vm_pager_init() is run before required nswbuf variable has been set
to correct value. This caused system to run with single pbuf available
for vnode_pager. Handle both cluster_pbuf_freecnt and vnode_pbuf_freecnt
variableis in the same way.
Approved by: re (kensmith)
Add NATM_LOCK() and NATM_UNLOCK() in places where npcb_add() and
npcb_free() are called, in order to eliminate witness panics.
This was overlooked in removal of GIANT from ATM.
Approved by: re (hrs)
Remove FreeBSD 2.2 protocol usrreq compatibility code.
Remove minor #ifdefs for early NetBSD and OpenBSD compatibility.
Remove spl-related definitions.
Approved by: re (hrs)
natm_proto.c:1.16 from HEAD to RELENG_6:
Lock down netnatm and mark as MPSAFE:
- Introduce a subsystem mutex, natm_mtx, manipulated with accessor macros
NATM_LOCK_INIT(), NATM_LOCK(), NATM_UNLOCK(), NATM_LOCK_ASSERT(). It
protects the consistency of pcb-related data structures. Finer grained
locking is possible, but should be done in the context of specific
measurements (as very little work is done in netnatm -- most is in the
ATM device driver or socket layer, so there's probably not much
contention).
- Remove GIANT_REQUIRED, mark as NETISR_MPSAFE, remove
NET_NEEDS_GIANT("netnatm").
- Conditionally acquire Giant when entering network interfaces for
ifp->if_ioctl() using IFF_LOCKGIANT(ifp)/IFF_UNLOCKGIANT(ifp) in order
to coexist with non-MPSAFE atm ifnet drivers..
- De-spl.
Reviewed by: harti, bms (various versions)
Approved by: re (hrs)
Insert a series of place-holder function pointers in mac_policy.h for
entry points that will be inserted over the life-time of the 6.x branch,
including for:
- New struct file labeling (void * already added to struct file), events,
access control checks.
- Additional struct mount access control checks, internalization/
externalization.
- mac_check_cap()
- System call enter/exit check and event.
- Socket and vnode ioctl entry points.
Approved by: re (hrs)
Don't perform a nested include of opt_vmpage.h if LIBMEMSTAT is defined,
as opt_vmpage.h will not be available to user space library builds. A
similar existing check is present for KLD_MODULE for similar reasons.
Approved by: re (hrs)
Wrap inlines in uma_int.h in #ifdef _KERNEL so that uma_int.h can be
used from memstat_uma.c for the purposes of kvm access without lots
of additional unsafe includes.
Approved by: re (hrs)
Holding a vnode doesn't prevent v_mount from disappearing (when the
vnode is inactivated), possibly leading to a NULL dereference when
checking if the mount wants knotes to be activated in the VOP hooks.
So, we add a new vnode flag VV_NOKNOTE that is only set in getnewvnode(),
if necessary, and check it when activating knotes.
Since the flags are not erased when a vnode is being held, we can safely
read them.
Approved by: re (kensmith)
HEAD to RELENG_6: changes to introduce a credentialed version of the
clone event handler, and then changes to merge the regular and
credentialed versions into a single interface (along with updates to
existing consumers). With this merge, 6.x and 7.x are in sync.
First batch merges devfs_devs.c:1.37, devfs_vnops.c:1.115,
kern_conf.c:1.187, tty_pty.c:1.138, mac_vfs.c:1.109, mac_biba.c:1.36,
mac_lomac.c:1.36, mac_mls.c:1.73, mac_stub.c:1.53, mac_test.c:1.61,
conf.h:1.223, mac.h:1.68, mac_policy.h:1.67 from HEAD to RELENG_6:
When devfs cloning takes place, provide access to the credential of the
process that caused the clone event to take place for the device driver
creating the device. This allows cloned device drivers to adapt the
device node based on security aspects of the process, such as the uid,
gid, and MAC label.
- Add a cred reference to struct cdev, so that when a device node is
instantiated as a vnode, the cloning credential can be exposed to
MAC.
- Add make_dev_cred(), a version of make_dev() that additionally
accepts the credential to stick in the struct cdev. Implement it and
make_dev() in terms of a back-end make_dev_credv().
- Add a new event handler, dev_clone_cred, which can be registered to
receive the credential instead of dev_clone, if desired.
- Modify the MAC entry point mac_create_devfs_device() to accept an
optional credential pointer (may be NULL), so that MAC policies can
inspect and act on the label or other elements of the credential
when initializing the skeleton device protections.
