Commit Graph

25084 Commits

Author SHA1 Message Date
Justin T. Gibbs
b95de6dafd aic7770.c:
aic7xxx_pci.c:
	Enable board generation of interrupts only once our handler is
	in place and all other setup has occurred.

aic7xxx.c:
	More conversion of data types to ahc_* names.  tmode_tstate and
	tmode_lstate are the latest victims.

	Clean up the check condition path by branching early rather
	than indenting a giant block of code.

	Add support for target mode initiated sync negotiation.
	The code has been tested by forcing the feature on for
	all devices, but for the moment is left inaccesible until
	a decent mechanism for controlling the behavior is complete.
	Implementing this feature required the removal of the
	old "target message request" mechanism.  The old method
	required setting one of the 16 bit fields to initiate
	negotiation with a particular target.  This had the nice
	effect of being easy to change the request and have it
	effect the next command.  We now set the MK_MESSAGE bit
	on any new command when negotiation is required.  When
	the negotiation is successful, we walk through and clean
	up the bit on any pending commands.  Since we have to walk
	the commands to reset the SCSI syncrate values so no additional
	work is required.  The only drawback of this approach is that
	the negotiation is deferred until the next command is queued to
	the controller.  On the plus side, we regain two bytes of
	sequencer scratch ram and 6 sequencer instructions.

	When cleaning up a target mode instance, never remove the
	"master" target mode state object.  The master contains
	all of the saved SEEPROM settings that control things like
	transfer negotiations.  This data will be cloned as the
	defaults if a target mode instance is re-instantiated.

	Correct a bug in ahc_set_width().  We neglected to update
	the pending scbs to reflect the new parameters.  Since
	wide negotiation is almost always followed by sync
	negotiation it is doubtful that this had any real
	effect.

	When in the target role, don't complain about
	"Target Initiated" negotiation requests when an initiator
	negotiates with us.

	Defer enabling board interrupts until after ahc_intr_enable()
	is called.

	Pull all info that used to be in ahc_timeout for the FreeBSD
	OSM into ahc_dump_card_state().  This info should be printed
	out on all platforms.

aic7xxx.h:
	Add the SCB_AUTO_NEGOITATE scb flag.  This allows us to
	discern the reason the MK_MESSAGE flag is set in the hscb
	control byte.  We only want to clear MK_MESSAGE in
	ahc_update_pending_scbs() if the MK_MESSAGE was set due
	to an auto transfer negotiation.

	Add the auto_negotiate bitfield for each tstate so that
	behavior can be controlled for each of our enabled SCSI
	IDs.

	Use a bus interrupt handler vector in our softc rather
	than hard coding the PCI interrupt handler.  This makes
	it easier to build the different bus attachments to
	the aic7xxx driver as modules.

aic7xxx.reg:
	Remove the TARGET_MSG_REQUEST definition for sequencer ram.

aic7xxx.seq:
	Fix a few target mode bugs:

		o If MK_MESSAGE is set in an SCB, transition to
		  message in phase and notify the kernel so that
		  message delivery can occur.  This is currently
		  only used for target mode initiated transfer
		  negotiation.

		o Allow a continue target I/O to compile without
		  executing a status phase or disconnecting.  If
		  we have not been granted the disconnect privledge
		  but this transfer is larger than MAXPHYS, it may
		  take several CTIOs to get the job done.

	Remove the tests of the TARGET_MSG_REQUEST field in scratch ram.

aic7xxx_freebsd.c:
	Add support for CTIOs that don't disconnect.  We now defer
	the clearing of our pending target state until we see a
	CTIO for that device that has completed sucessfully.

	Be sure to return early if we are in a target only role
	and see an initiator only CCB type in our action routine.

	If a CTIO has the CAM_DIS_DISCONNECT flag set, propogate
	this flag to the SCB.  This flag has no effect if we've
	been asked to deliver status as well.  We will complete
	the command and release the bus in that case.

	Handle the new auto_negotiate field in the tstate correctly.

