Commit Graph

158352 Commits

Author SHA1 Message Date
rwatson
8db4ca2429 Import OpenBSM 1.1p2 from vendor branch to 8-CURRENT. This patch release
addresses several minor issues:

- Fix audit_event definitions of AUE_OPENAT_RWT and AUE_OPENAT_RWTC.
- Fix build on Linux.
- Fix printing of class masks in the audump tool.

MFC after:	3 weeks
Obtained from:	TrustedBSD Project
Approved by:	re (kib)
2009-08-02 10:27:54 +00:00
rwatson
2eafab39fe The colour was red as shall be the letters of this warning to people upon
boot if the experimental VIMAGE feature was compiled into the kernel.

Submitted by:	bz
Reviewed by:	zec
Approved by:	re (vimage blanket)
2009-08-01 22:22:45 +00:00
rwatson
3b267ddfaa Minor style tweaks.
Approved by:	re (vimage blanket)
2009-08-01 21:58:32 +00:00
rwatson
648ff24430 Make the vnet alloc/destroy paths a bit easier to followg by merging
vnet_data_init/vnet_data_destroy into vnet_alloc/vnet_destroy.

Reviewed by:	bz, zec
Approved by:	re (vimage blanket)
2009-08-01 21:54:15 +00:00
rwatson
e3917e768d Remove vnet_foreach() utility function, which previously allowed
vnet.c to iterate virtual network stacks without being aware of
the implementation details previously hidden in kern_vimage.c.
Now they are in the same file, so remove this added complexity.

Reviewed by:	bz
Approved by:	re (vimage blanket)
2009-08-01 20:24:45 +00:00
rwatson
fb9ffed650 Merge the remainder of kern_vimage.c and vimage.h into vnet.c and
vnet.h, we now use jails (rather than vimages) as the abstraction
for virtualization management, and what remained was specific to
virtual network stacks.  Minor cleanups are done in the process,
and comments updated to reflect these changes.

Reviewed by:	bz
Approved by:	re (vimage blanket)
2009-08-01 19:26:27 +00:00
mjacob
2d4b24984c Add 8Gb support (isp_2500). Fix a fair number of configuration and
firmware loading bugs.

Target mode support has received some serious attention to make it
more usable and stable.

Some backward compatible additions to CAM have been made that make
target mode async events easier to deal with have also been put
into place.

Further refinement and better support for NP-IV (N-port Virtualization)
is now in place.

Code for release prior to RELENG_7 has been stripped away for code clarity.

Sponsored by: Copan Systems

Reviewed by:    scottl, ken, jung-uk kim
Approved by:    re
2009-08-01 01:04:26 +00:00
mjacob
8cd95c9b58 Add 8Gb card firmware. Update some 2Gb and 4Gb f/w sets.
Split 4Gb and 8Gb into pieces that can be either multi_id
capable or not.

Reviewed by:	scottl, ken
Approved by:	re
2009-08-01 00:57:34 +00:00
sam
8d5758f2a0 fix misplaced #endif that caused tdma handling to be merged with ESS handling
(causing tdma scanning to break)

Approved by:	re (kib)
2009-07-31 19:13:16 +00:00
sam
66463b10cc Filter setting IFF_PROMISC on tdma vaps; we don't want the underyling device
to be in promiscuous mode as we have a h/w bssid.

Approved by:	re (kib)
2009-07-31 19:12:19 +00:00
weongyo
2f531ec658 add upgt
Approved by:	re (kib)
2009-07-31 17:57:16 +00:00
jamie
e87d51a605 Make the "enforce_statfs" default 2 (most restrictive) in jail_set(2),
instead of whatever the parent/system has (which is generally 0).  This
mirrors the old-style default used for jail(2) in conjunction with the
security.jail.enforce_statfs sysctl.

Approved by:	re (kib), bz (mentor)
2009-07-31 16:00:41 +00:00
jamie
f3a133a1c3 Handle kernels that don't have IPv6 by not sending an "ip6.addr"
parameter unless a (numeric) IPv6 address is given.  Even the default
binaries built with -DINET6 will work with IPv6-less kernels.  With an
eye to the future, similarly handle the possibility of an IPv4-less kernel.

Approved by:	re (kib), bz (mentor)
2009-07-31 14:30:06 +00:00
jhb
03d158678f Fix some LORs between vnode locks and filedescriptor table locks.
- Don't grab the filedesc lock just to read fd_cmask.
- Drop vnode locks earlier when mounting the root filesystem and before
  sanitizing stdin/out/err file descriptors during execve().

