64948 Commits

Author SHA1 Message Date
rwatson
64e850e184 In userland_sysctl(), call useracc() with the actual newlen value to be
used, rather than the one passed via 'req', which may not reflect a
rewrite.  This call to useracc() is redundant to validation performed by
later copyin()/copyout() calls, so there isn't a security issue here,
but this could technically lead to excessive validation of addresses if
the length in newlen is shorter than req.newlen.

Approved by:	re (kensmith)
Reviewed by:	jhb
Submitted by:	Constantine A. Murenin <cnst+freebsd@bugmail.mojo.ru>
Sponsored by:	Google Summer of Code 2007
2007-09-02 09:59:33 +00:00
nyan
d507f1509c Fix a kernel panic due to a NULL pointer access on pc98.
When any PnP device exists, isa_release_resource() is called with no
activated resource.  So a bushandle is not allocated yet.

Approved by:	re (kensmith)
2007-09-01 12:18:28 +00:00
pjd
9afb74d049 Add support for Camellia encryption algorithm.
PR:		kern/113790
Submitted by:	Yoshisato YANAGISAWA <yanagisawa@csg.is.titech.ac.jp>
Approved by:	re (bmah)
2007-09-01 06:33:02 +00:00
pjd
3ee1ed30a1 Use CTLFLAG_RDTUN for tunable sysctls.
Approved by:	re (bmah)
2007-09-01 06:23:42 +00:00
bde
8e0e951bed Fix races in msdosfs_lookup() and msdosfs_readdir(). These functions
can easily block in bread(), and then there was nothing to prevent the
static buffer (nambuf_{ptr,len,last_id}) being clobbered by another
thread.

The effects of the bug seem to have been limited to failed lookups and
mangled names in readdir(), since Giant locking provides enough
serialization to prevent concurrent calls to the functions that access
the buffer.  They were very obvious for multiple concurrent tree walks,
especially with a small cluster size.

The bug was introduced in msdosfs_conv.c 1.34 and associated changes,
and is in all releases starting with 5.2.

The fix is to allocate the buffer as a local variable and pass around
pointers to it like "_r" functions in libc do.  Stack use from this
is large but not too large.  This also fixes a memory leak on module
unload.

Reviewed by:	kib
Approved by:	re (kensmith)
2007-08-31 22:29:55 +00:00
jhb
c54b68ab60 Close a race that snuck in with the recent changes to fix a LOR between
the callout_lock spin lock and the sleepqueue spin locks.  In the fix,
callout_drain() has to drop the callout_lock so it can acquire the
sleepqueue lock.  The state of the callout can change while the
callout_lock is held however (for example, it can be rescheduled via
callout_reset()).  The previous code assumed that the only state change
that could happen is that the callout could finish executing.  This change
alters callout_drain() to effectively restart and recheck everything
after it acquires the sleepqueue lock thus handling all the possible
states that the callout could be in after any changes while callout_lock
was dropped.

Approved by:	re (kensmith)
Tested by:	kris
2007-08-31 19:01:30 +00:00
dds
0134883846 Add missing newline in the log message of the previous commit.
Approved by:	re (kensmith) - implied
2007-08-31 13:56:26 +00:00
dds
674de1aff0 Don't panic. When encountering a negative value call log(LOG_NOTICE, ...)
and record LONG_MAX, instead of calling KASSERT(...).

Reported by:	rwatson
Approved by:	re (kensmith)
2007-08-31 13:36:58 +00:00
njl
addf8f8db2 Evaluate _OSC on boot to indicate our OS capabilities to ACPI. This is
needed at least to convince the BIOS to give us access to CPU freq
control on MacBooks.

Submitted by:	Rui Paulo <rpaulo / fnop.net>
Approved by:	re
MFC after:	5 days
2007-08-30 21:18:42 +00:00
thompsa
5a077cac2f Show the ACTIVE flag in ifconfig for the single interface that is actaully
active in failover mode rather than all interfaces with a link. This makes it
clear if the master interface is in use or one of the backup links.

Found by:	Writing the Handbook section
Approved by:	re (kensmith)
2007-08-30 19:12:10 +00:00
thompsa
a4486f549c Remove the lock assert from iwi_newstate, this function does not need the lock
to be held and this will falsely trigger if called from net80211.

