Commit Graph

149257 Commits

Author SHA1 Message Date
Robert Watson
791b0ad2bf Eliminate ARG_UPATH[12] arguments to AUDIT_ARG_UPATH() and instead
provide specific macros, AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2()
to capture path information for audit records.  This allows us to
move the definitions of ARG_* out of the public audit header file,
as they are an implementation detail of our current kernel-internal
audit record, which may change.

Approved by:	re (kensmith)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-29 07:44:43 +00:00
Pawel Jakub Dawidek
d5d7e76d2b Currently there is a problem with fscking UFS file systems created on
top of ZVOLs. The problem is that rc.d/fsck runs before rc.d/zfs. The
latter makes ZVOLs to appear in /dev/. In such case rc.d/fsck cannot
find devfs entry and aborts. We cannot simply move rc.d/zfs before
rc.d/fsck, because we first want kern.hostid to be configured (by
rc.d/hostid). If we won't wait (hostid will be 0) we can reuse disks
which are in use by different systems (eg. in SAN/NAS environment).
We also cannot move rc.d/hostid before rc.d/fsck, because rc.d/hostid on
first system start stores generated kern.hostuuid in /etc/hostid file,
so it needs root file system to be mounted read-write.

The fix is to split rc.d/hostid so that rc.d/hostid (which will now run
before rc.d/fsck) only generates hostid and sets up sysctls, but doesn't
touch root file system and rc.d/hostid_save (which is run after
rc.d/root) and only creates /etc/hostid file.

With that in place, we can move ZVOL initialization to dedicated
rc.d/zvol script which runs before rc.d/fsck.

PR:		conf/120194
Reported by:	James Snow <snow@teardrop.org>
Reviewed by:	brooks
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-29 05:23:52 +00:00
Doug Barton
0df811a678 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
Doug Barton
d5e9ae7e17 Vendor import of BIND 9.6.1-P1 2009-07-28 22:58:40 +00:00
Robert Watson
a9bcca799e Revise header comments for vnet.h as we now implement VNET_SYSINIT, not
just VNET_DEFINE in vnet.h.

Approved by:	re (vimage blanket)
2009-07-28 22:17:34 +00:00
Robert Watson
b146fc1bf0 Rework vnode argument auditing to follow the same structure, in order
to avoid exposing ARG_ macros/flag values outside of the audit code in
order to name which one of two possible vnodes will be audited for a
system call.

Approved by:	re (kib)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-28 21:52:24 +00:00
Robert Watson
e4b4bbb665 Audit file descriptors passed to fooat(2) system calls, which are used
instead of the root/current working directory as the starting point for
lookups.  Up to two such descriptors can be audited.  Add audit record
BSM encoding for fooat(2).

Note: due to an error in the OpenBSM 1.1p1 configuration file, a
further change is required to that file in order to fix openat(2)
auditing.

Approved by:	re (kib)
Reviewed by:	rdivacky (fooat(2) portions)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-28 21:39:58 +00:00
Julian Elischer
3d1001cb11 Startup the vnet part of initialization a bit after the global part.
Fixes crash on boot if ipfw compiled in.

Submitted by:	tegge@
Reviewed by:	tegge@
Approved by:	re (kib)
2009-07-28 19:58:07 +00:00
Julian Elischer
7973fba3a4 Somewhere along the line accept sockets stopped honoring the
FIB selected for them. Fix this.

Reviewed by:	ambrisko
Approved by:	re (kib)
MFC after:	3 days
2009-07-28 19:43:27 +00:00
Qing Li
9fca4f79c7 The new flow table caches both the routing table entry as well as the
L2 information. For an indirect route the cached L2 entry contains the
MAC address of the gateway. Typically the default route is used to
transmit multicast packets when explicit multicast routes are not
available. The ether_output() function bypasses L2 resolution function
if it verifies the L2 cache is valid, because the cached L2 address
(a unicast MAC address) is copied into the packets as the destination
MAC address. This validation, however, does not apply to broadcast and
multicast packets because the destination MAC address is mapped
according to a standard method instead.

Submitted by:	Xin Li
Reviewed by:	bz
Approved by:	re
2009-07-28 17:16:54 +00:00
Michael Tuexen
bf3d517756 Fix a bug where wrong initialization value
in used for an SCTP specific sysctl variable.

