36081 Commits

Author SHA1 Message Date
phk
4772146a86 Don't truncate on large disks. 2002-10-27 10:17:38 +00:00
rwatson
653f637c44 Implement mac_check_system_sysctl(), a MAC Framework entry point to
permit MAC policies to augment the security protections on sysctl()
operations.  This is not really a wonderful entry point, as we
only have access to the MIB of the target sysctl entry, rather than
the more useful entry name, but this is sufficient for policies
like Biba that wish to use their notions of privilege or integrity
to prevent inappropriate sysctl modification.  Affects MAC kernels
only.  Since SYSCTL_LOCK isn't in sysctl.h, just kern_sysctl.c,
we can't assert the SYSCTL subsystem lockin the MAC Framework.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 07:12:34 +00:00
rwatson
be98961ae9 Hook up mac_check_system_reboot(), a MAC Framework entry point that
permits MAC modules to augment system security decisions regarding
the reboot() system call, if MAC is compiled into the kernel.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 07:03:29 +00:00
rwatson
8cd9e63819 Merge from MAC tree: rename mac_check_vnode_swapon() to
mac_check_system_swapon(), to reflect the fact that the primary
object of this change is the running kernel as a whole, rather
than just the vnode.  We'll drop additional checks of this
class into the same check namespace, including reboot(),
sysctl(), et al.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-27 06:54:06 +00:00
phk
fe41e143c1 Make geom_mbr.c optional on PC98, use GEOM_MBR option to include it.
Disable check for supposedly magic "IPL1" string for PC98 labels, its
thaumaturgical power is in doubt.
2002-10-26 20:17:59 +00:00
mux
65fb9af8bb Fix a style nit. 2002-10-26 18:19:46 +00:00
mux
81cc70c469 In VOP_LOOKUP, don't deny DELETE and RENAME operations
when ISLASTCN is not set.  The actual file which is being
looked up may live in a different filesystem.
2002-10-26 18:16:19 +00:00
mux
d2ac0d86f6 Add a missing destroy_dev(). 2002-10-26 18:09:30 +00:00
jake
ce564f5edf Allow deprecated or unimplemented system call vectors to deliver SIGSYS,
as suggested by the sparc v9 ABI.
2002-10-26 17:38:20 +00:00
jake
83d0eead07 Remove an unused macro. 2002-10-26 17:36:37 +00:00
nyan
ed37829166 MFi386: revisions 1.544 and 1.545. 2002-10-26 15:44:06 +00:00
rwatson
312cab0dee Slightly change the semantics of vnode labels for MAC: rather than
"refreshing" the label on the vnode before use, just get the label
right from inception.  For single-label file systems, set the label
in the generic VFS getnewvnode() code; for multi-label file systems,
leave the labeling up to the file system.  With UFS1/2, this means
reading the extended attribute during vfs_vget() as the inode is
pulled off disk, rather than hitting the extended attributes
frequently during operations later, improving performance.  This
also corrects sematics for shared vnode locks, which were not
previously present in the system.  This chances the cache
coherrency properties WRT out-of-band access to label data, but in
an acceptable form.  With UFS1, there is a small race condition
during automatic extended attribute start -- this is not present
with UFS2, and occurs because EAs aren't available at vnode
inception.  We'll introduce a work around for this shortly.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-26 14:38:24 +00:00
tmm
d0b6b7a6ad Call bpf_mtap() on outgoing packets. 2002-10-26 12:32:07 +00:00
peter
b597459f26 Add COMPAT_FREEBSD4 here too. It has COMPAT_43 as well. 2002-10-26 04:58:36 +00:00
peter
bbcb1cd71b Add COMPAT_FREEBSD4 for the transition. COMPAT_43 was already present. 2002-10-26 04:57:19 +00:00
julian
64467d2a2f iBack out david's last commit. the suspension code needs to be called
for non KSE processes too.
2002-10-26 04:44:17 +00:00
davidxu
9f183ef3fc Move suspension checking code from userret() into thread_userret(). 2002-10-26 02:56:51 +00:00
davidxu
f9c45007d3 Backout revision 1.48. 2002-10-26 01:26:36 +00:00
sam
3859ed1230 o m_adj rx buffer so IP header is 32-bit aligned
o replace EPIC_MGETCLUSER with m_getcl

