Commit Graph

95469 Commits

Author SHA1 Message Date
Hiten Pandya
fb52ec2dfa Add a PAE(4) MLINK for simplicity. 2003-10-23 05:26:44 +00:00
Hiten Pandya
8d8abf463c Mdoc Janitor:
* Add .Vt in the right places, transform some .Fa to .Vt, depending
    on discussion context.

  * When refering to the function malloc(), use .Fn, and not .Xr.

  * Add `The' to prefix a sentence when describing a function, so
    it results in ``The xxx() function..."

  * Use `system call' instead of `syscall'.

  * Improve the sentence which discusses accept_filt_generic_mod_event();
    Talk about moduledata_t, and refer to the DECLARE_MODULE(9) manual
    page.

  * Properly markup .An (Author Name) throughout the AUTHORS section.
2003-10-23 05:01:30 +00:00
Warner Losh
1d4cc96d96 more unused item cleanup 2003-10-23 04:53:33 +00:00
Warner Losh
8abef7fd9b BASE is no longer used, and is an appendix. Remove it. 2003-10-23 04:50:35 +00:00
Hiten Pandya
2cb869e075 Mdoc Janitor:
* Make use of .Xr for vput() and vrele() functions.

  * Reword (s/man/manual) in AUTHORS section.
2003-10-23 03:52:07 +00:00
Warner Losh
537db6f8b0 Learn basic C.
((uint32_t *) v) + 10 != ((caddr_t) v) + 10
so apply the cast later.
2003-10-23 03:42:47 +00:00
Hiten Pandya
7c3e994d60 Mdoc Janitor:
* Remove first person sentence start.

  * Make use of .Dv for LEASE_READ and LEASE_WRITE.

  * Move the LOCKS section below the standard mdoc(7) RETURN VALUES
    section.

  * Cleanup grammar for RETURN VALUES and AUTHORS section.

  * Remove redundant sentence on return values.
2003-10-23 03:14:21 +00:00
Hiten Pandya
ed06180abe Mdoc Janitor:
* Make use of .Sq mdoc command.

  * Add a .Pp for separating VOP_RECLAIM text from VOP_INACTIVE

  * Make use of .Fa for the vnode pointer function arg.
2003-10-23 03:07:56 +00:00
Hiten Pandya
559eb8d2e3 Mdoc Janitor:
* Fix hard sentence breaks.
2003-10-23 02:33:03 +00:00
Hiten Pandya
3a858f3798 Mdoc Janitor:
* Fix hard sentence breaks.
2003-10-23 02:22:07 +00:00
Hiten Pandya
4c7b4d14a2 Mdoc Janitor:
* Fix hard sentence breaks.
2003-10-23 02:15:46 +00:00
Hiten Pandya
c1c03d4944 Mdoc Janitor:
* Fix hard sentence breaks in VFS_*(9) and VOP_*(9) manual pages.
2003-10-23 02:11:14 +00:00
Hidetoshi Shimokawa
61ba65809d Reduce debug messages. 2003-10-23 01:55:03 +00:00
Hiten Pandya
a0942a6000 Mdoc Janitor:
* Fix hard sentence breaks.

  * NOTE: devstat(9) requires more mdoc(7) work.
2003-10-23 01:54:06 +00:00
Hiten Pandya
cd367b32ed Mdoc Janitor:
* Fix hard sentence breaks.

  * Correct use of a period in DELAY(9).
2003-10-23 01:31:25 +00:00
Hiten Pandya
ce91e62bc6 Mdoc Janitor:
* Fix hard sentence breaks.
2003-10-23 01:14:18 +00:00
Hiten Pandya
c7d3a65d43 Mdoc Janitor:
* Remove hard sentence breaks from last commit to this file.
2003-10-23 01:08:38 +00:00
Nate Lawson
dc0b8f8933 Allow access to the field if it is within the region size rounded up
to a multiple of the access byte width.  This overcomes errors in the
AML often found in Toshiba laptops.  These errors were allowed by
the Microsoft ASL compiler and interpreter.  This will NOT be imported
by ACPI-CA so make the change on our local branch.  File was already off
the vendor branch.

Submitted by:	blaz
Original idea:	Rick Richardson for Linux
2003-10-22 22:30:57 +00:00
Nate Lawson
3c0014e8ae Add the ACPICA_PEDANTIC option which is off by default. Enabling it will
enable strict checks of the AML.  Our default behavior will be to relax
checks to work on as many platforms as possible.  Also clean up and document
other ACPI options while I'm here.
2003-10-22 22:27:49 +00:00
Robert Watson
6fa0475d95 mac_Finish break-out of kern_mac.c into parts:
Include src/sys/security/mac/mac_internal.h in kern_mac.c.

  Remove redundant defines from the include: SYSCTL_DECL(), debug macros,
    composition macros.

