Commit Graph

130260 Commits

Author SHA1 Message Date
Randall Stewart
2c0d559d1e Fixes __FreeBSD__ being present (they should not)
and also trailing garbage on undef of magic numbers.
2007-02-22 13:39:57 +00:00
Randall Stewart
804cf64147 Adds a performance improvement for when sctp_sendx is
called with only one address, we then can call the
generic system call. Also fixes some socket api
type issues and cleans up the "magic" numbers that
were being used in the code.

Reviewed by:	gnn
2007-02-22 12:42:43 +00:00
Robert Watson
6fac927ccc Add an additional MAC check to the UNIX domain socket connect path:
check that the subject has read/write access to the vnode using the
vnode MAC check.

MFC after:	3 weeks
Submitted by:	Spencer Minear <spencer_minear at securecomputing dot com>
Obtained from:	TrustedBSD Project
2007-02-22 09:37:44 +00:00
Alan Cox
0cd31a0d75 Change the page's CLEANCHK flag from being a page queue mutex synchronized
flag to a vm object mutex synchronized flag.
2007-02-22 06:15:52 +00:00
Nate Lawson
c7c42f0abb Improve readability of the version string. 2007-02-22 05:59:23 +00:00
Xin LI
f8c639ee65 Mention that BSD gzip was MFC'ed 2007-02-22 05:31:39 +00:00
Bruce M Simpson
40d8a30241 Fix a bug in if_findmulti(), whereby it would not find (and thus delete)
a link-layer multicast group membership.
Such memberships are needed in order to support protocols such as
IS-IS without putting the interface into PROMISC or ALLMULTI modes.

sa_equal() is not OK for comparing sockaddr_dl as it has deeper structure
than a simple byte array, so add sa_dl_equal() and use that instead.

Reviewed by:	rwatson
Verified with:	/usr/sbin/mtest
Bug found by:	Jouke Witteveen
MFC after:	2 weeks
2007-02-22 00:14:02 +00:00
Søren Schmidt
129230b816 Update copyright headers. 2007-02-21 19:07:19 +00:00
Søren Schmidt
4471f79eb4 Try again with supporting AHCI chipsets with partly implemented ports. 2007-02-21 19:03:34 +00:00
John Baldwin
f7a66f06ec Restore support for the 5706C bce(4) phy that was broken during the
addition of SerDes support.  According to the docs, the 5706C and 5708C
phys are supposed to use the same MII model that is separate from the
SerDes parts, but the 5706C actually uses the MII model of the SerDes
parts.  To fix this, readd the old 5706C entry to miidevs and add a
special check in brgphy_probe() for phys that match the 5706C ID.  If
the phy is supported by the gentbi(4) driver, then it's a SerDes phy, so
we fail the probe and let gentbi(4) grab it.  Otherwise, it's a 5706C phy,
so we let brgphy(4) grab it.

In coordination with:	dwhite
2007-02-21 18:17:44 +00:00
Andrew Gallatin
b824b7d86a Work around a firmware bug where broadcast frames would be incorrectly
treated as multicast frames and filtered, but when only when "adopting"
running firmware.  By "adopting", I mean using pre-existing firmware
loaded from eeprom at PCI reset, rather than firmware loaded by the
driver.
2007-02-21 17:34:05 +00:00
Søren Schmidt
7d5609f105 Be a little less stringent in getting progress report data. 2007-02-21 14:06:51 +00:00
Søren Schmidt
ceeb99652d Temporarily disable the support for some incarnations of the ICH8 chip that has
non consecutively numbered ports.
This should fix current SATA problems.
Support AHCI chips where the ports are not consecutively numbered as in
some incarnations of the ICH8 chip.
2007-02-21 14:05:57 +00:00
Bruce M Simpson
b1b536e789 Update host-mode multicast group information output.
Display IPv4 and IPv6 memberships separately.
  Obey the MK_INET6_SUPPORT flag.
 Display link-layer memberships.
  Use addr2ascii() to correctly print non-IEEE 802 sockaddr_dl instances.
 Eliminate redundant switch..case blocks.
 Update copyright.
 Misc style changes.

MFC after:	3 weeks
2007-02-21 13:59:21 +00:00
Bruce M Simpson
ab8e5cbf16 Change wording of warnings when there is no ip_mroute.ko module
loaded into the system.
Change wording of comments to reflect the fact we should unconditionally
use KVM if the -M option is used to specify a core file.
Add comments to document the fact that IPv6 multicast forwarding
information display still relies on KVM for gathering information.
2007-02-21 13:41:51 +00:00
Philip Paeps
0754972c5c Optimize set_origin() use in some screensavers to stop them eating
cpu power when the origin hasn't changed.