Approved by: re, rrs(mentor).
MFC after: 2 weeks.
2009-07-28 15:07:41 +00:00
Randall Stewart
cfde3ff70b Turns out that when a receiver forwards through its TNS's the
processing code holds the read lock (when processing a
FWD-TSN for pr-sctp). If it finds stranded data that
can be given to the application, it calls sctp_add_to_readq().
The readq function also grabs this lock. So if INVAR is on
we get a double recurse on a non-recursive lock and panic.

This fix will change it so that readq() function gets a
flag to tell if the lock is held, if so then it does not
get the lock.

Approved by:	re@freebsd.org (Kostik Belousov)
MFC after:	1 week
2009-07-28 14:09:06 +00:00
Colin Percival
958fafa951 Add INDEX-8 to the default portsnap configuration file, and remove INDEX-5.
The Portsnap buildbox now generates teh bits needed for portsnap to produce
INDEX-8; and it hasn't built INDEX-5 for a long time, although the bits are
still distributed for an INDEX-5 from when FreeBSD 5.x reached its EoL.

Approved by:	re (kib)
MFC after:	3 days (INDEX-8 addition only)
2009-07-27 20:24:00 +00:00
Weongyo Jeong
62dcd8657b adds DLINK2 DWA120 device.
PR:		usb/136950
Reported by:	Alexander Kuznetsov <skritku at gmail.com>
Approved by:	re (kib)
2009-07-27 20:17:20 +00:00
Weongyo Jeong
4b00d3e022 urtw(4) supports RTL8187B chipset now.
Approved by:	re (kib)
2009-07-27 18:07:44 +00:00
Qing Li
df813b7ea2 This patch does the following:
- Allow loopback route to be installed for address assigned to
      interface of IFF_POINTOPOINT type.
    - Install loopback route for an IPv4 interface addreess when the
      "useloopback" sysctl variable is enabled. Similarly, install
      loopback route for an IPv6 interface address when the sysctl variable
      "nd6_useloopback" is enabled. Deleting loopback routes for interface
      addresses is unconditional in case these sysctl variables were
      disabled after an interface address has been assigned.

Reviewed by:	bz
Approved by:	re
2009-07-27 17:08:06 +00:00
John Baldwin
8e3764c0a6 Fix the freebsd32 versions of semsys(), shmsys(), and msgsys() to use the
old ABI versions of the relevant control system call (e.g.
freebsd7_freebsd32_msgctl() instead of freebsd32_msgctl() for msgsys()).

Approved by:	re (kib)
2009-07-27 16:03:04 +00:00
Pawel Jakub Dawidek
abd8353f5d We don't support ephemeral IDs in FreeBSD and without this fix ZFS can
panic when in zfs_fuid_create_cred() when userid is negative. It is
converted to unsigned value which makes IS_EPHEMERAL() macro to
incorrectly report that this is ephemeral ID. The most reasonable
solution for now is to always report that the given ID is not ephemeral.

PR:		kern/132337
Submitted by:	Matthew West <freebsd@r.zeeb.org>
Tested by:	Thomas Backman <serenity@exscape.org>, Michael Reifenberger <mike@reifenberger.com>
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-27 14:52:34 +00:00
Rui Paulo
3ca80f0dbc Mesh fixes, namely:
* don't clobber proxy entries
* HWMP seq number processing, including discard of old frames
* flush routing table entries based on nexthop
* print route flags in ifconfig
* more debugging messages and comments

Proxy changes submitted by sam.

Approved by:	re (kib)
2009-07-27 14:22:09 +00:00
Rui Paulo
1f93ae9453 Refine the MacBook hack to only match early models that have Intel ICH.
Discussed with:	kjim
Approved by:	re (kib)
2009-07-27 13:51:55 +00:00
Michael Tuexen
8e71b6947a Fix the handling of unordered messages when using
PR-SCTP.

Approved by: re, rrs (mentor)
MFC after: 3 weeks.
2009-07-27 13:41:45 +00:00
Rui Paulo
1126d66df5 * Document the dev.asmc.N.light.control sysctl. [1]
* Add more models that have the SMC.