Reported by:	Munehiro (haro) Matsuda
Reviewed by:	sam
Approved by:	re (kensmith)
2007-08-29 21:52:03 +00:00
jhb
7ec8dd9926 Partially revert the previous change. I failed to notice that where
ktruserret() is invoked, an unlocked check of  the per-process queue
is performed inline, thus, we don't lock the ktrace_sx on every userret().

Pointy hat to:	jhb
Approved by:	re (kensmith)
Pointy hat recovered from:	rwatson
2007-08-29 21:17:11 +00:00
imp
d64c39104c A port of the zyd driver from NetBSD by . This supports the ZyDAS
ZD1211/ZD1211B USB IEEE 802.11b/g wireless network devices.  Not (yet)
connected to the build process (next batch of commits once I've looped
the current back back).

Submitted by: Weongyo Jeong
Reviewed by: sam@
Approved by: re@
2007-08-29 21:16:50 +00:00
imp
37c2585358 Makefile for building zyd kernel module.
Submitted by: Weongyo Jeong
Approved by: re@ (kensmith)
2007-08-29 21:04:26 +00:00
imp
1df02879a8 Add devices for the forthcoming zyd driver, ported from NetBSD, by
Weongyo Jeong.

Submitted by: Weongyo Jeong
Approved by: re@
2007-08-29 21:00:57 +00:00
green
a2737718b8 Repair ALTQ-tagging rules in IPFW which got broken in the last PF
import.  The PF mbuf-tagging support routines changed to link the
allocated tags into the provided mbuf themselves, so the left-over
m_tag_prepend() was trying to add a bogus (usually NULL) tag.

Reviewed by: mlaier
Approved by: re
2007-08-29 19:34:28 +00:00
jhb
736eaf5ce3 Rework the routines to convert a 5.x+ statfs structure (with fixed-size
64-bit counters) to a 4.x statfs structure (with long-sized counters).
- For block counters, we scale up the block size sufficiently large so
  that the resulting block counts fit into a the long-sized (long for the
  ABI, so 32-bit in freebsd32) counters.  In 4.x the NFS client's statfs
  VOP did this already.  This can lie about the block size to 4.x binaries,
  but it presents a more accurate picture of the ratios of free and
  available space.
- For non-block counters, fix the freebsd32 stats converter to cap the
  values at INT32_MAX rather than losing the upper 32-bits to match the
  behavior of the 4.x statfs conversion routine in vfs_syscalls.c

Approved by:	re (kensmith)
2007-08-28 20:28:12 +00:00
kib
5b26984cf1 Regenerate.
Approved by:	re (kensmith)
2007-08-28 12:36:23 +00:00
kib
39e24dc75d Implement fake linux sched_getaffinity() syscall to enable java to work
with Linux 2.6 emulation. This shall be reimplemented once FreeBSD gets
native scheduler affinity syscalls.

Submitted by:	rdivacky
Reviewed by:	jkim
Sponsored by:	Google Summer of Code 2007
Approved by:	re (kensmith)
2007-08-28 12:26:35 +00:00
jkim
7237e01383 Fix off-by-two errors.
Both WWNN and WWPN are 64-bit unsigned integers and they are prefixed
with "0x", which requires two more bytes each.

