Commit Graph

143063 Commits

Author SHA1 Message Date
Robert Watson
52267f7411 Merge OpenBSM 1.1 alpha 2 from the OpenBSM vendor branch to head, both
contrib/openbsm (svn merge) and sys/{bsm,security/audit} (manual merge).

- Add OpenBSM contrib tree to include paths for audit(8) and auditd(8).
- Merge support for new tokens, fixes to existing token generation to
  audit_bsm_token.c.
- Synchronize bsm includes and definitions.

OpenBSM history for imported revisions below for reference.

MFC after:      1 month
Sponsored by:   Apple Inc.
Obtained from:  TrustedBSD Project

--

OpenBSM 1.1 alpha 2

- Include files in OpenBSM are now broken out into two parts: library builds
  required solely for user space, and system includes, which may also be
  required for use in the kernels of systems integrating OpenBSM.  Submitted
  by Stacey Son.
- Configure option --with-native-includes allows forcing the use of native
  include for system includes, rather than the versions bundled with OpenBSM.
  This is intended specifically for platforms that ship OpenBSM, have adapted
  versions of the system includes in a kernel source tree, and will use the
  OpenBSM build infrastructure with an unmodified OpenBSM distribution,
  allowing the customized system includes to be used with the OpenBSM build.
  Submitted by Stacey Son.
- Various strcpy()'s/strcat()'s have been changed to strlcpy()'s/strlcat()'s
  or asprintf().  Added compat/strlcpy.h for Linux.
- Remove compatibility defines for old Darwin token constant names; now only
  BSM token names are provided and used.
- Add support for extended header tokens, which contain space for information
  on the host generating the record.
- Add support for setting extended host information in the kernel, which is
  used for setting host information in extended header tokens.  The
  audit_control file now supports a "host" parameter which can be used by
  auditd to set the information; if not present, the kernel parameters won't
  be set and auditd uses unextended headers for records that it generates.

OpenBSM 1.1 alpha 1

- Add option to auditreduce(1) which allows users to invert sense of
  matching, such that BSM records that do not match, are selected.
- Fix bug in audit_write() where we commit an incomplete record in the
  event there is an error writing the subject token.  This was submitted
  by Diego Giagio.
- Build support for Mac OS X 10.5.1 submitted by Eric Hall.
- Fix a bug which resulted in host XML attributes not being arguments so
  that const strings can be passed as arguments to tokens.  This patch was
  submitted by Xin LI.
- Modify the -m option so users can select more then one audit event.
- For Mac OS X, added Mach IPC support for audit trigger messages.
- Fixed a bug in getacna() which resulted in a locking problem on Mac OS X.
- Added LOG_PERROR flag to openlog when -d option is used with auditd.
- AUE events added for Mac OS X Leopard system calls.
2008-12-02 23:26:43 +00:00
Christian Brueffer
23c30ae875 Improve grammar.
Submitted by:	Ben Kaduk
2008-12-02 22:45:01 +00:00
Bjoern A. Zeeb
4b79449e2f Rather than using hidden includes (with cicular dependencies),
directly include only the header files needed. This reduces the
unneeded spamming of various headers into lots of files.

For now, this leaves us with very few modules including vnet.h
and thus needing to depend on opt_route.h.

Reviewed by:	brooks, gnn, des, zec, imp
Sponsored by:	The FreeBSD Foundation
2008-12-02 21:37:28 +00:00
Poul-Henning Kamp
8372089626 Make the "test" target test the compiled version, instead of the
installed version of the md library.
2008-12-02 19:49:41 +00:00
Ed Schouten
bfba40a452 Remove "[KEEP THIS!]" from COMPAT_43TTY. It's not really that important.
Sgtty is a programming interface that has been replaced by termios over
the years. In June we already removed <sgtty.h>, which exposes the
ioctl()'s that are implemented by this interface. The importance of this
flag is overrated right now.
2008-12-02 19:09:08 +00:00
Ken Smith
dcaf4eb3ed Remove slip.log. Slip got removed as part of the MPSAFE tty work. If
it does come back it would probably be better if users who were interested
in slip added appropriate lines instead of this being here unconditionally.

