Commit Graph

142476 Commits

Author SHA1 Message Date
Doug Rabson
a9148abd9d Implement support for RPCSEC_GSS authentication to both the NFS client
and server. This replaces the RPC implementation of the NFS client and
server with the newer RPC implementation originally developed
(actually ported from the userland sunrpc code) to support the NFS
Lock Manager.  I have tested this code extensively and I believe it is
stable and that performance is at least equal to the legacy RPC
implementation.

The NFS code currently contains support for both the new RPC
implementation and the older legacy implementation inherited from the
original NFS codebase. The default is to use the new implementation -
add the NFS_LEGACYRPC option to fall back to the old code. When I
merge this support back to RELENG_7, I will probably change this so
that users have to 'opt in' to get the new code.

To use RPCSEC_GSS on either client or server, you must build a kernel
which includes the KGSSAPI option and the crypto device. On the
userland side, you must build at least a new libc, mountd, mount_nfs
and gssd. You must install new versions of /etc/rc.d/gssd and
/etc/rc.d/nfsd and add 'gssd_enable=YES' to /etc/rc.conf.

As long as gssd is running, you should be able to mount an NFS
filesystem from a server that requires RPCSEC_GSS authentication. The
mount itself can happen without any kerberos credentials but all
access to the filesystem will be denied unless the accessing user has
a valid ticket file in the standard place (/tmp/krb5cc_<uid>). There
is currently no support for situations where the ticket file is in a
different place, such as when the user logged in via SSH and has
delegated credentials from that login. This restriction is also
present in Solaris and Linux. In theory, we could improve this in
future, possibly using Brooks Davis' implementation of variant
symlinks.

Supporting RPCSEC_GSS on a server is nearly as simple. You must create
service creds for the server in the form 'nfs/<fqdn>@<REALM>' and
install them in /etc/krb5.keytab. The standard heimdal utility ktutil
makes this fairly easy. After the service creds have been created, you
can add a '-sec=krb5' option to /etc/exports and restart both mountd
and nfsd.

The only other difference an administrator should notice is that nfsd
doesn't fork to create service threads any more. In normal operation,
there will be two nfsd processes, one in userland waiting for TCP
connections and one in the kernel handling requests. The latter
process will create as many kthreads as required - these should be
visible via 'top -H'. The code has some support for varying the number
of service threads according to load but initially at least, nfsd uses
a fixed number of threads according to the value supplied to its '-n'
option.

Sponsored by:	Isilon Systems
MFC after:	1 month
2008-11-03 10:38:00 +00:00
Konstantin Belousov
4a723bd20c Add the ffsll and flsll functions. These are ffs and fls operating
on long long arguments.

Reviewed by:	bde (previous version, that included asm implementation
	for all ffs and fls functions on i386 and amd64)
MFC after:	2 weeks
2008-11-03 10:22:19 +00:00
Konstantin Belousov
6f41f432e1 Fix style. 2008-11-03 10:14:47 +00:00
Warner Losh
714cb2219c Turns out this isn't even used at all... The bogon that I was tracing was
in code from my p4 tree, not -current.  Delete it here.
2008-11-03 06:37:59 +00:00
Warner Losh
89558ee870 Use child (the card) in preference to cbdev (the bridge) when
allocating resources to read the CIS.  I'm not sure when this changed,
but it is totally wrong.  Also, add a minor improvement to the
debugging.

This should help everybody trying to run dumpcis on atheros wireless
card as well.

MFC after:	2 days
2008-11-03 06:06:22 +00:00
Warner Losh
6e39a203de We can't mask out the higher order bits and have the size come out
right...  Good thing the size was ignored...

Where this macro is used, there's no reason to do it anyway.  There
seems to have been some old-time confusion between the CIS pointer
definition, and the BAR definitions at the base of this bug.
2008-11-03 05:52:43 +00:00
Xin LI
7b1fac0035 Sync with OpenBSD's dirname(3) - license change, avoid strcpy() over
string constant, use memcpy() instead of strncpy() and improve code
readibility.  No functional change.
2008-11-03 05:19:45 +00:00
Scott Long
9d685822a4 Add amr_cam module directory that was missed in the previous commit. 2008-11-03 04:13:27 +00:00
Scott Long
64c71632bf Move the CAM passthrough code into a true module so that it doesn't have to be
compiled into the main AMR driver.  It's code that is nice to have but not
required for normal operation, and it is reported to cause problems for some
people.
2008-11-03 00:53:54 +00:00
Robert Watson
2b7da2dbf1 Catch up with netsmb locking: explicit thread arguments no longer required. 2008-11-02 23:20:27 +00:00
Robert Watson
e3b3762b32 Catch up internal locking routines in netsmb with lockmgr changes --
explicit thread arguments are no longer required in many places.
2008-11-02 23:15:32 +00:00
Ivan Voras
aa880b9018 Increase the initial sbuf size for CPU topology dump to something more
usable for newer CPUs. The new value allows 2 x quad core configuration
dumps to fit within the initial buffer without reallocations.

