Commit Graph

124661 Commits

Author SHA1 Message Date
Pawel Jakub Dawidek
8091e0f54b Add regression tests for geli(8) authentication feature.
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-06 06:46:51 +00:00
Pawel Jakub Dawidek
43b48559c5 - Update regression tests after recent changes.
- Verify various sector sizes.
2006-06-06 06:44:19 +00:00
Xin LI
8fe1b8c03e Cleanups for mailwrapper(8):
- K&R -> ANSI prototype [O]
 - Do not bother to do free right before exit() or execve() [O]
 - Remove some dead code in addarg()
 - Make additional parameters specified in mailer.conf(5)
   actually work and document the fact. [N]
 - Avoid using __progname but instead use getprogname()
   and setprogname() to provide more sensible messages. [O, N]
 - Update $OpenBSD$ and $NetBSD$ to reflect the fact that we
   have sync'ed with their code.
 - WARNS=6

Obtained from/Inspired by:	OpenBSD [O], NetBSD [N] (partially)
2006-06-06 05:01:12 +00:00
Alan Cox
ed48a217f6 Add partial pmap locking.
Eliminate the unused allpmaps list.

Tested by: cognet@
2006-06-06 04:32:20 +00:00
Alan Cox
67c867ee8d Correct a typo in the previous revision. 2006-06-06 02:02:10 +00:00
Alan Cox
b5153c776b Add a stub for pmap_enter_object(). 2006-06-06 02:00:08 +00:00
Olivier Houchard
f14c3a8aac Make VERBOSE_INIT_ARM compile by fixing various printf formats, and add it
as an option.

Submitted by:   Max N. Boyarov <m.boyarov at bsd dot by>
2006-06-06 01:14:12 +00:00
Olivier Houchard
ceff114886 vm_page_alloc_contig() can sleep, so don't even think about using it
in the M_NOWAIT case.
2006-06-05 23:42:47 +00:00
Tai-hwa Liang
334ee2771b Really fix the typo this time: it should be sc->sc_drvbpf to be verified,
not ic->ic_drvbpf.
2006-06-05 23:06:03 +00:00
Tai-hwa Liang
edc428baef Fixing a typo in rev1.196. 2006-06-05 22:59:14 +00:00
Robert Watson
714e68b8d2 Remove use of Giant around vn_open() in audit trail setup.
Submitted by:	jhb, wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 22:36:12 +00:00
Matt Jacob
fcd9a16b1f Do some source && comment cleanup.
Clean out the abortive start to homegrown, per-mpt,
Domain Validation. This should really be done at a
higher level.

Use the PIM_SEQSCAN flag for U320- this seems to correct
cases of being unable to consistently negotiate U320 in
the cases where I'd seen this before.

Between this and other recent checkins, this driver is
pretty close to being ready for MFC.

Reviewed by:	scottl, ken, scsi@
MFC after:	1 week
2006-06-05 22:25:49 +00:00
Matt Jacob
c1c3139ed3 Add PIM_SEQSCAN for HBA misc flags and code that understands
what to do with it.

This forces us to scan targets sequentially, not in parallel.
The reason we might want to do this is that SPI negotiation
might not work right at the SIM level if we try to do it
in parallel. We *could* fix this for each SIM where this is
broken, but it's a lot harder to do that when we can simply
ask CAM to probe sequentially.

If PIM_SEQSCAN is not set (default), the original behaviour for
probing is unchanged.

LUN probing is still done in parallel for each target in either
case.

While we're at it, clean up some resource leakage for error
cases.

Reviewed by:	ken, scott, scsi@
MFC after:	1 week
2006-06-05 22:22:14 +00:00
Pawel Jakub Dawidek
198eeec116 Document geli(8) data authentication.
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-05 21:43:51 +00:00
Pawel Jakub Dawidek
4e98d97992 Connect new GELI files to the build.
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-05 21:42:26 +00:00
Pawel Jakub Dawidek
7fe923a866 Userland bits of geli(8) data authentication.
Now, encryption algorithm is given using '-e' option, not '-a'.
The '-a' option is now used to specify authentication algorithm.

Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-05 21:40:54 +00:00
Pawel Jakub Dawidek
eaa3b91996 Implement data integrity verification (data authentication) for geli(8).
Supported by:	Wheel Sp. z o.o. (http://www.wheel.pl)
2006-06-05 21:38:54 +00:00
Pawel Jakub Dawidek
05bf5e8a0a Make kern.geom.eli.overwrites sysctl a tunable as well. 2006-06-05 21:25:19 +00:00
Qing Li
1a41f91052 Assuming the interface has an address of x.x.x.195, a mask of
255.255.255.0, and a default route with gateway x.x.x.1. Now if
the address mask is changed to something more specific, e.g.,
255.255.255.128, then after the mask change the default gateway
is no longer reachable.

Since the default route is still present in the routing table,
when the output code tries to resolve the address of the default
gateway in function rt_check(), again, the default route will be
returned by rtalloc1(). Because the lock is currently held on the
rtentry structure, one more attempt to hold the lock will trigger
a crash due to "lock recursed on non-recursive mutex ..."

