Commit Graph

125706 Commits

Author SHA1 Message Date
pjd
0495e43729 Set ses_ictx and ses_octx to NULL after freeing them, so we won't free
them twice.
This is possible for example in situation when session is used in
authentication context, then freed and then used in encryption context
and freed - in encryption context ses_ictx and ses_octx are not touched
at newsession time, but padlock_freesession could still try to free them
when they are not NULL.
2006-07-22 10:04:47 +00:00
gnn
ecb3559b0b Fix build breakage from previous commit which confused key_abort and key_close. 2006-07-22 09:18:02 +00:00
yar
1863844779 The month name in .Dd should be spelled in full.
Pointed out by:	ru
2006-07-22 07:23:46 +00:00
gnn
0228f1899a The KAME project ceased work on IPv6 and IPSec in March of 2006.
Remove the README file which warns against cosmetic or local only
changes.  FreeBSD committers should now feel free to work on the
IPv6 and IPSec code without fetters.  The KAME mailing lists still
exist and it is always a good idea to ask questions about this code
on the snap-users@kame.net mailing list.

Reviewed by:	rwatson, brooks
2006-07-22 02:32:32 +00:00
alc
b5b274360a Retire debug.mpsafevm. None of the architectures supported in CVS require
it any longer.
2006-07-21 23:22:49 +00:00
sobomax
9d70629cba Remove mention of the `W' flag, which has been turned to no-op by the
neworder change. Keep the option in a config file parser, to not
violate POLA.

MFC after:	2 weeks
2006-07-21 22:13:06 +00:00
jhb
e96f2e292b Regen. 2006-07-21 20:41:33 +00:00
jhb
8a1f79ab85 Clean up the svr4 socket cache and streams code some to make it more easily
locked.
- Move all the svr4 socket cache code into svr4_socket.c, specifically
  move svr4_delete_socket() over from streams.c.  Make the socket cache
  entry structure and svr4_head private to svr4_socket.c as a result.
- Add a mutex to protect the svr4 socket cache.
- Change svr4_find_socket() to copy the sockaddr_un struct into a
  caller-supplied sockaddr_un rather than giving the caller a pointer to
  our internal one.  This removes the one case where code outside of
  svr4_socket.c could access data in the cache.
- Add an eventhandler for process_exit and process_exec to purge the cache
  of any entries for the exiting or execing process.
- Add methods to init and destroy the socket cache and call them from the
  svr4 ABI module's event handler.
- Conditionally grab Giant around socreate() in streamsopen().
- Use fdclose() instead of inlining it in streamsopen() when handling
  socreate() failure.
- Only allocate a stream structure and attach it to a socket in
  streamsopen().  Previously, if a svr4 program performed a stream
  operation on an arbitrary socket not opened via the streams device,
  we would attach streams state data to it and change f_ops of the
  associated struct file while it was in use.  The latter was especially
  not safe, and if a program wants a stream object it should open it via
  the streams device anyway.
- Don't bother locking so_emuldata in the streams code now that we only
  touch it right after creating a socket (in streamsopen()) or when
  tearing it down when the file is closed.
- Remove D_NEEDGIANT from the streams device as it is no longer needed.
2006-07-21 20:40:13 +00:00
jhb
6370253bdc Add conditional VFS Giant locking to svr4_sys_fchroot() and mark it MPSAFE.
Also, call change_dir() instead of doing part of it inline (this now adds
a mac_check_vnode_chdir() call) to match fchdir() and call
mac_check_vnode_chroot() to match chroot().  Also, use the change_root()
function to do the actual change root to match chroot().

