58680 Commits

Author SHA1 Message Date
Robert Watson
130d0157d1 o Introduce a new system call, __setsugid(), which allows a process to
toggle the P_SUGID bit explicitly, rather than relying on it being
  set implicitly by other protection and credential logic.  This feature
  is introduced to support inter-process authorization regression testing
  by simplifying userland credential management allowing the easy
  isolation and reproduction of authorization events with specific
  security contexts.  This feature is enabled only by "options REGRESSION"
  and is not intended to be used by applications.  While the feature is
  not known to introduce security vulnerabilities, it does allow
  processes to enter previously inaccessible parts of the credential
  state machine, and is therefore disabled by default.  It may not
  constitute a risk, and therefore in the future pending further analysis
  (and appropriate need) may become a published interface.

Obtained from:	TrustedBSD Project
2001-04-11 20:20:40 +00:00
Warner Losh
e5eac10b13 Add #define for IBM3765.
Fix SWAMPBOX.  It had actiontec's ID.
Reorder pnpids so they are in alphabetical order.
2001-04-11 20:18:29 +00:00
Robert Watson
0b5438c6d1 o Introduce "options REGRESSION", a kernel option which enables
interfaces and functionality intended for use during correctness and
  regression testing.  Features enabled by "options REGRESSION" may
  in and of themselves introduce security or correctness problems if
  used improperly, and so are not intended for use in production
  systems, only in testing environments.

Obtained from:	TrustedBSD Project
2001-04-11 19:29:24 +00:00
John Baldwin
7b531e6037 Stick proc0 in the PID hash table. 2001-04-11 18:50:50 +00:00
Robert Watson
274f7445fd o First pass at an inter-process authorization regression testing suite.
This test utility attempts to evaluate the current kernel policy
  for authorization inter-process activities, currently ptrace(),
  kill(, SIGHUP), getpriority(), and setpriority().  The utility creates
  pairs of processes, initializes their credential sets to useful
  cases, and reports on whether the results are in keeping with hard-coded
  safety expectations.

o Currently, this utility relies on the availability of __setugid(),
  an uncomitted system call used for managing the P_SUGID bit.  Due to
  continuing discussion of optional regression testing kernel components
  ("options REGRESSION") I'll hold off on committing that until the
  discussion has reached its natural termination.

o A number of additional testing factors should be taken into account
  in the testing, including tests for different classes of signals,
  interactions with process session characteristics, I/O signalling,
  broadcast activities such as broadcast signalling, mass priority
  setting, and to take into group-related aspects of credentials.
  Additional operations should also be taken into account, such as ktrace,
  debugging attach using procfs, and so on.

o This testing suite is intended to prevent the introduction of bugs
  in the upcoming sets of authorization changes associated with the
  introduction of process capabilities and mandatory access control.

Obtained from: TrustedBSD Project
2001-04-11 17:21:14 +00:00
John Baldwin
2fea957dc5 Rename the IPI API from smp_ipi_* to ipi_* since the smp_ prefix is just
"redundant noise" and to match the IPI constant namespace (IPI_*).

Requested by:	bde
2001-04-11 17:06:02 +00:00
Bruce A. Mah
ee13a06d5e New release notes: vidcontrol(1) update (submitted by sobomax).
Modified release notes:  Note MFC of gcc-2.95.3, libreadline 4.2.

Clarify Maestro-3/Allegro driver loading issues (submitted by scottl).
2001-04-11 16:23:58 +00:00
John Baldwin
45fdf62519 Parse the various argument registers in the printtrap() function so that
one doesn't have to go grab a reference manual to decode them by hand every
time the alpha kernel falls over.

Reviewed by:	drew, -alpha
2001-04-11 16:20:11 +00:00
David E. O'Brien
5e4c98b1a6 The internal declaration for tilde_expand() now conflicts with the one
that was finally added to the readline headers in readline 4.2.

