Commit Graph

132584 Commits

Author SHA1 Message Date
Christian S.J. Peron
d61e5aa4ed In the event a process is tainted (setuid/setgid binaries), un-set any
potentially dangerous environment variables all together. It should be
noted that the run-time linker will not honnor these environment variables
if the process is tainted currently. However, once a child of the tainted
process calls setuid(2), it's status as being tainted (as defined by
issetugid(2)) will be removed. This could be problematic because
subsequent activations of the run-time linker could honnor these
dangerous variables.

This is more of an anti foot-shot mechanism, there is nothing I am
aware of in base that does this, however there may be third party
utilities which do, and there is no real negative impact of clearing
these environment variables.

Discussed on:	secteam
Reviewed by:	cperciva
PR:		kern/109836
MFC after:	2 weeks
2007-05-17 18:00:27 +00:00
Christian S.J. Peron
6821ba0e76 Correct typo in comment 2007-05-17 16:03:14 +00:00
Marcel Moolenaar
cf805fab87 Fix the construction of the gctl_req that got broken by my
previous commit and that introduced optional parameters.
Existing classes (like geli(8)) use empty strings by default
and expect the parameter to be passed to the kernel as such.
Also, the default value of a string argument can be NULL.
Fix both cases by making the optional parameter conditional
upon gc_argname being set and making sure to test for NULL
before dereferencing the pointer.

Reported by: brueffer@
2007-05-17 15:34:51 +00:00
Peter Wemm
c6b342f820 Eliminate a micro-optimization that hasn't had any effect for 15+ years. 2007-05-17 15:31:14 +00:00
Alexander Motin
b50ace7384 Fix small copy/paste mistake. 2007-05-17 13:33:38 +00:00
Randall Stewart
3c503c28da - Fixed 1-2-1 model to not worry about associd in sockopts
- Fixed RTOinfo for bounding.
- Fixed connect() to return ECONNREFUSED when an ABORT is received.
- Added comments to direct Static Analysis not to look at some things
  it does not understand (comments are /* sa_ignore XXXXX */)
- Bind when colliding was broken, missing not_found = 1 before
  checking to see if the port was in use caused endless bind loop.
- Cookie life needs to be in milliseconds to conform to socket api.
- Cookie life is not supposed to change if its 0, On the assoc
  level set we changed it to 0 opps.
- Two more static analysis issues identified by the cisco
  tool. Null checks needed.
- An issue for sendfile(). Need to validate the correct
  input argument.
- When sending failed due to a no route to host, we leaked
  the mbuf chain failing to call m_freem().
- Fix #ifdef issue for getting hash block len when HAVE_SHA2 is NOT defined
Reviewed by:	gnn
2007-05-17 12:16:24 +00:00
Mike Makonnen
9cb24de6ed o Use the --detach option to kdc(8) instead of using the shell
background operator '&'.

  PR: conf/102722

o No need to include $kerberos5_server_flags in $command_args as
  rc.subr(8) will take care of this.
2007-05-17 11:33:08 +00:00
Mike Makonnen
c76ad7642f The precmd routine does not need to check whether the command should be
"forced". If some pre-condition is not met, it should fail as it normally
does and rc.subr(8) will make the appropriate decision. Incidentally, the
previous behaviour had a bug where the "force" flag was respected only
when checking rc.conf(5) knobs. The flag was ignored when verifying the
rpcbind(8) dependency.

MFC after: 2 weeks
2007-05-17 08:57:14 +00:00
Xin LI
cbfaeb5fe3 Tighten IP address check, prevent '..' from being passed
from the check.

Submitted by:	Ren Zhen <bg1tpt gmail com>
MFC after:	2 weeks
2007-05-17 06:08:42 +00:00
Daniel Eischen
01be5be136 Regen 2007-05-17 05:13:05 +00:00
Warner Losh
3627f73782 Don't export a kern.conftxt sysctl, except when INCLUDE_CONF_FILE is
defined.  This restores the old behavior, and eliminates the
dependency on the kernconf.tmpl when INCLUDE_CONFIG_FILE isn't
included in the kernel config.  There were many people in the terminal
room that had almost, but not quite, up-to-date config files that this
helps.  I don't know if this is the result of skew among the cvsup
servers, or some other more subtle problem.  However, this fix should
work for any config of recent vintage (I tested with the latest, and
one before the recent changes, and eye-balled the intermediate
versions).