PR:		kern/100683
Submitted by:	Gareth McCaughan <gareth -dot- mccaughan -at- pobox.com>
MFC after:	3 days
2007-02-21 12:27:12 +00:00
Robert Watson
9fad4c2a12 Refine implementation notes for priv(9): clarify ABI comments, mention
updating Jail's list of privileges.
2007-02-21 10:32:03 +00:00
Christian Brueffer
91dba98d82 Document vge(4)'s support for altq(4). 2007-02-21 10:00:09 +00:00
Christian Brueffer
99baad9da2 Complete the support for altq(4).
Tested by:	J.R. Oldroyd
Reviewed by:	mlaier
Approved by:	rwatson (mentor)
MFC after:	1 week
2007-02-21 09:57:27 +00:00
Kirk McKusick
6e6b7d44ef The functions that set and delete external attributes must check
that the filesystem is not mounted read-only before proceeding.

Reported by: Ryan Beasley <ryanb@FreeBSD.org>
MFC after: 1 week
2007-02-21 08:50:06 +00:00
Jean-Sébastien Pédron
2483dd1389 Fix a bug with the release of section's raw data. Both release loops
were using translated data linked list, leading to a memory leak.

Jkoshy's testsuite was used to check for non-regression.
2007-02-21 08:14:22 +00:00
Nick Hibma
814ee007c3 Initialise {transport,protocol}{,_version} fields during a PATH_INQ to avoid a
warning message.
2007-02-21 07:46:40 +00:00
Nick Hibma
55fe33a350 Reduce the noise when plugging in (USB) mass storage devices, like a 4 port
flash card reader.
Also remove an 'Opened da0 -> <random number>' which is not needed on a daily
basis (available through bootverbose).

Reviewed by:	phk, ken
MFC after:	1 week
2007-02-21 07:45:02 +00:00
Alan Cox
5f9e5adf8b Change pmap_protect() so that execute access can be removed without
simultaneously removing write access.
2007-02-21 06:00:46 +00:00
Tim Kientzle
671d7d80a4 If we already have stat() data, we might be able to
determine if this is a physical dir without an lstat().
While I'm in here, try to clarify the comments around
the _is_dir() and _is_physical_dir() tests.
2007-02-21 05:07:43 +00:00
Olivier Houchard
9bf1500921 Check that the error returned by vfs_getopts() is not ENOENT before assuming
there's actually an error.
This is just in order to unbreak ntfs on current, before a proper solution is
committed.
2007-02-21 00:30:09 +00:00
Robert Watson
7ee76f9d4e Remove unnecessary privilege and privilege check for WITNESS sysctl.
Head nod:	jhb
2007-02-20 23:49:31 +00:00
Nick Hibma
85fea78497 Create a link from hosts.allow(5) hosts_access(3), to give the user a
starting point for more information on a file in /etc.

MFC after:	1 week
2007-02-20 23:12:04 +00:00
Nick Hibma
7090e3d10c Kris suggested that swap is a better choice as a default than malloc.
MFC:	1 week
2007-02-20 22:04:23 +00:00
Nick Hibma
35ce0ff2f2 [Found the original diff I made, see previous commit for other part]
Assume '-a' and '-t malloc' flags for '-s <size>' (malloc ramdisk) if not
specified.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:29:30 +00:00
Nick Hibma
1253fe1ead Make attach the default for -f. That way
mdconfig -f image

works like a charm.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:04:12 +00:00
Ed Maste
5a16cfaeb6 Avoid writing uninitialized stack data into a thread's MMX/SSE state by
first getting the current state with td_thr_getxmmregs_p.  Without this,
debugging a threaded app that uses libthr resulted in kernel panics or
spurious SIGFPEs for me.

(As of revision 1.6, sys/i386/i386/ptrace_machdep.c masks off the
reserved bits in the mxcsr register, which prevents the kernel panics.)

Architectures without PT_GETXMMREGS are not affected.

MFC after:      1 week
2007-02-20 18:10:13 +00:00
Luigi Rizzo
560a65051c Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,
and make it print under debug.iwi control same as other debugging stuff.

Remove the device_printf() in iwi_ioctl() and replace with this:

        /*
         * wait until pending iwi_cmd() are completed, to avoid races
         * that could cause problems.
         */
        while (sc->flags & IWI_FLAG_BUSY)
                msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz);

This at least prevents what has become an almost systematic failure for my
system, presumably due to a previous iwi_cmd() not complete yet by the
time iwi_ioctl() is called.