Submitted by:	ache
2001-04-11 16:15:19 +00:00
Boris Popov
bc9243be52 Add forgotten files for NETSMBCRYPTO option (may be DES based encryption
should be enabled by default, not sure).
2001-04-11 09:20:33 +00:00
Boris Popov
6c9f45bdde Actually install include/fs/smbfs and include/netsmb directories. 2001-04-11 09:00:09 +00:00
Warner Losh
80914f7e42 Add O2Micro's OZ6872 Cardbus bridge.
Submitted by: Robert Sexton <robert@kudra.com>
2001-04-11 06:40:35 +00:00
David E. O'Brien
af9fb623c7 Missed one in rev 1.608. 2001-04-11 06:16:52 +00:00
Andrey A. Chernov
7b8ab0d8c9 Upgrade for readline 4.2 2001-04-11 04:27:10 +00:00
Andrey A. Chernov
c8f896e658 Remove conflicting readline prototype 2001-04-11 04:07:38 +00:00
Andrey A. Chernov
74874d04e1 Upgrade to 4.2 2001-04-11 03:49:54 +00:00
Andrey A. Chernov
a39df769f3 Merge local changes 2001-04-11 03:15:56 +00:00
Andrey A. Chernov
3be056262b This commit was generated by cvs2svn to compensate for changes in r75406,
which included commits to RCS files with non-trunk default branches.
2001-04-11 02:33:07 +00:00
Andrey A. Chernov
fb21882ffc v4.2 initial import 2001-04-11 02:33:07 +00:00
David E. O'Brien
2eeee21d52 Properly set `KERNEL' w/in the "doSTDKERNEL:" target.
Reviewed by:	jhb
2001-04-11 02:21:13 +00:00
Chris D. Faulhaber
fb1af1f2bf Correct the following defines to match the POSIX.1e spec:
ACL_PERM_EXEC  -> ACL_EXECUTE
  ACL_PERM_READ  -> ACL_READ
  ACL_PERM_WRITE -> ACL_WRITE

Obtained from:	TrustedBSD
2001-04-11 02:19:01 +00:00
Murray Stokely
5551534696 Source rc.conf so that named.restart can restart named with the correct
flags.

PR:		misc/25049
Submitted by:	Richard Roderick <richard@gohome.net>
2001-04-11 02:12:14 +00:00
Peter Wemm
9d10eb0c0c Create debug.hashstat.[raw]nchash and debug.hashstat.[raw]nfsnode to
enable easy access to the hash chain stats.  The raw prefixed versions
dump an integer array to userland with the chain lengths.  This cheats
and calls it an array of 'struct int' rather than 'int' or sysctl -a
faithfully dumps out the 128K array on an average machine.  The non-raw
versions return 4 integers: count, number of chains used, maximum chain
length, and percentage utilization (fixed point, multiplied by 100).
The raw forms are more useful for analyzing the hash distribution, while
the other form can be read easily by humans and stats loggers.
2001-04-11 00:39:20 +00:00
Ian Dowse
ba33efd92c Fix a typo relating to the "-U" (force UDP for mount protocol)
option. When specified, make sure to use the correct netid for the
getnetconfigent() call, and also in error messages.
2001-04-11 00:21:16 +00:00
David E. O'Brien
370d222b7f Remove MIPS support.
It has rotted quite badly and no one has provided updates for it.
2001-04-11 00:12:48 +00:00
David E. O'Brien
907ca3853b Removed these old 2.9.x files. 2001-04-10 23:53:32 +00:00
Brian Somers
c42584e853 o The -s limit is ARG_MAX - 4K, not ARG_MAX - 2K.
o Mention that the current environment is part of the -s calculation.
o Add a BUGS section that warns against executing a program that increases
  the size of the argument list or the size of the environment.

