We now also read configuration information for the SCSI cards- this allows
us to try and say what the speed settings now are.
Start, but not yet complete, the process of reorgs && #defines so that we
can backport to RELENG_4 pretty soon.
but since pc hardware only allows one AT-style keyboard controller, this
doesn't seem particularly urgent. (I do not know what the old sunriver
remote keyboard/mouse/vga cards do, that might be an exception).
little more than a place holder, because nothing actually counted the
number of 'sc' units to compare it against NSC. A bit more work here
is needed so that the scaling of SC_MAX_HISTORY_SIZE and extra_history_size
goes up when more sc units are added. But, it does not appear that we can
have more than one console yet, so it does not seem particularly urgent.
proc locking when revoking access to mmaps. Instead, perform this
later once we've changed the process label (hold onto a reference
to the new cred so that we don't lose it when we release the
process lock if another thread changes the credential).
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
for mac_check_vnode_{poll,read,stat,write}(). Pass in fp->f_cred
when calling these checks with a struct file available. Otherwise,
pass NOCRED. All currently MAC policies use active_cred, but
could now offer the cached credential semantic used for the base
system security model.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
can offer new services without reserving system call numbers, or
augmented versions of existing services. User code requests a
target policy by name, and specifies the policy-specific API plus
target. This is required in particular for our port of SELinux/FLASK
to the MAC framework since it offers additional security services.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
mac_check_pipe_poll(), mac_check_pipe_read(), mac_check_pipe_stat(),
and mac_check_pipe_write(). This is improves consistency with other
access control entry points and permits security modules to only
control the object methods that they are interested in, avoiding
switch statements.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
mac_check_vnode_poll(), mac_check_vnode_read(), mac_check_vnode_write().
This improves the consistency with other existing vnode checks, and
allows policies to avoid implementing switch statements to determine
what operations they do and do not want to authorize.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Also, for all interfaces in this mode pass all ethernet frames to upper layer,
even those not addressed to our own MAC, which allows packets encapsulated
in those frames be processed with packet filters (ipfw(8) et al).
Emphatically requested by: Anton Turygin <pa3op@ukr-link.net>
Valuable suggestions by: fenner
we can check and use it later on.
Change the pieces of code which relied on mount->mnt_stat.f_owner
to check which user mounted the filesystem.
This became needed as the EA code needs to be able to allocate
blocks for "system" EA users like ACLs.
There seems to be some half-baked (probably only quarter- actually)
notion that the superuser for a given filesystem is the user who
mounted it, but this has far from been carried through. It is
unclear if it should be.
Sponsored by: DARPA & NAI Labs.
the environment for the last command of the pipeline (xargs) instead
of too early in the broken version or using an extra env process for
each command spawned by xargs as in rev.1.12. Fixed a nearby English
error.
opening the device, eg one read only and one write only, and the
reference count being non-zero when both exit rendering device
permanently busy.
PR: kern/35004
Submitted by: Bill Wells
MFC after: 3 days
not meant to duplicate) TCP/Vegas. Add four sysctls and default the
implementation to 'off'.
net.inet.tcp.inflight_enable enable algorithm (defaults to 0=off)
net.inet.tcp.inflight_debug debugging (defaults to 1=on)
net.inet.tcp.inflight_min minimum window limit
net.inet.tcp.inflight_max maximum window limit
MFC after: 1 week
load f/w images > 0x7fff words), set ISP_FW_ATTR_SCCLUN. We explicitly
don't believe we can find attributes if f/w is < 1.17.0, so we have to
set SCCLUN for the 1.15.37 f/w we're using manually- otherwise every
target will replicate itself across all 16 supported luns for non-SCCLUN
f/w.
Correctly set things up for 23XX and either fast posting or ZIO. The
23XX, it turns out, does not support RIO. If you put a non-zero value
in xfwoptions, this will disable fast posting. If you put ICBXOPT_ZIO
in xfwoptions, then the 23XX will do interrupt delays but post to the
response queue- apparently QLogic *now* believes that reading multiple
handles from registers is less of a win than writing (and delaying)
multiple 64 byte responses to the response queue.
At the end of taking a a good f/w crash dump, send the ISPASYNC_FW_DUMPED
event to the outer layers (who can then do things like wake a user
daemon to *fetch* the crash image, etc.).
fast posting command completion, and fast post CTIO completion,
the upper half of Risc2Host is a copy of mailbox #1- *not*
mailbox #0.
