This prevents unprivileged users to lock too much memory.
- Set memorylocked limit to 64Mb for daemon login class.
Some daemons such as amd(8) and watchdogd(8) calls mlockall(2) on
startup, they are run from init(8) which uses daemon login class.
- Set memorylocked limit to unlimited for root login class.
Suggested by: avg
Approved by: kib (mentor)
MFC after: 1 week
* Don't provide clear_cache or the __sync_* functions on ARM with clang as
they are provided by clang as builtin functions.
* Tell clang it is aloud to compile some libgcc code using heinous GCC
extensions.
caused by use of an invalid kgss_gssd_handle during an upcall to
the gssd daemon when it has exited. This patch seems to avoid the
crashes by holding a reference count on the kgss_gssd_handle until
the upcall is done. It also adds a new mutex kgss_gssd_lock used to
make manipulation of kgss_gssd_handle SMP safe.
Tested by: Illias A. Marinos, Herbert Poeckl
Reviewed by: jhb
MFC after: 2 weeks
LUNs for the virtual processor device. This removes lots of CAM warnings,
and follows similar recent changes to tws(4) and twa(4) drivers.
Also fix case where CAM_REQ_CMP was getting OR'd with CAM_DEV_NOT_THERE
in the nonexistent LUN case, resulting in different CAM status (CAM_UA_TERMIO)
getting reported to CAM. This issue existing previously, but was more subtle
because it changed CAM_SEL_TIMEOUT to CAM_CMD_TIMEOUT.
Sponsored by: Intel
Reported and tested by: Willem Jan Withagen <wjw@digiware.nl>
MFC after: 1 week
A fork/exec could happen between open and fcntl, leaking a file descriptor.
Using O_CLOEXEC fixes this and as a side effect simplifies the code.
NetBSD already had this (I checked this after making the change myself).
Reviewed by: gabor
an error instead of calling err() when it is daemonized,
so that the error gets logged.
Discussed with: rwatson, jhb
Tested by: Illias A. Marinos, Herbert Poeckl
MFC after: 2 weeks
- Add a range condition of given FIB number and the related error messages.
- Fix free() problem.
Spotted by: Artyom Mirgorodskiy
Discussed with: glebius
be kept around to the 10 most recent ones.
Add UPDATING entry with info how to return to the previous behaviour (no
limits).
Obtained from: WHEEL Systems
last one. To make it easier to find the last one create symlinks with 'last'
suffix that will point to the files of the last coredump, eg.:
info.last -> info.5
textdump.tar.last.gz -> textdump.tar.5.gz
Reviewed by: avg
Obtained from: WHEEL Systems
This fixed panic where we hold mutex (process lock) and try to obtain sleepable
lock (vnode lock in expand_name()). The panic could occur when %I was used
in kern.corefile.
Additionally we avoid expand_name() overhead when coredumps are disabled.
Obtained from: WHEEL Systems
This fixes panic when listing sysctls on INVARIANTS-enabled kernel while
having wbwd loaded.
This panic was not fatal, at worst one additional space was printed.
Also sbuf_trim() makes some sense even if drain function is set. The drain
function is called only when buffer is to be expanded. So we could still trim
existing buffer before drain is called. In this case it worked just fine - the
trailing space was correctly trimmed.
Obtained from: WHEEL Systems
MFC after: 1 week
built with clang. When these are defined the lists are defined similar to:
asm(".section .ctors");
STATIC func_ptr __CTOR_LIST__[1] = { (func_ptr) (-1) };
asm(".section .dtors");
STATIC func_ptr __DTOR_LIST__[1] = { (func_ptr) (-1) };
The problem is clang will move the two arrays out of the .ctors and .dtors
sections causing these sections to contain a single null address. By not
defining these macros we use the version of the code that places the arrays
is their sections by using __attribute__((section(".ctors"))) and similar
for .dtors.
Submitted by: Daisuke Aoyama <aoyama AT peach.ne.jp>
For now use 256 buckets and fnv_hash function. Use xor'ed 32-bit
s6_addr32 parts of in6_addr structure as a hash key. Update
in6_localip and in6_is_addr_deprecated to use hash table for fastest
lookup.
Sponsored by: Yandex LLC
Discussed with: dwmalone, glebius, bz
of average duration, and total busy time instead of %.
This looks more useful when one runs `iostat -Ix` periodically to
collect statistics: e.g. now it is possible to calculate busy %
between two runs subtracting total busy times and dividing per time
period.
Average duration and % busy are still available via `iostat -x`.
set.
As the checks don't require vnet context, this is fixed by setting
vnet after the checks.
PR: kern/160541
Submitted by: Nikos Vassiliadis (slightly different approach)
implement the BSM audit trail format. Rename the kernel versions of the
files to match the userspace filenames so that it's easier to work out
what they correspond to, and therefore ensure they are kept in-sync.
Obtained from: TrustedBSD Project
included various upstreamed patches from the FreeBSD base to make OpenBSM
compile more easily with bmake, higher warning levels, clang, and several
other loose ends.
Obtained from: TrustedBSD Project