Watson
36b0360b37 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the code managing IP fragment reassembly queues (struct ipq)
to invoke appropriate MAC entry points to maintain a MAC label on
each queue.  Permit MAC policies to associate information with a queue
based on the mbuf that caused it to be created, update that information
based on further mbufs accepted by the queue, influence the decision
making process by which mbufs are accepted to the queue, and set the
label of the mbuf holding the reassembled datagram following reassembly
completetion.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 17:17:51 +00:00
Robert Watson
0ec4b12334 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating an IGMP message, invoke a MAC entry point to permit
the MAC framework to label its mbuf appropriately for the target
interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:46:56 +00:00
Robert Watson
19527d3e22 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating an ARP query, invoke a MAC entry point to permit the
MAC framework to label its mbuf appropriately for the interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:45:16 +00:00
Robert Watson
d3990b06e1 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the MAC framework to label mbuf created using divert sockets.
These labels may later be used for access control on delivery to
another socket, or to an interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI LAbs
2002-07-31 16:42:47 +00:00
Robert Watson
62f5f684fb Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument connect(), listen(), and bind() system calls to invoke
MAC framework entry points to permit policies to authorize these
requests.  This can be useful for policies that want to limit
the activity of processes involving particular types of IPC and
network activity.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:39:49 +00:00
Robert Watson
3afe533f4f Introduce support for Mandatory Access Control and extensible
kernel access control.

Label mbufs received via kernel tunnel device interfaces by invoking
appropriate MAC framework entry points.

Perform access control checks on out-going mbufs delivered via tunnel
interfaces by invoking appropriate MAC entry points:

NOTE: Currently the label for a tunnel interface is not derived from
the label of the process that opened the tunnel interface.  It
probably should be.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:23:42 +00:00
Jake Burkholder
055ca86c52 These file are no longer used (moved to userland and/or merged into
pmap.c).
2002-07-31 16:23:27 +00:00
Robert Watson
43b2936963 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label mbufs received via ethernet-based interfaces by invoking
appropriate MAC framework entry points.

Perform access control checks on out-going mbufs delivered via
ethernet-based interfaces by invoking appropriate MAC entry
points.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:22:02 +00:00
Robert Watson
e70cd26366 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument the interface management code so that MAC labels are
properly maintained on network interfaces (struct ifnet).  In
particular, invoke entry points when interfaces are created and
removed.  MAC policies may initialized the label interface based
on a variety of factors, including the interface name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:16:03 +00:00
Robert Watson
36c4f2b0d8 Introduce support for Mandatory Access Control and extensible
kernel access control.

When decompressing data from one mbuf into another mbuf, preserve the
mbuf label by copying it to the new mbuf.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:13:13 +00:00
Robert Watson
ec272d8708 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke a MAC framework entry point to authorize reception of an
incoming mbuf by the BPF descriptor, permitting MAC policies to
limit the visibility of packets delivered to particular BPF
descriptors.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:11:32 +00:00
Robert Watson
82f4445d4c Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument BPF so that MAC labels are properly maintained on BPF
descriptors.  MAC framework entry points are invoked at BPF
instantiation and allocation, permitting the MAC framework to
derive the BPF descriptor label from the credential authorizing
the device open.  Also enter the MAC framework to label mbufs
created using the BPF device.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:09:38 +00:00
Robert Watson
af05e056ec Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument UFS to support per-inode MAC labels.  In particular,
invoke MAC framework entry points for generically supporting the
backing of MAC labels into extended attributes.  This ends up
introducing new vnode operation vector entries point at the MAC
framework entry points, as well as some explicit entry point
invocations for file and directory creation events so that the
MAC framework can push labels to disk before the directory names
become persistent (this will work better once EAs in UFS2 are
hooked into soft updates).  The generic EA MAC entry points
support executing with the file system in either single label
or multilabel operation, and will fall back to the mount label
if multilabel is not specified at mount-time.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 16:05:30 +00:00
Jake Burkholder
da1416c80c These were repo-copied to have a .S extension. 2002-07-31 15:56:15 +00:00
Robert Watson
5c153c5bb0 Add pathconf/fpathconf entries from POSIX.1e indicating support for
ACLs, Capabilities, Information Labels, and MAC Labels on the
queried file system.
2002-07-31 15:54:03 +00:00
Jake Burkholder
7c467eb823 *.s -> *.S. 2002-07-31 15:52:04 +00:00
Robert Watson
6742f32809 Introduce support for Mandatory Access Control and extensible
kernel access control.

