161541 Commits

Author SHA1 Message Date
Bjoern A. Zeeb
e3416ab0c0 Hide the outer IP addresses of a tunnel interfaces (gif(4), gre(4))
from processes inside jails if the addresses do not belong to the jail.

Originally reported by: Pieter de Boer via remko
PR:		kern/151119
Tested by:	Piotr KUCHARSKI (nospam 42.pl) [gif]
MFC after:	1 week
2011-03-02 21:39:08 +00:00
Roman Divacky
66f01f2e79 This patch shrinks boot2 a little.
o    It switches kname to be just a pointer instead of an array
     thus avoiding a couple of memcpy()s.

o    It changes ioctl to unsigned from uint8_t.

o    It changes the second keyhit limit to 3 seconds from 5
     so that constant propagation can take place.

o    It changes the ticks overflow computation as suggested by bde@.

o    It removes bi_basemem/bi_extmem/bi_memsizes_valid setting from
     bootinfo as it is unused.

Reviewed by: jhb
2011-03-02 18:53:12 +00:00
Adrian Chadd
d2d7a00aa9 Break the keycache management functions out into if_ath_keycache.c . 2011-03-02 17:19:54 +00:00
Bjoern A. Zeeb
5033bae6d0 Prevent crashes from a race when (cloned) interfaces go away.
PR:		bin/152143
Submitted by:	Przemyslaw Frasunek (przemyslaw frasunek.com)
Tested by:	Przemyslaw Frasunek (przemyslaw frasunek.com)
MFC after:	1 week
2011-03-02 17:13:07 +00:00
Gleb Smirnoff
8f8ab00ff7 Update manual: node now supports NetFlow v9.
Submitted by:	Alexander V. Chernikov <melifaro ipfw.ru>
2011-03-02 16:16:09 +00:00
Gleb Smirnoff
5dcd9c1061 Add support for NetFlow version 9 into ng_netflow(4) node.
Submitted by:	Alexander V. Chernikov <melifaro ipfw.ru>
2011-03-02 16:15:11 +00:00
Nathan Whitehorn
8cfdf36d27 Add additional release makefile for bsdinstall-based media, along with
support files. This does not change the default behavior of anything.

To make bsdinstall-based media, pre-build world and GENERIC, then run
the release target in Makefile.bsdinstall.
2011-03-02 16:06:57 +00:00
Adrian Chadd
6079fdbede Migrate the sysctl related routines (statistics, debugging, etc) out of
if_ath.c and into if_ath_sysctl.c .
2011-03-02 16:03:19 +00:00
Nathan Whitehorn
f7bd63a707 Make installations work when no optional components are selected. 2011-03-02 15:41:00 +00:00
Konstantin Belousov
93ed70f9b4 Fix a bug in the result of manual assembly.
Reported by:	Stefan Grundmann <sg2342 googlemail com>
PR:	kern/155118
MFC after:	3 days
2011-03-02 14:56:58 +00:00
Nathan Whitehorn
99ad39c822 Improve the distributeworld target in Makefile.inc1 and update the release
infrastructure to use it. make distributeworld can now be used without
preparing its environment first and installs games into its distribution
using the regular make distribute logic instead of post-processing with
a script.

Also add two new targets, packageworld and packagekernel, that tar up the
results of distributeworld and distributekernel (also new), respectively.
2011-03-02 14:39:26 +00:00
Sergey A. Osokin
7b9758e308 Expand the name of Palm Sunday holiday with more canonical Entry of the
Lord into Jerusalem.
Merge the Pentecost and Trinity Sunday holidays, they are synonyms.
Remove Body of Christ day, nonexistent holiday for Orthodox Church.
Fix typo in the name of Ioann The Baptist, introduced in previous commit.
2011-03-02 11:09:34 +00:00
Sergey A. Osokin
a4c7e084c9 Fix beginning day of the Carnival. it starts 2011-03-02 11:04:50 +00:00
Xin LI
c2e12e3f94 Correct a typo.
PR:		bin/155175
Submitted by:	Peter J. Philipp <pjp centroid.eu>
MFC after:	3 days
2011-03-02 00:29:14 +00:00
Alan Cox
cb25117d54 Make a change to the implementation of the direct map to improve performance
on processors that support 1 GB pages.  Specifically, if the end of physical
memory is not aligned to a 1 GB page boundary, then map the residual
physical memory with multiple 2 MB page mappings rather than a single 1 GB
page mapping.  When a 1 GB page mapping is used for this residual memory,
access to the memory is slower than when multiple 2 MB page mappings are
used.  (I suspect that the reason for this slowdown is that the TLB is
actually being loaded with 4 KB page mappings for the residual memory.)

