Commit Graph

4672 Commits

Author SHA1 Message Date
Max Laier
240589a9fe Work around a long standing LOR with user/group rules by doing the socket
lookup early.  This has some performance implications and should not be
enabled by default, but might help greatly in certain setups.  After some
more testing this could be turned into a sysctl.

Tested by:	avatar
LOR ids:	17, 24, 32, 46, 191 (conceptual)
MFC after:	6 weeks
2006-12-29 13:59:03 +00:00
Gleb Smirnoff
9e6f1d3be4 Build bits for ng_deflate(4) and ng_pred1(4). 2006-12-29 13:16:43 +00:00
Robert Watson
224a974b9b Break contents of kern_mac.c out into two files following a repo-copy:
mac_framework.c   Contains basic MAC Framework functions, policy
                  registration, sysinits, etc.

mac_syscalls.c    Contains implementations of various MAC system calls,
                  including ENOSYS stubs when compiling without options
                  MAC.

Obtained from:	TrustedBSD Project
2006-12-28 20:52:02 +00:00
Robert Watson
6c5b167508 Connect vfs_extattr.c to build by default. 2006-12-23 00:11:02 +00:00
Kip Macy
8588e15be6 build new mdesc file 2006-12-18 07:26:35 +00:00
Matt Jacob
2c298b17e3 opt_ah.h ends up copied into a kernelcompile directory in some
aches as a read-only file. In a number of cases this has led to
compiles failing- usually due to some strange NFS drift which thinks
that the opt_ah.h in the compile directory is out of date wrt the
source it is copied from. When the copy is executed again, it fails
because the target is read-only. Oops. Modify the compile hooks
avoid this.

Discussed with a while back with:	Sam Leffler
2006-12-18 05:45:23 +00:00
Matt Jacob
786da2bbd0 spelling nit 2006-12-18 05:42:33 +00:00
Pyun YongHyeon
c9d21ce905 Hook up msk(4) to the build. 2006-12-13 02:37:48 +00:00
Matt Jacob
f9fbd1a4bc Make MAXPHYS and DFLTPHYS options (finally). 2006-12-10 04:23:23 +00:00
Warner Losh
600313b16e As Bernd Walter points out, the rlphy is used for more things than
just the intenral phy on parts supported by the rl and re drivers, the
RTL8201BL for example.  He also sent me a nice picture of hundreds of
these chips in a tray to boulder his claim.  :-) Therefore remove a
comment that suggested that they were...
2006-12-10 01:10:08 +00:00
Sam Leffler
7a3ac16ec2 fls was missing
MFC after:	1 week
2006-11-30 06:17:54 +00:00
John Birrell
e0b651251d Turn console printf buffering into a kernel option and only on
by default for sun4v where it is absolutely required.

This change moves the buffer from struct pcpu to the stack to avoid
using the critical section which created a LOR in a couple of cases
due to interaction with the tty code and kqueue. The LOR can't be
fixed with the critical section and the pcpu buffer can't be used
without the critical section.