Submitted by:	kib
Approved by:	re (rwatson)
MFC after:	1 week
2009-07-31 13:40:06 +00:00
kevlo
ee695c0b4b Free allocated Rx ring dma memory/tags.
Reviewed by: yongari@
Approved by: re (kib)
2009-07-31 09:57:42 +00:00
delphij
1eac2402ef Correct a stack underflow in gzip:
- Limit suffix to be no more than 30 bytes long.  This matches GNU
   behavior.
 - Correct usage of memcpy().

Note that this commit only corrects the stack underflow issue, we
still need some other fixes to cover other edges. [1]

Reported by:	Ron Jude <ronj wytheville org>
Discussed with:	Matthew Green (original NetBSD gzip author),
		Eygene Ryabinkin <rea-fbsd codelabs ru> [1]
Approved by:	re (kib)
2009-07-31 08:37:27 +00:00
weongyo
f92b9dfb98 fixes a typo for DWA120 device ID.
Reported by:	Alexander Kuznetsov <skritku at gmail.com>
Approved by:	re (kib)
2009-07-30 18:53:06 +00:00
delphij
29c50fdac8 Show interface name which received short CARP packet (e.g. a VRRP packet),
in order to match other codepaths nearby.  This makes troubleshooting
easier.

Approved by:	re (kib)
MFC after:	1 month
2009-07-30 17:40:47 +00:00
jamie
0a7374675b Remove a LOR, where the the sleepable allprison_lock was being obtained
in prison_equal_ip4/6 while an inp mutex was held.  Locking allprison_lock
can be avoided by making a restriction on the IP addresses associated with
jails:

Don't allow the "ip4" and "ip6" parameters to be changed after a jail is
created.  Setting the "ip4.addr" and "ip6.addr" parameters is allowed,
but only if the jail was already created with either ip4/6=new or
ip4/6=disable.  With this restriction, the prison flags in question
(PR_IP4_USER and PR_IP6_USER) become read-only and can be checked
without locking.

This also allows the simplification of a messy code path that was needed
to handle an existing prison gaining an IP address list.

PR:		kern/136899
Reported by:	Dirk Meyer
Approved by:	re (kib), bz (mentor)
2009-07-30 14:28:56 +00:00
rwatson
466a4af8b2 Reorder and recomment vnet.c and vnet.h on the basis that they are no longer
solely about the virtual network stack memory allocator.

Approved by:	re (vimage blanket)
2009-07-30 12:41:19 +00:00
rwatson
eb7493cea9 Style tweak.
Approved by:	re (kib)
MFC after:	3 days
2009-07-30 09:51:04 +00:00
rwatson
35df018539 Add two new privileges for use by OpenAFS, which will be supported for
FreeBSD 8.x.

MFC after:	3 days
Submitted by:	Benjamin Kaduk <kaduk at MIT.EDU>
Approved by:	re (kib)
2009-07-30 08:41:06 +00:00
alfred
f688e04d86 Missed this file for r195963:
USB core:
  - add support for defragging of written device data.
  - improve handling of alternate settings in device side mode.
  - correct return value from usbd_get_no_alts() function.
  - reported by: HPS
  - P4 ID: 166156, 166168

  - report USB device release information to devd and pnpinfo.
  - reported by: MIHIRA Sanpei Yoshiro
  - P4 ID: 166221

Submitted by:	hps
Approved by:	re
2009-07-30 00:57:54 +00:00
alfred
fd0357779d USB CORE - Improve HID parsing
See PR description for more info. Patch is
implemented differently than suggested, but
having the same result.

PR:     usb/137188

Submitted by:	hps
Approved by:	re
2009-07-30 00:17:08 +00:00
alfred
0f210d639a USB CORE - compat Linux:
- Patch request from Tim Borgeaud:
- add automatic locking
- add refcount for killing URB's

Submitted by:	hps
Approved by:	re
2009-07-30 00:16:50 +00:00
alfred
1e6e123c84 USB controller:
- allow disabling "root_mount_hold()" by setting "hw.usb.no_boot_wait" sysctl

Submitted by:	hps
Approved by:	re
2009-07-30 00:16:32 +00:00
alfred
37a79960cc ULPT:
- add conditional printer status checking
- P4 ID: 166176