Reviewed by: the terminal room crew
2007-05-17 05:05:12 +00:00
Daniel Eischen
ca2cb5bd5b Add a description for the WITHOUT_SYMVER option. 2007-05-17 05:03:24 +00:00
Daniel Eischen
683f4c0a40 Allow DEFAULT_THREAD_LIB to be set from /etc/src.conf.
Submitted by:	ru
2007-05-17 04:54:35 +00:00
Warner Losh
c1f4dd9355 Fix some problems that affect multiple file inclusion. Bruce found
this bug and submitted these patches to dunstan@.  He sent them to me
to test, and I discovered they were needed for the atmel kernel config
files.  Since we were playing with them in the terminal room after the
developer's summit today, I thought I'd go ahead and commit them to
allow those folks that now have atmel hardware (thanks Andre) a chance
to try it out w/o my help.  Since dunstan@ is asleep right now, risk
stepping on his toes a little by going ahead and committing this
change.

Submitted by: dunstan@, bde@
Tested by: bde@
2007-05-17 04:53:52 +00:00
Marcel Moolenaar
7db977fb07 The HP Diva RMP3 uses BAR 0x14. 2007-05-17 04:07:19 +00:00
Jonathan Chen
4ea8677105 endrpcent belongs with rpc name service db, not services.
MFC after:	1 week
2007-05-17 03:34:33 +00:00
Jonathan Chen
7a800a56f7 fix memory leak from reading nsswitch.conf
MFC after:	1 week
2007-05-17 03:33:23 +00:00
Marcel Moolenaar
91ac788806 Make the serdev I/F non-optional. At least 3 drivers depend on it
and they can be loaded as a module.

PR: kern/112706
2007-05-17 01:29:55 +00:00
Juli Mallett
26cfaf71bb Fix typo. 2007-05-17 00:19:56 +00:00
Juli Mallett
36c5e18daa o) Correct for missing whitespace.
o) We don't need to check if ifp == stdin to give the filename, since we already
   know that ifn will be "stdin" if it is.
2007-05-17 00:18:01 +00:00
Jack F Vogel
481dd885f8 Couple of changes, back down on last TSO change, instead make old
adapter list still capable, but only PCI-E adapters are now enabled.
The user can enable older PCI-X or PCI adapters using ifconfig.
Secondly, Arthur Hartwig pointed out my MSI change was not working
correctly, changed to something that now does. Thanks Arthur.
There was also a fundamental bug in the 82575 MSIX code, the MSIX
registers had to be mapped, opps :)

Rubber-stamped by: Pdeuskar
2007-05-17 00:14:03 +00:00
Juli Mallett
2fdb65fd82 Fix confusing misindentation of a closing-brace. (It goes with the switch, not
with the while.)
2007-05-17 00:11:58 +00:00
Oleg Bulyzhin
7e17f8b864 Unbreak IPv4 kernel build. 2007-05-17 00:05:13 +00:00
John Baldwin
81c8102c4c Don't completely skip pci_cfg_save() in the PCI nomatch routine if
the power_nodriver tunable is off.  pci_cfg_save() already checks the
tunable internally, and no other callers of pci_cfg_save() check the
tunable.

Reviewed by:	imp
2007-05-16 23:42:04 +00:00
John Baldwin
d193b870a5 Fix interrupt routing for some cards after the previous fix to clear BARs
in cardbus cards: update the saved copy of the PCIR_INTLINE register in
the PCI ivars in addition to the actual register.

Reviewed by:	imp
2007-05-16 23:40:08 +00:00
David Christensen
567590460f - Added TSO support
- Updated firmware to latest release (v3.4.8) to fix TSO + jumbo frame lockup
- Added MSI (hw.bce.msi_enable) and TSO (hw.bce.tso_enable) sysctls
- Fixed kernel panic when MSI is used and module is unloaded
- Added several new debug routines
- Removed slack space for RX/TX chains since it only covers sloppy coding
- Fixed a potential problem when programming jumbo MTU size in hardware
- Various other comment changes

MFC after:	4 weeks
2007-05-16 23:34:11 +00:00
Marcel Moolenaar
18e10ae841 Bump G_LIB_VERSION to reflect the ABI change.
Pointed out by: pjd@
2007-05-16 23:32:40 +00:00
Marcel Moolenaar
cc09c7fb77 Don't enable symbol versioning on ia64 for now. It causes
symbol lookup failures that later result in null-pointer
dereferences. This needs looking into, but since we're
close to release it's possible that it's not resolved before
that time.
2007-05-16 23:24:15 +00:00
Marcel Moolenaar
878dd988ef We don't need --export-dynamic for ld-elf.so.1, because it's a
shared object.
2007-05-16 23:19:51 +00:00
Mark Peek
59dfb2db03 Work around a vendor issue that was causing the builtin malloc to be
used instead of the system malloc.