Instrument devfs to support per-dirent MAC labels.  In particular,
invoke MAC framework when devfs directory entries are instantiated
due to make_dev() and related calls, and invoke the MAC framework
when vnodes are instantiated from these directory entries.  Implement
vop_setlabel() for devfs, which pushes the label update into the
devfs directory entry for semi-persistant store.  This permits the MAC
framework to assign labels to devices and directories as they are
instantiated, and export access control information via devfs vnodes.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 15:45:16 +00:00
Jake Burkholder
ba37958b34 Moved the rule for locore.o from kern.post.mk to Makefile.$ARCH. 2002-07-31 14:59:05 +00:00
Josef Karthauser
528d1a7fbc Replace the FOO_DEBUG definitions with USB_DEBUG, and switch the
debugging levels to off by default.  Now that debug levels can be
tweaked by sysctl we don't need to go through hoops to get the
different usb parts to produce debug data.
2002-07-31 14:34:36 +00:00
Josef Karthauser
6ada40b009 Make this compile with the debugging options switched on. 2002-07-31 14:27:40 +00:00
Josef Karthauser
163ddd953b Wake up Joe! It would help if I included sys/sysctl.h. 2002-07-31 14:20:07 +00:00
Josef Karthauser
140d7e756f Add a sysctl (debug.usb.uhub) for tweaking the uhub debug levels. 2002-07-31 13:58:15 +00:00
Poul-Henning Kamp
ab4db9b74f The Elan SC520 MMCR is actually 16bit wide, so u_char is inconvenient. 2002-07-31 13:45:44 +00:00
Josef Karthauser
0e6b196686 Get bored with hard coded debug level variables and introduce a debug.usb
sysctl tree for tweaking them real-time.

Reviewed by:	iedowse
2002-07-31 13:33:55 +00:00
Dag-Erling Smørgrav
aefe27a25c Have the kern.file sysctl export xfiles rather than files. The truth is
out there!

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:26:52 +00:00
Dag-Erling Smørgrav
3072197229 Nit in previous commit: the correct sysctl type is "S,xvnode" 2002-07-31 12:25:28 +00:00
Dag-Erling Smørgrav
217b2a0b61 Initialize v_cachedid to -1 in getnewvnode().
Reintroduce the kern.vnode sysctl and make it export xvnodes rather than
vnodes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:24:35 +00:00
Dag-Erling Smørgrav
4eee8de77c Introduce struct xvnode, which will be used instead of struct vnode for
sysctl purposes.  Also add two fields to struct vnode, v_cachedfs and
v_cachedid, which hold the vnode's device and file id and are filled in
by vn_open_cred() and vn_stat().

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:19:49 +00:00
Dag-Erling Smørgrav
84baf7a20f Add struct xfile, which will be used instead of struct file for sysctl
purposes.

Sponsored by:	DARPA, NAI Labs
2002-07-31 12:16:51 +00:00
Josef Karthauser
5e33115f05 It should be "ucom", not "usio". 2002-07-31 10:52:46 +00:00
Josef Karthauser
39db6f7ae0 Regen 2002-07-31 10:05:58 +00:00
Josef Karthauser
0919ca4bc4 MFNetBSD: uvisor.c (1.14, 1.15)
Add support for Palm (M500, M505, M125) and Sony devices (Clie 4.0 and 4.1).
2002-07-31 10:05:26 +00:00
Josef Karthauser
34b549fdf3 Remove trailing white spaces
Obtained from: NetBSD (1.16)
2002-07-31 09:24:41 +00:00
Josef Karthauser
f8d314e7c6 Regen 2002-07-31 09:09:50 +00:00
Josef Karthauser
1dc3ed04a2 Add the HP ScanJet 2200C. 2002-07-31 09:07:56 +00:00
Josef Karthauser
7ab45e978a Enable the HP 2200C and Visioneer Scanport 3000 scanners, and remove
some trailing spaces whilst I'm here.

