MIB entries.
o Relocate kern.suser_permitted to kern.security.suser_permitted.
o Introduce new kern.security.unprivileged_procdebug_permitted, which
(when set to 0) prevents processes without privilege from performing
a variety of inter-process debugging activities. The default is 1,
to provide current behavior.
This feature allows "hardened" systems to disable access to debugging
facilities, which have been associated with a number of past security
vulnerabilities. Previously, while procfs could be unmounted, other
in-kernel facilities (such as ptrace()) were still available. This
setting should not be modified on normal development systems, as it
will result in frustration. Some utilities respond poorly to
failing to get the debugging access they require, and error response
by these utilities may be improved in the future in the name of
beautification.
Note that there are currently some odd interactions with some
facilities, which will need to be resolved before this should be used
in production, including odd interactions with truss and ktrace.
Note also that currently, tracing is permitted on the current process
regardless of this flag, for compatibility with previous
authorization code in various facilities, but that will probably
change (and resolve the odd interactions).
Obtained from: TrustedBSD Project
This is to be friendly with non-IPv6 peer (If the peer complains due to
lack of IPv6CP, drop IPv6CP). This basically implements "RXJ+" state
transition in the RFC.
Obtained from: NetBSD
o Move PIOCSRESOURCE from pccard to pcic so the kernel can give pccardd
better hints as to what resources to use.
o Implement an undocumented hw.pcic.interrupt_route to allow people that
need to do so to route their interrupts in a non-standard way.
o Only preallocate a resource in probe if we're routing via pci.
o If we aren't routing via pci, then set the irq to use explicitly
to defeat the automatic IRQ routing of the pci layer.
This, with the pccardd code should be close to what can be committed
to -stable.
- mostly complete kernel pmap support, and tested but currently turned
off userland pmap support
- low level assembly language trap, context switching and support code
- fully implemented atomic.h and supporting cpufunc.h
- some support for kernel debugging with ddb
- various header tweaks and filling out of machine dependent structures
to a new architecture. This is the base of the sparc64 port, but contains
limited machine dependent code, and can be used a base for ports. Included
are:
- standard machine dependent headers, tweaked for a 64 bit, big endian
architecture, including empty versions of all the machine dependent
structures
- a machine independent atomic.h, which can be used until a port has
support for interrupts and the operations really need to be atomic
- stub versions of all the machine dependent functions, which panic
when called and print out the name of the function that needs to
be implemented. functions which are normally in assembly files are
not included, but this should reduce the number of different undefined
references on the first few compiles from hundreds to 5 or 6
Given minimal startup code and console support it should be trivial to
make this compile and run the first few sysinits on almost any architecture.
Requested by: alfred, imp, jhb
dynamic symbol table buckets and chains. The sparc64 toolchain uses 32
bit .hash entries, unlike other 64 bits architectures (alpha), which use
64 bit entries.
Discussed with: dfr, jdp
a standard cell_t type for the fields of all argument structs. Also
make ihandle_t and phandle_t unsigned to avoid sign extension problems.
Approved by: benno
FreeBSD _does_ define ENOMSG, so no need for checking if we support it.
Inspired by PR: 22470
Which was submitted by: Bjorn Tornqvist <bjorn@west.se>
MFC after: 1 week
in the case where there are no interrupts routed for it does not
contain enough space to use it to route an interrupt. In the case
where we need to route an interrupt, throw away the returned buffer
and create a new one containing the interrupt we want.
boot time. Loading as a module once the system is up and running
doesn't make any sense.
- Fix acpi_FindIndexedResource (it would only check the first resource),
changes the calling interface.
- Add a new helper function (acpi_AppendBufferResource) to help building
buffers containing resources.
- Remove the beer-ware license (reqested by phk)
- Reorganise so that the PIIX4 workaround code is kept together, and
switch the workaround function via the timecounter struct, saving
a compare in the read-timecounter codepath. Also indicate that
the workaround is active by changing the timecounter hardware string.
either what's in NVRAM or what the safe defaults would be if we lack NVRAM.
Then we rename cur_XXXX to actv_XXXX (these are the currently active settings)
and the dev_XXX settings to goal_XXXX (these are the settings which we want
cur_XXXX to converge to).
This probably isn't entirely final as yet- but it's a lot closer to now
being what it should be, including allowing camcontrol to actually set
specific settings.
either what's in NVRAM or what the safe defaults would be if we lack NVRAM.
Then we rename cur_XXXX to actv_XXXX (these are the currently active settings)
and the dev_XXX settings to goal_XXXX (these are the settings which we want
cur_XXXX to converge to).
Roll core minor.
either what's in NVRAM or what the safe defaults would be if we lack NVRAM.
Then we rename cur_XXXX to actv_XXXX (these are the currently active settings)
and the dev_XXX settings to goal_XXXX (these are the settings which we want
cur_XXXX to converge to).
Handle both old and new TARGIOALLOCUNIT/TARGIOFREEUNIT cases- the new
one allows us to specify inquiry data we want to use.
Handle more of the CAM_DIS_DISCONNECT case.
Move TARGCTLIOALLOCUNIT to OTARGCTLIOALLOCUNIT, TARGCTLIOFREEUNIT
to OTARGCTLIOFREEUNIT and redefine old associated structure to be
old_ioc_alloc_unit- deprecation but preservation of binaries.
Add new structure for same- but this one contains a pointer to
user defined INQUIRY data so you can define what the target
device looks like to the outside world.
1. If we get frozen, unfreeze for disable disconnects.
2. Put CAM_DIS_DISCONNECT commands at the head of the work queue
(we have a target still connected and we can't run anything else
until this command completes).
If we had an error sending the last CTIO, unfreeze the queue anyway.
resources it is attempting to assign to a child object. This should
help people track down mysterious resource allocation problems more
easily.
# Unfortunately, it is harder to do the conflict check and report which
# resource failed if the driver itself doesn't.
because it shares ufs code. In ufs_fhtovp(), the test on i_effnlink
is invalid because ext2fs does not maintain this field. In ufs_close(),
i_effnlink is also tested, to determines whether or not to call
vn_start_write(). The ufs_fhtovp issue breaks NFS exporting of
ext2fs filesystems; I believe the other is harmless.
Fix both cases by checking um_i_effnlink_valid in the ufsmount
struct, and use i_nlink if necessary.
Noticed by: bde
Reviewed by: mckusick, bde
size (previously, the transfer size would be rounded up to a multiple of
the block size, which would overflow the buffer).
This fixes panics when doing things like trying to mount audio CD's.
PR: kern/21946
Review Timeout: sos
already allow this for NFS swap configured via BOOTP, so it is
known to work fine.
For many diskless configurations is is more flexible to have the
client set up swapping itself; it can recreate a sparse swap file
to save on server space for example, and it works with a non-NFS
root filesystem such as an in-kernel filesystem image.
strictly necessary on current, but having it in here makes the diffs with
stable smaller and doesn't hurt anything except for phk's redundant include
finder.