MFC after: 1 day
accept an 'active_cred' argument reflecting the credential of the thread
initiating the ioctl operation.
- Change fo_ioctl() to accept active_cred; change consumers of the
fo_ioctl() interface to generally pass active_cred from td->td_ucred.
- In fifofs, initialize filetmp.f_cred to ap->a_cred so that the
invocations of soo_ioctl() are provided access to the calling f_cred.
Pass ap->a_td->td_ucred as the active_cred, but note that this is
required because we don't yet distinguish file_cred and active_cred
in invoking VOP's.
- Update kqueue_ioctl() for its new argument.
- Update pipe_ioctl() for its new argument, pass active_cred rather
than td_ucred to MAC for authorization.
- Update soo_ioctl() for its new argument.
- Update vn_ioctl() for its new argument, use active_cred rather than
td->td_ucred to authorize VOP_IOCTL() and the associated VOP_GETATTR().
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
when this is needed. Work around bogus second PHY in the DFE-580 card
via a change in the if_ste.c driver.
Suggested by: jdp
Reviewed by: jdp
MFC after: 3 days
* Only update cdb in place if not CDB_POINTER
* Correctly check for QFRZ before restarting CCB
* More accurate printf message
* style(9) changes at end
Patch tested successfully on Maxtor 4 G120J6 GAK8.
of the adjusted sb_max into a sysctl handler for sb_max and assigning it to
a variable that is used instead. This eliminates the 32bit multiply and
divide from the fast path that was being done previously.
can avoid the cost of a large number of atomic operations if we're not
interested in the object count statistics.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
fo_read() and fo_write(): explicitly use the cred argument to fo_poll()
as "active_cred" using the passed file descriptor's f_cred reference
to provide access to the file credential. Add an active_cred
argument to fo_stat() so that implementers have access to the active
credential as well as the file credential. Generally modify callers
of fo_stat() to pass in td->td_ucred rather than fp->f_cred, which
was redundantly provided via the fp argument. This set of modifications
also permits threads to perform these operations on behalf of another
thread without modifying their credential.
Trickle this change down into fo_stat/poll() implementations:
- badfo_poll(), badfo_stat(): modify/add arguments.
- kqueue_poll(), kqueue_stat(): modify arguments.
- pipe_poll(), pipe_stat(): modify/add arguments, pass active_cred to
MAC checks rather than td->td_ucred.
- soo_poll(), soo_stat(): modify/add arguments, pass fp->f_cred rather
than cred to pru_sopoll() to maintain current semantics.
- sopoll(): moidfy arguments.
- vn_poll(), vn_statfile(): modify/add arguments, pass new arguments
to vn_stat(). Pass active_cred to MAC and fp->f_cred to VOP_POLL()
to maintian current semantics.
- vn_close(): rename cred to file_cred to reflect reality while I'm here.
- vn_stat(): Add active_cred and file_cred arguments to vn_stat()
and consumers so that this distinction is maintained at the VFS
as well as 'struct file' layer. Pass active_cred instead of
td->td_ucred to MAC and to VOP_GETATTR() to maintain current semantics.
- fifofs: modify the creation of a "filetemp" so that the file
credential is properly initialized and can be used in the socket
code if desired. Pass ap->a_td->td_ucred as the active
credential to soo_poll(). If we teach the vnop interface about
the distinction between file and active credentials, we would use
the active credential here.
Note that current inconsistent passing of active_cred vs. file_cred to
VOP's is maintained. It's not clear why GETATTR would be authorized
using active_cred while POLL would be authorized using file_cred at
the file system level.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Implement the M_SKIP_FIREWALL bit in m_flags to avoid loops
for firewall-generated packets (the constant has to go in sys/mbuf.h).
Better comments on keepalive generation, and enforce dyn_rst_lifetime
and dyn_fin_lifetime to be less than dyn_keepalive_period.
Enforce limits (up to 64k) on the number of dynamic buckets, and
retry allocation with smaller sizes.
Raise default number of dynamic rules to 4096.
Improved handling of set of rules -- now you can atomically
enable/disable multiple sets, move rules from one set to another,
and swap sets.
sbin/ipfw/ipfw2.c:
userland support for "noerror" pipe attribute.
userland support for sets of rules.
minor improvements on rule parsing and printing.
sbin/ipfw/ipfw.8:
more documentation on ipfw2 extensions, differences from ipfw1
(so we can use the same manpage for both), stateful rules,
and some additional examples.