Obtained from:	NetBSD.
2002-07-31 09:05:52 +00:00
Josef Karthauser
b2dd67bba5 Add the Primax (Visioneer) 6200 scanner.
Obtained from:	OpenBSD (via NetBSD)
2002-07-31 08:51:32 +00:00
Alan Cox
67c1fae92e o Lock page accesses by vm_page_io_start() with the page queues lock.
o Assert that the page queues lock is held in vm_page_io_start().
2002-07-31 07:27:08 +00:00
Poul-Henning Kamp
c3a0d1d4e1 I forgot this bit of uglyness in the fsck_ffs cleanup. 2002-07-31 07:01:18 +00:00
Robert Watson
335654d73e Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on sockets.
In particular, invoke entry points during socket allocation and
destruction, as well as creation by a process or during an
accept-scenario (sonewconn).  For UNIX domain sockets, also assign
a peer label.  As the socket code isn't locked down yet, locking
interactions are not yet clear.  Various protocol stack socket
operations (such as peer label assignment for IPv4) will follow.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 03:03:22 +00:00
Robert Watson
07bdba7e2d Note that the privilege indicating flag to vaccess() originally used
by the process accounting system is now deprecated.
2002-07-31 02:05:12 +00:00
Robert Watson
a0ee6ed1c0 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on vnodes.
In particular, initialize the label when the vnode is allocated or
reused, and destroy the label when the vnode is going to be released,
or reused.  Wow, an object where there really is exactly one place
where it's allocated, and one other where it's freed.  Amazing.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 02:03:46 +00:00
Robert Watson
e32a5b94d8 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke additional MAC entry points when an mbuf packet header is
copied to another mbuf: release the old label if any, reinitialize
the new header, and ask the MAC framework to copy the header label
data.  Note that this requires a potential allocation operation,
but m_copy_pkthdr() is not permitted to fail, so we must block.
Since we now use interrupt threads, this is possible, but not
desirable.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:51:34 +00:00
Robert Watson
a3abeda755 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on header
mbufs.  In particular, invoke entry points during the two mbuf
header allocation cases, and the mbuf freeing case.  Pass the "how"
argument at allocation time to the MAC framework so that it can
determine if it is permitted to block (as with policy modules),
and permit the initialization entry point to fail if it needs to
allocate memory but is not permitted to, failing the mbuf
allocation.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:42:19 +00:00
Robert Watson
2712d0ee89 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement MAC framework access control entry points relating to
operations on mountpoints.  Currently, this consists only of
access control on mountpoint listing using the various statfs()
variations.  In the future, it might also be desirable to
implement checks on mount() and unmount().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:27:33 +00:00
Robert Watson
a87cdf8335 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
mount structures.  In particular, invoke entry points for
intialization and destruction in various scenarios (root,
non-root).  Also introduce an entry point in the boot procedure
following the mount of the root file system, but prior to the
start of the userland init process to permit policies to
perform further initialization.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 01:11:29 +00:00
Robert Watson
8a1d977d66 Introduce support for Mandatory Access Control and extensible
kernel access control.

Implement inter-process access control entry points for the MAC
framework.  This permits policy modules to augment the decision
making process for process and socket visibility, process debugging,
re-scheduling, and signaling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:48:24 +00:00
Semen Ustimenko
b0c1faefdd Fix a problem with sendfile() syscall by always doing I/O via bread() in
ntfs_read(). This guarantee that requested cache pages will be valid if
UIO_NOCOPY specifed.