Submitted by:	Danny Braniss (danny at cs dot huji dot ac dot il)
		via Matthew Jacob (lydianconcepts at gmail dot com)
Approved by:	re (bmah)
MFC after:	3 days
2007-08-28 00:09:12 +00:00
rrs
e335457f91 - During shutdown pending, when the last sack came in and
the last message on the send stream was "null" but still
  there, a state we allow, we could get hung and not clean
  it up and wait for the shutdown guard timer to clear the
  association without a graceful close. Fix this so that
  that we properly clean up.
- Added support for Multiple ASCONF per new RFC. We only
  (so far) accept input of these and cannot yet generate
  a multi-asconf.
- Sysctl'd support for experimental Fast Handover feature. Always
  disabled unless sysctl or socket option changes to enable.
- Error case in add-ip where the peer supports AUTH and ADD-IP
  but does NOT require AUTH of ASCONF/ASCONF-ACK. We need to
  ABORT in this case.
- According to the Kyoto summit of socket api developers
  (Solaris, Linux, BSD). We need to have:
   o non-eeor mode messages be atomic - Fixed
   o Allow implicit setup of an assoc in 1-2-1 model if
     using the sctp_**() send calls - Fixed
   o Get rid of HAVE_XXX declarations - Done
   o add a sctp_pr_policy in hole in sndrcvinfo structure - Done
   o add a PR_SCTP_POLICY_VALID type flag - yet to-do in a future patch!
- Optimize sctp6 calls to reuse code in sctp_usrreq. Also optimize
  when we close sending out the data and disabling Nagle.
- Change key concatenation order to match the auth RFC
- When sending OOTB shutdown_complete always do csum.
- Don't send PKT-DROP to a PKT-DROP
- For abort chunks just always checksums same for
  shutdown-complete.
- inpcb_free front state had a bug where in queue
  data could wedge an assoc. We need to just abandon
  ones in front states (free_assoc).
- If a peer sends us a 64k abort, we would try to
  assemble a response packet which may be larger than
  64k. This then would be dropped by IP. Instead make
  a "minimum" size for us 64k-2k (we want at least
  2k for our initack). If we receive such an init
  discard it early without all the processing.
- When we peel off we must increment the tcb ref count
  to keep it from being freed from underneath us.
- handling fwd-tsn had bugs that caused memory overwrites
  when given faulty data, fixed so can't happen and we
  also stop at the first bad stream no.
- Fixed so comm-up generates the adaption indication.
- peeloff did not get the hmac params copied.
- fix it so we lock the addr list when doing src-addr selection
  (in future we need to use a multi-reader/one writer lock here)
- During lowlevel output, we could end up with a _l_addr set
  to null if the iterator is calling the output routine. This
  means we would possibly crash when we gather the MTU info.
  Fix so we only do the gather where we have a src address
  cached.
- we need to be sure to set abort flag on conn state when
  we receive an abort.
- peeloff could leak a socket. Moved code so the close will
  find the socket if the peeloff fails (uipc_syscalls.c)

Approved by:	re@freebsd.org(Ken Smith)
2007-08-27 05:19:48 +00:00
maxim
3eb0fa1342 o Fix bug I introduced in the previous commit (ipfw set extention):
pack a set number correctly.

Submitted by:	oleg

o Plug a memory leak.

Submitted by:	oleg and Andrey V. Elsukov
Approved by:	re (kensmith)
MFC after:	1 week
2007-08-26 18:38:31 +00:00
sephe
ed4dab7379 Off-by-one bug in country ie construction, which will make HOSTAP send out
malformatted beacons.

Reviewed by: sam
Approved by: re (bmah), sam (mentor)
2007-08-26 11:34:51 +00:00
sephe
f0d941b5dd Fix following nits:
- Per ieee80211com sysctl ctx leakage on detach
- getmgtframe incorrectly adjusts mbuf.m_data

Reviewed by: sam
Approved by: re (bmah), sam (mentor)
2007-08-26 11:32:56 +00:00
scottl
975e1272a0 Update the MFI driver to support new "1078" series of hardware. This
includes the upcoming Dell PERC6 series.  Many thanks to LSI for
contributing this code.

Submitted by: LSI
Approved by: re
2007-08-25 23:58:45 +00:00
kmacy
2e3a8d8016 Fixes for 4 port and small packet optimization
- remove cpl->iff panic - we can't know the port number from the rspq on the 4-port
- pick the ifnet based on the interface in the CPL header
- switch to using qset 0 for egress on the 4-port for now - may change
  when we start using RSS
- move ether_ifdetach to before the port lock gets deinitialized to avoid
  hang in the case where there are BPF peers (cxgb_ioctl is called indirectly
  when BPF peers are present)
- don't call t3_mac_reset if multiport is set, this was causing tx errors
  by misconfiguring the MAC on the 4-port
- change V_TXPKT_INTF to use txpkt_intf as the interfaces are not contiguous
- free the mbuf immediately in the case where the payload is small enough to be copied
  into the rspq
- only update the coalesce timer if for a queue if packets were taken off of it
- add in missed 20ms DELAY in initializaton vsc8211