  I have wondered for a while what the difference is between

    get a big list | xargs sudo command

  which fails and

    get a big list | sudo xargs command

  which succeeds.  The answer is that in the first case, sudo expands
  the environment and pushes the amount of data passed into execve over
  the E2BIG threshold.
2001-04-10 23:16:55 +00:00
John Baldwin
5f76d89870 Remove constants defining the bitmasks of the old giant kernel lock. 2001-04-10 22:22:01 +00:00
John Baldwin
8f3b4b873c Remove the old APIC I/O higher level IPI API in favor of the newer MI
API for IPI's that isn't tied to the Intel APIC.  MD code can still use
the apic_ipi() function or dink with the apic directly if needed to send
MD IPI's.
2001-04-10 22:18:21 +00:00
John Baldwin
3e6b5668b4 Catch up to the dirpref changes by copying new fields in the alternate
superblock from the original superblock so that differences in those new
fields are ignored.
2001-04-10 22:11:01 +00:00
Ian Dowse
317d5933d4 Split out all the RPC code into a separate function and address a
number of issues:

- Fix background mounts; these were broken in revision 1.40.
- Don't give up before trying all addresses returned by getaddrinfo().
- Use protocol-independent routines where possible.
- Improve error reporting for RPC errors.
- In non-background mode, give up after trying all protocols once.
- Use daemon(3) instead of rolling our own version.
- Never go ahead with the mount() syscall until we have received
  a reply from the remote nfsd; this is especially important with
  non-interruptible mounts, as otherwise a mistyped command might
  require a reboot to correct.

Reviewed by:	alfred, Martin Blapp <mb@imp.ch>
2001-04-10 22:05:47 +00:00
John Baldwin
ca7ef17c08 Remove the BETTER_CLOCK #ifdef's. The code is on by default and is here
to stay for the foreseeable future.

OK'd by:	peter (the idea)
2001-04-10 21:34:13 +00:00
John Baldwin
6a0fa9a023 Add an MI API for sending IPI's. I used the same API present on the alpha
because:
 - it used a better namespace (smp_ipi_* rather than *_ipi),
 - it used better constant names for the IPI's (IPI_* rather than
   X*_OFFSET), and
 - this API also somewhat exists for both alpha and ia64 already.
2001-04-10 21:04:32 +00:00
John Baldwin
43ede6218e NOBLOCKRANDOM doesn't exist anymore as a kernel option. 2001-04-10 19:01:30 +00:00
Bruce A. Mah
ce59954505 New release notes: FFS dirpref speedup, GNATS 3.113, BSDPAN. 2001-04-10 17:06:50 +00:00
Ruslan Ermilov
a8209d83f8 psroff(1) has never been a part of Groff. 2001-04-10 17:04:31 +00:00
Ruslan Ermilov
7e3ba257a8 vnconfig(8) -> mdconfig(8). 2001-04-10 16:29:41 +00:00
Ruslan Ermilov
9e3b28a80f vnconfig(8) -> mdconfig(8).
Reviewed by:	phk
2001-04-10 16:15:01 +00:00
George C A Reid
e572fcd463 Add another card to the list of Neomagic 256AV's which don't have AC97
codecs. Also, add some additional code to check for future cards without
this feature - attempting to initialise them as AC97 cards will hang the
machine.

PR:		26427
Reviewed by:	cg
2001-04-10 14:28:21 +00:00
Cameron Grant
f72b6281c2 lock the mutex, not the softc pointer. 2001-04-10 13:52:26 +00:00
Nik Clayton
044479f5ad Add information about the new options to newfs and tunefs which set the
expected average file size and number of files per directory.  Could do
with some fleshing out.
2001-04-10 10:36:44 +00:00
David E. O'Brien
adbed65dd2 Correct some cut-n-paste errors. Also embellish the UP1100 a little. 2001-04-10 10:35:29 +00:00
Kirk McKusick
a61ab64ac4 Directory layout preference improvements from Grigoriy Orlov <gluk@ptci.ru>.
His description of the problem and solution follow. My own tests show
speedups on typical filesystem intensive workloads of 5% to 12% which
is very impressive considering the small amount of code change involved.

------

  One day I noticed that some file operations run much faster on
small file systems then on big ones. I've looked at the ffs
algorithms, thought about them, and redesigned the dirpref algorithm.