	Make sure that SCBs for "immediate" (i.e. to continue a non
	disconnected transaction) CTIO requests get a proper mapping
	in the SCB lookup table.  Without this, we'll complain when
	the transaction completes.

	Update ahc_timeout() to reflect the changes to ahc_dump_card_state().

aic7xxx_inline.h:
	Use ahc->bus_intr rather than ahc_pci_intr.
2001-03-29 00:36:35 +00:00
Peter Wemm
32533d5ff9 Regenerate correctly. 2001-03-29 00:06:16 +00:00
Peter Wemm
e665ecb55c Hint: usbdevs_data.h and usbdevs.h are marked:
* THIS FILE IS AUTOMATICALLY GENERATED.  DO NOT EDIT.
Put the Epson 1240 scanner device in the correct place.
2001-03-29 00:05:51 +00:00
Dag-Erling Smørgrav
d67fe1bd2f Prepare for pseudofs. 2001-03-28 22:21:07 +00:00
Robert Watson
ed6397209d o introduce u_cansee(), which performs access control checks between
two subject ucreds.  Unlike p_cansee(), u_cansee() doesn't have
  process lock requirements, only valid ucred reference requirements,
  so is prefered as process locking improves.  For now, back p_cansee()
  into u_cansee(), but eventually p_cansee() will go away.

Reviewed by:	jhb, tmm
Obtained from:	TrustedBSD Project
2001-03-28 20:50:15 +00:00
Hajimu UMEMOTO
9ec5413762 Make per-address input packet counts for lo0 work.
Reported by:	bmah
Submitted by:	Noriyasu KATO <noriyasu.kato@toshiba.co.jp> (via itojun)
2001-03-28 19:47:52 +00:00
Andrew Gallatin
57d4ab2d3e resurrect the declaration of order to unbreak kernel build. Put
it inside the ifdef so as to avoid unused variable warnings
2001-03-28 19:02:08 +00:00
Poul-Henning Kamp
3f865320ba Small patch is required to the USB susbsystem to include support for
Epson Perfection 1240U scanner.

PR:		25565
Submitted by:	Martin Machacek <m@m3a.cz>
2001-03-28 17:58:31 +00:00
John Baldwin
026e76f43e Close a race condition where if we were obtaining a sleep lock and no spin
locks were held, we could be preempted and switch CPU's in between the time
that we set a variable to the list of spin locks on our CPU and the time
that we checked that variable to ensure no spinlocks were held while
grabbing a sleep lock.  Losing the race resulted in checking some other
CPU's spin lock list and bogusly panicing.
2001-03-28 16:11:51 +00:00
Yaroslav Tykhiy
249932144b Fix a number of minor bugs in the VLAN code:
* Initialize the "struct sockaddr_dl sdl" correctly in vlan_setmulti().

  PR: kern/22181

* The driver used to call malloc(..., M_NOWAIT), but to not check the
  return value. Change malloc(..., M_NOWAIT) to malloc(..., M_WAITOK)
  because the corresponding part of code is called from the upper
  half of the kernel only.

  PR: kern/22181

* Make sure a parent interface is up and running before invoking
  its if_start() routine in order to avoid system panic.

  PR: kern/22179 kern/24741 i386/25478

* Do not copy all the flags from a parent mindlessly.

  PR: kern/22179

* Do not call if_down() on a parent interface if it's already down.
  Call if_down() at splimp because if_down() needs that.

  PR: kern/22179

Reviewed by: wollman
2001-03-28 15:52:12 +00:00
John Baldwin
bc4ffcc97f Add missing includes of <sys/sx.h>
Reported by:	peter
2001-03-28 15:04:22 +00:00
Peter Wemm
37c9e8eebd Typo fix. s/criticale_t/critical_t/ 2001-03-28 14:54:28 +00:00
Jesper Skriver
b77d155dd3 MFC candidate.
Change code from PRC_UNREACH_ADMIN_PROHIB to PRC_UNREACH_PORT for
ICMP_UNREACH_PROTOCOL and ICMP_UNREACH_PORT

And let TCP treat PRC_UNREACH_PORT like PRC_UNREACH_ADMIN_PROHIB

This should fix the case where port unreachables for udp returned
ENETRESET instead of ECONNREFUSED

Problem found by:	Bill Fenner <fenner@research.att.com>
Reviewed by:		jlemon
2001-03-28 14:13:19 +00:00
Hellmuth Michaelis
b40cbf61a7 In case the driver runs on an HP NetRaid controller, attempt to properly
decode the BIOS and firmware version and announce the board as HP NetRaid.