PR:		bin/34072, bin/36189
MFC after:	1 week
2002-07-31 00:42:57 +00:00
Robert Watson
4024496496 Introduce support for Mandatory Access Control and extensible
kernel access control.

Invoke the necessary MAC entry points to maintain labels on
process credentials.  In particular, invoke entry points for
the initialization and destruction of struct ucred, the copying
of struct ucred, and permit the initial labels to be set for
both process 0 (parent of all kernel processes) and process 1
(parent of all user processes).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:39:19 +00:00
Robert Watson
47ac133d33 Regen. 2002-07-31 00:16:58 +00:00
Robert Watson
9453a033ff Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-31 00:03:26 +00:00
Josef Karthauser
7ebe6f9e2f Regen 2002-07-30 23:30:56 +00:00
Josef Karthauser
3fc6710b56 Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD
2002-07-30 23:30:15 +00:00
Ian Dowse
b4dc6ff9bc Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.
2002-07-30 23:26:22 +00:00
Robert Watson
04f3985d88 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:12:37 +00:00
Robert Watson
549e4c9e4e Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:09:20 +00:00
Robert Watson
19930ae546 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:06:07 +00:00
Robert Watson
39bd868cc3 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 23:03:29 +00:00
Robert Watson
55fb783052 Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.
2002-07-30 22:43:20 +00:00
Robert Watson
781caa8157 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:39:28 +00:00
Robert Watson
87acada933 Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:33:28 +00:00
Warner Losh
abf24f80a6 Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day
2002-07-30 22:28:43 +00:00
Robert Watson
fae89e29b1 Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:28:28 +00:00
Robert Watson
3b2e600940 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:22:35 +00:00
Robert Watson
f8ef020e2e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:15:09 +00:00
Robert Watson
f3cfa6072e Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:08:12 +00:00
Robert Watson
f33168f292 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 22:03:57 +00:00
Bill Fenner
e34c1b84b7 Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump . 2002-07-30 21:47:14 +00:00
Robert Watson
95fab37ea8 Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:36:05 +00:00
Robert Watson
ddcdf2650b Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 21:32:34 +00:00
Julian Elischer
4d492b4369 Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org
2002-07-30 21:13:48 +00:00
Bosko Milekic
c89137ff90 Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.
2002-07-30 21:06:27 +00:00
Alan Cox
1812190d09 o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
in vfs_busy_pages().
2002-07-30 20:41:10 +00:00
Julian Elischer
b8e45df779 Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.
2002-07-30 20:34:30 +00:00
Mitsuru IWASAKI
b69ed3f4c6 Resolve conflicts arising from the ACPI CA 20020725 import. 2002-07-30 19:35:32 +00:00
Mitsuru IWASAKI
432a633569 This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.
2002-07-30 19:33:39 +00:00
Mitsuru IWASAKI
da9df8d45e Vendor import of the Intel ACPI CA 20020725 drop. 2002-07-30 19:33:39 +00:00
Alan Cox
1161b86a15 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.
2002-07-30 18:51:07 +00:00
Robert Watson
e66c87b70e When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:48:25 +00:00
Robert Watson
e37b1fcdee Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 18:28:58 +00:00
Josef Karthauser
ca095220db Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>
2002-07-30 17:44:28 +00:00
John Baldwin
c038666eae If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp
2002-07-30 17:31:42 +00:00
Robert Watson
4266d0d0ce Regen. 2002-07-30 16:52:22 +00:00
Robert Watson
aedbd622fe Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 16:50:25 +00:00
Maxim Sobolev
47c7de587b Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks
2002-07-30 16:24:00 +00:00
Jacques Vidrine
89ab930718 For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>
2002-07-30 15:38:29 +00:00
Poul-Henning Kamp
9fbc6a330d Fix braino in last commit. 2002-07-30 12:02:41 +00:00
Poul-Henning Kamp
17b1994bbe Move ffs_isfreeblock() to ffs_alloc.c and make it static.
Sponsored by: DARPA & NAI Labs.
2002-07-30 11:54:48 +00:00
Maxim Sobolev
3c7d68acc8 Regen after usbdevs rev.1.95. 2002-07-30 11:03:50 +00:00
Maxim Sobolev
b8d95a688e Add ID for Luwen EasyDisk USB flash memory drive.
PR:		41081
Submitted by:	demon
MFC after:	5 days
2002-07-30 11:02:35 +00:00
Maxim Sobolev
b047aa218b Add a quick check that device actually has sound capabilities. The problem
is that some cards built around fm801 chip have the same device ID, only
have radio tuner onboard, but no sound capabilities. Therefore, with such
card inserted and `device pcm' in kernel the user has a big problem, as
the fm801 driver effectively hangs the machine when trying to initialise
nonexistent ac97 codecs (it does 500 retries with 1 second interval!).
It would be better if MediaForte's engeneers were smart enough to put
different device ID into such cards, but it isn't an option.