MFC after:	1 week
2002-10-25 22:06:03 +00:00
jhb
70f2b22f03 Cast si_drv2 to intptr_t instead of int to quiet warnings.
Tested on:	alpha
Reported by:	marcel (on an ia64)
2002-10-25 20:49:24 +00:00
rwatson
068e73d389 Comment describing the semantics of mac_late.
Trim trailing whitespace.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-25 20:45:27 +00:00
jhb
1b89bed0f7 Use the newer "+" modifier on output contraints when a register or
memory datum is used for both input and output instead of using
matching constraints.
2002-10-25 20:22:12 +00:00
phk
b7e23599cf Reduce the GEOM verbosity under bootverbose to something more sufferable.
This is not quite the set of information I would want, but the tree where
I have the "correct" version is messed up with conflicts.

Sponsored by:	DARPA & NAI Labs.
2002-10-25 20:09:45 +00:00
jhb
fa9a77e4ba Don't copy td_md. Instead, let the MD code handle it just like it
handles the MD fields of all the other MD portions of proc-related
structures.

Tested on:	i386, alpha, sparc64
2002-10-25 20:07:52 +00:00
jhb
f6b6098201 Note that the sched_lock protects md_ldt of struct mdproc. 2002-10-25 20:06:16 +00:00
mux
bdcd4ebb5d - Rename the DDB specific %z printf format to %y.
- Make DDB use %y instead of %z.
- Teach GCC about %y.
- Implement support for the C99 %z format modifier.

Approved by:	re@
Reviewed by:	peter
Tested on:	i386, sparc64
2002-10-25 19:41:32 +00:00
peter
187c04923a Finish fixing the 5.x FPU code for dealing with signal handlers.
Obtained from:  bde
2002-10-25 19:12:16 +00:00
peter
f7fa86b743 Split 4.x and 5.x signal handling so that we can keep 4.x signal
handling clean and functional as 5.x evolves.  This allows some of the
nasty bandaids in the 5.x codepaths to be unwound.

Encapsulate 4.x signal handling under COMPAT_FREEBSD4 (there is an
anti-foot-shooting measure in place, 5.x folks need this for a while) and
finish encapsulating the older stuff under COMPAT_43.  Since the ancient
stuff is required on alpha (longjmp(3) passes a 'struct osigcontext *'
to the current sigreturn(2), instead of the 'ucontext_t *' that sigreturn
is supposed to take), add a compile time check to prevent foot shooting
there too.  Add uniform COMPAT_43 stubs for ia64/sparc64/powerpc.

Tested on: i386, alpha, ia64.  Compiled on sparc64 (a few days ago).
Approved by: re
2002-10-25 19:10:58 +00:00
iwasaki
c689b5c88a Change method to determine base memory size.
Try INT 15H/E820H first, then fall back to the old compatibility
method (INT 12H).
This is a workaround for newer machines which have broken INT 12H BIOS
service implementation.

Reviewed by:	-current ML
MFC after:	3 days
2002-10-25 18:46:36 +00:00
phk
097ab10d4b #include <geom/geom.h> to get proper prototypes. Contrary to my fears we
seem to have all the prerequisites already.

Call g_waitidle() as the first thing in vfs_mountroot() so that we have
it out of the way before we even decide if we should call .._ask() or
.._try().

Call the g_dev_print() function to provide better guidance for the
root-mount prompt.
2002-10-25 18:44:42 +00:00
phk
1f3b3d6f9d Add a g_dev_print() function which prints all the /dev entries GEOM
know about.
2002-10-25 18:42:42 +00:00
tmm
f2106ce588 Initialize tick_MHz and related variables much earlier. After the last
revision of tick.c, this was done at SI_SUB_CLOCKS, which is too late
because tick_MHz is required for DELAY() to work.

