Commit Graph

53557 Commits

Author SHA1 Message Date
Robert Watson
030a28b3b5 Introduce new MAC Framework and MAC Policy entry points to control the use
of system calls to manipulate elements of the process credential,
including:

        setuid()                mac_check_proc_setuid()
        seteuid()               mac_check_proc_seteuid()
        setgid()                mac_check_proc_setgid()
        setegid()               mac_check_proc_setegid()
        setgroups()             mac_check_proc_setgroups()
        setreuid()              mac_check_proc_setreuid()
        setregid()              mac_check_proc_setregid()
        setresuid()             mac_check_proc_setresuid()
        setresgid()             mac_check_rpoc_setresgid()

MAC checks are performed before other existing security checks; both
current credential and intended modifications are passed as arguments
to the entry points.  The mac_test and mac_stub policies are updated.

Submitted by:	Samy Al Bahra <samy@kerneled.org>
Obtained from:	TrustedBSD Project
2005-04-16 13:29:15 +00:00
Dag-Erling Smørgrav
02dcaf2fd1 Unbreak the build on 64-bit architectures. 2005-04-16 12:37:16 +00:00
Robert Watson
453ffeef5e Add ALQ and KTR_ALQ to NOTES so that they are built into LINT. 2005-04-16 12:14:43 +00:00
Robert Watson
e551d45211 Modify the alq(9) alq_open() API to accept a file creation mode, rather
than defaulting the cmode argument to vn_open() to 0.  Supply a default
argument of ALQ_DEFAULT_CMODE (0600) in current callers.

Discussed with/pointed out by:	hmp
Reveiwed by:	jeff, hmp
MFC after:	3 days
2005-04-16 12:12:27 +00:00
Pawel Jakub Dawidek
231b1be179 - Plug memory leak.
- Fix two style nits.

Found by:	Coverity Prevent analysis tool
Reviewed by:	rwatson
MFC after:	1 week
2005-04-16 10:57:49 +00:00
Marcel Moolenaar
e190f6efc8 Return better "error" values for UWX_BOTTOM and UWX_ABI_FRAME in
unw_step(). Both errors denote the end of a stack trace (i.e. no
prior frame), but are otherwise not error conditions.
Have db_trace() return 0 when the trace ends due to one of these
return codes as they are really normal termination conditions.

This change especially improves the output of the "show thread"
command in DDB when there are threads in fork_trampoline() and
previously db_trace() would return an error, causing the show
command to emit '***'.
2005-04-16 05:38:59 +00:00
Bill Paul
d84ed2322c When setting up the new stack for a function in x86_64_wrap(), make
sure to make it 16-byte aligned, in keeping with amd64 calling
convention requirements.

Submitted by:	Mikore Li at sun dot com
2005-04-16 04:47:15 +00:00
Eric Anholt
b8aa843c63 Update to DRM CVS as of 2005-04-12, bringing many changes:
- Split core DRM routines back into their own module, rather than using the
  nasty templated system like before.
- Development-class R300 support in radeon driver (requires userland pieces, of
  course).
- Mach64 driver (haven't tested in a while -- my mach64s no longer fit in the
  testbox).  Covers Rage Pros, Rage Mobility P/M, Rage XL, and some others.
- i915 driver files, which just need to get drm_drv.c fixed to allow attachment
  to the drmsub device.  Covers i830 through i915 integrated graphics.
- savage driver files, which should require minimal changes to work.  Covers the
  Savage3D, Savage IX/MX, Savage 4, ProSavage.
- Support for color and texture tiling and HyperZ features of Radeon.

Thanks to:	scottl (much p4 handholding)
		Jung-uk Kim (helpful prodding)
PR:		[1] kern/76879, [2] kern/72548
Submitted by:	[1] Alex, lesha at intercaf dot ru
		[2] Shaun Jurrens, shaun at shamz dot net
2005-04-16 03:44:47 +00:00
Nate Lawson
58ad326be6 Fix mbnambuf support for multi-byte characters. If a substring is larger
than WIN_CHARS bytes, we shift the suffix (previous substrings) upwards
by the amount this substring exceeds its WIN_CHARS slot.  Profiling shows
this change is indistinguishable from the previous code at 95% confidence.
This bug would result in attempts to access or create files or directories
with multi-byte characters returning an error but no data loss.