MFC after:	2 weeks
2002-07-30 10:54:19 +00:00
Seigo Tanimura
133267776c In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may
be swapped out.  Do not put such the thread directly back to the run
queue.

Spotted by:	David Xu <davidx@viasoft.com.cn>

While I am here, s/PS_TIMEOUT/TDF_TIMEOUT/.
2002-07-30 10:12:11 +00:00
Jeff Roberson
c72f085d04 - Add vfs_badlock_{print,panic} support to the remaining VOP_ASSERT_*
macros.
2002-07-30 09:57:37 +00:00
Jeff Roberson
cf409a0a98 - Add automatic post vop debug checks. These work in both the success and
failure cases.
2002-07-30 08:52:00 +00:00
Jeff Roberson
1e4c7a1368 - Acknowledge recursive vnode locks in the vop_unlock specification. The
vnode may not be unlocked even if the operation succeeded.
2002-07-30 08:50:52 +00:00
Alan Cox
32585dd617 o In vm_object_madvise() and vm_object_page_remove() replace
vm_page_sleep_busy() with vm_page_sleep_if_busy().  At the same time,
   increase the scope of the page queues lock.  (This should significantly
   reduce the locking overhead in vm_object_page_remove().)
 o Apply some style fixes.
2002-07-30 07:23:04 +00:00
Seigo Tanimura
9eb881f804 - Optimize wakeup() and its friends; if a thread waken up is being
swapped in, we do not have to ask for the scheduler thread to do
  that.

- Assert that a process is not swapped out in runq functions and
  swapout().

- Introduce thread_safetoswapout() for readability.

- In swapout_procs(), perform a test that may block (check of a
  thread working on its vm map) first.  This lets us call swapout()
  with the sched_lock held, providing a better atomicity.
2002-07-30 06:54:05 +00:00
Alan Cox
bfd2867046 o Lock page queue accesses by pmap_release_free_page(). 2002-07-30 06:45:39 +00:00
Jake Burkholder
61f869600d Add definitions for statistical and high-resolution profiling. The calling
conventions for _mcount and __cyg_profile_func_enter are different, so
statistical profiling kernels build and link but don't actually work.
IWBNI one could tell gcc to only generate calls to the former.

Define uintfptr_t properly for userland, but not for the kernel (I hope).
2002-07-30 06:14:34 +00:00
Jake Burkholder
c465faf9d4 The data cache on UltraSPARC III is not directly mapped, so don't assert
that.  This breaks assumptions made by some of the cache flushing code,
but UltraSPARC III has different methods for invalidating cache lines
anyway.
2002-07-30 05:48:33 +00:00
Mike Silbersack
c4441bc769 Update docs to reflect change in count of procs reserved for root
from 1 to 10.