X-MFC after:	r214425
2011-03-02 00:24:07 +00:00
Jilles Tjoelker
3658c9776e kill: Note that this is used both as a normal program and a shell builtin. 2011-03-01 21:48:22 +00:00
Jilles Tjoelker
77fae5c16d printf: Note that this is used both as a normal program and a shell builtin. 2011-03-01 21:47:06 +00:00
Edwin Groothuis
229f1985ac MFV of tzdata2011b, r219147
- USA/Mercer County, North Dakota - Moved from Mountain time to Central time.
2011-03-01 21:24:50 +00:00
Edwin Groothuis
18f39bd61e Vendor Import of tzdata2011b
USA/Mercer County, North Dakota - Moved from Mountain time to Central time.

Obtained from:	ftp://elsie.nci.nih.gov/pub/
2011-03-01 21:16:55 +00:00
Nathan Whitehorn
f1321be284 Fix misuse of TARGET_ARCH. This should be MACHINE_ARCH. 2011-03-01 20:51:41 +00:00
Robert Watson
6a4a051057 Correct spelling in a last-minute tweaked NOTES entry for CAPABILITIES.
Submitted by:	netchild
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 17:39:27 +00:00
Robert Watson
17c5b2c8e3 Add Capsicum capability mode support; svn add of capability.h was missed
in a previous commit.  Whoops!

Reported by:	jhb
Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 17:37:58 +00:00
Dimitry Andric
6882fd36bf Put in a temporary workaround for ctfmerge hanging on processing
kernel.debug (or possibly other files), when WITH_CTF is active.

This is caused by a bug in clang's integrated assembler, causing malloc
to sometimes hang during initialization in statically linked executables
that use threading, such as the copy of ctfmerge that is built during
the bootstrap stage of buildworld.  The bug has been submitted upstream:

  http://llvm.org/bugs/show_bug.cgi?id=9352

Note that you might have to rebuild and install libc first, to get your
kernel build to finish, because the ctfmerge binary built during
bootstrap is linked with your base system's copy of libc.a, which might
already contain a bad copy of malloc.o.
2011-03-01 17:15:44 +00:00
Dmitry Chagin
dde5f9b938 Teach kdump to decode linux syscalls names too.
Fix bug introduced in my previous commit: the kernel always dump native
signal numbers, so no need to check the ABI in ktrpsig().

Suggested by:	jhb
MFC after:	1 Month.
2011-03-01 16:42:28 +00:00
John Baldwin
141aca1ff0 Fully honor KERNSRCDIR for 'make universe' if it is set.
MFC after:	1 week
2011-03-01 14:54:14 +00:00
John Baldwin
9c216a50c0 Use a suitable DIRPRFX for each invocation of make in the build32 and
install32 targets so that the full path to each program or library is
displayed in the make output.

MFC after:	1 week
2011-03-01 14:53:36 +00:00
John Baldwin
88690d6a73 Similar to 189574, properly handle subclasses of bus drivers when deleting
a driver during kldunload.  Specifically, recursively walk the tree of
subclasses of a given driver attachment's bus device class detaching all
instances of that driver for each class and its subclasses.

Reported by:	bschmidt
Reviewed by:	imp
MFC after:	1 week
2011-03-01 14:43:37 +00:00
Robert Watson
74b5505e5d Continue to introduce Capsicum capability mode:
White list sysarch calls allowed in capability mode; arguably, there
should be some link between the capability mode model and the privilege
model here.  Sysarch is a morass similar to ioctl, in many senses.

Submitted by:	anderson
Discussed with:	benl, kris, pjd
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 13:35:48 +00:00
Robert Watson
fc94e4476b Continue introducing Capsicum capability mode support:
If a system call wasn't listed in capabilities.conf, return ECAPMODE at
syscall entry.

Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 13:32:07 +00:00
Robert Watson
ddfe0c2ba4 Regenerate system call files following addition of cap_enter(2),
cap_getmode(2), and capabilities.conf.

Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Obtained from:	Capsicum Project
Sponsored by:	Google, Inc.
MFC after:	3 months
2011-03-01 13:30:23 +00:00
Robert Watson
08e6d9fad8 Continue to introduce Capsicum Capability Mode support:
Add a new system call flag, SYF_CAPENABLED, which indicates that a
particular system call is available in capability mode.

Add a new configuration file, kern/capabilities.conf (similar files
may be introduced for other ABIs in the future), which enumerates
system calls that are available in capability mode.  When a new
system call is added to syscalls.master, it will also need to be
added here (if needed).  Teach sysent parts to use this file to set
values for SYF_CAPENABLED for the native ABI.

Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 13:28:27 +00:00
Robert Watson
3ddc3c85ab Hook up sys_capability.c to the build.
Sponsored by:   Google, Inc.
Reviewed by:    anderson
Discussed with: benl, kris, pjd
Obtained from:  Capsicum Project
MFC after:      3 months
2011-03-01 13:24:49 +00:00
Robert Watson
96fcc75fdf Add initial support for Capsicum's Capability Mode to the FreeBSD kernel,
compiled conditionally on options CAPABILITIES:

Add a new credential flag, CRED_FLAG_CAPMODE, which indicates that a
subject (typically a process) is in capability mode.