Reported and tested by:	avatar
MFC after:	3 days
2005-04-16 01:49:50 +00:00
John Baldwin
3c3edcb445 Add a vm.blacklist tunable which can hold a space or comma seperated list
of physical addresses.  The pages containing these physical addresses will
not be added to the free list and thus will effectively be ignored by the
VM system.  This is mostly useful for the case when one knows of specific
physical addresses that have bit errors (such as from a memtest run) so
that one can blacklist the bad pages while waiting for the new sticks of
RAM to arrive.  The physical addresses of any ignored pages are listed in
the message buffer as well.
2005-04-15 21:45:02 +00:00
Peter Wemm
8f98d260f1 Remove NO_MIXED_MODE option 2005-04-15 18:48:27 +00:00
Peter Wemm
ae692d88c4 MFi386: sync rtc code - don't setup an interrupt handler for irq0 when
the lapic timer is active.  Don't enable periodic interrupts unless we are
using them.  Replace spl protection with a spinlock.
2005-04-15 18:46:53 +00:00
Peter Wemm
e137a5d63a MFi386: remove NO_MIXED_MODE 2005-04-15 18:45:07 +00:00
Peter Wemm
ba5f6b61da MFi386: use the lapic timer for UP systems that are using the apic so that
IRQ0 and mixed mode isn't a problem anymore.  This removes mixed mode
support because nothing is left that uses it.
2005-04-15 18:44:53 +00:00
Peter Wemm
0501844603 MFi386: use c99 types 2005-04-15 18:41:32 +00:00
Peter Wemm
7234adbe8e Show that I can actually count. 2005-04-15 18:39:31 +00:00
Peter Wemm
2fc8e0f037 MFi386: track bus.h changes (unsplit bus_${machine}.h) 2005-04-15 18:38:59 +00:00
Yoshihiro Takahashi
e1bb7d0dfc MFi386: revision 1.219. 2005-04-15 14:24:49 +00:00
Søren Schmidt
d1719942b3 Make things compile again with ATA_STATIC_ID. 2005-04-15 14:19:41 +00:00
Maxim Konovalov
f305048664 Fix a typo in the comment.
Noticed by:	Samy Al Bahra
2005-04-15 14:01:43 +00:00
Søren Schmidt
9f2ea2bcd5 Move the creation of ata_channel child devices to the channel code.
This allows to attach to the children (ATA devices) even without a
driver being attached. This allows atapi-cam to do its work both
with and without the pure ATAPI driver being present.

ATA patches by /me
ATAPI-cam pathes by Thomas
2005-04-15 10:20:52 +00:00
Gleb Smirnoff
dfc17a329e - Return error, if there was one.
- No need to initialize error here.

PR:		kern/79884
Submitted by:	Wojciech A. Koszek
2005-04-15 10:14:00 +00:00
John Baldwin
133539f2aa Really remove the last vestiges of mixed mode from all but amd64. 2005-04-15 06:56:52 +00:00
John Baldwin
f12be15787 Oops, remove last mention of mixed mode.
Prodded by:	marks
2005-04-15 06:13:31 +00:00
Colin Percival
fbd24c5ed6 Zero the ifr.ifr_name buffer in ifconf() in order to avoid
accidental disclosure of kernel memory to userland.

Security:	FreeBSD-SA-05:04.ifconf
2005-04-15 01:52:40 +00:00
Brooks Davis
27a2f39bcf Centralized finding the protocol header in IP packets in preperation for
IPv6 support.  The header in IPv6 is more complex then in IPv4 so we
want to handle skipping over it in one location.

Submitted by:	Mariano Tortoriello and Raffaele De Lorenzo (via luigi)
2005-04-15 00:47:44 +00:00
Marcel Moolenaar
64c92ba929 Initialize curthread before we save the APs MCA state. Saving the
MCA state requires a spin lock, which requires a valid curthread.
This change allows SMP kernels to boot into multi-user again.