This has been tested with a NetRaid 3si controller, the BIOS/firmware
printout should also work for other NetRaid controllers but the type
detection for other NetRaids (such as the 1si) will not work due to the
lack of hardware.

Reviewed by:	msmith
2001-03-28 14:11:15 +00:00
Alfred Perlstein
d6436d0f22 Forgot to add pci_if.h to SRCS
Pointed out by: phk
2001-03-28 13:42:42 +00:00
John Baldwin
f7012f592a - s/mutexes/locks/g in appropriate comments.
- Rename the 'show mutexes' ddb command to 'show locks' since it shows
  a list of all the lock objects held by the current process.
2001-03-28 12:39:40 +00:00
John Baldwin
1005a129e5 Convert the allproc and proctree locks from lockmgr locks to sx locks. 2001-03-28 11:52:56 +00:00
John Baldwin
c739adbf42 Pass in a pointer to the mutex's lock_object as the second argument to
WITNESS_SLEEP() rather than the mutex itself.
2001-03-28 10:41:15 +00:00
John Baldwin
f34fa851e0 Catch up to header include changes:
- <sys/mutex.h> now requires <sys/systm.h>
- <sys/mutex.h> and <sys/sx.h> now require <sys/lock.h>
2001-03-28 09:17:56 +00:00
John Baldwin
5e980e229f Use mtx_initiaalized() rather than violating the internals of the mutex
structure.
2001-03-28 09:04:25 +00:00
John Baldwin
192846463a Rework the witness code to work with sx locks as well as mutexes.
- Introduce lock classes and lock objects.  Each lock class specifies a
  name and set of flags (or properties) shared by all locks of a given
  type.  Currently there are three lock classes: spin mutexes, sleep
  mutexes, and sx locks.  A lock object specifies properties of an
  additional lock along with a lock name and all of the extra stuff needed
  to make witness work with a given lock.  This abstract lock stuff is
  defined in sys/lock.h.  The lockmgr constants, types, and prototypes have
  been moved to sys/lockmgr.h.  For temporary backwards compatability,
  sys/lock.h includes sys/lockmgr.h.
- Replace proc->p_spinlocks with a per-CPU list, PCPU(spinlocks), of spin
  locks held.  By making this per-cpu, we do not have to jump through
  magic hoops to deal with sched_lock changing ownership during context
  switches.
- Replace proc->p_heldmtx, formerly a list of held sleep mutexes, with
  proc->p_sleeplocks, which is a list of held sleep locks including sleep
  mutexes and sx locks.
- Add helper macros for logging lock events via the KTR_LOCK KTR logging
  level so that the log messages are consistent.
- Add some new flags that can be passed to mtx_init():
  - MTX_NOWITNESS - specifies that this lock should be ignored by witness.
    This is used for the mutex that blocks a sx lock for example.
  - MTX_QUIET - this is not new, but you can pass this to mtx_init() now
    and no events will be logged for this lock, so that one doesn't have
    to change all the individual mtx_lock/unlock() operations.
- All lock objects maintain an initialized flag.  Use this flag to export
  a mtx_initialized() macro that can be safely called from drivers.  Also,
  we on longer walk the all_mtx list if MUTEX_DEBUG is defined as witness
  performs the corresponding checks using the initialized flag.
- The lock order reversal messages have been improved to output slightly
  more accurate file and line numbers.
2001-03-28 09:03:24 +00:00
John Baldwin
c31146a14e - Resort some includes to deal with the new witness code coming in shortly.
- Make sure we have Giant locked before calling coredump() in sigexit().