Feedback and more examples needed here.
expensive (!) 64bit multiply, divide, and comparison aren't necessary
(this came in originally from rev 1.19 to fix an overflow with large
sb_max or MCLBYTES).
The 64bit math in this function was measured in some kernel profiles as
being as much as 5-8% of the total overhead of the TCP/IP stack and
is eliminated with this commit. There is a harmless rounding error (of
about .4% with the standard values) introduced with this change,
however this is in the conservative direction (downward toward a
slightly smaller maximum socket buffer size).
MFC after: 3 days
Check if the trapped pc is inside of the demarked sections to implement
fault recovery for copyin etc, instead of pcb_onfault. Handle recovery
from data access exceptions as well as page faults.
Inspired by: bde's sys.dif
make a series of modifications to the credential arguments relating
to file read and write operations to cliarfy which credential is
used for what:
- Change fo_read() and fo_write() to accept "active_cred" instead of
"cred", and change the semantics of consumers of fo_read() and
fo_write() to pass the active credential of the thread requesting
an operation rather than the cached file cred. The cached file
cred is still available in fo_read() and fo_write() consumers
via fp->f_cred. These changes largely in sys_generic.c.
For each implementation of fo_read() and fo_write(), update cred
usage to reflect this change and maintain current semantics:
- badfo_readwrite() unchanged
- kqueue_read/write() unchanged
pipe_read/write() now authorize MAC using active_cred rather
than td->td_ucred
- soo_read/write() unchanged
- vn_read/write() now authorize MAC using active_cred but
VOP_READ/WRITE() with fp->f_cred
Modify vn_rdwr() to accept two credential arguments instead of a
single credential: active_cred and file_cred. Use active_cred
for MAC authorization, and select a credential for use in
VOP_READ/WRITE() based on whether file_cred is NULL or not. If
file_cred is provided, authorize the VOP using that cred,
otherwise the active credential, matching current semantics.
Modify current vn_rdwr() consumers to pass a file_cred if used
in the context of a struct file, and to always pass active_cred.
When vn_rdwr() is used without a file_cred, pass NOCRED.
These changes should maintain current semantics for read/write,
but avoid a redundant passing of fp->f_cred, as well as making
it more clear what the origin of each credential is in file
descriptor read/write operations.
Follow-up commits will make similar changes to other file descriptor
operations, and modify the MAC framework to pass both credentials
to MAC policy modules so they can implement either semantic for
revocation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Label link layer mbufs as they are created for transmission, check
mbufs before delivering them to sockets, label mbufs as they are created
from sockets, and preserve mbuf labels if mbufs are copied.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
we can use the names _receive() and _send() for the receive() and send()
checks. Rename related constants, policy implementations, etc.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
we can use the names _receive() and _send() for the receive() and send()
checks. Rename related constants, policy implementations, etc.
PR:
Submitted by:
Reviewed by:
Approved by:
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
MFC after:
When a pipe or queue has the "noerror" attribute, do not report
drops to the caller (ip_output() and friends).
(2 lines to implement it, 2 lines to document it.)
This will let you simulate losses on the sender side as if they
happened in the middle of the network, i.e. with no explicit feedback
to the sender.
manpage and ipfw2.c changes to follow shortly, together with other
ipfw2 changes.
Requested by: silby
MFC after: 3 days
satisfy consumers of ip_var.h that need a complete definition of
struct ipq and don't include mac.h.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
type of the 'flags' argument m_getcl() was using anyway; m_extadd()
needed to be changed to accept an int instead of a short for 'flags.'
This makes things more consistent and also gives us more bits to
use for m_flags in the future (we have almost run out).
Requested by: sam (Sam Leffler)
elimiates the driver lockup problem reported by many.
Concepts used were taken from Via's if_fet driver. Verification
and implementation were done by Thomas Nystrom.
Submitted by: Thomas Nystrom <thn@saeab.se>
MFC after: 3 days
during a label change resulting in an mmap removal. This is "fail stop"
behavior, which is preferred, although it offers slightly less
transparency.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
(Most of the places where mac.h was recursively included from another
kernel header file. net/netinet to follow.)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Suggested by: bde
us to reduce namespace pollution by doing a nested include of _label.h
rather than mac.h. mac.h contains lots of baggage, whereas _label.h
contains much less. A follow-up sweep to change nested inclusion will
follow. The problem regarding exporting 'struct label' to userland
due to excessive exporting of kernel structures to userland still
needs to be resolved.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Suggested by: bde