Approved by:	gnn (mentor) (older version)
Pointed out by:	rdivacky
2008-11-02 23:11:20 +00:00
Robert Watson
6aaab44423 smb_vc_put() requires that the passed vcp be locked, so lock it before
dropping the connection when the requested service isn't available, or
we may try to release a lock that isn't locked.

This prevents an assertion failure when trying to mount a non-present
share using smbfs with INVARIANTS; a lock order reversal warning that
immediately follows is not yet fixed.

Reported by:	attilio
MFC after:	3 days
2008-11-02 20:22:24 +00:00
Robert Watson
6966d7767a When encoding an smb name, truncate one byte earlier in order than we did
previously in order to ensure it fit properly in the bufer when encoded.
This prevents a debugging printf from firing if a source or destination
host name for an smb mount exceeds 15 characters.

MFC after:	3 days
Obtained from:	Apple, Inc.
2008-11-02 19:48:15 +00:00
Konstantin Belousov
e0dec6ebb1 Revert r184516. Option RL_TWISTER_ENABLE is no more after it became
loader tunable.

Pointy hat to:	me
2008-11-02 19:40:24 +00:00
Ed Schouten
3c5f535bbf Make the touch pad on my PowerBook G4 12" a little more usable.
For an unknown reason the touch pad of my PowerBook generates button 5
events when you operate it. This causes the adb_mouse code to convert
them to button 2 events, which is not what we want.

Add a new flag, AMS_TOUCHPAD, which is used to distinguish the touch
pad. When set, don't convert button events of unknown buttons to the
last button.

There are still three problems left with respect to user input:

- The mouse button events are not properly processed when the touch pad
  isn't touched.

- The arrow keys on the keyboard don't work inside X11.

- The power button isn't handled by the kernel, similar to the ACPI
  power button on i386/amd64.

Approved by:	nwhitehorn
2008-11-02 19:08:10 +00:00
Warner Losh
132580b5af MFp4:
Make the ISA bus keep track of more PNP details.  Plus a minor style
fix while I'm here.  More could be done here, but except for some SBCs
that don't have ACPI, there's limited value to anybody in doing so.
2008-11-02 18:48:54 +00:00
Warner Losh
96cf0b6d56 Make the no driver stuff an ifdef. 2008-11-02 17:35:15 +00:00
Warner Losh
972f68aeab Move mn over. One of the last stragglers in sys/pci. There's no
module built for this hardware, so no changes needed.
2008-11-02 17:04:54 +00:00
Tom Rhodes
8b4acb0cc0 Document a few sysctls in the NFS client and server code.
Minor style(9) where applicable.

Approved by:	alfred (slightly older version)
2008-11-02 17:00:23 +00:00
Warner Losh
b14bf100e9 Document dev.rl.%unit.twister_enable sysctl/tunable.
Submitted by:	Kostik Belousov
2008-11-02 16:51:57 +00:00
Warner Losh
4a8cdcaf87 Make RL_TWISTER_ENABLE a tunable/sysctl. Eliminate it as an option.
Fix module build.

Submitted by:	Kostik Belousov
2008-11-02 16:50:57 +00:00
Alexander Motin
57675eb3fa As soon as we have several threads per process now, it is not correct to
use process ID as ACPI thread ID. Concurrent requests with equal thread
IDs broke ACPI mutexes operation causing unpredictable errors including
AE_AML_MUTEX_NOT_ACQUIRED that I have seen.