Reminded by:	tut <at> nhamon <dot> com <dot> ua
2008-12-02 18:13:29 +00:00
Ken Smith
edadbb99db The slip.log file got removed along with the MPSAFE tty work. If slip
does ever come back it's probably best if its log file be something that
gets added if the user decided they want to run slip instead of having
it here unconditionally.
2008-12-02 16:46:01 +00:00
George V. Neville-Neil
c9c0c99f30 Bug fix from Chelsio which addresses the issue of the device resetting
when it sees only received packets.  In some cases where a device only
recieves data it mistakenly thinks that its transmitting side is broken
and resets the device.

Obtained from:	Chelsio Inc.
MFC after:	3 days
2008-12-02 15:42:47 +00:00
Peter Wemm
41fbf4374b Update format string for kve_start/end. 2008-12-02 15:08:33 +00:00
Luigi Rizzo
4b91bf7948 This commits brings in a lot of documentation and some enhancement
of the boot0.S code, with a number of compile-time selectable options,
the most interesting one being the ability to select PXE booting.

The code is completely compatible with the previous one, and with
the boot0cfg program. Even the actual code is largely unmodified,
with only minor rearrangements or fixes to make room for the new
features.

The behaviour of the standard build differs from the previous
version in the following, minor things:

+ 'noupdate' is the default, which means the code does not
  write back the selection to disk. You can enable the feature
  at runtime with boot0cfg, or changing the flags in the Makefile.

+ a drive number of 0x00 (floppy, or USB in floppy emulation) is
  now accepted as valid. Previously, it was overridden with 0x80,
  meaning that the partition table coming from the media was
  used to access sectors on a possibly different media.
  You can revert to the previous mode building with -DCHECK_DRIVE,
  and you can always use the 'setdrv' option in boot0cfg

+ certain FAT or NTFS partitions are listed as WIN instead of DOS.

+ the 'bel' character on a bad selection is replaced by a '#' to
  make it clear that the system is not hang even if the machine
  does not have a speaker. This can be reverted back at compile
  time, or at runtime with an upcoming boot0cfg option.

Additional features are available as compile time options,
and may be become the default if deemed useful. In particular:

+ INT18/PXE boot (make -DPXE)
  This option enables booting through INT 18h (which on certain
  BIOSes can be hooked to PXE) by pressing F6. There is unfortunately
  no room to print the additional menu option.
  Also, to make room for the code, the 'Default: ' string is
  changed to 'Boot: '

+ print current drive number (make -DTEST)
  Prints a line indicating the current drive number.
  This is useful to figure out what is going on for machines/bioses
  which remap drives in sometimes surprising ways.

+ disable numeric keys in console mode (make -DONLY_F_KEYS)
  Not really a significant option, but it is needed to make
  room for the -DTEST mode.

+ disable floppy support (make -DCHECK_DRIVE)
  Revert to the old behaviour of only accepting 0x80 and above
  as valid drive numbers.

MFC after:	6 weeks
2008-12-02 14:57:48 +00:00
Ganbold Tsagaankhuu
7613f162e9 Remove unused variable.
Found with:     Coverity Prevent(tm)
CID: 3685

Approved by: jhb
2008-12-02 14:19:53 +00:00
Konstantin Belousov
10b4034657 Provide custom simple allocator for rtld locks in libthr. The allocator
does not use any external symbols, thus avoiding possible recursion into
rtld to resolve symbols, when called.

Reviewed by:	kan, davidxu
Tested by:	rink
MFC after:	1 month
2008-12-02 11:58:31 +00:00
Konstantin Belousov
d6568724e1 Shared lookup makes it possible to create several negative cache
entries for one name. Then, creating inode with that name would remove
one entry, leaving others dormant. Reclaiming the vnode would uncover
negative entries, causing false return of ENOENT from the calls like
stat, that do not create inode.

Prevent creation of the duplicated negative entries.

Reported and debugged with:	pho
Reviewed by:	jhb
X-MFC:	after shared lookup changes
2008-12-02 11:14:16 +00:00
Konstantin Belousov
ffdaeffe21 Do not lock vnode interlock around reading of v_iflag to check VI_DOOMED.
Read of the pointer is atomic, and flag cannot be set while vnode lock
is held.

Requested by:	jhb
MFC after:	1 month
2008-12-02 11:12:50 +00:00
Joseph Koshy
dfd9bc23c9 - Efficiency tweak: when checking for PMC overflows, only go to
hardware for PMCs that have been configured for sampling.