  Unstaticize various bits now exposed to the remainder of the kernel:
    mac_init_label(), mac_destroy_label().

  Remove all the functions now implemented in mac_process/mac_vfs/mac_net/
    mac_pipe.  Also remove debug counters, sysctls exporting debug
    counters, enforcement flags, sysctls exporting enforcement flags.

  Leave module declaration, sysctl nodes, mactemp malloc type, system
    calls.

This should conclude MAC/LINT/NOTES breakage from the break-out process,
but I'm running builds now to make sure I caught everything.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:59:31 +00:00
Tom Rhodes
9d9696b8e3 Move prototypes into their function. 2003-10-22 20:58:57 +00:00
Robert Watson
089c1bdac9 Variable cleanup following break-out of kern_mac.c into sys/security/mac:
Unstaticize mac_late.
  Remove ea_warn_once, now in mac_vfs.c.
  Unstaticisize mac_policy_list, mac_static_policy_list, use
    struct mac_policy_list_head instead of LIST_HEAD() directly.
  Unstaticize and un-inline MAC policy locking functions so they can
    be referenced from mac_*.c.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:47:41 +00:00
Robert Watson
9e7bf51ca8 Rename error_select() to mac_error_select(), and unstaticize so it
can be used from src/sys/security/mac/mac_*.c.

Obtained from:	TrustedBSD Project
Sponosred by:	DARPA, Network Associates Laboratories
2003-10-22 20:42:22 +00:00
Robert Watson
5d79de444b Hook up to the build for options MAC:
security/mac/mac_net.c
	security/mac/mac_pipe.c
	security/mac/mac_process.c
	security/mac/mac_system.c
	security/mac/mac_vfs.c

Note: Here begins a period of NOTES/LINT build breakage due to duplicate
symbols that will shortly be removed from kern_mac.c.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:39:33 +00:00
Robert Watson
6cc24dcbb4 Remove non-VFS related code from mac_vfs.c. Leave:
Extended attribute transaction warning flag if transactions aren't
  supported on the EA implementation being used.

  Debug fallback flag to permit a less conservative fallback if reading
  an on-disk label fails.

  Enforce_fs toggle to enforce file systme access control.

  Debugging counters for file system objects: mounts, vnodes, devfs_dirents.

  Object initialization, destruction, copying, internalization,
  externalization, relabeling for file system objects.

  Life cycle operations for devfs entries.

  Generic extended attribute label implementation for use by UFS, UFS2 in
  multilabel mode.

  Generic single-level label implementation for use by all file systems
  when in singlelabel mode.

  Exec-time transition based on file label entry points.

  Vnode operation access control checks (many).

  Mount operation access control checks (few).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:29:41 +00:00
Poul-Henning Kamp
d55b513f6e Fix a braino memory leak.
Found by:	Pawel Jakub Dawidek <nick@garage.freebsd.pl>
2003-10-22 20:28:46 +00:00
Tom Rhodes
b0e30de9d8 Make WARNS=2 build without error. 2003-10-22 20:11:42 +00:00
Robert Watson
6bd1173258 Remove non-system bits from mac_system.c. Leave:
Enforce_kld, enforce_system access control toggles.
  Access control checks for: kenv operation, kld operations,
    sysarch_ioperm(), acct(), nfsd(), reboot(), settime(), swapon(),
    swapoff(), sysctl().

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:09:12 +00:00
Robert Watson
5a9c1aaac5 Remove non-credential/process-related bits from mac_process.c. Leave:
Enforce_process, enforce_vm access control enforcement twiddles.
  Credential, process label counters.
  VM revocation sysctls/tunables.
  Credential label management, internalization/externalization/relabel
    code.
  Process label management.
  Proc0, proc1 creation, cred creation.
  Thread userret.
  mac_execve_enter(), _exit(), transition at exec-time.
  VM revocation on process label change.
  Process-related access control checks (visibility, debug, signal, sched).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 20:02:04 +00:00
Tom Rhodes
5c9124b23e Add back the commas ',' in usage to avoid a garbled usage message.
They were erroneously removed in revision 1.27.
2003-10-22 19:50:57 +00:00
Robert Watson
73275908f7 Remove non-pipe code from mac_pipe.c. Leave:
Pipe enforcement flag.
  Pipe object debugging counters.
  MALLOC type for MAC label storage.
  Pipe MAC label management routines, externalize/internalization/change
    routines.
  Pipe MAC access control checks.