- prompt MFC as this only applies to the 4-port which is currently completely
  broken - OK'd by kensmith

Supported by: Chelsio
Approved by: re (blanket)
MFC after: 0 days
2007-08-25 21:07:37 +00:00
sam
a6937ee321 drop frames marked for encryption when no key is available
Reviewed by:	avatar
Approved by:	re (kensmith)
Obtained from:	madwifi
2007-08-24 15:44:27 +00:00
rrs
1d0af67d1a - Fix address add handling to clear cached routes and source addresses
when peer acks the add in case the routing table changes.
- Fix sctp_lower_sosend to send shutdown chunk for mbuf send
  case when sndlen = 0 and sinfoflag = SCTP_EOF
- Fix sctp_lower_sosend for SCTP_ABORT mbuf send case with null data,
  So that it does not send the "null" data mbuf out and cause
  it to get freed twice.
- Fix so auto-asconf sysctl actually effect the socket's asconf state.
- Do not allow SCTP_AUTO_ASCONF option to be used on subset bound sockets.
- Memset bug in sctp_output.c (arguments were reversed) submitted
  found and reported by Dave Jones (davej@codemonkey.org.uk).
- PD-API point needs to be invoked >= not just > to conform to socket api
  draft this fixes sctp_indata.c in the two places need to be >=.
- move M_NOTIFICATION to use M_PROTO5.
- PEER_ADDR_PARAMS did not fail properly if you specify an address
  that is not in the association with a valid assoc_id. This meant
  you got or set the stcb level values instead of the destination
  you thought you were going to get/set. Now validate if the
  stcb is non-null and the net is NULL that the sa_family is
  set and the address is unspecified otherwise return an error.
- The thread based iterator could crash if associations were freed
  at the exact time it was running. rework the worker thread to
  use the increment/decrement to prevent this and no longer use
  the markers that the timer based iterator uses.
- Fix the memleak in sctp_add_addr_to_vrf() for the case when it is
  detected that ifa is already pointing to a ifn.
- Fix it so that if someone is so insane that they drop the
  send window below the minimal add mark, they still can send.
- Changed all state for associations to use mask safe macro.
- During front states in association freeing in sctp_inpcbfree, we
  had a locking problem where locks were not in place where they
  should have been.
- Free association calls were not testing the return value in
  sctp_inpcb_free() properly... others should be cast  void returns
  where we don't care about the return value.
- If a reference count is held on an assoc, even from the "force free"
  we should not do the actual free.. but instead let the timer
  free it.
- When we enter sctp_input(), if the SCTP_ASOC_ABOUT_TO_BE_FREED
  flag is set, we must NOT process the packet but handle it like
  ootb. This is because while freeing an assoc we release the
  locks to get all the higher order locks so we can purge all
  the hash tables. This leaves a hole if a packet comes in
  just at that point. Now sctp_common_input_processing() will
  call the ootb code in such a case.
- Change MBUF M_NOTIFICATION to use M_PROTO5 (per Sam L). This makes
  it so we don't have a conflict (I think this is a covertity change).
  We made this change AFTER some conversation and looking to make sure
  that M_PROTO5 does not have a problem between SCTP and the 802.11
  stuff (which is the only other place its used).
- Fixed lock order reversal and missing atomic protection around
  locked_tcb during association lookup and the 1-2-1 model.
- Added debug to source address selection.
- V6 output must always do checksum even for loopback.
- Remove more locks around inp that are not needed for an atomically
  added/subtracted ref count.
- slight optimization in the way we zero the array in sctp_sack_check()
- It was possible to respond to a ABORT() with bad checksum with
  a PKT-DROP. This lead to a PKT-DROP/ABORT war. Add code to NOT
  send a PKT-DROP to any ABORT().
- Add an option for local logging (useful for macintosh or when
  you need better performing during debugging). Note no commands
  are here to get the log info, you must just use kgdb.
- The timer code needs to be aware of if it needs to call
  sctp_sack_check() to slide the maps and adjust the cum-ack.
  This is because it may be out of sync cum-ack wise.
- Added threshold managment logging.
- If the user picked just the right size, that just filled the send
  window minus one mtu, we would enter a forever loop not copying and
  at the same time not blocking. Change from < to <= solves this.
- Sysctl added to control the fragment interleave level which defaults
  to 1.
- My rwnd control was not being used to control the rwnd properly (we
  did not add and subtract to it :-() this is now fixed so we handle
  small messages (1 byte etc) better to bring our rwnd down more
  slowly.