It has been pointed to my attention that the real problem could be
calling ieee80211_ioctl() with the lock held. If that is true,
there might still be a possibility for a race condition e.g. an
interrupt coming while the ioctl is sleeping.
Need to investigate further on what changes are required to release
the lock before calling ieee80211_ioctl
2007-02-20 17:32:30 +00:00
Luigi Rizzo
484f6530e9 Address a few issues with the iwi driver, namely:
+ do not release the dma-ble region used for downloading firmware.
  This should fix the problems that some people were seeing, due to
  memory becoming too fragmented which prevented subsequent allocations
  of a suitable contiguous region of memory;

+ document the firmware format and usage in if_iwivar.h

+ use a loop to allocate the four tx rings, instead of replicating
  the body of the loop.

+ add debugging code IWI_LOCK_ASSERT() to detect missing locks.
  These only do a printf, and should go away once we figure out why
  the driver sometimes freezes the system due to a (yet unidentified)
  race condition.

+ add a device_printf() in iwi_ioctl() in certain conditions
  (see comment in the code).  This helps preventing the race condition
  mentioned above, and makes the system survive. This printf will
  also go away once fixing this bug is completed.

+ change iwi_getfw() to return 0 on success, 1 on error, consistently
  with other functions.

+ fix the argument of a sizeof() in iwi_get_firmware()

+ use le32toh() to access little-endian fields

+ simplify error handling in iwi_load_firmware() and iwi_init_locked()

The bugs fixed by this commit (the freezing one especially) are serious
enough to call for a quick MFC

MFC after: 3 days
2007-02-20 15:45:59 +00:00
Robert Watson
bd146f1302 Replace a suser() check with an explicit check for PRIV_NET_SETIFMTU. 2007-02-20 15:20:36 +00:00
Luigi Rizzo
b8c4cc421e Document the endiannes of firmware headers
(in preparation for changes in the C code).
2007-02-20 14:29:09 +00:00
Robert Watson
a1f3b8390c Update auditing of socket information for the inpcb new world order:
so_pcb will always be non-NULL, and lock the inpcb while non-atomically
accessing address data.
2007-02-20 13:38:11 +00:00
Robert Watson
5b950deabc Break introductory comment into two paragraphs to separate material on the
garbage collection complications from general discussion of UNIX domain
sockets.

Staticize unp_addsockcred().

Remove XXX comment regarding Giant and v_socket -- v_socket is protected
by the global UNIX domain socket lock.
2007-02-20 10:50:02 +00:00
Robert Watson
d24c76d1f5 Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
2007-02-20 10:21:27 +00:00
Robert Watson
afdb42748d Rename two identically named log_in_vain variables: tcp_input.c's static
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
2007-02-20 10:20:03 +00:00
Robert Watson
3329b23659 Gratuitous UDP restyling toward style(9) in 7.x. 2007-02-20 10:13:11 +00:00
Robert Watson
3bb153ea78 Remove discontinuity in network privilege number space.
Spotted by:	emaste (ages ago)
2007-02-20 00:28:19 +00:00
Robert Watson
95420afea4 Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. 2007-02-20 00:12:52 +00:00
Robert Watson
2390d78f74 Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with
kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.
2007-02-20 00:06:59 +00:00
Robert Watson
b12c55ab92 Restore sysv_ipc.c:1.30, which was backed out due to interactions with
System V shared memory, now believed fixed in sysv_shm.c:1.109:

  date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
  Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
  specific privilege names to a broad range of privileges.  These may
  require some future tweaking.

  Sponsored by:           nCircle Network Security, Inc.
  Obtained from:          TrustedBSD Project
  Discussed on:           arch@
  Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                          Alex Lyashkov <umka at sevcity dot net>,
                          Skip Ford <skip dot ford at verizon dot net>,
                          Antoine Brodin <antoine dot brodin at laposte dot net>

This restores fine-grained privilege support to System V IPC.

PR:	106078
2007-02-19 22:59:23 +00:00
Robert Watson
3d50b06b8e Remove call to ipcperm() in shmget_existing(). The flags argument is
ignored on other systems I investigated when accessing an existing
memory segment rather than creating a new one.  This call to ipcperm()
is the only one to pass in a complete mode flag to the permission
checks rather than a simple access request mask, and caused problems
for the revised ipcperm() based on the priv(9) interface, which can
now be restored.

PR:	106078
2007-02-19 22:56:10 +00:00
Nate Lawson
699e491f50 Note problems I had with bsnmpd while updating from an older -current.
There may be better ways to fix/work around these issues but this worked
for me.
2007-02-19 22:49:43 +00:00
Robert Watson
19913888ad Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize
adding a netatalk address to an interface.
2007-02-19 22:40:02 +00:00
Robert Watson
95b091d2f2 Rename three quota privileges from the UFS privilege namespace to the
VFS privilege namespace: exceedquota, getquota, and setquota.  Leave
UFS-specific quota configuration privileges in the UFS name space.

This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
2007-02-19 13:33:10 +00:00
Robert Watson
e82d0201bd Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
2007-02-19 13:26:39 +00:00