  First I want to describe the results of my tests. These results are old
and I have improved the algorithm after these tests were done. Nevertheless
they show how big the perfomance speedup may be. I have done two file/directory
intensive tests on a two OpenBSD systems with old and new dirpref algorithm.
The first test is "tar -xzf ports.tar.gz", the second is "rm -rf ports".
The ports.tar.gz file is the ports collection from the OpenBSD 2.8 release.
It contains 6596 directories and 13868 files. The test systems are:

1. Celeron-450, 128Mb, two IDE drives, the system at wd0, file system for
   test is at wd1. Size of test file system is 8 Gb, number of cg=991,
   size of cg is 8m, block size = 8k, fragment size = 1k OpenBSD-current
   from Dec 2000 with BUFCACHEPERCENT=35

2. PIII-600, 128Mb, two IBM DTLA-307045 IDE drives at i815e, the system
   at wd0, file system for test is at wd1. Size of test file system is 40 Gb,
   number of cg=5324, size of cg is 8m, block size = 8k, fragment size = 1k
   OpenBSD-current from Dec 2000 with BUFCACHEPERCENT=50

You can get more info about the test systems and methods at:
http://www.ptci.ru/gluk/dirpref/old/dirpref.html

                              Test Results

             tar -xzf ports.tar.gz               rm -rf ports
  mode  old dirpref new dirpref speedup old dirprefnew dirpref speedup
                             First system
 normal     667         472      1.41       477        331       1.44
 async      285         144      1.98       130         14       9.29
 sync       768         616      1.25       477        334       1.43
 softdep    413         252      1.64       241         38       6.34
                             Second system
 normal     329         81       4.06       263.5       93.5     2.81
 async      302         25.7    11.75       112          2.26   49.56
 sync       281         57.0     4.93       263         90.5     2.9
 softdep    341         40.6     8.4        284          4.76   59.66

"old dirpref" and "new dirpref" columns give a test time in seconds.
speedup - speed increasement in times, ie. old dirpref / new dirpref.

------

Algorithm description

The old dirpref algorithm is described in comments:

/*
 * Find a cylinder to place a directory.
 *
 * The policy implemented by this algorithm is to select from
 * among those cylinder groups with above the average number of
 * free inodes, the one with the smallest number of directories.
 */

A new directory is allocated in a different cylinder groups than its
parent directory resulting in a directory tree that is spreaded across
all the cylinder groups. This spreading out results in a non-optimal
access to the directories and files. When we have a small filesystem
it is not a problem but when the filesystem is big then perfomance
degradation becomes very apparent.

What I mean by a big file system ?

  1. A big filesystem is a filesystem which occupy 20-30 or more percent
     of total drive space, i.e. first and last cylinder are physically
     located relatively far from each other.
  2. It has a relatively large number of cylinder groups, for example
     more cylinder groups than 50% of the buffers in the buffer cache.

The first results in long access times, while the second results in
many buffers being used by metadata operations. Such operations use
cylinder group blocks and on-disk inode blocks. The cylinder group
block (fs->fs_cblkno) contains struct cg, inode and block bit maps.
It is 2k in size for the default filesystem parameters. If new and
parent directories are located in different cylinder groups then the
system performs more input/output operations and uses more buffers.
On filesystems with many cylinder groups, lots of cache buffers are
used for metadata operations.

My solution for this problem is very simple. I allocate many directories
in one cylinder group. I also do some things, so that the new allocation
method does not cause excessive fragmentation and all directory inodes
will not be located at a location far from its file's inodes and data.
The algorithm is:
/*
 * Find a cylinder group to place a directory.
 *
 * The policy implemented by this algorithm is to allocate a
 * directory inode in the same cylinder group as its parent
 * directory, but also to reserve space for its files inodes
 * and data. Restrict the number of directories which may be
 * allocated one after another in the same cylinder group
 * without intervening allocation of files.
 *
 * If we allocate a first level directory then force allocation
 * in another cylinder group.
 */

  My early versions of dirpref give me a good results for a wide range of
file operations and different filesystem capacities except one case:
those applications that create their entire directory structure first
and only later fill this structure with files.