PR:		137168 [1]
Submitted by:	Patrick Lamaiziere <patfbsd at davenulle.org>
Approved by:	re (kib)
2009-07-27 13:36:35 +00:00
Michael Tuexen
4420d9a062 Get rid of unused field. This will also be deleted
in the official speciication of the SCTP socket API.

Approved by:re, rrs (mentor)
2009-07-27 12:09:32 +00:00
Xin LI
f4cb5a505f Vendor import of less v436. 2009-07-27 07:05:08 +00:00
Konstantin Belousov
560bf6e4ae Note that COMPAT_43 requires COMPAT_FREEBSD7 too.
Submitted by:	Steve Kargl
Approved by:	re (kensmith)
2009-07-26 20:12:06 +00:00
Tim Kientzle
33fe28bbcd The parser for Rockridge symlinks tended to insert
extra slashes at the beginning of absolute targets.

Thanks to Jung-uk Kim for pointing this out to me.

Approved by:	re (kib)
2009-07-26 18:11:44 +00:00
Michael Tuexen
47a490cbbc Add a missing unlock for the inp lock when
returning early from sctp_add_to_readq().

Approved by: re, rrs (mentor)
MFC after: 2 weeks.
2009-07-26 15:06:59 +00:00
Alexander Motin
b06555e4fc Restore PATA device probe order, broken by PMP support implementation,
requesting IDENTIFY from slave device first. This order is important
for proper cable type detection by master device.

PR:		kern/136438
Approved by:	re (kib)
2009-07-26 14:04:48 +00:00
Bjoern A. Zeeb
d0ea47437a Update epair(4) to the new netisr implementation and polish
things a bit:
- use dpcpu data to track the ifps with packets queued up,
- per-cpu locking and driver flags
- along with .nh_drainedcpu and NETISR_POLICY_CPU.
- Put the mbufs in flight reference count, preventing interfaces
  from going away, under INVARIANTS as this is a general problem
  of the stack and should be solved in if.c/netisr but still good
  to verify the internal queuing logic.
- Permit changing the MTU to virtually everythinkg like we do for loopback.

Hook epair(4) up to the build.

Approved by:	re (kib)
2009-07-26 12:20:07 +00:00
Bjoern A. Zeeb
be31e5e7b5 Make the in-kernel logic for the SIOCSIFVNET, SIOCSIFRVNET ioctls
(ifconfig ifN (-)vnet <jname|jid>) work correctly.

Move vi_if_move to if.c and split it up into two functions(*),
one for each ioctl.

In the reclaim case, correctly set the vnet before calling if_vmove.

Instead of silently allowing a move of an interface from the current
vnet to the current vnet, return an error. (*)

There is some duplicate interface name checking before actually moving
the interface between network stacks without locking and thus race
prone. Ideally if_vmove will correctly and automagically handle these
in the future.

Suggested by:	rwatson (*)
Approved by:	re (kib)
2009-07-26 11:29:26 +00:00
Bjoern A. Zeeb
00dc5f8e66 Make ifconfig ifN -vnet <jname|jid> actually work:
- fix ifconfig to ignore the non-existent interface in the current
  network stack in case of '-vnet'.
- in ifconfig: actually use the local variables defined for the
  vnet functions rather than modifying the global.

Reviewed by:	rwatson
Approved by:	re (kib)
2009-07-26 11:25:57 +00:00
Alan Cox
5592fb2f9b Eliminate a stale paragraph from the BUGS section. This "bug" was
eliminated in r195693.

Approved by:	re (kensmith)
2009-07-26 06:38:56 +00:00
Konstantin Belousov
5abb7fe2e9 Fix syntax error, makefile comments start with #.
Submitted by:	bde
Approved by:	re (kensmith)
2009-07-25 21:07:56 +00:00
Alexander Motin
1a00526bec Add note, that ahci(4) and siis(4) supersede ata(4) drivers.
Approved by:	re (implicitly)
2009-07-25 18:45:09 +00:00
Alexander Motin
eb31708a6e PMP provides 16 targets (15 drives + itself).
Approved by:	re (implicitly)
2009-07-25 18:19:31 +00:00
Tim Kientzle
e2f1f1fb00 Libarchive recognizes hardlinked files on ISO images,
but returned them incorrectly, causing tar to actually
erase the resulting file while trying to restore the
link.  This one-line fix corrects the hardlink descriptions
to avoid this problem.