Approved by:	re@freebsd.org (Bruce Mah)
2007-08-24 00:53:53 +00:00
emaste
52952e6ed9 Add PCI IDs for two cards:
- Adaptec RAID 3405
- Adaptec RAID 3805

Approved by:	re (bmah)
Submitted by:	John Marra  jmarra at nmu dot edu
MFC After:	1 week
2007-08-23 20:12:40 +00:00
emax
e04fc3e9d0 Return EADDRNOTAVAIL instead of EDESTADDRREQ error when
listen(2) is called on improperly bound socket.

Suggested by:	Iain Hibbert
Approved by:	re (kensmith)
MFC after:	3 days
2007-08-23 16:55:22 +00:00
jkim
003205bcb2 Export 4Gbps Fibre Channel link speed correctly with inquiry commands.
Approved by:	re (kensmith)
MFC after:	3 days
2007-08-23 15:57:13 +00:00
des
847487b43d Style nits + more reliable Tj(max) detection + improved reporting of
critical temperature + sched_unbind() after rdmsr + initialize sc_dev.

Submitted by:	Rui Paulo <rpaulo@fnop.net>, cnst
Approved by:	re (kensmith)
2007-08-23 10:53:03 +00:00
dhartmei
6853d1aa5a When checking the sequence number of a TCP header embedded in an
ICMP error message, do not access th_flags. The field is beyond
the first eight bytes of the header that are required to be present
and were pulled up in the mbuf.

A random value of th_flags can have TH_SYN set, which made the
sequence number comparison not apply the window scaling factor,
which led to legitimate ICMP(v6) packets getting blocked with
"BAD ICMP" debug log messages (if enabled with pfctl -xm), thus
breaking PMTU discovery.

Triggering the bug requires TCP window scaling to be enabled
(sysctl net.inet.tcp.rfc1323, enabled by default) on both end-
points of the TCP connection. Large scaling factors increase
the probability of triggering the bug.

PR:		kern/115413: [ipv6] ipv6 pmtu not working
Tested by:	Jacek Zapala
Reviewed by:	mlaier
Approved by:	re (kensmith)
2007-08-23 09:30:58 +00:00
gallatin
51a89ea67c - Fix a bug which could cause a panic when enabling LRO
on an down mxge interface
- Fix a bug where mxge reported the link state as
   active when it wasn't (after ifconfig down).
- Prevent spurious watchdog resets when link partner is not consuming
- Add support for CX4 and popular XFP media detection
- Update the firmware and associated header files to 1.4.25

Approved by: re (kensmith)
2007-08-22 13:22:12 +00:00
jkoshy
8e094e5065 Assign sizes to assembly language support functions.
Approved by:	re (kensmith)
2007-08-22 05:06:14 +00:00
jkoshy
106a0e34d4 Define an END() macro for use in i386 and amd64 assembly code, akin
to the one available on the ia64, sparc64, and sun4v architectures.

Approved by:	re (kensmith)
2007-08-22 04:26:07 +00:00
kib
8f2695325e Properly initialize the dev_priv before calling the i915_dma_cleanup().
This fixes my rev. 1.5.

Reviewed by:	anholt
Approved by:	re (kensmith)
MFC after:	2 weeks
2007-08-21 12:52:57 +00:00
alc
cbe3361efb In general, when we map a page into the kernel's address space, we no
longer create a pv entry for that mapping.  (The two exceptions are
mappings into the kernel's exec and pipe submaps.)  Consequently, there is
no reason for get_pv_entry() to dig deep into the free page queues, i.e.,
use VM_ALLOC_SYSTEM, by default.  This revision changes get_pv_entry() to
use VM_ALLOC_NORMAL by default, i.e., before calling pmap_collect() to
reclaim pv entries.

