Commit Graph

62433 Commits

Author SHA1 Message Date
Robert Watson
6fac927ccc Add an additional MAC check to the UNIX domain socket connect path:
check that the subject has read/write access to the vnode using the
vnode MAC check.

MFC after:	3 weeks
Submitted by:	Spencer Minear <spencer_minear at securecomputing dot com>
Obtained from:	TrustedBSD Project
2007-02-22 09:37:44 +00:00
Alan Cox
0cd31a0d75 Change the page's CLEANCHK flag from being a page queue mutex synchronized
flag to a vm object mutex synchronized flag.
2007-02-22 06:15:52 +00:00
Nate Lawson
c7c42f0abb Improve readability of the version string. 2007-02-22 05:59:23 +00:00
Bruce M Simpson
40d8a30241 Fix a bug in if_findmulti(), whereby it would not find (and thus delete)
a link-layer multicast group membership.
Such memberships are needed in order to support protocols such as
IS-IS without putting the interface into PROMISC or ALLMULTI modes.

sa_equal() is not OK for comparing sockaddr_dl as it has deeper structure
than a simple byte array, so add sa_dl_equal() and use that instead.

Reviewed by:	rwatson
Verified with:	/usr/sbin/mtest
Bug found by:	Jouke Witteveen
MFC after:	2 weeks
2007-02-22 00:14:02 +00:00
Søren Schmidt
129230b816 Update copyright headers. 2007-02-21 19:07:19 +00:00
Søren Schmidt
4471f79eb4 Try again with supporting AHCI chipsets with partly implemented ports. 2007-02-21 19:03:34 +00:00
John Baldwin
f7a66f06ec Restore support for the 5706C bce(4) phy that was broken during the
addition of SerDes support.  According to the docs, the 5706C and 5708C
phys are supposed to use the same MII model that is separate from the
SerDes parts, but the 5706C actually uses the MII model of the SerDes
parts.  To fix this, readd the old 5706C entry to miidevs and add a
special check in brgphy_probe() for phys that match the 5706C ID.  If
the phy is supported by the gentbi(4) driver, then it's a SerDes phy, so
we fail the probe and let gentbi(4) grab it.  Otherwise, it's a 5706C phy,
so we let brgphy(4) grab it.

In coordination with:	dwhite
2007-02-21 18:17:44 +00:00
Andrew Gallatin
b824b7d86a Work around a firmware bug where broadcast frames would be incorrectly
treated as multicast frames and filtered, but when only when "adopting"
running firmware.  By "adopting", I mean using pre-existing firmware
loaded from eeprom at PCI reset, rather than firmware loaded by the
driver.
2007-02-21 17:34:05 +00:00
Søren Schmidt
7d5609f105 Be a little less stringent in getting progress report data. 2007-02-21 14:06:51 +00:00
Søren Schmidt
ceeb99652d Temporarily disable the support for some incarnations of the ICH8 chip that has
non consecutively numbered ports.
This should fix current SATA problems.
Support AHCI chips where the ports are not consecutively numbered as in
some incarnations of the ICH8 chip.
2007-02-21 14:05:57 +00:00
Philip Paeps
0754972c5c Optimize set_origin() use in some screensavers to stop them eating
cpu power when the origin hasn't changed.

PR:		kern/100683
Submitted by:	Gareth McCaughan <gareth -dot- mccaughan -at- pobox.com>
MFC after:	3 days
2007-02-21 12:27:12 +00:00
Christian Brueffer
99baad9da2 Complete the support for altq(4).
Tested by:	J.R. Oldroyd
Reviewed by:	mlaier
Approved by:	rwatson (mentor)
MFC after:	1 week
2007-02-21 09:57:27 +00:00
Kirk McKusick
6e6b7d44ef The functions that set and delete external attributes must check
that the filesystem is not mounted read-only before proceeding.

Reported by: Ryan Beasley <ryanb@FreeBSD.org>
MFC after: 1 week
2007-02-21 08:50:06 +00:00
Nick Hibma
814ee007c3 Initialise {transport,protocol}{,_version} fields during a PATH_INQ to avoid a
warning message.
2007-02-21 07:46:40 +00:00
Nick Hibma
55fe33a350 Reduce the noise when plugging in (USB) mass storage devices, like a 4 port
flash card reader.
Also remove an 'Opened da0 -> <random number>' which is not needed on a daily
basis (available through bootverbose).

Reviewed by:	phk, ken
MFC after:	1 week
2007-02-21 07:45:02 +00:00
Alan Cox
5f9e5adf8b Change pmap_protect() so that execute access can be removed without
simultaneously removing write access.
2007-02-21 06:00:46 +00:00
Olivier Houchard
9bf1500921 Check that the error returned by vfs_getopts() is not ENOENT before assuming
there's actually an error.
This is just in order to unbreak ntfs on current, before a proper solution is
committed.
2007-02-21 00:30:09 +00:00
Robert Watson
7ee76f9d4e Remove unnecessary privilege and privilege check for WITNESS sysctl.
Head nod:	jhb
2007-02-20 23:49:31 +00:00
Luigi Rizzo
560a65051c Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,
and make it print under debug.iwi control same as other debugging stuff.