Un-staticize functions called from mac_set_fd() when operating on a
pipe.  Abstraction improvements in this space seem likely.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 19:31:57 +00:00
Hajimu UMEMOTO
86b51224d4 we have ppsratecheck(). 2003-10-22 19:23:51 +00:00
Robert Watson
28e65e3d2b Remove non-network related contents from mac_net.c. Leave:
Network and socket enforcement toggles.
  Counters for network objects (mbufs, ifnets, bpfdecs, sockets, and ipqs).
  Label management routines for network objects.
  Life cycle events for network objects.
  Label internalization/externalization/relabel for ifnets, sockets,
    including ioctl implementations for sockets, ifnets.
  Access control checks relating to network obejcts.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 19:15:34 +00:00
Hajimu UMEMOTO
9bcf770ca8 IP6Q_LOCK_CHECK -> IP6Q_LOCK_ASSERT.
Sugested by:	sam
2003-10-22 19:03:49 +00:00
Tor Egge
f0da6ec99b Initialize bp->b_offset to the physical offset in partition
so GEOM knows where to read from disk.
2003-10-22 18:57:59 +00:00
Hajimu UMEMOTO
66bb118edd drop the code of HAVE_NRL_INPCB part. our system doesn't
use NRL style INPCB.
2003-10-22 18:52:57 +00:00
Robert Watson
86ea834c58 The following shared types/constants/interfaces/... are required
in mac_internal.h:

  Sysctl tree declarations.

  Policy list structure definition.

  Policy list variables (static, dynamic).

  mac_late flag.

  Enforcement flags for process, vm, which have checks in multiple files.

  mac_labelmbufs variable to drive conditional mbuf labeling.

  M_MACTEMP malloc type.

  Debugging counter macros.

  MAC Framework infrastructure primitives, including policy locking
    primitives, kernel label initialization/destruction, userland
    label consistency checks, policy slot allocation.

  Per-object interfaces for objects that are internalized and externalized
    using system calls that will remain centrally defined: credentials,
    pipes, vnodes.

  MAC policy composition macros: MAC_CHECK, MAC_BOOLEAN, MAC_EXTERNALIZE,
    MAC_INTERNALIZE, MAC_PERFORM.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-10-22 18:49:29 +00:00
Alan Cox
ab42316c2f - Retire vm_pageout_page_free(). Instead, use vm_page_select_cache() from
vm_pageout_scan().  Rationale: I don't like leaving a busy page in the
   cache queue with neither the vm object nor the vm page queues lock held.
 - Assert that the page is active in vm_pageout_page_stats().
2003-10-22 18:41:32 +00:00
Robert Watson
bdf26406e9 Forced commit to recognize repo-copy from src/sys/kern/kern_mac.c to
src/sys/security/mac/mac_{internal.h,net.c,pipe.c,process.c,system.c,
vfs.c}.  kern_mac.c has rapidly become the second-largest file in
src/sys/kern, and was not well organized.  In follow-up commits,
components of the MAC Framework will be broken out into different
mac_* files.

Thanks Joe!
2003-10-22 18:32:42 +00:00
Sean Chittenden
c80f12d0af Reduce fstab(5)/mount(8) confusion by changing the man pages to say "ro"
instead of "rdonly".  "rdonly" works for mount(8) and mount_std(8) but
not from /etc/fstab, whereas "ro" works for all mount_*(8) commands.
2003-10-22 18:25:49 +00:00
Hajimu UMEMOTO
3b1a779723 oops, gai_strerror must return default value when error code
isn't found in ai_errlist.
2003-10-22 16:53:21 +00:00
Hajimu UMEMOTO
b29ec00b70 make ai_errlist struct. this is preparation for RFC3493
(EAI_NODATA is depricated).

Obtained from:	KAME
2003-10-22 15:41:38 +00:00
Hajimu UMEMOTO
31e8f7e530 pretect ip6 reassemble queue by use of mutex.
Submitted by:	rwatson (with modification)
2003-10-22 15:32:56 +00:00
Hajimu UMEMOTO
9888c40195 - implement lock around IPv6 reassembly, to avoid panic due to
frag6_drain (mutex version will come later).
- limit number of fragments (not fragment queues) in kernel.

Obtained from:	KAME
2003-10-22 15:29:42 +00:00
Hajimu UMEMOTO
1ab976cb03 protect sid_default and sid.
Submitted by:	rwatson (with modification)
2003-10-22 15:13:36 +00:00
Hajimu UMEMOTO
65b01ff848 reduce calling in6_addr2zoneid(). 2003-10-22 15:12:06 +00:00
Hajimu UMEMOTO
e115574c1d protect by IFNET_RLOCK. 2003-10-22 15:10:39 +00:00
Hartmut Brandt
9e9dbe0430 Link libngatm to the build (unless NOATM is set). 2003-10-22 15:01:16 +00:00
Hartmut Brandt
a25f8a3d51 Add a sub-directory to netnatm for the SAAL headers. 2003-10-22 13:15:09 +00:00
Hartmut Brandt
216cf9f739 Makefile for the NgATM user space library. 2003-10-22 11:52:35 +00:00