- Modify tty_pty.c to register clone_dev_cred and invoke make_dev_cred(),
so that the pty clone credential is exposed to the MAC Framework.
While currently primarily focussed on MAC policies, this change is also
a prerequisite for changes to allow ptys to be instantiated with the UID
of the process looking up the pty. This requires further changes to the
pty driver -- in particular, to immediately recycle pty nodes on last
close so that the credential-related state can be recreated on next
lookup.
Submitted by: Andrew Reisse <andrew.reisse@sparta.com>
Obtained from: TrustedBSD Project
Sponsored by: SPAWAR, SPARTA
Second batch merges scsi_target.c:1.68, coda_fbsd.c:1.43,
firewirereg.h:1.38, fwdev.c:1.47, nmdm.c:1.36, snp.c:1.100, dsp.c:1.82,
mixer.c:1.45, vkbd.c:1.9, devfs_vnops.c:1.117, tty_pty.c:1.139,
tty_tty.c:1.57, bpf.c:1.156, if_tap.c:1.56, if_tun.c:1.153,
smb_dev.c:1.28, conf.h:1.224 from HEAD to RELENG_6:
Merge the dev_clone and dev_clone_cred event handlers into a single
event handler, dev_clone, which accepts a credential argument.
Implementors of the event can ignore it if they're not interested,
and most do. This avoids having multiple event handler types and
fall-back/precedence logic in devfs.
This changes the kernel API for /dev cloning, and may affect third
party packages containg cloning kernel modules.
Requested by: phk
These changes modifies the kernel device driver API for device cloning,
and might require minor modifications to third party device drivers that
make use of devfs cloning. It will not be merged to RELENG_5.
Approved by: re (scottl)
> Use m_copypacket() which is an optimization of the common case
> m_copym(m, 0, M_COPYALL, how).
>
> This is required for strict alignment architectures where we align the
> IP header in the input path but m_copym() will create an unaligned copy
> in bridge_broadcast(). m_copypacket() preserves alignment of the first
> mbuf.
>
> Noticed by: Petri Simolin
> Approved by: mlaier (mentor)
Approved by: re (kensmith), mlaier (mentor)
Don't lock when holding led_mtx, instead use AcpiOsQueueForExecution to defer
the locking.
Idea taken from: acpi_asus(4)
Approved by: philip
Reported by: avatar
Gordon Bergling <gbergling@0xfce3.net>
Approved by: re (kensmith)
Add support for IPv6 over GRE [1]. PR kern/80340 includes the
FreeBSD specific ip_newid() changes NetBSD does not have.
Correct handling of non AF_INET packets passed to bpf [2].
PR: kern/80340[1], NetBSD PRs 29150[1], 30844[2]
Obtained from: NetBSD ip_gre.c rev. 1.34,1.35, if_gre.c rev. 1.56
Submitted by: Gert Doering <gert at greenie.muc.de>[2]
Approved by: re (kensmith)
Delay freeing disk space for file system blocks until all
dirty buffers are safely released. This fixes softdep
problems on truncation (deletion) of files with dirty
buffers.
Approved by: re (kensmith)
trap.c r1.55
trap_subr.S r1.15
Temporary band-aid to fix hang when a process exec's Altivec
instructions.
trap_subr.S: declare a stub for the a-unavailable trap
that does an absolute jump to the vector-assist trap.
This is due to the fact that the vec-unavail trap
doesn't start at a 256-byte boundary, so the trick of
masking the bottom 8 bits of the link register to identify
the interrupt doesn't work, so let the vec-assist
case handle Altivec-disabled for the time being.
Note that this will be fixed in the future with a much
smaller vector code-stub (< 16 bytes) that will allow
use of strange vector offsets that are also present in
4xx processors, and also allow smaller differences in
vector codepaths on the G5.
trap.c: Treat altivec-unavailable/assist process traps as SIGILL.
Not quite correct, since altivec-assist should really
be a panic,
but it is fine for the moment due to the above measure.
machdep.c Install the stub code for the altivec-unavailable trap, and
the standard trap code at the altivec-assist.
Approved by: re (Ken Smith)
Correct the description of the TAPE environment variable.
Based on:
PR: docs/84200
Submitted by: Gary W. Swearingen <garys at opusnet dot com>
Approved by: re (hrs)