- Bug fix: acknowledge PMC hardware overflows irrespective of the
  the (software) PMC's state.
2008-12-02 10:46:35 +00:00
Peter Wemm
a8f4518c30 kf_offset was supposed to be signed. 2008-12-02 10:39:47 +00:00
Peter Wemm
de94a63bd1 Attempt a quick bandaid for arm build breakage. I went to the trouble of
maintaining alignment, but I'm not sure how to tell gcc this.
2008-12-02 10:10:50 +00:00
Kip Macy
f3c713fdaf - fix bug where dnsperf would stop transmitting after a few seconds
- break complex conditionals in to multiple lines to avoid wrapping
- remove copious unused debug statements
- be more aggressive about cleaning in the calling thread
- eliminate usage of ENOSPC
- increase number of iterations that cxgbsp can do
- eliminate "initerr" usage to simplify ENOBUFS handling
- when coalescing pass all packets to BPF
- always set overrun if hardware queue is full
2008-12-02 07:01:18 +00:00
Peter Wemm
43151ee6cf Merge user/peter/kinfo branch as of r185547 into head.
This changes struct kinfo_filedesc and kinfo_vmentry such that they are
same on both 32 and 64 bit platforms like i386/amd64 and won't require
sysctl wrapping.

Two new OIDs are assigned.  The old ones are available under
COMPAT_FREEBSD7 - but it isn't that simple.  The superceded interface
was never actually released on 7.x.

The other main change is to pack the data passed to userland via the
sysctl.  kf_structsize and kve_structsize are reduced for the copyout.
If you have a process with 100,000+ sockets open, the unpacked records
require a 132MB+ copyout.  With packing, it is "only" ~35MB.  (Still
seriously unpleasant, but not quite as devastating).  A similar problem
exists for the vmentry structure - have lots and lots of shared libraries
and small mmaps and its copyout gets expensive too.

My immediate problem is valgrind.  It traditionally achieves this
functionality by parsing procfs output, in a packed format.  Secondly, when
tracing 32 bit binaries on amd64 under valgrind, it uses a cross compiled
32 bit binary which ran directly into the differing data structures in 32
vs 64 bit mode.  (valgrind uses this to track file descriptor operations
and this therefore affected every single 32 bit binary)

I've added two utility functions to libutil to unpack the structures into
a fixed record length and to make it a little more convenient to use.
2008-12-02 06:50:26 +00:00
Warner Losh
7d0fb1f7ef Don't call destroy_dev on the alias. This fixes half a dozen PRs I think. 2008-12-02 04:54:31 +00:00
Paul Saab
8f49dd912a Fix world by including opt_route.h 2008-12-02 04:45:33 +00:00
Kip Macy
2760fcd0a6 return ENOBUFS when ring is full 2008-12-02 03:58:10 +00:00
Pyun YongHyeon
59ef640d9e Add 8168D support.
Submitted by:	Andrew < andrewwtulloch <> gmail DOT com >
2008-12-02 03:39:34 +00:00
Pyun YongHyeon
bd4fa9d9e7 Add VLAN hardware tag insertion/stripping support. Tx/Rx checksum
offload for VLAN frames are also supported. The VLAN hardware
assistance is available only on 82550/82551 based controllers.
While I'm here change the confusing name of bit1 in byte 22 of
configuration block to vlan_drop_en. The bit controls whether
hardware strips VLAN tagged frame or not. Special thanks to wpaul
who sent valuable VLAN related information to me.

Tested on:	i386, sparc64
2008-12-02 02:30:12 +00:00
Peter Wemm
38ddd08dd6 Delete a bunch of empty mergeinfo records caused by local copies. 2008-12-02 02:26:15 +00:00
Pyun YongHyeon
af75b654d2 Make sure to clear PMDR register by writing back power management
events. Just reading PMDR register was not enough to have fxp(4)
immuninize against received magic packets during system boot.

Tested by:	Alexey Shuvaev < shuvaev <> physik DOT uni-wuerzburg DOT de >
2008-12-02 02:12:34 +00:00
Kip Macy
e44730ed21 The pkthdr field is flowid not rss_hash 2008-12-02 00:51:56 +00:00
Kip Macy
6b9003b6e6 - fix multiqueue conditional
- don't leak mbuf tags in the non-conditional case

Found by: Navdeep Parhar
2008-12-02 00:48:08 +00:00
Kip Macy
6b58e3f4db integrate use after free fixes from private branch
Found by: kkenn@
2008-12-02 00:39:50 +00:00
Sam Leffler
c60b227c2c correct typo
Submitted by:	Ole Vole
2008-12-01 23:09:58 +00:00
Alexander Kabaev
6ee7dd87ba Shared memory objects that have size which is not necessarily equal to
exact multiple of system page size should still be allowed to be mapped
in their entirety to match the regular vnode backed file behavior.