While here, update the copyright notice and use __FBSDID for the
revision string.
2005-04-15 00:21:23 +00:00
Paul Saab
25e6f9ed4b Fix for a TCP SACK bug where more than (win/2) bytes could have been
in flight in SACK recovery.

Found by:	Noritoshi Demizu
Submitted by:	Mohan Srinivasan <mohans at yahoo-inc dot com>
		Noritoshi Demizu <demizu at dd dot ij4u dot or dot jp>
		Raja Mukerji <raja at moselle dot com>
2005-04-14 20:09:52 +00:00
John Baldwin
5d971d4895 Close a race I introduced in the spinlock_* changes. We need to finish
disabling interrupts before updating the saved pil in the thread.  If we
save the value first then it can be clobbered if an interrupt comes in
and the interrupt handler tries to acquire a spin lock.

Submitted by:	marius
2005-04-14 18:30:10 +00:00
John Baldwin
84c7fde72e Trust the settings programmed by the BIOS over what the $PIR says.
Specifically, if the BIOS has programmed an IRQ for a device that doesn't
match the list of valid IRQs for the link, use it anyway as some BIOSes
don't correctly list the valid IRQs in the $PIR.  Also, allow the user
to specify an IRQ that $PIR claims is invalid as an override, but emit a
warning in that case.
2005-04-14 18:25:09 +00:00
John Baldwin
2326e092a7 Remove support for mixed mode altogether now that we no longer use IRQ 0
when using an APIC.  This simplifies the APIC code somewhat and also allows
us to be pedantically more compliant with ACPI which mandates no use of
mixed mode.
2005-04-14 17:59:58 +00:00
John Baldwin
9e605855ab Call pci_print_verbose() before pci_add_resources() so that the order of
printf's during a verbose boot is more intuitive (the BAR listings and
interrupt routing info now comes after the config header dump rather than
just before it).
2005-04-14 17:52:55 +00:00
Peter Wemm
fe8b8bf778 Implement 32-bit compatable fsbase/gsbase methods so that we can run
(newer) unmodified static i386 binaries again.
2005-04-14 16:57:58 +00:00
Christian S.J. Peron
c92163dcad Move MAC check_vnode_mmap entry point out from being exclusive to
MAP_SHARED so that the entry point gets executed un-conditionally.
This may be useful for security policies which want to perform access
control checks around run-time linking.

-add the mmap(2) flags argument to the check_vnode_mmap entry point
 so that we can make access control decisions based on the type of
 mapped object.
-update any dependent API around this parameter addition such as
 function prototype modifications, entry point parameter additions
 and the inclusion of sys/mman.h header file.
-Change the MLS, BIBA and LOMAC security policies so that subject
 domination routines are not executed unless the type of mapping is
 shared. This is done to maintain compatibility between the old
 vm_mmap_vnode(9) and these policies.

Reviewed by:	rwatson
MFC after:	1 month
2005-04-14 16:03:30 +00:00
Warner Losh
3aabc15941 In ppsintr, we needed ppsdev to get to the softc and nothing else.
Save a memory dereference in the ISR by passing this in directly.
Calling pps_capture is MP safe for all other operations on struct
pps_state, so there's no need to aquire the lock before we do this,
even from a fast ISR.  Avoid dereferencing sc->ppbus until after
pps_capture is called as well.  These actions reduce somewhat the
cache effects that cause variance in interrupt times.  On an
especially slow test machine (300MHz Cyrix GXm), this reduces the
interrupt latency about about 10% (from 21us to 19us) and helps a
little with the variance (although most of the variance seems to be
caused by lots of interrupt masking).