Putting the buffer on the stack was my initial solution, but it was
pointed out that the stress on the stack might cause problems
depending on the call path. We don't have a way of creating tests
for those possible cases, so it's best to leave this as an option
for the time being. In time we may get enough data to enable this
option more generally.
2006-11-30 04:17:05 +00:00
Warner Losh
fcf50d482e Build glue for at45d flash support. 2006-11-29 08:08:30 +00:00
Kip Macy
f592bb74a5 Fix module loading for sparc on machines with greater than 1GB of RAM
t1# uname -m
sparc64
t1# sysctl hw.physmem
hw.physmem: 17150509056
t1# kldload reiserfs
t1# kldstat
Id Refs Address            Size     Name
 1    3 0xc0000000 58cc38   kernel
 2    1 0xcbe70000 234000   xfs.ko
 3    1 0xcc0b6000 110000   reiserfs.ko
2006-11-26 23:16:46 +00:00
Sam Leffler
74828f25db device-independent implementation of AMRR tx rate control algorithm
Obtained from:	openbsd (w/ mods)
MFC after:	1 month
2006-11-26 19:55:26 +00:00
Kip Macy
ac39496f20 move CDDL licensed machine description support routine files to cddl directory
update files.sun4v accordingly
2006-11-24 01:56:46 +00:00
John Birrell
d5768a7a5b Remove the KDTRACE option because I can't implement it the
way I intended due to licensing restrictions. I had intended
that it would be defaulted on, with opt-out possible for
companies that don't accept the CDDL. The FreeBSD GENERIC
kernel has to be entirely BSD licensed, so the only alternative
would have been to make KDTRACE an opt-in option. That isn't
a design I favour.
2006-11-21 08:23:20 +00:00
Sam Leffler
5186f9ffb9 add CPU_XSCALE_IXP425
Reviewed by:	cognet, imp
MFC after:	1 month
2006-11-19 23:56:44 +00:00
Sam Leffler
9dbf796c4e hookup ad7418 and ds1672 drivers
MFC after:	1 month
2006-11-19 23:43:29 +00:00
Kip Macy
fda40eb204 Remove two more duplicated files
Reviewed by: jb (mentor is rwatson)
2006-11-18 07:24:56 +00:00
Kip Macy
1eea142b6f remove 13 (largely) redundant files and switch to the sparc64/sparc64 version
Reviewed by: jb (mentor rwatson)
2006-11-18 07:10:52 +00:00
Maxim Konovalov
9aab0d96da o Add uark(4), a driver for Arkmicro Technologies ARK3116 based serial
adapters.

Submitted by:	Alex Rodin
Obtained from:	OpenBSD
Reviewed by:	-usb
MFC after:	6 weeks
2006-11-15 09:13:25 +00:00
Ruslan Ermilov
dfc67ec476 Unbreak pc98. 2006-11-14 14:28:09 +00:00
John Baldwin
4184900911 MD support for PCI Message Signalled Interrupts on amd64 and i386:
- Add a new apic_alloc_vectors() method to the local APIC support code
  to allocate N contiguous IDT vectors (aligned on a M >= N boundary).
  This function is used to allocate IDT vectors for a group of MSI
  messages.
- Add MSI and MSI-X PICs.  The PIC code here provides methods to manage
  edge-triggered MSI messages as x86 interrupt sources.  In addition to
  the PIC methods, msi.c also includes methods to allocate and release
  MSI and MSI-X messages.  For x86, we allow for up to 128 different
  MSI IRQs starting at IRQ 256 (IRQs 0-15 are reserved for ISA IRQs,
  16-254 for APIC PCI IRQs, and IRQ 255 is reserved).
- Add pcib_(alloc|release)_msi[x]() methods to the MD x86 PCI bridge
  drivers to bubble the request up to the nexus driver.
- Add pcib_(alloc|release)_msi[x]() methods to the x86 nexus drivers that
  ask the MSI PIC code to allocate resources and IDT vectors.

MFC after:	2 months
2006-11-13 22:23:34 +00:00
Kip Macy
f719846d36 Add time-of-day support to sun4v 2006-11-13 01:02:18 +00:00
Ruslan Ermilov
cf31ff2692 More MUTEX_PROFILING -> LOCK_PROFILING. 2006-11-11 23:37:52 +00:00
Tom Rhodes
6aeb05d7be Merge posix4/* into normal kernel hierarchy.
Reviewed by:	glanced at by jhb
Approved by:	silence on -arch@ and -standards@
2006-11-11 16:26:58 +00:00
Kip Macy
07dba9373e fix tinderbox 2006-11-11 05:35:39 +00:00
Kip Macy
7c0435b933 MUTEX_PROFILING has been generalized to LOCK_PROFILING. We now profile
wait (time waited to acquire) and hold times for *all* kernel locks. If
the architecture has a system synchronized TSC, the profiling code will
use that - thereby minimizing profiling overhead. Large chunks of profiling
code have been moved out of line, the overhead measured on the T1 for when
it is compiled in but not enabled is < 1%.