Reviewed by:	jake
2002-10-25 17:42:14 +00:00
tmm
6bff02396b Fix iommu_dvmamap_sync() to use the right address when flushing the
streaming cache. This bug could have the potential to cause data
corruption on systems with Psycho U2P bridges (Sabre bridges have no
streaming cache).
However, due to the usual driver architecture, it is believed that
corruption did occur only in rare cases (if at all).
2002-10-25 17:31:31 +00:00
simokawa
22f46b3ac7 Don't check IFF_RUNNING in previous change.
The flag is sometimes unset if the interface has IPv6 link-local
address only.
2002-10-25 17:31:03 +00:00
phk
01399b8c20 Loose the g_dev_clone() noise. 2002-10-25 17:00:15 +00:00
jake
a065785f57 Greatly improve readability of trap() by using a table to convert between
trap types and signals to send.  Rearrange KASSERTs to better handle faults
early before curthread is setup, or in the case that it gets corrupted or
set to 0.
2002-10-25 16:00:47 +00:00
davidxu
3f4f4ce169 suspend thread only when it can be interrupted. 2002-10-25 13:12:36 +00:00
davidxu
de4094aa31 let thread_schedule_upcall() handle idle kse. 2002-10-25 12:50:31 +00:00
phk
b6e6ea6570 Disable the kernacc() check in mtx_validate() until such time that kernacc
does not require Giant.

This means that we may miss panics on a class of mutex programming bugs,
but only if running with a Chernobyl setting of debug-flags.

Spotted by:	Pete Carah <pete@ns.altadena.net>
2002-10-25 08:40:20 +00:00
phk
7320ebcf72 In vrele() we can actually have a VCHR with v_rdev == NULL if we
came from the bottom of addaliasu().  Don't panic.
2002-10-25 07:58:25 +00:00
julian
35e17a8e76 fix style-o 2002-10-25 07:17:07 +00:00
julian
4ea837f673 More work on the interaction between suspending and sleeping threads.
Also clean up some code used with 'single-threading'.

Reviewed by:	davidxu
2002-10-25 07:11:12 +00:00
imp
59e43a0396 Use the correct values for LDBL_*. Libc doesn't completely support
long doubles at the moment (printf truncates them to doubles).
However, long doubles to appear to work to the ranges listed in this
commit on both -stable (4.5) and -current.  There may be some slight
rounding issues with long doubles, but that's an orthogonal issue to
these constants.

I've had this in my local tree for 3 months, and in my company's local
tree for 15 months with no ill effects.

Obtained from: NetBSD
Not likely to like it: bde
2002-10-25 07:02:52 +00:00
jake
ab03b9e0eb Minor cleanups.
- use fields in sysent instead of PS_STRINGS
- set TSTATE_PRIV in frame0.tf_tstate for what its worth
2002-10-25 06:26:34 +00:00
mckusick
6b1611bd94 Within ufs, the ffs_sync and ffs_fsync functions did not always
check for and/or report I/O errors. The result is that a VFS_SYNC
or VOP_FSYNC called with MNT_WAIT could loop infinitely on ufs in
the presence of a hard error writing a disk sector or in a filesystem
full condition. This patch ensures that I/O errors will always be
checked and returned.  This patch also ensures that every call to
VFS_SYNC or VOP_FSYNC with MNT_WAIT set checks for and takes
appropriate action when an error is returned.

Sponsored by:   DARPA & NAI Labs.
2002-10-25 00:20:37 +00:00
davidxu
776a2129fe fix typo. 2002-10-25 00:13:46 +00:00
julian
59e8ad5a4c Extract out KSE specific code from machine specific code
so that there is ony one copy of it. Fix that one copy
so that KSEs with no mailbox in a KSE program are not a cause
of page faults (this can legitmatly happen).

Submitted by:	(parts) davidxu
2002-10-24 23:09:48 +00:00
mux
f1e4ff6b70 Oops, forgot to commit this file. This is part of the fix
for ipfw2 panics on sparc64.
2002-10-24 22:32:13 +00:00
phk
291992383a Use a better test to prevent tasting geom.ctl so we don't screw the
regression tests.
2002-10-24 21:32:49 +00:00
phk
a3766d9d16 Fix the spechash lock order reversal by keeping an updated sum
of v_usecount in the dev_t which vcount() can return without
locking any vnodes.

Seen by:	jhb
2002-10-24 19:38:56 +00:00