Submitted by:	hps
Approved by:	re
2009-07-30 00:16:06 +00:00
alfred
ec456e3a3b USB core:
- add support for defragging of written device data.
- improve handling of alternate settings in device side mode.
- correct return value from usbd_get_no_alts() function.
- reported by: HPS
- P4 ID: 166156, 166168

- report USB device release information to devd and pnpinfo.
- reported by: MIHIRA Sanpei Yoshiro
- P4 ID: 166221

Submitted by:	hps
Approved by:	re
2009-07-30 00:15:50 +00:00
alfred
fee3a28989 USB serial:
- add new ID for Huawei
- P4 ID: 166150

PR:             usb/136761

Submitted by:	hps
Approved by:	re
2009-07-30 00:15:17 +00:00
alfred
10ba0f5068 USB audio:
- code factoring patch from "Eygene Ryabinkin"
- P4 ID: 166149

Submitted by:	hps
Approved by:	re
2009-07-30 00:14:56 +00:00
alfred
e04ffbb8b6 USB CORE:
- Add minimum polling support to drive UMASS
  and UKBD in case of panic.
- Add extra check to ukbd probe to fix problem about
  mouse devices attaching like keyboards.
- P4 ID: 166148

Submitted by:	hps
Approved by:	re
2009-07-30 00:14:34 +00:00
alfred
7a35d7e44d USB input
- add support for setting the UMS polling rate through -F option
           passed to moused.
         - requested by Alexander Best
         - P4 ID: 166075

PR:             usb/125264

Submitted by:	hps
Approved by:	re
2009-07-30 00:13:09 +00:00
alfred
2d98a74a82 USB controller:
- patch from Alexander Motin <mav@freebsd.org>
          - add more ID's
          - P4 ID: 165805

Submitted by:	hps
Approved by:	re
2009-07-30 00:12:47 +00:00
alfred
6c89a5f102 LibUSB v1.0:
- Significantly improve libusb10 support.
        - Many minor issues fixed.
        - P4 ID: 166189, 165853, 165991, 166052, 166069

Submitted by:	hps
Approved by:	re
2009-07-30 00:11:41 +00:00
kib
eafde3dc55 Fix XEN build breakage, by implementing pmap_invalidate_cache_range()
and using it when appropriate. Merge analogue of the r195836
optimization to XEN.

Approved by:	re (kensmith)
2009-07-29 19:38:33 +00:00
jhb
0991e073e6 Parse the System Resource Affinity Table ('SRAT') used to describe affinity
relationships between CPUs and memory.

Reviewed by:	jkim
Approved by:	re (kib)
MFC after:	1 week
2009-07-29 19:07:24 +00:00
jamie
2fc68fe1d7 Don't allow mixing the "vnet" and "ip4/6" jail parameters, since vnet
jails have their own IP stack and don't have access to the parent IP
addresses anyway.  Note that a virtual network stack forms a break
between prisons with regard to the list of allowed IP addresses.

Approved by:	re (kib), bz (mentor)
2009-07-29 16:46:59 +00:00
jamie
4bceb596d2 Change the default value of the "ip4" and "ip6" jail parameters to
"disable", which only allows access to the parent/physical system's
IP addresses when specifically directed.  Change the default value of
"host" to "new", and don't copy the parent host values, to insulate
jails from the parent hostname et al.

Approved by:	re (kib), bz (mentor)
2009-07-29 16:41:02 +00:00
rmacklem
1aa3b666bc Fix the experimental nfs client so that it only calls ncl_vinvalbuf()
for NFSv2 and not NFSv4 when nfscl_mustflush() returns 0. Since
nfscl_mustflush() only returns 0 when there is a valid write delegation
issued to the client, it only affects the case of an NFSv4 mount with
callbacks/delegations enabled.

Approved by:	 re (kensmith), kib (mentor)
2009-07-29 14:50:31 +00:00
rmacklem
da90e22341 Delete the descriptions of the gssname and allgssname optionss from
mount_nfs.8 since these options are not implemented in FreeBSD8.
This is content change for the man page.

Approved by:	re (kensmith), kib (mentor)
2009-07-29 14:44:09 +00:00
delphij
a1420f2d09 Update less to v436. This is considered as a bugfix release from vendor.
Major changes from v429:
 * Don't pass "-" to non-pipe LESSOPEN unless it starts with "-".
 * Allow a fraction as the argument to the -# (--shift) option.
 * Fix highlight bug when underlined/overstruck text matches at end of line.
 * Fix non-regex searches with ctrl-R.