Approved by:	re (kensmith)
2007-08-21 04:59:34 +00:00
cognet
0b8ac2d969 Some times ago, vfs_getopts() was changed, so that it would set error to
ENOENT if the option wasn't provided, instead of setting it to 0.
xfs however didn't catch up on this, so it assumed something went bad if
vfs_getopts() sets the error to non-zero, and just returns the error.
Unbreak xfs mount by just ignoring the error if vfs_getopts() sets the
error to ENOENT, as we should have sane defaults.

Reviewed by:    kan
Approved by:    re (rwatson)
Tested by:      rpaulo
2007-08-20 15:33:22 +00:00
kib
77766ce03f Do not drop vm_map lock between doing vm_map_remove() and vm_map_insert().
For this, introduce vm_map_fixed() that does that for MAP_FIXED case.

Dropping the lock allowed for parallel thread to occupy the freed space.

Reported by:	Tijl Coosemans <tijl ulyssis org>
Reviewed by:	alc
Approved by:	re (kensmith)
MFC after:	2 weeks
2007-08-20 12:05:45 +00:00
kib
e23c502c5b Destroy the kaio_mtx on the freeing the struct kaioinfo in the
aio_proc_rundown.

Do not allow for zero-length read to be passed to the fo_read file method
by aio.

Reported and tested by:	Peter Holm
Approved by:	re (kensmith)
2007-08-20 11:53:26 +00:00
jeff
b3923a600f - Improve runq_findbit_from() which is used by ULE's circular queue. Mask
of the bits we want to ignore on the first pass rather than doing a
   linear scan.  This puts us within a few instructions of the cost of
   runq_findbit() and removes this function from the top of profiling output
   for context switch heavy workloads.

Approved by:	re
2007-08-20 06:36:12 +00:00
jeff
0f3cc9a72e - Set steal_thresh to log2(ncpus). This improves idle-time load balancing
on 2cpu machines by reducing it to 1 by default.  This improves loaded
   operation on 8cpu machines by increasing it to 3 where the extra idle
   time is not as critical.

Approved by:	re
2007-08-20 06:34:20 +00:00
njl
4140a5b735 Always call sched_bind(), even if on the CPU in question. It is wrong to
check if we're already on that cpu and skip the bind since the thread could
be migrated off in the meantime.

Suggested by:	jeff
Approved by:	re
2007-08-20 06:28:26 +00:00
njl
7d2f282057 Use a different loop variable for the inner loop. This previous reuse could
have caused a hang, but we got lucky with the available multi-CPU states
on actual hardware.

Submitted by:	Bjorn Koenig <bkoenig / alpha-tierchen.de>
Approved by:	re
MFC after:	3 days
2007-08-19 20:34:13 +00:00
cognet
fad9eb8cfe Just wbinv if both PREREAD and PREWRITE are set.
In PREREAD, just invalidate the cache lines, and do not write back them, if
the buffer is properly aligned.

Approved by:	re (blanket)
2007-08-18 16:47:28 +00:00
kib
05d51a15e9 Remove comment that is no longer quite true.
Noted by:	alc
Approved by:	re (kensmith)
2007-08-18 16:41:31 +00:00
kib
ba6ef6ecca Fix the phys_pager in the way similar to the rev. 1.83 of the
sys/vm/device_pager.c:

Protect the creation of the phys pager with non-NULL handle with the
phys_pager_mtx. Lookup of phys pager in the pagers list by handle is now
synchronized with its removal from the list, and phys_pager_mtx is put
before vm object lock in lock order. Dispose the phys_pager_alloc_lock
and tsleep calls, together with acquiring Giant, since phys_pager_mtx
now covers the same block.

Reviewed by:	alc
Approved by:	re (kensmith)
2007-08-18 16:40:33 +00:00
thompsa
c58bdad9f2 If the STP state machine is stopped then clear the bridge-id and root-id.
Approved by:	re (kensmith)
2007-08-18 12:06:13 +00:00
mav
093e149434 Add ng_send_fn() error handeling inside ng_con_nodes().
Without it some errors may left unnoticed and unhandeled
that will lead to hooks left in half-connected state.

Reviewed by:	julian@
Approved by:	re (kensmith), glebius (mentor)
2007-08-18 11:59:17 +00:00