Add two new system calls, cap_enter(2) and cap_getmode(2), which allow
setting and querying (but never clearing) the flag.

Export the capability mode flag via process information sysctls.

Sponsored by:	Google, Inc.
Reviewed by:	anderson
Discussed with:	benl, kris, pjd
Obtained from:	Capsicum Project
MFC after:	3 months
2011-03-01 13:23:37 +00:00
Robert Watson
25122f5c5f Add ECAPMODE, "Not permitted in capability mode", a new kernel errno
constant to indicate that a system call (or perhaps an operation requested
via a system call) is not permitted for a capability mode process.

Submitted by:	anderson
Sponsored by:	Google, Inc.
Obtained from:	Capsicum Project
MFC after:	1 week
2011-03-01 13:14:28 +00:00
Andrey V. Elsukov
633c5bdac8 Add XMIT_FAILOVER transmit algorithm to ng_one2many node. Packets are
delivered out the first active "many" hook.

PR:		kern/137775
Submitted by:	Maxim Ignatenko
MFC after:	2 weeks
2011-03-01 13:10:56 +00:00
Rebecca Cran
ac095af538 Remove duplicate "in".
Suggested by:	Rob Farmer <rfarmer at predatorlabs.net>
MFC after:	3 days
2011-03-01 11:47:51 +00:00
Ruslan Ermilov
58202d8973 Fixed conversion of prefix length to a netmask. 2011-03-01 11:47:16 +00:00
Rebecca Cran
2860553a86 Change the return type of vmspace_swap_count to a long to match the other
vmspace_*_count functions.

MFC after:	3 days
2011-03-01 11:04:30 +00:00
Poul-Henning Kamp
818bc4157a Another couple of unsigned/ssize_t changes. 2011-03-01 08:52:10 +00:00
Jayachandran C.
1e4b58070b Increase NKPT in case of n32 and n64 to support more physical memory.
On n32, vm_page_startup() needs more virtual mem to map vm_page structs.
The new value of 256 will allow us to support 16GB RAM.
2011-03-01 04:21:56 +00:00
Jayachandran C.
0474933dcc Use new thread's stack to invoke pmap_activate in cpu_switch()
Restore the SP from the new thread's PCB before calling pmap_activate.
Remove some old FIXME comments.
2011-03-01 03:25:18 +00:00
Randall Stewart
48b6c64938 Adds a new Congestion Control that helps reduce
the RTT that a flow will build up in buffers in
transit. It is a slight modification to RFC2581
but is more friendly i.e. less aggressive.

MFC after:	3 months
2011-03-01 00:37:46 +00:00
Jayachandran C.
7d66f0801b Use correct types and fromats for physical address
- Use vm_paddr_t for pa in pmap_steal_memory()
- Use uintmax_t and %jx to ensure that physical address are printed
  correctly in cpu_startup() and pmap_bootstrap()
2011-02-28 21:33:26 +00:00
Jayachandran C.
daa7be0b2e Use vm_offset_t for virtual addresses.
The unsigned int type used now is incorrect in n64 compilation.
2011-02-28 20:55:41 +00:00
Pyun YongHyeon
5ed8e782f9 Make sure changing ownership of RX descriptor to be done as last
operation.  Previously ownership was transferred to hardware before
setting address of new RX buffer such that it was possible for
hardware to use wrong RX buffer address.
While here keep compiler from re-ordering instructions by declaring
descriptor members volatile. Memory barriers would do the same job
but volatile is supposed to be cheaper than using memory barriers,
especially on MP systems.

Submitted by:	marius
MFC after:	1 week
2011-02-28 20:37:48 +00:00
Hans Petter Selasky
892f48069d - Add missing MLINKS for libusb and some manpage fixes.
MFC after:	14 days
Approved by:	thompsa (mentor)
2011-02-28 18:53:06 +00:00
Hans Petter Selasky
1c49736857 - Add support for software pre-scaling of ISOCHRONOUS transfers.
MFC after:	14 days
Approved by:	thompsa (mentor)
2011-02-28 17:23:15 +00:00
Matt Jacob
898899d9dd Sync FreeBSD ISP with mercurial tree. Minor changes having to do with
a macro for minima.
2011-02-28 15:58:30 +00:00
Poul-Henning Kamp
2f203e818f Type-change to ssize_t to (app|pl)ease ppc platform. 2011-02-28 14:48:00 +00:00
Rebecca Cran
b633aa9451 Revert some of r177626. "in in" is valid in certain sentences.
PR:		121490
MFC after:	3 days
2011-02-28 10:03:48 +00:00