Remove the device_printf() in iwi_ioctl() and replace with this:

        /*
         * wait until pending iwi_cmd() are completed, to avoid races
         * that could cause problems.
         */
        while (sc->flags & IWI_FLAG_BUSY)
                msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz);

This at least prevents what has become an almost systematic failure for my
system, presumably due to a previous iwi_cmd() not complete yet by the
time iwi_ioctl() is called.

It has been pointed to my attention that the real problem could be
calling ieee80211_ioctl() with the lock held. If that is true,
there might still be a possibility for a race condition e.g. an
interrupt coming while the ioctl is sleeping.
Need to investigate further on what changes are required to release
the lock before calling ieee80211_ioctl
2007-02-20 17:32:30 +00:00
Luigi Rizzo
484f6530e9 Address a few issues with the iwi driver, namely:
+ do not release the dma-ble region used for downloading firmware.
  This should fix the problems that some people were seeing, due to
  memory becoming too fragmented which prevented subsequent allocations
  of a suitable contiguous region of memory;

+ document the firmware format and usage in if_iwivar.h

+ use a loop to allocate the four tx rings, instead of replicating
  the body of the loop.

+ add debugging code IWI_LOCK_ASSERT() to detect missing locks.
  These only do a printf, and should go away once we figure out why
  the driver sometimes freezes the system due to a (yet unidentified)
  race condition.

+ add a device_printf() in iwi_ioctl() in certain conditions
  (see comment in the code).  This helps preventing the race condition
  mentioned above, and makes the system survive. This printf will
  also go away once fixing this bug is completed.

+ change iwi_getfw() to return 0 on success, 1 on error, consistently
  with other functions.

+ fix the argument of a sizeof() in iwi_get_firmware()

+ use le32toh() to access little-endian fields

+ simplify error handling in iwi_load_firmware() and iwi_init_locked()

The bugs fixed by this commit (the freezing one especially) are serious
enough to call for a quick MFC

MFC after: 3 days
2007-02-20 15:45:59 +00:00
Robert Watson
bd146f1302 Replace a suser() check with an explicit check for PRIV_NET_SETIFMTU. 2007-02-20 15:20:36 +00:00
Luigi Rizzo
b8c4cc421e Document the endiannes of firmware headers
(in preparation for changes in the C code).
2007-02-20 14:29:09 +00:00
Robert Watson
a1f3b8390c Update auditing of socket information for the inpcb new world order:
so_pcb will always be non-NULL, and lock the inpcb while non-atomically
accessing address data.
2007-02-20 13:38:11 +00:00
Robert Watson
5b950deabc Break introductory comment into two paragraphs to separate material on the
garbage collection complications from general discussion of UNIX domain
sockets.

Staticize unp_addsockcred().

Remove XXX comment regarding Giant and v_socket -- v_socket is protected
by the global UNIX domain socket lock.
2007-02-20 10:50:02 +00:00
Robert Watson
d24c76d1f5 Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
2007-02-20 10:21:27 +00:00
Robert Watson
afdb42748d Rename two identically named log_in_vain variables: tcp_input.c's static
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
2007-02-20 10:20:03 +00:00
Robert Watson
3329b23659 Gratuitous UDP restyling toward style(9) in 7.x. 2007-02-20 10:13:11 +00:00
Robert Watson
3bb153ea78 Remove discontinuity in network privilege number space.
Spotted by:	emaste (ages ago)
2007-02-20 00:28:19 +00:00
Robert Watson
95420afea4 Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. 2007-02-20 00:12:52 +00:00
Robert Watson
2390d78f74 Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with
kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.
2007-02-20 00:06:59 +00:00
Robert Watson
b12c55ab92 Restore sysv_ipc.c:1.30, which was backed out due to interactions with
System V shared memory, now believed fixed in sysv_shm.c:1.109:

  date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
  Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
  specific privilege names to a broad range of privileges.  These may
  require some future tweaking.

  Sponsored by:           nCircle Network Security, Inc.
  Obtained from:          TrustedBSD Project
  Discussed on:           arch@
  Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                          Alex Lyashkov <umka at sevcity dot net>,
                          Skip Ford <skip dot ford at verizon dot net>,
                          Antoine Brodin <antoine dot brodin at laposte dot net>

This restores fine-grained privilege support to System V IPC.

PR:	106078
2007-02-19 22:59:23 +00:00
Robert Watson
3d50b06b8e Remove call to ipcperm() in shmget_existing(). The flags argument is
ignored on other systems I investigated when accessing an existing
memory segment rather than creating a new one.  This call to ipcperm()
is the only one to pass in a complete mode flag to the permission
checks rather than a simple access request mask, and caused problems
for the revised ipcperm() based on the priv(9) interface, which can
now be restored.

