is a compiler tool and needs to be compiled by the host compiler. I've
tested this in i386->sparc cross-build, 4.7->current upgrade, normal
buildkernel target, and normal /sys/i386/compile/GENERIC configurations.
Submitted by: ru
"refreshing" the label on the vnode before use, just get the label
right from inception. For single-label file systems, set the label
in the generic VFS getnewvnode() code; for multi-label file systems,
leave the labeling up to the file system. With UFS1/2, this means
reading the extended attribute during vfs_vget() as the inode is
pulled off disk, rather than hitting the extended attributes
frequently during operations later, improving performance. This
also corrects sematics for shared vnode locks, which were not
previously present in the system. This chances the cache
coherrency properties WRT out-of-band access to label data, but in
an acceptable form. With UFS1, there is a small race condition
during automatic extended attribute start -- this is not present
with UFS2, and occurs because EAs aren't available at vnode
inception. We'll introduce a work around for this shortly.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
handling clean and functional as 5.x evolves. This allows some of the
nasty bandaids in the 5.x codepaths to be unwound.
Encapsulate 4.x signal handling under COMPAT_FREEBSD4 (there is an
anti-foot-shooting measure in place, 5.x folks need this for a while) and
finish encapsulating the older stuff under COMPAT_43. Since the ancient
stuff is required on alpha (longjmp(3) passes a 'struct osigcontext *'
to the current sigreturn(2), instead of the 'ucontext_t *' that sigreturn
is supposed to take), add a compile time check to prevent foot shooting
there too. Add uniform COMPAT_43 stubs for ia64/sparc64/powerpc.
Tested on: i386, alpha, ia64. Compiled on sparc64 (a few days ago).
Approved by: re
they may be statically linked into the kernel. Note that statically
linked modules, unlike dynamically linked modules, get INVARIANTS,
so if there are INVARIANTS failures, you'll bump into them rather
than not. Add the options to NOTES.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
- Add detach support to the driver so that you can kldunload the module.
Note that currently rc_detach() fails to detach a unit if any of its
child devices are open, thus a kldunload will fail if any of the tty
devices are currently open.
- sys/i386/isa/ic/cd180.h was moved to sys/dev/ic/cd180.h as part of
this change.
Requested by: rwatson
Tested by: rwatson
as sparc64/sparc64/dump_machdep.c a while back).
Other than ia64 (which uses ELF), sparc64 uses a homegrown format for
the dumps (headers are required because the physical address and size of
the tsb must be noted, and because physical memory may be discontiguous);
ELF would not offer any advantages here.
Reviewed by: jake
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.
Major features:
* Based on AES, MD5 and ARC4 algorithms.
* Four cryptographic barriers:
1) Pass-phrase encrypts the master key.
2) Pass-phrase + Lock data locates master key.
3) 128 bit key derived from 2048 bit master key protects sector key.
3) 128 bit random single-use sector keys protect data payload.
* Up to four different changeable pass-phrases.
* Blackening feature for provable destruction of master key material.
* Isotropic disk contents offers no information about sector contents.
* Configurable destination sector range allows steganographic deployment.
This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.
This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.
Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.
Sponsored by: DARPA & NAI Labs.
without -Werror, we do "make WERROR=", which doesn't need this
variable.
- Use ${.IMPSRC} instead of $< in ${NORMAL_M} for consistency with
the rest of the file.
- Add ${WERROR} for the ${NORMAL_M} case.
Tested on: i386, sparc64
changes for "LSILogic"
(2) enabled non-disk support through CAM interface
(3) HA_INQ (a) enabled tagged queuing (b) disable reset during
driver loading (b) renamed BSDi string to LSI
(4) disabled detecting disk devices during SCSI INQUIRY
(5) changed dcdb single element sglist to send one entire buffer chunk
(6) nsgelem not set in sglist
(7) ap_data_transfer_length not set for dcdb
(8) changed "struct thread" to "d_thread_t" for compatibliity { xxx_open,
xxx_close, xxx_ioctl }
(9) miscellaneous compatiblity fixes
(10) bug fix for 0x0409/0x1000 card
(11) added compiling amr_cam.c in sys/conf/files
(12) added compiling amr_cam.c in sys/modules/amr/Makefile
Reviewed by:ps
MFC after:1 week
1 week
into memory. This brings us in line with the other architectures and
more easily allows us to do machine dependent processing on the ELF
file (such as scanning for unwind information).
needed to be quoted (to get a C string literal), not the value itself.
Fixed the value of SC_CUT_SEPCHARS. Setting this value would have had no
effect even if it were used, since the value was the same as the default.
The above bugs had no effect except to set bad examples, since test
coverage of SC_CUT_SEPCHARS is broken by enabling a negative option.
Removed (unquoted) double quotes for all options. They were all bogus
since they had no effect except to make non-strings look like strings.
Most of the non-strings were expressions. The value of INIT_PATH is
a non-string since it is stringified later (unlike SC_CUT_SEPCHARS).
Fixed parenthesization errors inside bogus quotes (parenthesize values
if they have more than one token in them but don't parenthesize single
tokens).
configuration stuff as well as conditional code in the IPv4 and IPv6
areas. Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).
As noted previously, don't use FAST_IPSEC with INET6 at the moment.
Reviewed by: KAME, rwatson
Approved by: silence
Supported by: Vernier Networks