Commit Graph

130423 Commits

Author SHA1 Message Date
rrs
ae6663525a First cut of the sctp man pages. Still need work. 2007-02-22 14:32:39 +00:00
rrs
5a82d02989 Fixes __FreeBSD__ being present (they should not)
and also trailing garbage on undef of magic numbers.
2007-02-22 13:39:57 +00:00
rrs
d35264cb57 Adds a performance improvement for when sctp_sendx is
called with only one address, we then can call the
generic system call. Also fixes some socket api
type issues and cleans up the "magic" numbers that
were being used in the code.

Reviewed by:	gnn
2007-02-22 12:42:43 +00:00
rwatson
61cab71be1 Add an additional MAC check to the UNIX domain socket connect path:
check that the subject has read/write access to the vnode using the
vnode MAC check.

MFC after:	3 weeks
Submitted by:	Spencer Minear <spencer_minear at securecomputing dot com>
Obtained from:	TrustedBSD Project
2007-02-22 09:37:44 +00:00
alc
e4e74de1c2 Change the page's CLEANCHK flag from being a page queue mutex synchronized
flag to a vm object mutex synchronized flag.
2007-02-22 06:15:52 +00:00
njl
a9d90540f4 Improve readability of the version string. 2007-02-22 05:59:23 +00:00
delphij
d047a6100e Mention that BSD gzip was MFC'ed 2007-02-22 05:31:39 +00:00
bms
aaa1e7fb11 Fix a bug in if_findmulti(), whereby it would not find (and thus delete)
a link-layer multicast group membership.
Such memberships are needed in order to support protocols such as
IS-IS without putting the interface into PROMISC or ALLMULTI modes.

sa_equal() is not OK for comparing sockaddr_dl as it has deeper structure
than a simple byte array, so add sa_dl_equal() and use that instead.

Reviewed by:	rwatson
Verified with:	/usr/sbin/mtest
Bug found by:	Jouke Witteveen
MFC after:	2 weeks
2007-02-22 00:14:02 +00:00
sos
bcf58d1f0e Update copyright headers. 2007-02-21 19:07:19 +00:00
sos
a2861c6b3a Try again with supporting AHCI chipsets with partly implemented ports. 2007-02-21 19:03:34 +00:00
jhb
cacf0d22c4 Restore support for the 5706C bce(4) phy that was broken during the
addition of SerDes support.  According to the docs, the 5706C and 5708C
phys are supposed to use the same MII model that is separate from the
SerDes parts, but the 5706C actually uses the MII model of the SerDes
parts.  To fix this, readd the old 5706C entry to miidevs and add a
special check in brgphy_probe() for phys that match the 5706C ID.  If
the phy is supported by the gentbi(4) driver, then it's a SerDes phy, so
we fail the probe and let gentbi(4) grab it.  Otherwise, it's a 5706C phy,
so we let brgphy(4) grab it.

In coordination with:	dwhite
2007-02-21 18:17:44 +00:00
gallatin
a5cba253f7 Work around a firmware bug where broadcast frames would be incorrectly
treated as multicast frames and filtered, but when only when "adopting"
running firmware.  By "adopting", I mean using pre-existing firmware
loaded from eeprom at PCI reset, rather than firmware loaded by the
driver.
2007-02-21 17:34:05 +00:00
sos
0b9339eb2e Be a little less stringent in getting progress report data. 2007-02-21 14:06:51 +00:00
sos
9f88714914 Temporarily disable the support for some incarnations of the ICH8 chip that has
non consecutively numbered ports.
This should fix current SATA problems.
Support AHCI chips where the ports are not consecutively numbered as in
some incarnations of the ICH8 chip.
2007-02-21 14:05:57 +00:00
bms
b9c5bc7e70 Update host-mode multicast group information output.
Display IPv4 and IPv6 memberships separately.
  Obey the MK_INET6_SUPPORT flag.
 Display link-layer memberships.
  Use addr2ascii() to correctly print non-IEEE 802 sockaddr_dl instances.
 Eliminate redundant switch..case blocks.
 Update copyright.
 Misc style changes.