This is a general problem. The fix checks for the above condition
so that an existing route entry is not mistaken for a new cloned
route. Approriately, an ENETUNREACH error is returned back to the
caller

Approved by:	andre
2006-06-05 21:20:21 +00:00
Pawel Jakub Dawidek
4bec0ff1c4 Add g_duplicate_bio() function which does the same thing what g_clone_bio()
is doing, but g_duplicate_bio() allocates new bio with M_WAITOK flag.
2006-06-05 21:13:22 +00:00
Alan Cox
ce142d9ec0 Introduce the function pmap_enter_object(). It maps a sequence of resident
pages from the same object.  Use it in vm_map_pmap_enter() to reduce the
locking overhead of premapping objects.

Reviewed by: tegge@
2006-06-05 20:35:27 +00:00
Christian Brueffer
4bf452f14a Some mdoc and wording improvements. 2006-06-05 20:29:31 +00:00
Max Khon
3da2dc0763 Fix kernel panic in rt2661_tx_intr() if no frames has been sent.
Obtained from:	OpenBSD (sys/dev/ic/rt2661.c rev. 1.15)
2006-06-05 20:06:29 +00:00
Maxim Konovalov
fbec079f0d o Add missed comma. 2006-06-05 19:55:44 +00:00
Matt Jacob
19ec23bb00 Just a very quick update to get *close* to reality. 2006-06-05 19:46:55 +00:00
Xin LI
1cec70ad72 - ANSIfy.
- Remove two unnecessary casts.

These changes would help gcc4 compile.
2006-06-05 18:22:13 +00:00
Ed Maste
f4eaa4b967 Fix cut-n-pasteo: use the i386 version #define for i386 dumps, not the amd64 one. 2006-06-05 18:21:29 +00:00
Christian Brueffer
3640665627 my(4) provides support now as well. 2006-06-05 18:02:36 +00:00
Christian Brueffer
9522f75aea Add altq(4) support.
Reviewed by:	mlaier
Approved by:	rwatson (mentor)
MFC after:	2 weeks
2006-06-05 17:59:46 +00:00
Sam Leffler
f9fc583f17 move hal bus+tag externalization to the bus glue code where it belongs;
this is a noop on all current freebsd architectures

MFC after:	1 month
2006-06-05 17:51:20 +00:00
Marius Strobl
624fc6d1d9 - Declare the PnP map const.
- Add devices found in V210 to the PnP map.
- Don't leak memory if we didn't find a match for a node in the PnP map.

MFC after:	2 weeks
2006-06-05 17:48:54 +00:00
Sam Leffler
93057fddc1 resolve merge conflicts
MFC after:	1 month
2006-06-05 17:46:41 +00:00
Sam Leffler
a46aeff755 This commit was generated by cvs2svn to compensate for changes in r159285,
which included commits to RCS files with non-trunk default branches.
2006-06-05 17:43:51 +00:00
Sam Leffler
7937397e81 Version 0.9.17.2:
o define HAL_SOFTC, HAL_BUS_TAG, and HAL_BUS_HANDLE to be machine
  independent; this fixes portability issues with bsd systems
o add ah_disable api for turning off operation of both MAC and PHY
o add ah_getAntennaSwitch and ah_setAntennaSwitch api's for better control
  of antenna usage and diversity
o add ah_setAckCTSRate and ah_setAckCTSRate for controlling tx rate of
  h/w generated frames
o add ah_setBeaconTimers api for simpler setting of the beacon timer registers
o remove ah_waitForBeaconDone api
o add HAL_TXDESC_DURENA flag to enable h/w duration setting in tx descriptor
o correct documentation of min/max tx power units (.5 dBm)
o switch arm, mips, and powerpc builds to use functions for register
  read/write operations
o fix sparc builds to not reference %g2 and %g3 registers
o add public builds for SoC's

MFC after:	1 month
2006-06-05 17:43:51 +00:00
Guy Helmer
3266c22854 Upon further review, DES prefers this change over that in revision 1.13
to resolve the directory access problem for processes with P_SUGID flag
set.

Suggested by: des
2006-06-05 16:41:27 +00:00
Joel Dahl
1735925eeb Fix minor typos. 2006-06-05 16:31:57 +00:00
Pawel Jakub Dawidek
4bc8da3589 - Document that padlock(4) pretends to accelerate HMAC algorithms.
- Remove "device cryptodev" as it is not needed for compiling padlock(4)
  into the kernel. Actually it is not advisable, because padlock
  instructions can be used directly from userland, so passing the work
  through the kernel is a bad idea.
2006-06-05 16:24:31 +00:00
Pawel Jakub Dawidek
64e18040cc - Pretend to accelerate various HMAC algorithms, so padlock(4) can be used
with fast_ipsec(4) and geli(8) authentication (comming soon).
  If consumer requests only for HMAC algorithm (without encryption), return
  EINVAL.
- Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and
  authentication.
2006-06-05 16:22:04 +00:00
Robert Watson
7365463843 When generating BSM tokens for mkfifo(), include mode argument.
Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 16:14:49 +00:00
Robert Watson
5619113c96 When generating the process token, need to check whether the
process was sucessfully audited.  Otherwise, generate the PID
token. This change covers the pid < 0 cases, and pid lookup
failure cases.

