Commit Graph

54613 Commits

Author SHA1 Message Date
peter
25ee01e298 i386->amd64 sync
Add ath_hal and ichwd modules

Approved by:  re (blanked i386<->amd64 sync)
2005-06-30 05:37:48 +00:00
peter
eccb02a205 Sync i386->amd64.
* Add ichwd (The Intel EM64T folks have an ICH)
* Cosmetic comment syncs
* Merge cpufreq change over to NOTES
* add pbio (it compiles, but isn't useful since no boxes have ISA slots)
* copy ath settings (note: wlan disabled here since its in global NOTES)
* copy profiling, including fixing a previous i386->amd64 merge typo.

Approved by:	re (blanket i386 <-> amd64 sync/convergence)
2005-06-30 05:33:26 +00:00
peter
17f62c51ca Second part of commit for moving KDB_STOP_NMI from opt_global.h to
opt_kdb.h.

Found by:     kris
Approved by:  re
2005-06-30 03:38:10 +00:00
peter
24cb92a9d6 Add a special-case handler for general protection faults. It appears to
be possible to get the swapgs state reversed if doreti traps during
the iretq.  Attempt to handle this.  load_gs() might need special
handling too.  Running the kernel with the user's TLS and the
kernel's PCPU space interchanged would be bad(TM).

Discovered as a result of a conversation with:  bde
Approved by:  re
2005-06-30 00:26:54 +00:00
peter
2778435f72 Conditionally weaken sys_generic.c rev 1.136 to allow certain dubious
ioctl numbers in backwards compatability mode.  eg: an IOC_IN ioctl with
a size of zero.  Traditionally this was what you did before IOC_VOID
existed, and we had some established users of this in the tree, namely
procfs.  Certain 3rd party drivers with binary userland components also
have this too.

This is necessary to have 4.x and 5.x binaries use these ioctl's.  We
found this at work when trying to run 4.x binaries.

Approved by:	re
2005-06-30 00:19:08 +00:00
peter
2fdd4327e0 Add COMPAT_FREEBSD5
Approved by:	re
2005-06-30 00:09:18 +00:00
peter
cc63da71f4 Move the KDB_STOP_NMI option from opt_global.h to opt_kdb.h
Approved by:	re
2005-06-29 23:23:16 +00:00
peter
49bfde6bf0 Switch AMD64 and i386 platforms to using ELF as their kernel crash
dump format.  The key reason to do this is so that we can dump sparse
address space.  For example, we need to be able to skip the PCI hole
just below the 4GB boundary.  Trying to destructively dump MMIO device
registers is Really Bad(TM).  The frequent result of trying to do a
crash dump on a machine with 4GB or more ram was ugly (lockup or reboot).

This code has been taken directly from the IA64 dump_machdep.c code,
with just a few (mostly minor) mods.

Introduce a dump_avail[] array in the machdep.c code so that we have a
source of truth for what memory is present in a machine that needs to be
dumped.  We can't use phys_avail[] because all sorts of things slice
memory out of it that we really need to dump.  eg: the vm page array
and the dmesg buffer.  dump_avail[] is pretty much an unmolested version
of phys_avail[].  It does have Maxmem correction.

Bump the i386 and amd64 dump format to version 2, but nothing actually
uses this.  amd64 was actually using the i386 dump version number.

libkvm support to follow.

Approved by:	re
2005-06-29 22:28:46 +00:00
simon
76d3f5f676 Fix ipfw packet matching errors with address tables.
The ipfw tables lookup code caches the result of the last query.  The
kernel may process multiple packets concurrently, performing several
concurrent table lookups.  Due to an insufficient locking, a cached
result can become corrupted that could cause some addresses to be
incorrectly matched against a lookup table.

Submitted by:	ru
Reviewed by:	csjp, mlaier
Security:	CAN-2005-2019
Security:	FreeBSD-SA-05:13.ipfw

Correct bzip2 permission race condition vulnerability.