Submitted by:	ume
2007-05-16 21:22:38 +00:00
Robert Watson
6751f8364e Remove leading spaces before tabs spotted thanks to silby using
kwrite to read ip_input.c.
2007-05-16 20:46:58 +00:00
Robert Watson
d19e16a72c Generally migrate to ANSI function headers, and remove 'register' use. 2007-05-16 20:41:08 +00:00
Randall Stewart
002b1f0bba -Fix so getoptinfo() is in conformance with socket api (it
can be used on any read socketopt).
-Clean up of sendmsg call and make it conformant when no syscall
 is available.
2007-05-16 20:23:39 +00:00
Randall Stewart
ad9f3b406a Resolves symbols map so sctp_xxx() functions are included.
PR:		112704
Submitted by:	kou@cozmixng.org
2007-05-16 20:20:54 +00:00
Dag-Erling Smørgrav
f27f825839 Don't use a subshell where it isn't needed.
Noticed by:	John E Hein <jhein@timing.com>
2007-05-16 20:16:06 +00:00
Warner Losh
cfd1374177 Write 0 to all the bars in cardbus_cardbus_setup_regs. This is needed
because on at least my dc based cards there's garbage in there.  The
recent changes in the resource code appears to have unmasked this
problem...  At least dc now probes/attaches better than it did before.

Also, we no longer need to write to the cfg for the other registers.
2007-05-16 20:00:36 +00:00
Brooks Davis
a45cbf12c8 Update the comments on if_alloc(), if_free(), if_free_type(), and
if_attach.

Remove a comment about pre-3.0 network drivers from if_attach().

Be a bit more consistant about whitespace near comments.
2007-05-16 19:59:01 +00:00
Warner Losh
26432f7ba2 o Don't hold lock over bus_teardown_intr when we're waiting for the
thread to die, since that can cause deadlock with the ISR (in theory).
o Minor cleanup
o comment nit
2007-05-16 19:53:49 +00:00
Warner Losh
af3bdf60d5 Better message on cbb resource alloc failure 2007-05-16 18:44:56 +00:00
Warner Losh
4b3337405d Change PCIM_CIS_ASI_TUPLE to _CONFIG.
Add PCI_MAX_BAR_0
minor style nit.
Add PCIM_CIS_CONFIG_MASK
2007-05-16 18:42:38 +00:00
Warner Losh
7a528f5c2e Add some doxygen docs for pci_cfg_{save,restore}. 2007-05-16 18:41:42 +00:00
Brooks Davis
bec59525e6 The struct if_data members ifi_recvquota and ifi_xmitquota have been
unused for ages.  Rename them to ifi_spare_char1 and ifi_spare_char2
respectively to indicate this face.
2007-05-16 18:37:37 +00:00
Andre Oppermann
abb91d889a Remove now unused stuff forgotten in the previous commit. 2007-05-16 17:55:22 +00:00
Wojciech A. Koszek
332fd25c96 Revert config(8) version bump. It brings major pain for people working on
different versions of FreeBSD source tree.

Old config(8) can now be used unless you want to use INCLUDE_CONFIG_FILE
option.

Approved by:	imp
Reviewed by:	imp
2007-05-16 17:23:54 +00:00
Scott Long
35ef86f285 Catch up to driver changes required for the mfip sub-driver. 2007-05-16 17:23:36 +00:00
Scott Long
f366931c86 Add the 'mfip' sub-driver for gaining SCSI-passthrough access to devices
on an MFI controller.
2007-05-16 17:19:47 +00:00
Andre Oppermann
2104448fe7 Move TIME_WAIT related functions and timer handling from files
other than repo copied tcp_subr.c into tcp_timewait.c#1.284:

 tcp_input.c#1.350 tcp_timewait() -> tcp_twcheck()

 tcp_timer.c#1.92 tcp_timer_2msl_reset() -> tcp_tw_2msl_reset()
 tcp_timer.c#1.92 tcp_timer_2msl_stop() -> tcp_tw_2msl_stop()
 tcp_timer.c#1.92 tcp_timer_2msl_tw() -> tcp_tw_2msl_scan()

This is a mechanical move with appropriate renames and making
them static if used only locally.

The tcp_tw_2msl_scan() cleanup function is still run from the
tcp_slowtimo() in tcp_timer.c.
2007-05-16 17:14:25 +00:00
Scott Long
daddc0011f Release the bus reference that is acquired when doing a CAMIOCOMMAND
ioctl.  This should make SIM removal a bit more robust.
2007-05-16 16:57:21 +00:00
Scott Long
9602c3fce8 Remove an assertion in xpt_print_path() that makes debugging code much more
difficult.
2007-05-16 16:55:50 +00:00
Scott Long
85d92640f8 Add a helper function for registering async callbacks. Besides
eliminating a lot of duplicated code, this also fixes a locking edge case.
2007-05-16 16:54:23 +00:00