  My solution for such and similar cases is to limit a number of
directories which may be created one after another in the same cylinder
group without intervening file creations. For this purpose, I allocate
an array of counters at mount time. This array is linked to the superblock
fs->fs_contigdirs[cg]. Each time a directory is created the counter
increases and each time a file is created the counter decreases. A 60Gb
filesystem with 8mb/cg requires 10kb of memory for the counters array.

  The maxcontigdirs is a maximum number of directories which may be created
without an intervening file creation. I found in my tests that the best
performance occurs when I restrict the number of directories in one cylinder
group such that all its files may be located in the same cylinder group.
There may be some deterioration in performance if all the file inodes
are in the same cylinder group as its containing directory, but their
data partially resides in a different cylinder group. The maxcontigdirs
value is calculated to try to prevent this condition. Since there is
no way to know how many files and directories will be allocated later
I added two optimization parameters in superblock/tunefs. They are:

        int32_t  fs_avgfilesize;   /* expected average file size */
        int32_t  fs_avgfpdir;      /* expected # of files per directory */

These parameters have reasonable defaults but may be tweeked for special
uses of a filesystem. They are only necessary in rare cases like better
tuning a filesystem being used to store a squid cache.

I have been using this algorithm for about 3 months. I have done
a lot of testing on filesystems with different capacities, average
filesize, average number of files per directory, and so on. I think
this algorithm has no negative impact on filesystem perfomance. It
works better than the default one in all cases. The new dirpref
will greatly improve untarring/removing/coping of big directories,
decrease load on cvs servers and much more. The new dirpref doesn't
speedup a compilation process, but also doesn't slow it down.

Obtained from:	Grigoriy Orlov <gluk@ptci.ru>
2001-04-10 08:38:59 +00:00
Brian Somers
cef1df887e kldload ng_pppoe as necessary 2001-04-10 08:31:13 +00:00
Boris Popov
40ce66ab3f Add netsmb and smbfs include directories 2001-04-10 08:16:06 +00:00
Boris Popov
681a5bbef2 Import kernel part of SMB/CIFS requester.
Add smbfs(CIFS) filesystem.

Userland part will be in the ports tree for a while.

Obtained from:	smbfs-1.3.7-dev package.
2001-04-10 07:59:06 +00:00
Alfred Perlstein
43d97995d8 Add more diagnostic output for failure.
s/1518/ETHER_MAX_LEN

Some style changes, add some braces, mostly residual from having
a lot of debug hooks added while working on this driver.

Bring in a plethora of changes from NetBSD:

	revision 1.58
	date: 2001/03/08 11:07:08;  author: ichiro;  state: Exp;  lines: +17 -1
	it wait until busy flag disappears.
	it was able to prevent some cards with late initializing faling in wi_reset().

	revision 1.41
	date: 2000/10/13 19:15:08;  author: jonathan;  state: Exp;  lines: +4 -2
	Fix wi_intr() to avoid touching card registers during insert/remove  events,
	when sharing an interrupt with other devices:
	check sc->sc_enabled,  and drop the interrupt if its' off.

	revision 1.30
	date: 2000/08/18 04:11:48;  author: jhawk;  state: Exp;  lines: +4 -4
	Copy wi_{dst,src}_addr from struct wi_frame into faked-up ether_header
	instead of addr1 and addr2. THis means that tcpdump -e will show the
	correct MAC address for communications with access points instead of showing
	the BSSID.

	In the future there should be 802.11 support for bpf/libpcap/tcpdump,
	but that is aways down the road.
2001-04-10 05:29:26 +00:00
Daniel Eischen
f9c408bc01 Clean up a bit. Use the correct TAILQ link when walking the thread
lists to free thread resources after a fork (in the child).  Also
remember to free the dead thread list.
2001-04-10 04:25:49 +00:00
Daniel Eischen
ac530e7b3a Added a missing set of braces to a conditional that encompasses more than
one statement.
2001-04-10 04:22:24 +00:00
Daniel Eischen
437df4859a To be consistent, use the __weak_reference macro from <sys/cdefs.h>
instead of #pragma weak to create weak definitions.

Suggested by:	bde
2001-04-10 04:19:21 +00:00