Obtained from:	Steve Grubb via RedHat
Security:	CAN-2005-0953
Security:	FreeBSD-SA-05:14.bzip2
Approved by:	obrien

Correct TCP connection stall denial of service vulnerability.

A TCP packets with the SYN flag set is accepted for established
connections, allowing an attacker to overwrite certain TCP options.

Submitted by:	Noritoshi Demizu
Reviewed by:	andre, Mohan Srinivasan
Security:	CAN-2005-2068
Security:	FreeBSD-SA-05:15.tcp

Approved by:	re (security blanket), cperciva
2005-06-29 21:36:49 +00:00
thompsa
f7f07821ef Sync if_bridge to NetBSD r1.31
Rename conflicting variables when handling SNAP Ethernet frames.

Obtained from:	NetBSD
Approved by:	mlaier (mentor)
Approved by:	re (blanket)
2005-06-29 19:23:32 +00:00
damien
5240ace1db o Fix a write mbuf-after-free bug. The duration field of the 802.11 header
was written in the old fragmented mbuf chain instead of the defragmented
  one.  Thus, the duration field of outgoing frames was incorrect.

o Only call m_defrag() if the mbuf fragmentation threshold is greater
  than what is currently supported by the driver.

Reviewed by:    silby (mentor)
Approved by:    re (scottl)
2005-06-29 17:54:01 +00:00
rwatson
6886350a30 Regenerate after addition of audit event type number to syscalls.master
file format.

Approved by:	re (scottl)
2005-06-29 17:29:06 +00:00
rwatson
6f17517fcb During the system call table format change adding audit record event
fields for each system call, I missed two system call files because
they weren't named syscalls.master.  Catch up with this last two,
mapping the system calls to the NULL event for now.

Spotted by:	jhb
Approved by:	re (scottl)
2005-06-29 17:27:40 +00:00
jhb
62d0fed7ec - Change the commented out freebsd32_xxx() example to use kern_xxx() along
with a single copyin() + translate and translate + copyout() rather than
  using the stackgap.
- Remove implementation of the stackgap for freebsd32 since it is no longer
  used for that compat ABI.

Approved by:	re (scottl)
2005-06-29 15:16:20 +00:00
jhb
cf418ce0f2 Increase MAXCPU to 16 in SMP kernels so that APIC IDs from 0 to 15 are
allowed for CPUs.

Tested by:	amd64 at cybernetwork dot org
Approved by:	re (scottl)
MFC after:	1 week
2005-06-29 15:13:25 +00:00
silby
0edd2a4f6f Fix the false memory modified after free messages some users have been
reporting - in my previous change, I missed the case where a mbuf
from the packet zone was freed back to the mbuf/packet keg, where
it was subsequently put into the mbuf zone and found not to contain
the expected trash.  This change adds the necessary trash_dtor call inside
mb_fini_pack so that everything is correct.

Thanks for Bosko for finding the bug and showing me how secondary zones
work.

Approved by:	re (dwhite)
2005-06-29 08:18:26 +00:00
qingli
37efc775b5 Require gateways for routes to be of the same address family as the
route itself.

It fixes a bug where an IPv4 route for example has an IPv6 gateway
specified:

     route add 10.1.1.1 -inet6 fe80::1%fxp0

     Destination  Gateway       Flags  Refs  Use  Netif Expire
     10.1.1.1     fe80::1%fxp0  UGHS   0     0    fxp0

The fix rejects these illegal combinations:

     route: writing to routing socket: Invalid argument
     add host 10.1.1.1: gateway fe80::1%fxp0: Invalid argument

Reviewed by:	KAME jinmei@isl.rdc.toshiba.co.jp
Reviewed by:	andre (mentor)
Approved by:	re
MFC after:	5
2005-06-28 23:32:22 +00:00
imp
59032ef458 Add a chipset field to the lookup. Use this chipset type to determine
which command to use to read the eeprom and which devices have an MII.
Simplify code by no longer using the OLDCARD compat rouintes (I don't
know if this breaks OLDCARD on pc98 or not, but OLDCARD on pc98 days
are numbered, I hope).  This also removes a number of kludges that we
had before because they are OBE.  Add a convenience routine to lookup
the device to avoid many casts in many places.