PR:             kern/40515
Submitted by:   David Schultz <dschultz@uclink.Berkeley.EDU>
MFC after:      1 day
2002-07-30 05:37:00 +00:00
Jake Burkholder
4cfeb177e8 Panic if the data cache has too many virtual colors (more than 2). 2002-07-30 04:19:07 +00:00
Jake Burkholder
7968e6d2b2 Use _ALIGN_DATA and _ALIGN_TEXT. 2002-07-30 02:27:24 +00:00
Robert Watson
03a719dcd1 Rebuild of files generated from syscalls.master.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:09:24 +00:00
Robert Watson
5d37d00afc Prototype function arguments, only with MAC-specific structures
replaced with void until we bring in the actual structure definitions.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:06:34 +00:00
Robert Watson
e35b3494da Hook up kern_mac.c to the build.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:04:56 +00:00
Robert Watson
7bc8250003 Stubs for the TrustedBSD MAC system calls to permit TrustedBSD MAC
userland code to operate on kernel's from the main tree.  Not much
in this file yet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-07-30 02:04:05 +00:00
Alan Cox
e5f8bd9418 o Introduce vm_page_sleep_if_busy() as an eventual replacement for
vm_page_sleep_busy().  vm_page_sleep_if_busy() uses the page
   queues lock.
2002-07-29 19:41:22 +00:00
Julian Elischer
b7f2cf173e Remove a XXXKSE comment. the code is no longer a problem.. 2002-07-29 18:47:19 +00:00
Julian Elischer
1d7b9ed2e6 Create a new thread state to describe threads that would be ready to run
except for the fact tha they are presently swapped out. Also add a process
flag to indicate that the process has started the struggle to swap
back in. This will be  needed for the case where multiple threads
start the swapin action top a collision. Also add code to stop
a process fropm being swapped out if one of the threads in this
process is actually off running on another CPU.. that might hurt...

Submitted by:	Seigo Tanimura <tanimura@r.dl.itc.u-tokyo.ac.jp>
2002-07-29 18:33:32 +00:00
Mike Barcroft
49545b3891 Create a new header <machine/_stdint.h> for storing MD parts of
<stdint.h>.  Previously, parts were defined in <machine/ansi.h> and
<machine/limits.h>.  This resulted in two problems:
  (1) Defining macros in <machine/ansi.h> gets in the way of that
      header only defining types.
  (2) Defining C99 limits in <machine/limits.h> adds pollution to
      <limits.h>.
2002-07-29 17:41:23 +00:00
Warner Losh
08c0f3d917 If we are in hostap mode, do not go into promisc mode. This causes
problems with the firmware and will result in a) poor performance and
b) the inability to associate certain types of cards (most notibly
cisco).

Idea obtained from OpenBSD, but I implemented it by clearing the
IFF_PROMISC flag rather than the refusing to honor it downstream.
2002-07-29 15:36:22 +00:00
Ruslan Ermilov
d2893b161b Drop support for COPY, -c has been the default mode of install(1)
for a long time now.

Approved by:	bde
2002-07-29 09:40:17 +00:00
Maxim Konovalov
d46a53126c Use a common way to release locks before exit.
Reviewed by:	hsu
2002-07-29 09:01:39 +00:00
Jeff Roberson
3b82505bb2 - Add VBAD to the list of vnodes that are ignored on locking operations. 2002-07-29 07:45:57 +00:00
Jeff Roberson
a562685f65 - Backout the patch made in revision 1.75 of vfs_mount.c. The vputs here
were hiding the real problem of the missing unlock in sync_inactive.
 - Add the missing unlock in sync_inactive.

Submitted by:	iedowse
2002-07-29 06:26:55 +00:00
Alan Cox
14f8ceaa07 o Pass VM_ALLOC_WIRED to vm_page_grab() rather than calling vm_page_wire()
in pmap_new_thread(), pmap_pinit(), and vm_proc_new().
 o Lock page queue accesses by vm_page_free() in pmap_object_init_pt().
2002-07-29 05:42:44 +00:00
Mike Silbersack
e2102ae475 Revert rev 1.131.
1.131 is slightly broken, and I would commit the fix to that here, but it
has been reported that any deviation from the original code is causing
problems with some 82557 chips, causing them to lock hard.

Until those issues have been figured out, going back to the original
code is the best plan.

Frustrated:	Silby
2002-07-29 04:32:35 +00:00