111570 Commits

Author SHA1 Message Date
rwatson
75eae61520 Implement Biba integrity protection for System V IPC objects (message
queues, semaphores, shared memory).

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 20:07:11 +00:00
pjd
f7dfd80b65 Allow to specify device size in bytes.
MFC after:	1 week
2005-01-22 20:02:01 +00:00
wilko
c5c34ae422 s/principals/principles/
Fortune was duplicated, remove one copy.
2005-01-22 20:00:50 +00:00
pjd
5b525d8ac1 - Don't destroy UMA zone on error in mdcreate_malloc(), because we need it
in mddestroy() to properly free already allocated memory.
  This fixes a panic when we want to create too big memory backed device
  with preallocate memory (-o reserve).
- Remove redundant { }.

MFC after:	1 week
2005-01-22 19:56:03 +00:00
delphij
99a68ccb1f Make sure that we don't define INET6 when NO_INET6 is defined.
Without this change, when running netstat with a kernel without
INET6 built in, you will get a complain at the end of "netstat -s"
output.

X-MFC:		NO_INET6 was called "NOINET6" on RELENG_5
2005-01-22 19:35:48 +00:00
alc
abb2aba431 Guard against address wrap in kernacc(). Otherwise, a program accessing a
bad address range through /dev/kmem can panic the machine.

Submitted by: Mark W. Krentel
Reported by: Kris Kennaway
MFC after: 1 week
2005-01-22 19:21:29 +00:00
rwatson
59f1cc6e6e Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC shared memory.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 19:10:25 +00:00
phk
d2f418bf2c Add a couple of mtx_asserts() to try to narrow down the window on
a bug repeatedly reported.
2005-01-22 19:08:50 +00:00
rwatson
1215571a87 Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC semaphores.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 19:04:17 +00:00
rwatson
a9307575e8 Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC message queues.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 18:51:43 +00:00
ache
5b8f6c761d Especially mention that setting errno to EINVAL in "no conversion" case
is not portable.

Asked by:       joerg
2005-01-22 18:02:58 +00:00
ru
e83b0dda0a Document -l and -n options in usage(). 2005-01-22 14:37:57 +00:00
ru
08404fcbc6 Polish previous revision:
- Bump document date.
- Spell "file system" properly.
- Add missing markup bits.
2005-01-22 14:36:51 +00:00
das
d55cbb5c10 Add fma() and fmaf(), which implement a fused multiply-add operation. 2005-01-22 09:53:18 +00:00
mjacob
262c8113c0 Don't pass unadulterated unit numbers to make_dev and its ilk- if you
have more than 256 units, you die. Horribly. Convert them using
unit2minor.

MFC after:	1 week
2005-01-22 07:21:25 +00:00
das
87888496cc Replace the ldexp() implementation in libc with a renamed copy of the
scalbn() implementation from libm.  (The two functions are defined to
be identical, but ldexp() lives in libc for backwards compatibility.)
The old ldexp() implementation...
  - was more complicated than this one
  - set errno instead of raising FP exceptions
  - got some corner cases wrong
    (e.g. ldexp(1.0, 2000) in round-to-zero mode)

The new implementation lives in libc/gen instead of
libc/$MACHINE_ARCH/gen, since we don't need N copies of a
machine-independent file.  The amd64 and i386 platforms
retain their fast and correct MD implementations and
override this one.
2005-01-22 06:03:40 +00:00
obrien
cb779e8aab Embellish rev 1.61. If we're not building a debug kernel, use -O2 as before.
Submitted by:	ru
2005-01-22 00:58:34 +00:00
bmilekic
802a5a53d2 s/round_page/trunc_page/g
I meant trunc_page.  It's only a coincidence this hasn't caused
problems yet.

Pointed out by: Antoine Brodin <antoine.brodin@laposte.net>
2005-01-22 00:09:34 +00:00
wes
3093f02c7d Forced commit to note:
MFC after:	2 weeks
2005-01-21 22:53:51 +00:00
wes
926ee6068d Add an option to suppress the creation of the .snap directory in
the new filesystem.  This is intended for memory and vnode filesystems
that will never be fsck'ed or dumped.

Obtained from:	St. Bernard Software RAPID
MFC after:	2 weeks
2005-01-21 22:20:25 +00:00
wes
bb68fc2b6e Improved error checking for existence of a .snap directory to
generate snapshots in when -L is requested.  If the .snap directory
does not exist, or is not a directory, issue a warning and revert
to the non- live behavior.

Obtained from:	St. Bernard Software RAPID
2005-01-21 22:13:25 +00:00
ru
0b29d18074 - Soften sentence breaks.
- Remove double whitespace.
- Sort sections.
2005-01-21 21:57:05 +00:00
ru
9b901be794 Fixed macro abuse. 2005-01-21 20:51:09 +00:00
ru
22937d31bc Fixed xrefs. 2005-01-21 20:50:39 +00:00
ru
b8a9faaaa3 Fixed punctuation in xrefs. 2005-01-21 20:48:00 +00:00
imp
073c1259a4 we don't need the offset in the attr memory to get the ethernet
address, nor do we need the alignment requirements, so eliminate them.
This likely means that we can now collapse some of the entries as we
have no need of them anymore (they match other entries and were there
only to get the right attr memory offset of the enet addr).
2005-01-21 19:51:23 +00:00
le
082eb69990 Only report state changes of subdisks and plexes when there's
really a state change.