Tested with: 3C589D-TP, 3CCSH572BT
Approved by: re (scottl, blanket ep)
2005-06-28 21:56:04 +00:00
anholt
074ec1e214 Disable the drm_initmap calls in radeon_cp.c, due to them resulting in improper
handling of pci resources, and mapping framebuffer leading to panics on X
startup.  The proper solution involves use of bus_alloc_resource without
RF_ACTIVE, but this code is being rewritten in DRM CVS currently, and disabling
for now doesn't remove any features, so take the easy route.

PR:		kern/80718
Approved by:	re (scottl)
2005-06-28 21:38:08 +00:00
sos
880222c4c8 Zero donecount on auto request sense.
PR:		81450
Approved by:	re@ (scottl)
2005-06-28 09:06:52 +00:00
bz
784fd39252 Fix panic after ifnet changes in rev. 1.30. sc->sc_ifp is a
pointer now and needs to be allocated before using.

Reviewed by:	gnn
Approved by:	re (scottl), rwatson (mentor)
2005-06-28 06:55:45 +00:00
delphij
da4b6d5ff8 Correct a comment in ucred.h.
Submitted by:	Wojciech A. Koszek <dunstan at freebsd czest pl>
PR:		kern/82708
Approved by:	re (scottl)
2005-06-28 02:23:56 +00:00
marcel
b3e8712f74 Handle B-unit break instructions. The break.b is unique in that the
immediate is not saved by the architecture. Any of the break.{mifx}
instructions have their immediate saved in cr.iim on interruption.
Consequently, when we handle the break interrupt, we end up with a
break value of 0 when it was a break.b. The immediate is important
because it distinguishes between different uses of the break and
which are defined by the runtime specification.
The bottomline is that when the GNU debugger replaces a B-unit
instruction with a break instruction in the inferior, we would not
send the process a SIGTRAP when we encounter it, because the value
is not one we recognize as a debugger breakpoint.

This change adds logic to decode the bundle in which the break
instruction lives whenever the break value is 0. The assumption
being that it's a break.b and we fetch the immediate directly out
of the instruction. If the break instruction was not a break.b,
but any of break.{mifx} with an immediate of 0, we would be doing
unnecessary work. But since a break 0 is invalid, this is not a
problem and it will still result in a SIGILL being sent to the
process.

Approved by: re (scottl)
2005-06-27 23:51:38 +00:00
marcel
d34460ded9 Replace the existing copyright notice with my own. Over the years I've
changed this file so much that it's equivalent to a rewrite, and I'm not
talking about any of the cosmetic changes of course.

Approved by: re (scottl)
2005-06-27 23:34:35 +00:00
marcel
d51343ed23 Cosmetic: s/u_int64_t/uint64_t/g
Approved by: re (scottl)
2005-06-27 23:29:06 +00:00
ps
5dc6983c1d - Postpone SACK option processing until after PAWS checks. SACK option
processing is now done in the ACK processing case.
- Merge tcp_sack_option() and tcp_del_sackholes() into a new function
  called tcp_sack_doack().
- Test (SEG.ACK < SND.MAX) before processing the ACK.

Submitted by:	Noritoshi Demizu
Reveiewed by:	Mohan Srinivasan, Raja Mukerji
Approved by:	re
2005-06-27 22:27:42 +00:00
phk
4df35786e2 Libalias incorrectly applies proxy rules to the global divert
socket: it should only look for existing translation entries,
not create new ones (no matter how it got the idea).

Approved by:	re(scottl)
2005-06-27 22:21:42 +00:00
thompsa
3ab4b86d9c Fix a panic when bringing up the bridge interface. We were casting a ifnet
pointer to a softc which is no longer valid since the ifnet struct was split
out from the softc.