Reviewed by:	rwatson
2006-07-21 20:28:56 +00:00
jhb
480dbd17c4 Add a comment to explain what fdclose() does and what it's purpose is
since the subtlety eluded me when I looked at it last week.
2006-07-21 20:24:00 +00:00
jhb
675c87997e - Pass the MPSAFE flag to namei() in linux_uselib() and handle conditional
Giant VFS locking in that function.
- Remove bogus code to handle the case where namei() returns success but a
  NULL vnode pointer.
- Note that this code duplicates exec_check_permissions() and annotate
  where it differs.
- Hold the vnode lock longer to protect the write to set VV_TEXT in
  v_vflag.
- Mark linux_uselib() MPSAFE.

Reviewed by:	rwatson
2006-07-21 20:22:13 +00:00
imp
435ff541d8 If we get an error w/o atapi sense information, just print a newline
to terminate the message we started.  I get non-terminated messages
when reading audio tracks w/o this patch.
2006-07-21 19:13:05 +00:00
ume
636a28fc75 simplification in explore_numeric: unified the post-process with
GET_AI and GET_PORT.  Commented on an impossible case.

Obtained from:	KAME
MFC after:	1 week
2006-07-21 19:02:28 +00:00
ume
34bbbddd7e RFC3493 requires use of inet_aton for AF_INET.
Obtained from:	KAME
MFC after:	1 week
2006-07-21 19:00:22 +00:00
ume
9cc6e84d28 clean-up: rewrote explore_null and explore_numeric without using sentinel.
we do not need it since we make (at most) a single addrinfo entry in these
cases.

Obtained from:	KAME
MFC after:	1 week
2006-07-21 18:57:44 +00:00
ume
cd6fe37440 - draft-ietf-ipngwg-icmp-namelookups-09
- make it compilable

It still requires root privilege and is experimental.

Obtained from:	KAME
MFC after:	1 week
2006-07-21 18:55:51 +00:00
rwatson
720efebbba Change semantics of socket close and detach. Add a new protocol switch
function, pru_close, to notify protocols that the file descriptor or
other consumer of a socket is closing the socket.  pru_abort is now a
notification of close also, and no longer detaches.  pru_detach is no
longer used to notify of close, and will be called during socket
tear-down by sofree() when all references to a socket evaporate after
an earlier call to abort or close the socket.  This means detach is now
an unconditional teardown of a socket, whereas previously sockets could
persist after detach of the protocol retained a reference.

This faciliates sharing mutexes between layers of the network stack as
the mutex is required during the checking and removal of references at
the head of sofree().  With this change, pru_detach can now assume that
the mutex will no longer be required by the socket layer after
completion, whereas before this was not necessarily true.

Reviewed by:	gnn
2006-07-21 17:11:15 +00:00
yar
ec82ec19cb Touch document date (Dd). 2006-07-21 15:57:12 +00:00
yar
ed24981d4f Since Alpha support isn't in HEAD anymore, remove Alpha-specific
rc.conf(5) knobs, too: osf1_enable, unaligned_print.
2006-07-21 15:55:18 +00:00
cognet
bdb0150c3a Grr we also need to set -mbig-endian to LDFLAGS. Now I can build a
big-endian arm world.
2006-07-21 14:07:48 +00:00
mlaier
c5a85a2c6d Import from OpenBSD 1.168, dhartmei:
fix a bug in the input sanity check of DIOCCHANGERULE (not used by pfctl,
  but third-party tools). a rule must have a non-empty replacement address
  list when it's a translation rule but not an anchor call (i.e. "nat ...
  ->" needs a replacement address, but "nat-anchor ..." doesn't). the check
  confused "rule is an anchor call" with "rule is defined within an anchor".
  report from Michal Mertl, Max Laier.

Obtained from:	OpenBSD
MFC after:	2 weeks
2006-07-21 09:48:13 +00:00
delphij
288a78f756 The contents pointed by ssi_cables[] is never changed so explicitly
declare it as const char * instead of char *.