Reword the info a bit.
2005-01-21 18:27:23 +00:00
le
f7ba150b68 Don't initialize error with ENXIO as we might end up here when
the plex has no more consumers (e.g. orphaning).
2005-01-21 18:24:20 +00:00
bms
0ac71b801c Braino. Revert previous commit, NO_MAN was already corrected.
Noticed by:	imp
2005-01-21 18:12:47 +00:00
ume
e33b312668 we don't need to make fake sockaddr_in6 to compare subject address.
MFC after:	1 week
2005-01-21 18:12:46 +00:00
bmilekic
da7116f3ac Bring in MemGuard, a very simple and small replacement allocator
designed to help detect tamper-after-free scenarios, a problem more
and more common and likely with multithreaded kernels where race
conditions are more prevalent.

Currently MemGuard can only take over malloc()/realloc()/free() for
particular (a) malloc type(s) and the code brought in with this
change manually instruments it to take over M_SUBPROC allocations
as an example.  If you are planning to use it, for now you must:

	1) Put "options DEBUG_MEMGUARD" in your kernel config.
	2) Edit src/sys/kern/kern_malloc.c manually, look for
	   "XXX CHANGEME" and replace the M_SUBPROC comparison with
	   the appropriate malloc type (this might require additional
	   but small/simple code modification if, say, the malloc type
	   is declared out of scope).
	3) Build and install your kernel.  Tune vm.memguard_divisor
	   boot-time tunable which is used to scale how much of kmem_map
	   you want to allott for MemGuard's use.  The default is 10,
	   so kmem_size/10.

ToDo:
	1) Bring in a memguard(9) man page.
	2) Better instrumentation (e.g., boot-time) of MemGuard taking
	   over malloc types.
	3) Teach UMA about MemGuard to allow MemGuard to override zone
	   allocations too.
	4) Improve MemGuard if necessary.

This work is partly based on some old patches from Ian Dowse.
2005-01-21 18:09:17 +00:00
bms
7dbaec2b97 Catch up with NO_MAN->NOMAN change. 2005-01-21 17:38:02 +00:00
bms
3933cd4e50 If a device resides in physical slot 0, report it as being on-board as
per PIR specification.
Add the VIA VT82C686 PCI interrupt routing function as a known chipset.
2005-01-21 17:11:38 +00:00
bms
b99e3f39fe Fix a masking error. Update copyright. 2005-01-21 17:05:33 +00:00
bms
9dbf507683 Do not treat an invalid PIR table checksum as a fatal error condition, but
do print a warning about it.
Correct a stupid logic error.
Update copyrights.  Fix whitespace bug.

MFC after:	1 week
2005-01-21 16:15:24 +00:00
pjd
33e44ca5a9 Fix handling of providers with / in them (e.g. mirror/foo).
Submitted by:	Attila Nagy <bra@fsn.hu>
MFC after:	1 week
2005-01-21 14:38:44 +00:00
ache
5c490b063a Whitespace/style tweaking of prev. commit.
Noted by:       bde
2005-01-21 13:31:02 +00:00
ru
fe3627f1e0 Reflect the reality; only crypt(3) uses /etc/auth.conf
for the time being.
2005-01-21 12:07:46 +00:00
ru
41e43fe860 Fixed xref. 2005-01-21 12:01:00 +00:00
ru
2237fd5b98 Removed remnants of Kerberos support. 2005-01-21 11:22:34 +00:00
ru
8746ca69ad Removed Kerberos remnants. 2005-01-21 11:09:40 +00:00
ru
3666aefb6a Fixed xref. 2005-01-21 10:48:35 +00:00
ru
21e7b4e73c Fixed macro abuse. 2005-01-21 10:46:36 +00:00
ru
0f1929cc0e Fixed xrefs. 2005-01-21 10:35:40 +00:00
phk
1d29896ca3 Remove prototype of undefined function so this compiles again. 2005-01-21 10:19:17 +00:00
ru
3732ee2c4e Fixed xref. 2005-01-21 10:17:17 +00:00
ru
e8f9b51a47 De-kerberize the manpage. 2005-01-21 09:31:38 +00:00
ru
7eb33e8a7b Fixed .Xr call. 2005-01-21 09:07:47 +00:00
ru
7a3e657c56 Sort sections. 2005-01-21 08:36:40 +00:00
ru
e892f32ba8 Fixes to previous revision:
- bump document date
- break hard sentence break
- remove whitespace at EOL
2005-01-21 07:55:17 +00:00