Approved by:	mlaier (mentor)
Approved by:	re (blanket)
2005-06-27 21:58:12 +00:00
cognet
29da6ca1b0 Use -mno-apcs-frame if DEBUG isn't defined.
Approved by:	re (blanket)
2005-06-27 14:33:32 +00:00
sos
f96bc0932a Dont call ata_finish in ad_dump as that is no longer needed and causes panic.
Dont try to enable read/write caching on devices that doesn't support it,
this reduces the noise from ATA on flash devices and the like.

Approved by: re@ (scottl)
2005-06-27 09:12:11 +00:00
glebius
e544a2f3f9 Implement suspend/resume operation for snd_csa(4)
PR:		kern/82243
Submitted by:	Serge Semenenko
Approved by:	re (scottl)
MFC after:	1 month
2005-06-27 07:43:57 +00:00
glebius
9c25e36cc6 - After LibAlias processing check for TCP packet with th_x2 field
set. If found, then recalculate its checksum.
- Remove debugging printfs.
- Slightly rearrange code in ng_nat_rcvdata().

Approved by:	re (scottl)
2005-06-27 07:39:13 +00:00
glebius
c6e57e046e Disable checksum processing in LibAlias, when it works as a
kernel module. LibAlias is not aware about checksum offloading,
so the caller should provide checksum calculation. (The only
current consumer is ng_nat(4)). When TCP packet internals has
been changed and it requires checksum recalculation, a cookie
is set in th_x2 field of TCP packet, to inform caller that it
needs to recalculate checksum. This ugly hack would be removed
when LibAlias is made more kernel friendly.

Incremental checksum updates are left as is, since they don't
conflict with offloading.

Approved by:	re (scottl)
2005-06-27 07:36:02 +00:00
silby
64582f3995 Change the panic in trash_ctor into just a printf for now. Once the reports
of panics in trash_ctor relating to mbufs have been examined and a fix
found, this will be turned back into a panic.

Approved by: re (rwatson)
2005-06-26 23:44:07 +00:00
mlaier
79ac1f3888 Properly initialize ifq_maxlen for the defered send queue and make it
actually work.  Also use the right semantics for IF_HANDOFF to get correct
stats.

Reported and tested by:	Sascha Luck <sascha at c4inet dot net>
Approved by:		re (blanket)
2005-06-26 21:00:52 +00:00
dwmalone
d2fd6dd3fb Add a quirk for a motherboard whose acpi timer runs too fast.
Approved by:	re (scottl)
Approved by:	nate
MFC after:	2 weeks
2005-06-26 18:19:14 +00:00
dwmalone
f1f0123e88 Fix some long standing bugs in writing to the BPF device attached to
a DLT_NULL interface. In particular:

        1) Consistently use type u_int32_t for the header of a
           DLT_NULL device - it continues to represent the address
           family as always.
        2) In the DLT_NULL case get bpf_movein to store the u_int32_t
           in a sockaddr rather than in the mbuf, to be consistent
           with all the DLT types.
        3) Consequently fix a bug in bpf_movein/bpfwrite which
           only permitted packets up to 4 bytes less than the MTU
           to be written.
        4) Fix all DLT_NULL devices to have the code required to
           allow writing to their bpf devices.
        5) Move the code to allow writing to if_lo from if_simloop
           to looutput, because it only applies to DLT_NULL devices
           but was being applied to other devices that use if_simloop
           possibly incorrectly.

PR:		82157
Submitted by:	Matthew Luckie <mjl@luckie.org.nz>
Approved by:	re (scottl)
2005-06-26 18:11:11 +00:00
imp
77c5d7a36d o When calling ep_get_macaddr(), provide it a local buffer. Add a comment
that says why we do this (or rather, explains that it is some voodoo magic
  that's poorly understood).  The local buffer fixes the crash on attach.
o Rename get_e() to ep_get_e() to avoid namespace pollution.

Submitted by: mux
Approved by: re (scottl)
2005-06-26 04:19:45 +00:00
anholt
991a0a9632 Make the initialization in the AGPv3 case match that of Linux. Fixes hangs on
X startup with DRI enabled, with a v3-capable card.