PR:	106078
2007-02-19 22:56:10 +00:00
Robert Watson
19913888ad Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize
adding a netatalk address to an interface.
2007-02-19 22:40:02 +00:00
Robert Watson
95b091d2f2 Rename three quota privileges from the UFS privilege namespace to the
VFS privilege namespace: exceedquota, getquota, and setquota.  Leave
UFS-specific quota configuration privileges in the UFS name space.

This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
2007-02-19 13:33:10 +00:00
Robert Watson
e82d0201bd Limit quota privileges in jail to PRIV_UFS_GETQUOTA and
PRIV_UFS_SETQUOTA.
2007-02-19 13:26:39 +00:00
Robert Watson
8bd5639f18 Do allow bypass of mac_seeotheruids in jail in order to be consistent
with other uses of PRIV_SEEOTHERUIDS.  This will automatically be
scoped to the jail by the jail policy.
2007-02-19 13:25:17 +00:00
Robert Watson
ea04d82da8 Do allow privilege to create over-sized messages on System V IPC
message queues in jail.
2007-02-19 13:23:45 +00:00
Robert Watson
86138fc742 Use priv_check(9) instead of suser(9) for checking the privilege to
set real-time priority on a thread.  It looks like this suser(9)
call was introduced after my first pass through replacing superuser
checks with named privilege checks.
2007-02-19 13:22:36 +00:00
Robert Watson
c3c1b5e62a For now, reflect practical reality that Audit system calls aren't
allowed in Jail: return a privilege error.
2007-02-19 13:10:29 +00:00
Robert Watson
969e5bdcd0 Do allow PIOCSFL in jail for setguid processes; this is more consistent
with other debugging checks elsewhere.  XXX comment on the fact that
p_candebug() is not being used here remains.
2007-02-19 13:04:25 +00:00
Konstantin Belousov
3c97ab97bf Unbreak ddb stepping over special frames after the following commit:
Revision  Changes    Path
  1.113     +4 -2      src/sys/i386/i386/apic_vector.s
  1.117     +7 -1      src/sys/i386/i386/exception.s
  1.36      +7 -7      src/sys/i386/i386/local_apic.c
  1.298     +61 -63    src/sys/i386/i386/trap.c
  1.62      +15 -22    src/sys/i386/i386/vm86.c
  1.32      +4 -2      src/sys/i386/i386/vm86bios.s
  1.21      +2 -2      src/sys/i386/include/apicvar.h
  1.27      +2 -2      src/sys/i386/isa/atpic.c
  1.50      +2 -1      src/sys/i386/isa/atpic_vector.s
  1.35      +1 -1      src/sys/i386/isa/icu.h

Tested by:	kris, Peter Holm
No objections from:	kmacy
2007-02-19 10:57:47 +00:00
Konstantin Belousov
9b2f1a0740 Remove union_dircheckp hook, it is not needed by new unionfs code anymore.
As consequence, getdirentries() no longer needs to drop/reacquire
directory vnode lock, that would allow it to be reclaimed in between.

Reported and tested by:	Peter Holm
Approved by:		rodrigc (unionfs)
MFC after:		1 week
2007-02-19 10:56:09 +00:00
Konstantin Belousov
e277569ee2 MFi386 rev. 1.544 of i386/i386/pmap.c:
Rounding addr upwards to next 2M boundary in pmap_growkernel() could
cause addr to become 0, resulting in an early return without populating
the last PDE.

Reported and tested by:	kris
Suggested by:	alc
MFC after:	1 week
2007-02-19 10:55:16 +00:00
Olivier Houchard
f59ae8e84a Add two new options, FLASHADDR, which defines the address the flash is
mapped at, and LOADERRAMADDR, the address at which the loader maps the ram at
at the time the kernel is booted.
They are used to detect if the kernel is booted from the onboard flash.
Define those for the IQ31244
2007-02-19 01:03:08 +00:00
Olivier Houchard
db599c2f20 Teach the kernel and the ELF trampoline how to boot from onboard flash. 2007-02-19 00:57:27 +00:00
Olivier Houchard
0d9fc1e6e1 There's no such thing as a GENERIC kernel on arm.
Spotted out by:	csjp
MFC After:	3 days
2007-02-19 00:37:25 +00:00
Ceri Davies
e1854a84ad Correct typos containing my login name (plus one more in expr.y).
Found courtesy of a recursive grep in the wrong directory.
2007-02-18 19:48:59 +00:00
Marcel Moolenaar
9bc4cd63f3 The table of known CPU models ends with an entry that has a version
of 0, not with an entry that has an empty CPU name.

Submitted by: Andrew Turner (andrew@fubar.geek.nz)
2007-02-18 17:40:09 +00:00
Robert Watson
03dc38a48b #ifdef INET6 printing of inpcb IPv6 addresses in DDB. Patch committed
with minor adjustments.

Submitted by:	Florian C. Smeets <flo at kasimir dot com>
2007-02-18 08:57:23 +00:00
Alan Cox
ae0663a383 Eliminate some acquisitions and releases of the page queues lock that are
no longer necessary.
2007-02-18 06:33:02 +00:00