Approved by: scottl (standing in for mentor rwatson)
Reviewed by: des and jhb
2006-11-11 03:18:07 +00:00
Ruslan Ermilov
13039ada97 The NETSMBCRYPTO option has long gone. 2006-11-08 21:45:45 +00:00
Sam Leffler
4c2511374b add missing bits for crypto support
MFC after:	1 week
2006-11-08 20:51:01 +00:00
Robert Watson
800c940832 Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials.  Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed.  Two interfaces are provided, replacing the
existing suser(9) interface:

suser(td)                 ->   priv_check(td, priv)
suser_cred(cred, flags)   ->   priv_check_cred(cred, priv, flags)

A comprehensive list of currently available kernel privileges may be
found in priv.h.  New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.

The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag.  For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail.  As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.

The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.

The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated.  The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.

This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.

Sponsored by:		nCircle Network Security, Inc.
Obtained from:		TrustedBSD Project
Discussed on:		arch@
Reviewed (at least in part) by:	mlaier, jmg, pjd, bde, ceri,
			Alex Lyashkov <umka at sevcity dot net>,
			Skip Ford <skip dot ford at verizon dot net>,
			Antoine Brodin <antoine dot brodin at laposte dot net>
2006-11-06 13:37:19 +00:00
Ruslan Ermilov
9d1a95cd55 Nitpicking. 2006-11-03 21:09:03 +00:00
Randall Stewart
f8829a4a40 Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0

So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.

I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)

There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..

If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)

Reviewed by:	gnn
Approved by:	gnn
2006-11-03 15:23:16 +00:00
Matt Jacob
bd3fd815a7 2nd and final commit that moves us to CAM_NEW_TRAN_CODE
as the default.

Reviewed by multitudes.
2006-11-02 00:54:38 +00:00
Marius Strobl
65deb9d947 - In sunkbd_probe_keyboard() don't bother to determine the keyboard layout
as we have no use for that info. Instead let this function return the
  keyboard ID and verify at its invocation in sunkbd_configure() that we're
  talking to a Sun type 4/5/6 keyboard, i.e. a keyboard supported by this
  driver.
- Add an option SUNKBD_EMULATE_ATKBD whose code is based on the respective
  code in ukbd(4) and like UKBD_EMULATE_ATSCANCODE causes this driver to
  emit AT keyboard/KB_101 compatible scan codes in K_RAW mode as assumed by
  kbdmux(4). Unlike UKBD_EMULATE_ATSCANCODE, SUNKBD_EMULATE_ATKBD also
  triggers the use of AT keyboard maps and thus allows to use the map files
  in share/syscons/keymaps with this driver at the cost of an additional
  translation (in ukbd(4) this just is the way of operation).
- Implement an option SUNKBD_DFLT_KEYMAP, which like the equivalent options
  of the other keyboard drivers allows to specify the default in-kernel
  keyboard map. For obvious reasons this made to only work when also using
  SUNKBD_EMULATE_ATKBD.
- Implement sunkbd_check(), sunkbd_check_char() and sunkbd_clear_state(),
  which are also required for interoperability with kbdmux(4).
- Implement K_CODE mode and FreeBSD keypad compose.
- As a minor hack define KBD_DFLT_KEYMAP also in the !SUNKBD_EMULATE_ATKBD
  case so we can obtain fkey_tab from <dev/kbd/kbdtables.h> rather than
  having to duplicate it and #ifdef some more code.
- Don't use the TX-buffer for writing the two command bytes for setting the
  keyboard LEDs as this consequently requires a hardware FIFO that is at
  least two bytes in depth, which the NMOS-variant of the Zilog SCCs doesn't
  have. Thus use an inlined version of uart_putc() to consecutively write
  the command bytes (a cleaner approach would be to do this via the soft
  interrupt handler but that variant wouldn't work while in ddb(4)). [1]
- Fix some minor style(9) bugs.