MFC after:	3 weeks
2007-02-21 13:59:21 +00:00
bms
37b367b5c8 Change wording of warnings when there is no ip_mroute.ko module
loaded into the system.
Change wording of comments to reflect the fact we should unconditionally
use KVM if the -M option is used to specify a core file.
Add comments to document the fact that IPv6 multicast forwarding
information display still relies on KVM for gathering information.
2007-02-21 13:41:51 +00:00
philip
e0f499d1d4 Optimize set_origin() use in some screensavers to stop them eating
cpu power when the origin hasn't changed.

PR:		kern/100683
Submitted by:	Gareth McCaughan <gareth -dot- mccaughan -at- pobox.com>
MFC after:	3 days
2007-02-21 12:27:12 +00:00
rwatson
74bf41b149 Refine implementation notes for priv(9): clarify ABI comments, mention
updating Jail's list of privileges.
2007-02-21 10:32:03 +00:00
brueffer
c4321353f5 Document vge(4)'s support for altq(4). 2007-02-21 10:00:09 +00:00
brueffer
eab716103b Complete the support for altq(4).
Tested by:	J.R. Oldroyd
Reviewed by:	mlaier
Approved by:	rwatson (mentor)
MFC after:	1 week
2007-02-21 09:57:27 +00:00
mckusick
96503737f7 The functions that set and delete external attributes must check
that the filesystem is not mounted read-only before proceeding.

Reported by: Ryan Beasley <ryanb@FreeBSD.org>
MFC after: 1 week
2007-02-21 08:50:06 +00:00
dumbbell
d110653fb0 Fix a bug with the release of section's raw data. Both release loops
were using translated data linked list, leading to a memory leak.

Jkoshy's testsuite was used to check for non-regression.
2007-02-21 08:14:22 +00:00
n_hibma
4d8a89236c Initialise {transport,protocol}{,_version} fields during a PATH_INQ to avoid a
warning message.
2007-02-21 07:46:40 +00:00
n_hibma
3d196e1a91 Reduce the noise when plugging in (USB) mass storage devices, like a 4 port
flash card reader.
Also remove an 'Opened da0 -> <random number>' which is not needed on a daily
basis (available through bootverbose).

Reviewed by:	phk, ken
MFC after:	1 week
2007-02-21 07:45:02 +00:00
alc
989e3abb2c Change pmap_protect() so that execute access can be removed without
simultaneously removing write access.
2007-02-21 06:00:46 +00:00
kientzle
704cfee6a8 If we already have stat() data, we might be able to
determine if this is a physical dir without an lstat().
While I'm in here, try to clarify the comments around
the _is_dir() and _is_physical_dir() tests.
2007-02-21 05:07:43 +00:00
cognet
0592e954a1 Check that the error returned by vfs_getopts() is not ENOENT before assuming
there's actually an error.
This is just in order to unbreak ntfs on current, before a proper solution is
committed.
2007-02-21 00:30:09 +00:00
rwatson
2bf000ef9b Remove unnecessary privilege and privilege check for WITNESS sysctl.
Head nod:	jhb
2007-02-20 23:49:31 +00:00
n_hibma
277133d8d8 Create a link from hosts.allow(5) hosts_access(3), to give the user a
starting point for more information on a file in /etc.

MFC after:	1 week
2007-02-20 23:12:04 +00:00
n_hibma
a5256aaa91 Kris suggested that swap is a better choice as a default than malloc.
MFC:	1 week
2007-02-20 22:04:23 +00:00
n_hibma
afe986e40e [Found the original diff I made, see previous commit for other part]
Assume '-a' and '-t malloc' flags for '-s <size>' (malloc ramdisk) if not
specified.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:29:30 +00:00
n_hibma
4a1dbd81cb Make attach the default for -f. That way
mdconfig -f image

works like a charm.

Reviewed by:	phk (some time ago)
MFC:		1 week
2007-02-20 21:04:12 +00:00
emaste
13b4da30e0 Avoid writing uninitialized stack data into a thread's MMX/SSE state by
first getting the current state with td_thr_getxmmregs_p.  Without this,
debugging a threaded app that uses libthr resulted in kernel panics or
spurious SIGFPEs for me.

(As of revision 1.6, sys/i386/i386/ptrace_machdep.c masks off the
reserved bits in the mxcsr register, which prevents the kernel panics.)

Architectures without PT_GETXMMREGS are not affected.

MFC after:      1 week
2007-02-20 18:10:13 +00:00
luigi
46050eb5fb Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,
and make it print under debug.iwi control same as other debugging stuff.