Thanks to Jung-uk Kim for pointing this out.

Approved by:	re (kib)
2009-07-25 18:11:55 +00:00
Alexander Motin
e19ef875b1 Add ahci and siis drivers to NOTES.
Approved by:	re (implicitly)
2009-07-25 17:40:49 +00:00
Jamie Gritton
7cbf72137f Some jail parameters (in particular, "ip4" and "ip6" for IP address
restrictions) were found to be inadequately described by a boolean.
Define a new parameter type with three values (disable, new, inherit)
to handle these and future cases.

Approved by:	re (kib), bz (mentor)
Discussed with:	rwatson
2009-07-25 14:48:57 +00:00
Edward Tomasz Napierala
ea665f1079 Change the name displayed in sysinstall(8) from 'Wizard Mode'
to 'Expert Mode', to make it less confusing to new users, to whom
a 'wizard' is a set of simple dialogs with the 'next >>>' button.

Approved by:	re (kensmith)
2009-07-25 08:36:28 +00:00
Julian Elischer
9d85f50ad5 Catch ipfw up to the rest of the vimage code.
It got left behind when it moved to its new location.

Approved by:	re (kensmith)
2009-07-25 06:42:42 +00:00
Jack F Vogel
45289e2ded Improvement on the last change, this gives a precise
way to tell the one and only interface that a vlan
event is for. Thanks to John Baldwin for the patch.

Approved by: re
2009-07-24 21:35:52 +00:00
Brooks Davis
254d03c508 Introduce a new sysctl process mib, kern.proc.groups which adds the
ability to retrieve the group list of each process.

Modify procstat's -s option to query this mib when the kinfo_proc
reports that the field has been truncated.  If the mib does not exist,
fall back to the truncated list.

Reviewed by:	rwatson
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-24 19:12:19 +00:00
John Baldwin
5f60e483c8 Bump __FreeBSD_version for the introduction of OBJT_SG.
Approved by:	re (kensmith)
2009-07-24 18:31:04 +00:00
Jack F Vogel
387424df40 This delta fixes two bugs:
- When a vlan event occurs a check was not made that
    the event was actually for the interface, thus resulting
    in a panic. All three drivers have this vulnerability. Add
    a check for this condition.
  - Secondly, there was a duplicate buf_ring free in the em
    driver resulting in a panic on unload. Remove.

Approved by:  re
2009-07-24 16:57:49 +00:00
Jack F Vogel
8bd0025fdd A small number of systems in the ICH9/10 family have a flash
part that is made up of 8K banks rather than 4K, if these
systems are using bank 1 then the last change in this code
breaks the bank read, resulting in an invalid checksum of
the eeprom during driver load. This change fixes this.

Approved by:  re
2009-07-24 16:54:22 +00:00
Sam Leffler
8ed1835dea revert OACTIVE part of r195845; instead fix the comment so it does not refer
to the old hack removed in r193312

Approved by:	re (implicit)
2009-07-24 15:37:02 +00:00
Sam Leffler
2c4e7faeae Update for vaps:
o do not force monitor mode; the wlanX ifnet must be an ahdemo mode vap
o move channel change work before marking ifnet up to avoid churning
  the state machine
o change default ifnet name to "wlan0"

Approved by:	re (kensmith)
2009-07-24 15:31:22 +00:00
Sam Leffler
ff5aac8eb7 correct handling of IFF_PROMISC; this should not be pushed to the parent
device except for monitor and ahdemo mode vaps

Reviewed by:	rpaulo
Approved by:	re (kensmith)
2009-07-24 15:28:29 +00:00
Sam Leffler
983a2c892b monitor mode vaps are meant to be read-only so they can operate on any
frequency w/o regulatory issues, do this by hooking if_transmit and
if_output with routines that discard all transmits

Reviewed by:	thompsa, cbzimmer (intent)
Approved by:	re (kensmith)
2009-07-24 15:27:02 +00:00
Sam Leffler
224881b466 o kill old code no longer needed after r193312
o count output packets+errors for frames sent through ieee80211_output

Approved by:	re (kensmith)
2009-07-24 15:22:12 +00:00