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 16:12:00 +00:00
Yaroslav Tykhiy
31ee80d88a Fix compilation of ftpcmd.y without -DINET6.
Respect MK_INET6_SUPPORT in Makefile.

Requested by:	Attila Nagy <bra at fsn dot hu>
MFC after:	1 week
2006-06-05 15:50:34 +00:00
Robert Watson
1df6229aea Consistently use audit_free() to free records, rather than
directly invoking uma_zfree().

Perforce change:	96652
Obtained from:		TrustedBSD Project
2006-06-05 15:38:12 +00:00
Robert Watson
7ebfc8df78 Audit some arguments to nmount(), mount(), umount().
Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 15:32:07 +00:00
Robert Watson
673937ac08 Break out description of the audit pipe facility from audit.4 into a new
man page, auditpipe.4, which describes the behavior of audit pipes, the
ioctls, preselection, etc.

Obtained from:	TrustedBSD Project
2006-06-05 15:26:09 +00:00
Marius Strobl
3a225e0b62 Revert the part of rev. 1.3 which changed the software style to be
set to ILACC rather than PCnet-PCI as VMware doesn't implement ILACC
compatibility, resulting in the VMware virtual machine to crash if
enabled. Add a comment regarding usage of ILACC vs. PCnet-PCI mode.

Reported and tested by:	gnn, wsalamon
2006-06-05 15:14:14 +00:00
Konstantin Belousov
3d5fa0356e Replace absolute addressing in the call instructions with position-independend
calls. This eliminates TEXTREL from libc, making its text segment relocatable.

PR:	i386/85242
Approved by:	kan (mentor)
MFC after:	1 month
2006-06-05 14:59:33 +00:00
Robert Watson
e257c20ec1 Introduce support for per-audit pipe preselection independent from the
global audit trail configuration.  This allows applications consuming
audit trails to specify parameters for which audit records are of
interest, including selecting records not required by the global trail.
Allowing application interest specification without changing the global
configuration allows intrusion detection systems to run without
interfering with global auditing or each other (if multiple are
present).  To implement this:

- Kernel audit records now carry a flag to indicate whether they have
  been selected by the global trail or by the audit pipe subsystem,
  set during record commit, so that this information is available
  after BSM conversion when delivering the BSM to the trail and audit
  pipes in the audit worker thread asynchronously.  Preselection by
  either record target will cause the record to be kept.

- Similar changes to preselection when the audit record is created
  when the system call is entering: consult both the global trail and
  pipes.

- au_preselect() now accepts the class in order to avoid repeatedly
  looking up the mask for each preselection test.

- Define a series of ioctls that allow applications to specify whether
  they want to track the global trail, or program their own
  preselection parameters: they may specify their own flags and naflags
  masks, similar to the global masks of the same name, as well as a set
  of per-auid masks.  They also set a per-pipe mode specifying whether
  they track the global trail, or user their own -- the door is left
  open for future additional modes.  A new ioctl is defined to allow a
  user process to flush the current audit pipe queue, which can be used
  after reprogramming pre-selection to make sure that only records of
  interest are received in future reads.

- Audit pipe data structures are extended to hold the additional fields
  necessary to support preselection.  By default, audit pipes track the
  global trail, so "praudit /dev/auditpipe" will track the global audit
  trail even though praudit doesn't program the audit pipe selection
  model.

- Comment about the complexities of potentially adding partial read
  support to audit pipes.

By using a set of ioctls, applications can select which records are of
interest, and toggle the preselection mode.

Obtained from:	TrustedBSD Project
2006-06-05 14:48:17 +00:00
Konstantin Belousov
273147358f Temporary workaround to prevent leak of Giant from nfsd when calling
lookup().

Reviewed by:	tegge
Tested by:	"Arno J. Klaassen" <arno at heho snv jussieu fr>, "Rong-en Fan" <grafan at gmail com>, Dmitriy Kirhlarov <dimma at higis ru>, Dmitry Pryanishnikov <dmitry at atlantis dp ua>
MFC after:	1 week
Approved by:	kan, pjd (mentors)
2006-06-05 14:48:02 +00:00
Ian Dowse
c62502d1f6 Fix a number of cases where ugen would panic, especially when the
device went away while open or if you tried to change the config
number while devices were open. Based on the patch from the PR with
a number of changes as discussed with the submitter.

PR:		usb/97271
Submitted by:	Anish Mistry
2006-06-05 14:44:39 +00:00
Robert Watson
b6cd2d9e08 Shorten audit record zone name.
Perforce change:	93598
Obtained from:	TrustedBSD Project
2006-06-05 14:11:28 +00:00