Use kernel thread ID instead of process ID for ACPI thread.
2008-11-02 12:50:16 +00:00
Edward Tomasz Napierala
2a9e5e2e7c Remove the call to getinoquota() from ntfs_access. How did it get there?!
Approved by:	rwatson (mentor)
2008-11-02 11:49:19 +00:00
Attilio Rao
1efbe1a4be Reflect changes for the vfs_busy() prototype. 2008-11-02 10:33:57 +00:00
Attilio Rao
b23e9e9d85 Bump __FreeBSD_version in order to reflect vfs_busy() prototype changing
and its flags (MBF_NOWAIT, MBF_MNTLSTLOCK) introduction.
2008-11-02 10:20:18 +00:00
Attilio Rao
83b3bdbc8a Improve VFS locking:
- Implement real draining for vfs consumers by not relying on the
  mnt_lock and using instead a refcount in order to keep track of lock
  requesters.
- Due to the change above, remove the mnt_lock lockmgr because it is now
  useless.
- Due to the change above, vfs_busy() is no more linked to a lockmgr.
  Change so its KPI by removing the interlock argument and defining 2 new
  flags for it: MBF_NOWAIT which basically replaces the LK_NOWAIT of the
  old version (which was unlinked from the lockmgr alredy) and
  MBF_MNTLSTLOCK which provides the ability to drop the mountlist_mtx
  once the mnt interlock is held (ability still desired by most consumers).
- The stub used into vfs_mount_destroy(), that allows to override the
  mnt_ref if running for more than 3 seconds, make it totally useless.
  Remove it as it was thought to work into older versions.
  If a problem of "refcount held never going away" should appear, we will
  need to fix properly instead than trust on such hackish solution.
- Fix a bug where returning (with an error) from dounmount() was still
  leaving the MNTK_MWAIT flag on even if it the waiters were actually
  woken up. Just a place in vfs_mount_destroy() is left because it is
  going to recycle the structure in any case, so it doesn't matter.
- Remove the markercnt refcount as it is useless.

This patch modifies VFS ABI and breaks KPI for vfs_busy() so manpages and
__FreeBSD_version will be modified accordingly.

Discussed with:	kib
Tested by:	pho
2008-11-02 10:15:42 +00:00
Warner Losh
0952268ecd Add support for reading Tivo Series 1 partitioning. This likely needs
a little refinement, but is good enough to commit as is.

# Should look to see if I should move swab(3) into the kernel or just
# provide the unoptimized routine here.

Reviewed by:	marcel@
2008-11-02 03:02:56 +00:00
Warner Losh
205e85c3e2 Merge some minor deltas from p4 newcard tree:
(1) Belkin F5D7050_V4000 was also sold as 'Ativa 802.11g wireless card'
(document)
(2) Add HP Office Jet 4215
2008-11-02 03:00:36 +00:00
Warner Losh
795239ebe6 Remove cardbus attachment. It likely was a cut-n-paste left over from
whatever template was used to create this driver.  It is not
necessary, and wouldn't work anyway since (a) this device will never
be in a cardbus tin-can and (b) the driver isn't even PCI, but instead
a built-in NIC on the IDT RC32434 on its internal bus.
2008-11-02 02:58:24 +00:00
Peter Wemm
ed820052d0 Add missing END() macros, as per rev 184547 for amd64. The lack of these
is mostly harmless, but it does upset some of valgrind's functionality.
2008-11-02 01:28:47 +00:00
Peter Wemm
5d053f461c We've been lax about matching END() macros in asm code for some time. This
is used to set the ELF size attribute for functions.  It isn't normally
critical but some things can make use of it (gdb for stack traces).
Valgrind needs it so I'm adding it in.  The problem is present on all
branches and on both i386 and amd64.
2008-11-02 01:10:54 +00:00
Giorgos Keramidas
2db63c5e38 Various comment nits, and typos. 2008-11-02 00:41:26 +00:00
Robert Watson
d2f6bb070f Update introductory comment for audit pipes.
MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-11-02 00:25:48 +00:00
Robert Watson
6e1362b499 Remove stale comment about filtering in audit pipe ioctl routine: we do
support filtering now, although we may want to make it more interesting
in the future.

MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-11-02 00:18:19 +00:00
Robert Watson
e4565e2028 Add comment for per-pipe stats.
MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-11-01 23:05:49 +00:00
Robert Watson
cff9c52e23 We only allow a partial read of the first record in an audit pipe
record queue, so move the offset field from the per-record
audit_pipe_entry structure to the audit_pipe structure.

Now that we support reading more than one record at a time, add a
new summary field to audit_pipe, ap_qbyteslen, which tracks the
total number of bytes present in a pipe, and return that (minus
the current offset) via FIONREAD and kqueue's data variable for
the pending byte count rather than the number of bytes remaining
in only the first record.

Add a number of asserts to confirm that these counts and offsets
following the expected rules.

MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-11-01 21:56:45 +00:00
Robert Watson
a9275e0bd5 Allow a single read(2) system call on an audit pipe to retrieve data from
more than one audit record at a time in order to improve efficiency.

MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-11-01 21:16:09 +00:00
Tim Kientzle
92ab0af8a3 Correct the documented declaration of the archive_write_callback to
match the code.

PR:		docs/128089
Submitted by:	Mel
MFC after:	3 days
2008-11-01 19:11:21 +00:00
Edward Tomasz Napierala
c63bac11af Remove obsolete pseudocode from VOP_ACCESS.9, replacing it with something
closer to reality.

Approved by:	rwatson (mentor)
2008-11-01 19:02:05 +00:00
Warner Losh
d5d31449de Fix a few typos/spelling errors in my comments from the last commit,
plus a few others that had lingered in this driver...

Submitted by:	"b." bf2006a att yahoo KIBO com
2008-11-01 17:02:01 +00:00
Christian Brueffer
5dc230e73a - Add one more supported adapter (1)
- Fix a couple of typos

Submitted by:	Horvath Andras (1)
2008-11-01 14:19:55 +00:00
Ed Schouten
37a9f58275 Clamp the values of t_column to 5 digits in pstat -t' and show all ttys'.
We often run into these very high column numbers when we run curses
applications, because they don't print any newlines. This messes up the
table output of `pstat -t'. If these numbers get really high, they
aren't of any use to the reader anyway. Convert them to `99999' when
they run out of bounds.
2008-11-01 13:40:46 +00:00
Ed Schouten
c9dba40cc8 Reimplement the /dev/console device node.
One of the pieces of code that I had left alone during the development
of the MPSAFE TTY layer, was tty_cons.c. This file actually has two
different functions:

- It contains low-level console input/output routines (cnputc(), etc).

- It creates /dev/console and wraps all its cdevsw calls to the
  appropriate TTY.

This commit reimplements the second set of functions by moving it
directly into the TTY layer. /dev/console is now a character device node
that's basically a regular TTY, but does a lookup of `si_drv1' each time
you open it. d_write has also been changed to call log_console().
d_close() is not present, because we must make sure we don't revoke the
TTY after writing a log message to it.

Even though I'm not convinced this is in line with the future directions
of our console code, it is a good move for now. It removes recursive
locking from the top half of the TTY layer. The previous implementation
called into the TTY layer with Giant held.

I'm renaming tty_cons.c to kern_cons.c now. The code hardly contains any
TTY related bits, so we'd better give it a less misleading name.

Tested by:	Andrzej Tobola <ato iem pw edu pl>,
		Carlos A.M. dos Santos <unixmania gmail com>,
		Eygene Ryabinkin <rea-fbsd codelabs ru>
2008-11-01 08:35:28 +00:00
Ed Schouten
b75d197096 Allow a read() on /dev/ams[0-9] to be interrupted.
Right now ams_read() uses cv_wait() to wait for new data to arrive on
the mouse device. This means that when you run `cat /dev/ams0', it
cannot be interrupted directly. After you press ^C, you first need to
move the mouse before cat will quit. Make this function use
cv_wait_sig(), which allows it to be interrupted directly.

Reviewed by:	nwhitehorn
2008-11-01 08:07:02 +00:00
Maxim Konovalov
ee6aa68c9c o OpenBSD 4.4 added. 2008-11-01 06:48:28 +00:00
Warner Losh
5702451cd5 Add RL_TWISTER_ENABLE. 2008-11-01 00:28:44 +00:00
Warner Losh
9b27478be4 Add RL_TWISTER_ENABLE option. This enables the magic bits to do long
cable tuning.  This has helped in some installations for hardware
deployed by a former employer.  Made optional because the lists aren't
full of complaints about these cards... even when they were wildly
popular.

Reviewed by:	attilio@, jhb@, trhodes@ (all an older version of the patch)
2008-10-31 23:24:13 +00:00
Robert Watson
46658b2b2e In example use of err(3) and errx(3), use sysexits(3) constants.
MFC after:	3 days
Submitted by:	Bruce Cran <bruce at cran dot org dot uk>
2008-10-31 15:14:40 +00:00
Robert Watson
1a0edb10ca Since there is no longer the opportunity for record truncation, just
return 0 if the truncation counter is queried on an audit pipe.

MFC after:	2 months
Sponsored by:	Apple, Inc.
2008-10-31 15:11:01 +00:00