This also happens fixes one or two of bde's style issues.
2005-04-14 15:56:10 +00:00
Christian Brueffer
9f07f44971 Correct typo.
Obtained from:	OpenBSD
2005-04-14 14:40:09 +00:00
Olivier Houchard
758e4f6878 Unbreak the vector_page == 0x00000000 case. Map the vector page L1PT into the
kernel domain for each pmap, as we don't update the page table when we're
switching to a kernel thread, but we do however update the DACR.
2005-04-14 14:32:32 +00:00
Yoshihiro Takahashi
6ed58b70cf MFi386: revision 1.612. 2005-04-14 14:19:47 +00:00
Yoshihiro Takahashi
fa1650c0c8 MFi386: revision 1.20. 2005-04-14 14:12:54 +00:00
George V. Neville-Neil
c543ec4e34 Remove dead code which would never execute.
i.e. checking to see if a cluster was every less than 48 bytes,
    a rather unlikely case.

Check return value of m_dup_pkthdr() calls.

Found by: Coverity
Reviewed by: rwatson (mentor), Keiichi Shima (for Kame)
Approved by: rwatson (mentor)
2005-04-14 11:41:23 +00:00
Søren Schmidt
a6e97ccf70 Read back the real taskfile register values when in 48BIT mode. 2005-04-14 08:48:45 +00:00
Jeff Roberson
5b5f16b5a8 - cache_lookup() relocks the parent in the DOTDOT case for us.
Spotted by:	phk
Sponsored by:	Isilon Systems, Inc.
2005-04-14 07:08:34 +00:00
Mark Santcroos
b3919c8d96 Use AcpiUtStrupr() instead of strupr() as the latter will disappear in
future versions of acpica.

MFC after:	2 weeks
2005-04-14 06:50:13 +00:00
John Baldwin
b460c6f86b Probe PCI link devices early so that we turn them all off via _DIS before
we start turning any of them back on again.  This works around a bug in
some BIOSen that alias two different link devices for APIC vs ATPIC modes
onto the same physical hardware link.

Submitted by:	njl
Tested by:	Antoine Brodin antoine dot brodin at laposte dot net
2005-04-14 06:45:24 +00:00
John Baldwin
f781b7b493 Bah, add a missing cast. 2005-04-14 06:33:23 +00:00
John Baldwin
95b66e9e53 Close a race between sleepq_broadcast() and sleepq_catch_signals().
Specifically, sleepq_broadcast() uses td_slpq for its private pending
queue of threads that it is going to wake up after it takes them off the
sleep queue.  The problem is that if one of the threads is actually not
asleep yet, then we can end up with td_slpq being corrupted and/or the
thread being made runnable at the wrong time resulting in the td_sleepqueue
== NULL assertion failures occasionally reported under heavy load.

The fix is to stop being so fancy and ditch the whole pending queue bit.
Instead, sleepq_remove_thread() and sleepq_resume_thread() were merged
into one function that requires the caller to hold sched_lock.  This
fixes several places that unlocked sched_lock only to call a function
that then locked sched_lock, so even though sched_lock is now held
slightly longer, removing the extra lock acquires (1 pair instead of 3
in some cases) probably makes it an overall win if you don't include the
fact that it closes a race.  This is definitely a 5.4 candidate.

PR:		kern/79693
Submitted by:	Steven Sears stevenjsears at yahoo dot com
MFC after:	4 days
2005-04-14 06:30:32 +00:00
John Baldwin
33b5f5b7e0 Always use the local APIC timer, even on UP machines. 2005-04-14 05:56:17 +00:00
John Baldwin
c9ed75c153 If an I/O APIC returns 0xffffffff for its version register after we map it,
assume it is bogus and return NULL instead of trying to parse it as an
APIC.

Inspired by:	linux bug reports via njl
2005-04-14 05:55:34 +00:00
Peter Wemm
20984f2f04 rev 1.54 of i386/include/pcb.h depended on sys/proc.h. The prerequisite
was satisified for the rest of the kernel on the i386 build except for
these two files.  Rather than adding a submarine include to pcb.h, I've
added proc.h here.

I forgot to include these with the original commit. Sorry folks.
2005-04-14 05:25:40 +00:00
Matt Jacob
e3e16e9998 Make sure we look at the correct sub op codes when
deciding whether it's an operation we can perform
via the control device.

PR:		kern/72010
MFC after:	1 week
2005-04-14 04:51:18 +00:00