Spotted by:	peter (2)
2001-03-28 08:41:04 +00:00
Jonathan Lemon
e3768ebb1b Back out previous commit until I figure out a way to do it properly.
We really want to be able to say "auto NWAY", "limited NWAY", and
"no NWAY".  Unfortunately, this does not appear to be possible with
the current mediaopt structure.
2001-03-28 07:01:45 +00:00
Mark Murray
d2de224265 Fix nasty corruption problem where a 64bit variable was being used
(overflowed) to catch a 256bit result.

Hard work done by:	jhb
2001-03-28 06:27:42 +00:00
Alfred Perlstein
0d5b5df5cb Add support for the Addtron AWA100 PCI wireless card.
The AWA100 is a PCI board with a PLX 9052 chip that's used to talk to
the pccard inserted into the board.

Remove a redundant $FreeBSD while I'm here.
2001-03-28 05:05:05 +00:00
John Baldwin
486b8ac04a Don't explicitly zero p_intr_nesting_level and p_aioinfo in fork. 2001-03-28 03:14:14 +00:00
John Baldwin
3d370aadbe - Fix a whitespace bogon with p_blocked.
- Move p_intr_nesting_level, p_aioinfo, and p_ithd into the zero'd area
  so that we don't have to explicitly zero them during fork().
2001-03-28 03:08:59 +00:00
John Baldwin
0006681fe6 Switch from save/disable/restore_intr() to critical_enter/exit(). 2001-03-28 03:06:10 +00:00
John Baldwin
b944b9033a Catch up to the mtx_saveintr -> mtx_savecrit change. 2001-03-28 02:46:21 +00:00
John Baldwin
35a472461a Use mtx_intr_enable() on sched_lock to ensure child processes always start
with interrupts enabled rather than calling the no-longer MI function
enable_intr().  This is bogus anyways and in theory shouldn't even be
needed.
2001-03-28 02:44:11 +00:00
John Baldwin
6283b7d01b - Switch from using save/disable/restore_intr to using critical_enter/exit
and change the u_int mtx_saveintr member of struct mtx to a critical_t
  mtx_savecrit.
- On the alpha we no longer need a custom _get_spin_lock() macro to avoid
  an extra PAL call, so remove it.
- Partially fix using mutexes with WITNESS in modules.  Change all the
  _mtx_{un,}lock_{spin,}_flags() macros to accept explicit file and line
  parameters and rename them to use a prefix of two underscores.  Inside
  of kern_mutex.c, generate wrapper functions for
  _mtx_{un,}lock_{spin,}_flags() (only using a prefix of one underscore)
  that are called from modules.  The macros mtx_{un,}lock_{spin,}_flags()
  are mapped to the __mtx_* macros inside of the kernel to inline the
  usual case of mutex operations and map to the internal _mtx_* functions
  in the module case so that modules will use WITNESS and KTR logging if
  the kernel is compiled with support for it.
2001-03-28 02:40:47 +00:00
John Baldwin
034dc442ad - Add the new critical_t type used to save state inside of critical
sections.
- Add implementations of the critical_enter() and critical_exit() functions
  and remove restore_intr() and save_intr().
- Remove the somewhat bogus disable_intr() and enable_intr() functions on
  the alpha as the alpha actually uses a priority level and not simple bit
  flag on the CPU.
2001-03-28 02:31:54 +00:00
John Baldwin
090697c65b Revert previous commit which had a bogus message. It actually just
disabled the somewhat annoying KTR log trace for clock interrupts.
2001-03-28 02:03:29 +00:00
John Baldwin
82da2f64b3 - Include <machine/prom.h> to get the prototype for prom_halt().
- If there is no gdb device, just return without trying to return any
  value since gdb_handle_exception() returns void.
- When calling prom_halt(), pass in a value telling it to actually halt
  and not to randomly choose whether or not to halt or reboot depending on
  whatever value happened to be in a0 when the call was made.
2001-03-28 01:54:06 +00:00
Paul Saab
6b8b8c7fdc Last commit was broken.. It always prints '[CTRL-C to abort]'.
Move duplicate code for printing the status of the dump and checking
for abort into a separate function.