Approved by:	re (kensmith, kib)
2009-07-29 09:20:32 +00:00
kib
7b17971146 As was done in r195820 for amd64, use clflush for flushing cache lines
when memory page caching attributes changed, and CPU does not support
self-snoop, but implemented clflush, for i386.

Take care of possible mappings of the page by sf buffer by utilizing
the mapping for clflush, otherwise map the page transiently. Amd64
used direct map.

Proposed and reviewed by:  alc
Approved by:   re (kensmith)
2009-07-29 08:49:58 +00:00
rwatson
6b019307f4 Eliminate ARG_UPATH[12] arguments to AUDIT_ARG_UPATH() and instead
provide specific macros, AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2()
to capture path information for audit records.  This allows us to
move the definitions of ARG_* out of the public audit header file,
as they are an implementation detail of our current kernel-internal
audit record, which may change.

Approved by:	re (kensmith)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-29 07:44:43 +00:00
pjd
2ef0bbd3c7 Currently there is a problem with fscking UFS file systems created on
top of ZVOLs. The problem is that rc.d/fsck runs before rc.d/zfs. The
latter makes ZVOLs to appear in /dev/. In such case rc.d/fsck cannot
find devfs entry and aborts. We cannot simply move rc.d/zfs before
rc.d/fsck, because we first want kern.hostid to be configured (by
rc.d/hostid). If we won't wait (hostid will be 0) we can reuse disks
which are in use by different systems (eg. in SAN/NAS environment).
We also cannot move rc.d/hostid before rc.d/fsck, because rc.d/hostid on
first system start stores generated kern.hostuuid in /etc/hostid file,
so it needs root file system to be mounted read-write.

The fix is to split rc.d/hostid so that rc.d/hostid (which will now run
before rc.d/fsck) only generates hostid and sets up sysctls, but doesn't
touch root file system and rc.d/hostid_save (which is run after
rc.d/root) and only creates /etc/hostid file.

With that in place, we can move ZVOL initialization to dedicated
rc.d/zvol script which runs before rc.d/fsck.

PR:		conf/120194
Reported by:	James Snow <snow@teardrop.org>
Reviewed by:	brooks
Approved by:	re (kib)
MFC after:	2 weeks
2009-07-29 05:23:52 +00:00
dougb
2e73ad7182 Update to version 9.6.1-P1 which addresses a remote DoS vulnerability:
Receipt of a specially-crafted dynamic update message may
	cause BIND 9 servers to exit. This vulnerability affects all
	servers -- it is not limited to those that are configured to
	allow dynamic updates. Access controls will not provide an
	effective workaround.

More details can be found here: https://www.isc.org/node/474

All BIND users are encouraged to update to a patched version ASAP.

Approved by:	re (re -> SO -> dougb)
2009-07-29 00:15:39 +00:00
rwatson
c387c55113 Revise header comments for vnet.h as we now implement VNET_SYSINIT, not
just VNET_DEFINE in vnet.h.

Approved by:	re (vimage blanket)
2009-07-28 22:17:34 +00:00
rwatson
fac30ba8b4 Rework vnode argument auditing to follow the same structure, in order
to avoid exposing ARG_ macros/flag values outside of the audit code in
order to name which one of two possible vnodes will be audited for a
system call.

Approved by:	re (kib)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-28 21:52:24 +00:00
rwatson
21e3bcee43 Audit file descriptors passed to fooat(2) system calls, which are used
instead of the root/current working directory as the starting point for
lookups.  Up to two such descriptors can be audited.  Add audit record
BSM encoding for fooat(2).

Note: due to an error in the OpenBSM 1.1p1 configuration file, a
further change is required to that file in order to fix openat(2)
auditing.

Approved by:	re (kib)
Reviewed by:	rdivacky (fooat(2) portions)
Obtained from:	TrustedBSD Project
MFC after:	1 month
2009-07-28 21:39:58 +00:00
julian
fa74d2c7e5 Startup the vnet part of initialization a bit after the global part.
Fixes crash on boot if ipfw compiled in.

Submitted by:	tegge@
Reviewed by:	tegge@
Approved by:	re (kib)
2009-07-28 19:58:07 +00:00
julian
f22b416ddb Somewhere along the line accept sockets stopped honoring the
FIB selected for them. Fix this.

Reviewed by:	ambrisko
Approved by:	re (kib)
MFC after:	3 days
2009-07-28 19:43:27 +00:00