vn_open_cred invocations shall not audit namei path.
In particular, specify VN_OPEN_NOAUDIT for dotdot lookup performed by
default implementation of vop_vptocnp, and for the open done for core
file. vn_fullpath is called from the audit code, and vn_open there need
to disable audit to avoid infinite recursion. Core file is created on
return to user mode, that, in particular, happens during syscall return.
The creation of the core file is audited by direct calls, and we do not
want to overwrite audit information for syscall.
Reported, reviewed and tested by: rwatson
main cycle only if the len passed is equal to 0. If end address
overflows use last possible address as the end address.
Based on: discussion on arm@
MFC after: 1 month
Note that I also added the usbdev to the list, because the 8813 version
is not yet known there. I might have twisted the sorting there but because
8813 comes before 8818, I added it before that (with _8813 to differentiate)
the item.
PR: 135628
Submitted by: Yoshikazu GOTO <goto at on-link dot jp>
Approved by: imp (mentor, implicit)
using raw IPX sockets. While functional, this support is disabled
using a flag that can't be changed from userspace, and google reveals
no documentation or use of that flag anywhere. This eliminates a
potential lock order reversal and code reentrance issue in which the
output path reentered the input path in IPX.
An alternative to removal would be to use the netisr, as a comment I
added in 2005 suggests. While this change is fairly straight-forward,
the lack of any consumers or the easy possibility of consumers (kernel
modification and recompile required) suggests that this is simply an
unused feature.
Update README to remove this TODO, and a TODO regarding IPX/IP
encapsulation which was also removed a few years ago.
MFC after: 1 week
in some commercial Unix systems, which utilizes Huffman minimum redundancy
code tree to compress files. This implementation supports the "new" pack
format only, just like GNU gzip did.
Thanks for oliver@'s archive set which I can test against, and Mingyan Guo
for providing helpful review of my code.
PR: bin/109567
MFC after: 1 month
To detect which controller is ICH based one, add a new member
variable ich to struct fxp_ident and move the struct to
if_fxpvar.h. Since I've faked controller revision, don't allow
microcode loading for ICH based controllers.
With this change all ICH based controllers will have WOL and Rx
checksum offload capability.
PR: kern/135451
Tested by: Alexey Shuvaev ( shuvaev <> physik dot uni-wuerzburg dot de ),
pluknet ( pluknet <> gmail dot com ),
Gary Jennejohn ( gary.jennejohn <> freenet dot de )
not allow multicast filter programming when controller is busy to
send/receive frames. So it used to mark need_mcsetup bit and defer
multicast filter programming until controller becomes idle state.
To detect when the controller is idle fxp(4) relied on Tx
completion interrupt with NOP command and fxp_start_body and
fxp_intr_body had to see whether pending multicast filter
programming was requested. This resulted in very complex logic and
sometimes it did not work as expected.
Since the controller should be in idle state before any multicast
filter modifications I changed it to reinitialize the controller
whenever multicast filter programming is required. This is the same
way what OpenBSD and NetBSD does. Also I added IFF_DRV_RUNNING
check in ioctl handler so controller would be reinitialized only if
it is absolutely needed.
With this change I guess we can remove fxp(4) DELAY hack in ifioctl
for IPv6 case.
upper stack in fxp_start_body().
fxp(4) drops driver lock in Rx path so check the fxp(4) is still
running after reacquiring driver lock in Rx path. Also don't
invoke fxp_intr_body if fxp(4) is not running. With this change
there is no need to set suspend bit in device attach phase.
hardware reset in attach phase. Selective reset does not clear
configured parameters so I think full hardware reset is required.
To prevent PCI bus lock-up, do selective reset first which will get
off the controller from PCI bus and request software reset after
selective reset. Software reset will unmask interrupts so disable
it after the reset.
common mbuf dma tag for both Tx and Rx path but Rx buffer should
have single DMA segment and maximum buffer size of the segment
should be less than MCLBYTES.
fxp(4) also have to check Tx completion status which was updated by
DMA so we need BUS_DMASYNC_PREREAD and BUS_DMASYNC_POSTWRITE
synchronization in Tx path. Fix all misuse of bus_dmamap_sync(9) in
fxp(4). I guess this change shall fix occasional driver breakage in
PAE environments.
While I'm here add error messages of dma tag/buffer creation and
correct messages.
Formerly, it was possible for the file to be created between the check if it
existed and the open; the contents would then be lost.
Because this must use O_EXCL, noclobber > will not create a file through a
symlink anymore. This agrees with behaviour of other shells.
Approved by: ed (mentor) (implicit)
getgroups for ibcs emulation. It seems vanishingly likely any
programs will actually be affected since they probably assume a much
lower value and use a static array size.
pointer to the containing mbuf. This eliminates a strong assumption
about the layout of network buffer memory, giving us greater
flexibility to revise mbuf semantics in the future.
reassembly but failed to be modernized over time:
- Use queue(9).
- Specifically allocate queue entries of type M_SPXREASSQ to point at
member mbufs, rather than casting mbuf data to 'spx_q'.
- Maintain the mbuf pointer as part of the queue entry so that we can
later free the mbuf without using dtom().
Intel agrees with my reading of the docs, make it so for all G4X chips.
The new register also has a 32 bit width as opposed to 24 bits. Fix
things up so that the counters roll over properly.
MFC after: 3 days
Now that we start to use credentials on character devices more often
(because of MPSAFE TTY), move the prison-checks that are in place in the
TTY code into devfs.
Instead of strictly comparing the prisons, use the more common
prison_check() function to compare credentials. This means that
pseudo-terminals are only visible in devfs by processes within the same
jail and parent jails.
Even though regular users in parent jails can now interact with
pseudo-terminals from child jails, this seems to be the right approach.
These processes are also capable of interacting with the jailed
processes anyway, through signals for example.
Reviewed by: kib, rwatson (older version)
altered through their .init code. This might happen if init
vector calls dlopen on its own and that dlopen causes some not
yet initialized object to be initialized earlier as part of that
dlopened DAG.
Do not reset module reference counts to zero on final fini vector
run when process is exiting. Just add an additional parameter to
force fini vector invocation regardless of current reference count
value if object was not destructed yet. This allows dlclose called
from fini vector to proceed normally instead of failing with handle
validation error.
Reviewed by: kib
Reported by: venki kaps