PR:		90316 [1]
Reviewed by:	marcel [1]
2006-11-02 00:01:15 +00:00
Pawel Jakub Dawidek
f348204c94 Hook up gjournal bits to the build.
Sponsored by:	home.pl
2006-10-31 22:22:30 +00:00
Takanori Watanabe
1cc5605910 Add conf file entries for acpi_aiboost drivers. 2006-10-30 05:51:54 +00:00
Alexander Leidinger
3680a41902 Backout the linux aio stuff. Several problems where identified and the
dynamic nature (if no native aio code is available, the linux part
returns ENOSYS because of missing requisites) should be solved differently
than it is.

All this will be done in P4.

Not included in this commit is a backout of the changes to the native aio
code (removing static in some places). Those changes (and some more) will
also be needed when the reworked linux aio stuff will reenter the tree.

Requested by:	rwatson
Discussed with:	rwatson
2006-10-29 14:02:39 +00:00
Ruslan Ermilov
a10892b064 MF kmod.mk 1.176: Properly handle vnode_if.h dependencies.
Instructed by:	bde
2006-10-26 19:04:20 +00:00
Bruce Evans
dc8ccf95a8 Fixed high resolution profiling on arches that support it (amd64 and
i386).  Use -mprofiler-epilogue again, and don't use -finstrument-functions.
The former has been fixed for arches that implement high-res profiling,
and the latter has been useless for kernel profiling since gcc-3.4
when it started forcing -fno-inline.  -fno-inline gives a kernel with
performance characteristics too different from a normal kernel to be
worth profiling, by turning off inlining of all the little optimized
functions in headers.  This interacts especially badly with FreeBSD's
use of "static inline" for all inlines in headers, by creating many
separate copies of the little functions, so not inlining tends to
increase cache pressure where it should reduce it, and (since gprof(1)
doesn't understand the copies) the statistics for the little functions
are hard to interpret even if you want them.
2006-10-26 15:16:43 +00:00
Bruce Evans
1dcf308b1e Reduced the ifdef tangle for profiling by moving the unreachable
never-working parts for icc to the attic.

Fixed some nearby style bugs.
2006-10-26 11:53:25 +00:00
Ruslan Ermilov
837f167eb2 Move "device splash" back to MI NOTES and "files", it's MI. 2006-10-23 13:23:14 +00:00
Ruslan Ermilov
663cf7fed2 Move MI parts of syscons into MI "files". 2006-10-23 13:05:01 +00:00
Dag-Erling Smørgrav
905e8b430a Re-add screen savers, which I removed by mistake.
Noticed by:	ru
2006-10-23 08:38:42 +00:00
Poul-Henning Kamp
b39be1b35c Add two new functions to convert FAT filesystem format timestamps
to and from struct timespec, to replace the crummy conversion
function which have been copy&pasted into three different
filesystems already.

Apart from general crummyness as indicated by code like:

	for (year = 1970;; year++) {
		inc = year & 0x03 ? 365 : 366;
		if (days < inc)
			break;
		days -= inc;
	}

They also contain specialized crummyness which tries to compensate
for the general crummyness by caching recent conversion results,
with no regard for locking or consistency.

These replacement functions are smaller, O(1) and handle the Y2.1K
leap-year correctly.

Ideally, these functions should live in a module of their own,
which the three offending filesystems would depend on, but the
size is 877 bytes of code (on i386), so that would be false
economy.
2006-10-22 18:19:08 +00:00
Scott Long
66e0fb91cc Fix whitespace 2006-10-21 04:13:20 +00:00
Dag-Erling Smørgrav
c43ac89acc Move more MD devices and options out of MI NOTES. 2006-10-20 09:52:27 +00:00
Dag-Erling Smørgrav
c276283866 The VGA_DEBUG option only exists on {amd64,i386,ia64}.
Also remove 'device io' from amd64 NOTES; DEFAULTS takes care of it.
2006-10-20 08:56:26 +00:00
Warner Losh
32c3bb77fa Sort MFILES list
Noticed by: ru@
2006-10-20 07:31:15 +00:00