Tested by:	Tom McLaughlin <tmclaugh@sdf.lonestar.org>
Approved by:	re (scottl)
2005-06-26 04:01:11 +00:00
ups
8f1c0248bd Fix a timer ticks wrap around bug for minmssoverload processing.
Approved by:	re (scottl,dwhite)
MFC after:	4 weeks
2005-06-25 22:24:45 +00:00
ups
e8e35b1e1f Disable the interrupts in trap_fatal before calling kdb_trap.
(required now that critical sections no longer block interrupts)

Reviewed by:	jhb@
Approved by:	re (scottl)
Tested by:	kris@,glebius@
2005-06-25 22:14:42 +00:00
dd
1d30c90da0 Fix fdcheckstd to pass the file descriptor along through vn_open. When
opening a device, devfs_open needs the file descriptor to install its
own fileops. Failing to pass the file descriptor causes the vnode to
be returned with the regular vnops, which will cause a panic on the
first read or write because devfs_specops is not meant to support
those operations.

This bug caused a panic after exec'ing any set[ug]id program with
fds 0..2 closed (i.e., if any action had to be taken by fdcheckstd, we
would panic if the exec'd program ever tried to use any of those
descriptors).

Reviewed by:	phk
Approved by:	re (scottl)
2005-06-25 03:34:49 +00:00
cognet
747a4a0236 - Use a TAILQ instead of parsing the array to find a free dmamap.
- Inline busdma_alloc_dmamap, busdma_free_dmamap and bus_dmamap_sync_buf.

Approved by:	re (blanket)
2005-06-24 23:57:27 +00:00
anholt
ae8af4cc10 Mark the permanent map for radeon registers read-only. Failure to set this flag
allowed writing to the registers by any user that can open the DRI device, and
therefore ability to initiate DMA.  This came in with the merge from DRI CVS on
2005-04-15.

Approved by:	re (scottl)
Obtained from:	DRM CVS
2005-06-24 22:21:28 +00:00
dwhite
23c82e526b Backout the change I made before 5.4-R since I wasn't aware that it was only
a problem with one particular switch module.  Create a kernel option
BGE_FAKE_AUTONEG that restores the 5.4 behavior, which should make the DNLK
switch module work. IBM/Intel blades with Intel or AD switch modules should
work without patching or kernel options with this commit.

Hardware for testing provided by several folks, including
Danny Braniss <danny@cs.huji.ac.il>, Achim Patzner <ap@bnc.net>,
and OffMyServer.

Approved by: re
2005-06-24 21:43:47 +00:00
jhb
0a8b4194dc Correct the amount of data to allocate in these local copies of
exec_copyin_strings() to catch up to rev 1.266 of kern_exec.c.  This fixes
panics on amd64 with compat binaries since exec_free_args() was freeing
more memory than these functions were allocating and the mismatch could
cause memory to be freed out from under other concurrent execs.

Approved by:	re (scottl)
2005-06-24 17:41:28 +00:00
imp
8616206ff9 Eliminate unused argument in PCMCIA_CARD macro.
Provide a backwards compatible way to have the extra macro by defining
PCCARD_API_LEVEL 5 before including pccarddevs for driver writers that
want/need to have the same driver on 5 and 6 with pccard attachments.

Approved by: re (dwhite)
2005-06-24 14:36:54 +00:00
imp
94bec31f0d Add wireless + flash CF card I have
Approved by: re (pccard API changes)
2005-06-24 14:32:24 +00:00
des
4a247107e5 Remove duplicate REISERFS option.
Approved by:	re (scottl)
Pointy hat to:	dumbbell
2005-06-24 13:19:09 +00:00
pjd
333a175a13 Close another information leak in ktrace(2): one was able to find active
process groups outside a jail, etc. by using ktrace(2).

OK'ed by:	rwatson
Approved by:	re (scottl)
MFC after:	1 week
2005-06-24 12:05:24 +00:00