This change have no side impact to the code itself, and is a step
forward to WARNS=6 truss(1).
2006-07-21 08:45:00 +00:00
alc
d0e4b9565d Eliminate OBJ_WRITEABLE. It hasn't been used in a long time. 2006-07-21 06:40:29 +00:00
alc
51bab356f5 Implement pmap_clear_write().
Discussed with: cognet@
2006-07-20 23:26:22 +00:00
imp
b3351ab1a0 Remove ALPHA optimization pointer for gcc flags.
Add ARM optimization pointer for gcc flags.
2006-07-20 22:42:48 +00:00
cognet
ea2d06724d Oops LDFLAGS can be used to invoke gcc, so directly add -EB to {LD}. 2006-07-20 22:13:59 +00:00
cognet
65c1492ca1 Honor ARM_BIG_ENDIAN by adding -mbig-endian to CFLAGS and -EB to LDFLAGS if
it is defined.
2006-07-20 21:28:07 +00:00
cognet
83a16c4049 Fix ALT_BREAK_TO_DEBUGGER on the AT91 :
The core uart code expects the receive method to actually puts the
characters read into its buffers. For AT91, it's done in the ipend routine,
so also check if we have the alternate break sequence here.

MFC after:	3 days
2006-07-20 21:03:43 +00:00
jhb
70fe8b7279 Expand locking coverage slightly to cover if_drv_flags in a few places
where it wasn't locked.

MFC after:	3 days
Reviewed by:	davidch
2006-07-20 18:41:00 +00:00
alc
004ef88e09 Add pmap_clear_write() to the interface between the virtual memory
system's machine-dependent and machine-independent layers.  Once
pmap_clear_write() is implemented on all of our supported
architectures, I intend to replace all calls to pmap_page_protect() by
calls to pmap_clear_write().  Why?  Both the use and implementation of
pmap_page_protect() in our virtual memory system has subtle errors,
specifically, the management of execute permission is broken on some
architectures.  The "prot" argument to pmap_page_protect() should
behave differently from the "prot" argument to other pmap functions.
Instead of meaning, "give the specified access rights to all of the
physical page's mappings," it means "don't take away the specified
access rights from all of the physical page's mappings, but do take
away the ones that aren't specified."  However, owing to our i386
legacy, i.e., no support for no-execute rights, all but one invocation
of pmap_page_protect() specifies VM_PROT_READ only, when the intent
is, in fact, to remove only write permission.  Consequently, a
faithful implementation of pmap_page_protect(), e.g., ia64, would
remove execute permission as well as write permission.  On the other
hand, some architectures that support execute permission have
basically ignored whether or not VM_PROT_EXECUTE is passed to
pmap_page_protect(), e.g., amd64 and sparc64.  This change represents
the first step in replacing pmap_page_protect() by the less subtle
pmap_clear_write() that is already implemented on amd64, i386, and
sparc64.

Discussed with: grehan@ and marcel@
2006-07-20 17:48:41 +00:00
flz
146016a7bb - Remove hardcoded /etc/ntp.conf configuration file from ntpdate rc.d script
and replace it with a new ntpdate_config variable.
- Document it in defaults/rc.conf and rc.conf.5.
- Document ntpdate_hosts in defaults/rc.conf.

Requested by:	Chris Timmons <cwt@networks.cwu.edu>
Approved by:	cperciva (mentor, implicit)
MFC after:	1 week
2006-07-20 10:07:34 +00:00
stefanf
7d273f1844 Convert macros to use C99's syntax for macros with a variable number of
arguments.
2006-07-20 09:47:15 +00:00
stefanf
42f73871a9 Remove unused variables. 2006-07-20 09:38:46 +00:00
stefanf
372c92d219 Don't use "implicit int". Move the opening { of the functions to the next
line while there.
2006-07-20 09:11:08 +00:00
yongari
df16853b7f Since resetting hardware takes a very long time and results in link
renegotiation, we only initialize the hardware only when it is
absolutely required. Process SIOCGIFADDR ioctl in em(4) when we know
an IPv4 address is added. Handling SIOCGIFADDR in a driver is
layering violation but it seems that there is no easy way without
rewritting hardware initialization code to reduce settle time after
reset.