Pointy hat to:	me
2001-03-28 01:37:29 +00:00
Andrew Gallatin
919eea6db9 Check whether we need to do a full restore after handling ASTs. If
an AST results in a signal being delivered, we'll need to do a full register
restore so as to properly setup the signal handler.  This is somewhat of
a pessimization, because ast() will be called twice in this case.

This fixes several problems that have been reported where signal intensive
userland apps (most notably dump) have been SEGV'ing for no fault of their
own.

Thanks to Peter Jeremy <peter.jeremy@alcatel.com.au> for presenting the
AST scenario which led to me fiinally figuring this out.

Reviewed by: jhb
2001-03-28 01:19:41 +00:00
David Malone
d1cadeb02a Don't leak the memory we've just malloced if we can't find the
process we're looking for. (I don't think this can currently
happen, but it depends how the function is called).

PR:		25932
Submitted by:	David Xu <davidx@viasoft.com.cn>
2001-03-27 20:49:51 +00:00
Coleman Kane
05ca2115ba Remove NOMAN 2001-03-27 19:04:09 +00:00
Ruslan Ermilov
4a558355e5 MAN[1-9] -> MAN. 2001-03-27 17:27:19 +00:00
Yaroslav Tykhiy
ccb7cc8ddd Don't bypass notifying a corresponding interface
when leaving a link-layer multicast group.

PR:		kern/22176
Reviewed by:	wollman
2001-03-27 13:15:57 +00:00
Yaroslav Tykhiy
4cbc8ad1bb Add a missing m_pullup() before a mtod() in in_arpinput().
PR: kern/22177
Reviewed by: wollman
2001-03-27 12:34:58 +00:00
Ruslan Ermilov
aa7664372f MAN[1-9] -> MAN. 2001-03-27 11:59:22 +00:00
Ruslan Ermilov
7da4bd3beb Reflect recent bsd.man.mk changes here, but do not assign the
default MAN=${KMOD}.4 value for now.  This feature was broken
before, and enabling it now would cause 92 Makefiles to fail.
2001-03-27 11:50:44 +00:00
Søren Schmidt
7acf4af808 Use PLAY_MSF instead of PLAY_BIG when doing audio play.
The fixes the problem of PLAY_BIG not being implemented on
some modern drives.

The problem now is that some old drives use BSD encoding
in the MSF case, which they dont tell, and which is also
not according to spec *sigh*. Hopefully there are not
too many of those still alive, or I hereby grant
license to kill the firmware writers that wrote the mess.
2001-03-27 10:22:50 +00:00
Yaroslav Tykhiy
ae5fa19aa9 Make cblock_alloc_cblocks() spell its own name
correctly in its warning message.

PR: kern/7693
2001-03-27 10:21:26 +00:00
Paul Saab
f2a404d5a6 Change the dump routines to only abort if control-c is pressed.
If any other key is pressed, print a message stating that control-c
is how to abort.

Reviewed by:	peter
2001-03-27 06:24:08 +00:00
Kenneth D. Merry
3393f8daa3 Rewrite of the CAM error recovery code.
Some of the major changes include:

	- The SCSI error handling portion of cam_periph_error() has
	  been broken out into a number of subfunctions to better
	  modularize the code that handles the hierarchy of SCSI errors.
	  As a result, the code is now much easier to read.

	- String handling and error printing has been significantly
	  revamped.  We now use sbufs to do string formatting instead
	  of using printfs (for the kernel) and snprintf/strncat (for
	  userland) as before.

	  There is a new catchall error printing routine,
	  cam_error_print() and its string-based counterpart,
	  cam_error_string() that allow the kernel and userland
	  applications to pass in a CCB and have errors printed out
	  properly, whether or not they're SCSI errors.  Among other
	  things, this helped eliminate a fair amount of duplicate code
	  in camcontrol.