Reported by: ed
Reviewed by: jhb
2008-12-01 22:33:50 +00:00
Christian Brueffer
24b410f8fe Add ixgbe(4) and upgt(4). 2008-12-01 21:15:04 +00:00
Alexander Kabaev
97df383415 Invoke _rtld_atfork_post earlier, before we reinitialize rtld locks
by switching into single-thread mode.

libthr ignores broken use of lock bitmaps used by default rtld locking
implementation, this in turn turns lock handoff in _rtld_thread_init
into NOP. This in turn makes child processes of forked multi-threaded
programs to run with _thr_signal_block still in effect, with most
signals blocked.

Reported by: phk, kib
2008-12-01 21:00:25 +00:00
Alexander Motin
92bf0e27a0 Add controller suspend/resume support.
To be able to correctly suspend/resume with card inserted,
respective support should be also implemented at mmc and mmcsd layers.
2008-12-01 17:45:56 +00:00
Sergey Skvortsov
637fd955fe Fix typo.
Approved by:	ru
2008-12-01 17:39:34 +00:00
Sam Leffler
3364462355 Switch to ath hal source code. Note this removes the ath_hal
module; the ath module now brings in the hal support.  Kernel
config files are almost backwards compatible; supplying

device ath_hal

gives you the same chip support that the binary hal did but you
must also include

options AH_SUPPORT_AR5416

to enable the extended format descriptors used by 11n parts.
It is now possible to control the chip support included in a
build by specifying exactly which chips are to be supported
in the config file; consult ath_hal(4) for information.
2008-12-01 16:53:01 +00:00
Sam Leffler
1477970585 import ath hal 2008-12-01 16:43:08 +00:00
Giorgos Keramidas
a294460257 The times(3) function returns the number of CLK_TCKs since the
startup time of FreeBSD, not since the UNIX Epoch.

PR:		docs/122359
Submitted by:	Viktor &#352;tujber
MFC after:	1 week
2008-12-01 15:27:00 +00:00
Ivan Voras
499c86ebd5 Trivial patch to show on which geom has the error been detected.
Submitted by:	Rick C. Petty
Approved by:	gnn (mentor)
MFC after:	1 month
2008-12-01 15:02:00 +00:00
Ken Smith
f34015d47b Catch up with the disappearance of sys/dev/hfa. 2008-12-01 14:34:42 +00:00
Ruslan Ermilov
e95f37bb69 Fix fread() to return a correct value on platforms where sizeof(int) !=
sizeof(size_t), i.e. on all 64-bit platforms.

Reported by:	Andrey V. Elsukov
MFC after:	3 days
2008-12-01 14:33:34 +00:00
Ken Smith
5c83795371 Adjustments to make a tags file a bit more suitable to amd64.
Reviewed by:	peter
2008-12-01 14:15:10 +00:00
Jason Evans
d7ba3e423a Fix a lock order reversal bug that could cause deadlock during fork(2).
Reported by:	kib
2008-12-01 10:20:59 +00:00
Stanislav Sedov
129c518d68 - Fix spelling error in comments.
PR:		arm/128891
Submitted by:	Pavel Pankov <pankov_p@mail.ru>
Approved by:	kib (mentor)
2008-12-01 10:16:25 +00:00
Kevin Lo
2470db385c Remove The Netgear WG111v2 support 2008-12-01 10:05:34 +00:00
Kevin Lo
5d8debe208 The Netgear WG111v2 USB dongle contains a RTL8187 chip,
not a GW3887 chip.

Obtained from:	OpenBSD
2008-12-01 10:04:39 +00:00
Kip Macy
69c4b66c6d null out m_next when marshalling a packet 2008-12-01 05:44:08 +00:00
Kip Macy
f35c2d6551 Update internal mac stats every time the tick task is called
if we don't do this "netstat -w 1" will frequently see negative
differences in packets sent
2008-12-01 05:43:30 +00:00
Kip Macy
45839f4aeb don't manually track statistics 2008-12-01 04:42:39 +00:00
Kip Macy
ceac50eb77 Proper fix for tracking ifnet statistics 2008-12-01 04:41:45 +00:00