This should fix a long standing bug which didn't send ARP packet when
interface address is changed or an alias address is added. Another
effect of this fix is it doesn't need additional delays anymore when
adding an alias address to the interface.
While I'm here add a new if_flags into softc which remembers current
prgroammed interface flags and make use of it when we have to program
promiscuous mode.

Tested by:	Atanas <atanas AT asd DOT aplus DOT net>
Analyzed by:	rwatson
Discussed with:	-stable
2006-07-20 04:18:45 +00:00
yongari
4865b8aa7c Protect EEPROM access with the driver lock. 2006-07-20 04:01:54 +00:00
yongari
fd96b482f1 Honor IFF_DRV_OACTIVE in em_start_locked(). 2006-07-20 03:57:58 +00:00
jhb
0c5c6f316e Regen. 2006-07-19 19:03:21 +00:00
jhb
1dccc9f17a Add conditional VFS Giant locking to svr4_sys_resolvepath() and mark it
MPSAFE.
2006-07-19 19:03:03 +00:00
jhb
3d1ab82c48 Make svr4_sys_waitsys() a lot less ugly and mark it MPSAFE.
- If the WNOWAIT flag isn't specified and either of WEXITED or WTRAPPED is
  set, then just call kern_wait() and let it do all the work.  This means
  that this function no longer has to duplicate the work to teardown
  zombies that is done in kern_wait().  Instead, if the above conditions
  aren't true, then it uses a simpler loop to implement WNOWAIT and/or
  tracing for only stopped or continued processes.  This function still
  has to duplicate code from kern_wait() for the latter two cases, but
  those are much simpler.
- Sync the code to handle the WCONTINUED and WSTOPPED cases with the
  equivalent code in kern_wait().
- Fix several places that would return with the proctree lock still held.
- Lock the current process to prevent lost wakeup races when blocking.
2006-07-19 19:01:10 +00:00
jhb
70424c0f30 Add a mutex to protect the list of interrupt config hooks. We do assume
that the only remove hook operation that can occur while processing the
hooks is to remove the currently executing hook.  This should be safe as
the existing code has assumed this already for a long time now.

Reviewed by:	scottl
MFC after:	1 week
2006-07-19 18:53:56 +00:00
jhb
7863d70730 Whitespace fix after s/dev_t/struct cdev */. 2006-07-19 18:52:33 +00:00
jhb
5ee36b60d1 Call change_dir() instead of duplicating the code in fchdir(). 2006-07-19 18:30:33 +00:00
jhb
947b8c9fbd Don't free the sockaddr in kern_bind() and kern_connect() as not all
callers pass a sockaddr allocated via malloc() from M_SONAME anymore.
Instead, free it in the callers when necessary.
2006-07-19 18:28:52 +00:00
jhb
de5f3a26d7 Disable the pager for 'panic' and 'call' to be paranoid. 2006-07-19 18:26:53 +00:00
jhb
35822ba820 Initialize svr4_head during MOD_LOAD rather than on demand. 2006-07-19 18:26:09 +00:00
mr
d4972b28e6 Reflect the additional support of C7 CPU's in padlock(4).
Submitted by:	brueffer
MFC after:	1 day
2006-07-19 16:31:09 +00:00
rwatson
8ccc47a963 Add a test case for closing a UDPv6 socket that has been connected to
the IPv6 loopback address.

Warns ?= 2.
2006-07-19 12:54:14 +00:00
rwatson
42d0cba86a Add very basic regression test for netinet6: create and close raw,
UDP, and TCP IPv6 sockets.
2006-07-19 12:10:33 +00:00
nyan
62b2a75f53 The pcn does not work on NEC SV-98/2-B05 and B06.
Submitted by:	Chiharu Shibata
MFC after:	3 days
2006-07-19 11:49:22 +00:00