	  We now print out more information than before, including
	  the CAM status and SCSI status and the error recovery action
	  taken to remedy the problem.

	- sbufs are now available in userland, via libsbuf.  This
	  change was necessary since most of the error printing code
	  is shared between libcam and the kernel.

	- A new transfer settings interface is included in this checkin.
	  This code is #ifdef'ed out, and is primarily intended to aid
	  discussion with HBA driver authors on the final form the
	  interface should take.  There is example code in the ahc(4)
	  driver that implements the HBA driver side of the new
	  interface.  The new transfer settings code won't be enabled
	  until we're ready to switch all HBA drivers over to the new
	  interface.

src/Makefile.inc1,
lib/Makefile:		Add libsbuf.  It must be built before libcam,
			since libcam uses sbuf routines.

libcam/Makefile:	libcam now depends on libsbuf.

libsbuf/Makefile:	Add a makefile for libsbuf.  This pulls in the
			sbuf sources from sys/kern.

bsd.libnames.mk:	Add LIBSBUF.

camcontrol/Makefile:	Add -lsbuf.  Since camcontrol is statically
			linked, we can't depend on the dynamic linker
			to pull in libsbuf.

camcontrol.c:		Use cam_error_print() instead of checking for
			CAM_SCSI_STATUS_ERROR on every failed CCB.

sbuf.9:			Change the prototypes for sbuf_cat() and
			sbuf_cpy() so that the source string is now a
			const char *.  This is more in line wth the
			standard system string functions, and helps
			eliminate warnings when dealing with a const
			source buffer.

			Fix a typo.

cam.c:			Add description strings for the various CAM
			error status values, as well as routines to
			look up those strings.

			Add new cam_error_string() and
			cam_error_print() routines for userland and
			the kernel.

cam.h:			Add a new CAM flag, CAM_RETRY_SELTO.

			Add enumerated types for the various options
			available with cam_error_print() and
			cam_error_string().

cam_ccb.h:		Add new transfer negotiation structures/types.

			Change inq_len in the ccb_getdev structure to
			be "reserved".  This field has never been
			filled in, and will be removed when we next
			bump the CAM version.

cam_debug.h:		Fix typo.

cam_periph.c:		Modularize cam_periph_error().  The SCSI error
			handling part of cam_periph_error() is now
			in camperiphscsistatuserror() and
			camperiphscsisenseerror().

			In cam_periph_lock(), increase the reference
			count on the periph while we wait for our lock
			attempt to succeed so that the periph won't go
			away while we're sleeping.

cam_xpt.c:		Add new transfer negotiation code.  (ifdefed
			out)

			Add a new function, xpt_path_string().  This
			is a string/sbuf analog to xpt_print_path().

scsi_all.c:		Revamp string handing and error printing code.
			We now use sbufs for much of the string
			formatting code.  More of that code is shared
			between userland the kernel.

scsi_all.h:		Get rid of SS_TURSTART, it wasn't terribly
			useful in the first place.

			Add a new error action, SS_REQSENSE.  (Send a
			request sense and then retry the command.)
			This is useful when the controller hasn't
			performed autosense for some reason.

			Change the default actions around a bit.

scsi_cd.c,
scsi_da.c,
scsi_pt.c,
scsi_ses.c:		SF_RETRY_SELTO -> CAM_RETRY_SELTO.  Selection
			timeouts shouldn't be covered by a sense flag.

scsi_pass.[ch]:		SF_RETRY_SELTO -> CAM_RETRY_SELTO.

			Get rid of the last vestiges of a read/write
			interface.

libkern/bsearch.c,
sys/libkern.h,
conf/files:		Add bsearch.c, which is needed for some of the
			new table lookup routines.

aic7xxx_freebsd.c:	Define AHC_NEW_TRAN_SETTINGS if
			CAM_NEW_TRAN_CODE is defined.

sbuf.h,
subr_sbuf.c:		Add the appropriate #ifdefs so sbufs can
			compile and run in userland.

			Change sbuf_printf() to use vsnprintf()
			instead of kvprintf(), which is only available
			in the kernel.

			Change the source string for sbuf_cpy() and
			sbuf_cat() to be a const char *.

			Add __BEGIN_DECLS and __END_DECLS around
			function prototypes since they're now exported
			to userland.

kdump/mkioctls:		Include stdio.h before cam.h since cam.h now
			includes a function with a FILE * argument.

Submitted by:	gibbs (mostly)
Reviewed by:	jdp, marcel (libsbuf makefile changes)
Reviewed by:	des (sbuf changes)
Reviewed by:	ken
2001-03-27 05:45:52 +00:00
Hidetoshi Shimokawa
110a013333 Replace dyn_fin_lifetime with dyn_ack_lifetime for half-closed state.
Half-closed state could last long for some connections and fin_lifetime
(default 20sec) is too short for that.

OK'ed by: luigi
2001-03-27 05:28:30 +00:00
Alfred Perlstein
da1aa0fd06 limit the amount of retries when sending data to prevent lockups. 2001-03-27 05:03:49 +00:00
Robert Watson
a70f27470f Introduce support for POSIX.1e ACLs on UFS-based file systems. This
implementation is still experimental, and while fairly broadly tested,
is not yet intended for production use.  Support for POSIX.1e ACLs on
UFS will not be MFC'd to RELENG_4.

This implementation works by providing implementations of VOP_[GS]ETACL()
for FFS, as well as modifying the appropriate access control and file
creation routines.  In this implementation, ACLs are backed into extended
attributes; the base ACL (owner, group, other) permissions remain in the
inode for performance and compatibility reasons, so only the extended and
default ACLs are placed in extended attributes.  The logic for ACL
evaluation is provided by the fs-independent kern/kern_acl.c.

o Introduce UFS_ACL, a compile-time configuration option that enables
  support for ACLs on FFS (and potentially other UFS-based file systems).
o Introduce ufs_getacl(), ufs_setacl(), ufs_aclcheck(), which
  respectively get, set, and check the ACLs on the passed vnode.
o Introduce ufs_sync_acl_from_inode(), ufs_sync_inode_from_acl() to
  maintain access control information between inode permissions and
  extended attribute data.
o Modify ufs_access() to load a file access ACL and invoke
  vaccess_acl_posix1e() if ACLs are available on the file system
o Modify ufs_mkdir() and ufs_makeinode() to associate ACLs with newly
  created directories and files, inheriting from the parent directory's
  default ACL.
o Enable these new vnode operations and conditionally compiled code
  paths if UFS_ACL is defined.

A few notes:

o This implementation is fairly widely tested, but still should be
  considered experimental.
o Currently, ACLs are not exported via NFS, instead, the summarizing
  file mode/etc from the inode is.  This results in conservative
  protection behavior, similar to the behavior of ACL-nonaware programs
  acting locally.
o It is possible that underlying binary data formats associated with
  this implementation may change.  Consumers of the implementation
  should expect to find their local configuration obsoleted in the
  next few months, resulting in possible loss of ACL data during an
  upgrade.
o The extended attributes interface and implementation is still
  undergoing modification to address portable interface concerns, as
  well as performance.
o Many applications do not yet correctly handle ACLs.  In general,
  due to the POSIX.1e ACL model, behavior of ACL-unaware applications
  will be conservative with respects to file protection; some caution
  is recommended.
o Instructions for configuring and maintaining ACLs on UFS will be
  committed in the near future; in the mean time it is possible to
  reference the README included in the last UFS ACL distribution
  placed in the TrustedBSD web site:

      http://www.TrustedBSD.org/downloads/

Substantial debugging, hardware, travel, or connectivity support for this
project was provided by: BSDi, Safeport Network Services, and NAI Labs.
Significant coding contributions were made by Chris Faulhaber.  Additional
support was provided by Brian Feldman, Thomas Moestl, and Ilmar Habibulin.

Reviewed by:	jedgar, keichii, mckusick, trustedbsd-discuss, freebsd-fs
Obtained from:	TrustedBSD Project
2001-03-26 17:53:19 +00:00