Remove the device_printf() in iwi_ioctl() and replace with this:

        /*
         * wait until pending iwi_cmd() are completed, to avoid races
         * that could cause problems.
         */
        while (sc->flags & IWI_FLAG_BUSY)
                msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz);

This at least prevents what has become an almost systematic failure for my
system, presumably due to a previous iwi_cmd() not complete yet by the
time iwi_ioctl() is called.

It has been pointed to my attention that the real problem could be
calling ieee80211_ioctl() with the lock held. If that is true,
there might still be a possibility for a race condition e.g. an
interrupt coming while the ioctl is sleeping.
Need to investigate further on what changes are required to release
the lock before calling ieee80211_ioctl
2007-02-20 17:32:30 +00:00
luigi
6fa627a6e1 Address a few issues with the iwi driver, namely:
+ do not release the dma-ble region used for downloading firmware.
  This should fix the problems that some people were seeing, due to
  memory becoming too fragmented which prevented subsequent allocations
  of a suitable contiguous region of memory;

+ document the firmware format and usage in if_iwivar.h

+ use a loop to allocate the four tx rings, instead of replicating
  the body of the loop.

+ add debugging code IWI_LOCK_ASSERT() to detect missing locks.
  These only do a printf, and should go away once we figure out why
  the driver sometimes freezes the system due to a (yet unidentified)
  race condition.

+ add a device_printf() in iwi_ioctl() in certain conditions
  (see comment in the code).  This helps preventing the race condition
  mentioned above, and makes the system survive. This printf will
  also go away once fixing this bug is completed.

+ change iwi_getfw() to return 0 on success, 1 on error, consistently
  with other functions.

+ fix the argument of a sizeof() in iwi_get_firmware()

+ use le32toh() to access little-endian fields

+ simplify error handling in iwi_load_firmware() and iwi_init_locked()

The bugs fixed by this commit (the freezing one especially) are serious
enough to call for a quick MFC

MFC after: 3 days
2007-02-20 15:45:59 +00:00
rwatson
800b6fbc65 Replace a suser() check with an explicit check for PRIV_NET_SETIFMTU. 2007-02-20 15:20:36 +00:00
luigi
31fab4deb9 Document the endiannes of firmware headers
(in preparation for changes in the C code).
2007-02-20 14:29:09 +00:00
rwatson
c208b1a04f Update auditing of socket information for the inpcb new world order:
so_pcb will always be non-NULL, and lock the inpcb while non-atomically
accessing address data.
2007-02-20 13:38:11 +00:00
rwatson
6d90d77c6f Break introductory comment into two paragraphs to separate material on the
garbage collection complications from general discussion of UNIX domain
sockets.

Staticize unp_addsockcred().

Remove XXX comment regarding Giant and v_socket -- v_socket is protected
by the global UNIX domain socket lock.
2007-02-20 10:50:02 +00:00
rwatson
4904133d3c Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop in
mac_bsdextended_check() to before the loop, as it needs to happen only
once.

MFC after:	1 week
2007-02-20 10:21:27 +00:00
rwatson
b659d84f71 Rename two identically named log_in_vain variables: tcp_input.c's static
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
2007-02-20 10:20:03 +00:00
rwatson
5c6ebcbcaf Gratuitous UDP restyling toward style(9) in 7.x. 2007-02-20 10:13:11 +00:00
rwatson
9fe3c3d1c8 Remove discontinuity in network privilege number space.
Spotted by:	emaste (ages ago)
2007-02-20 00:28:19 +00:00
rwatson
14aa367dea Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege. 2007-02-20 00:12:52 +00:00
rwatson
ed1b7861e0 Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() with
kern_jail.c: allow jailed root these privileges.  This only has an
effect if System V IPC is administratively enabled for the jail.
2007-02-20 00:06:59 +00:00
rwatson
8b1a1cc871 Restore sysv_ipc.c:1.30, which was backed out due to interactions with
System V shared memory, now believed fixed in sysv_shm.c:1.109:

  date: 2006/11/06 13:42:01;  author: rwatson;  state: Exp;  lines: +65 -37
  Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
  specific privilege names to a broad range of privileges.  These may
  require some future tweaking.

  Sponsored by:           nCircle Network Security, Inc.
  Obtained from:          TrustedBSD Project
  Discussed on:           arch@
  Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
                          Alex Lyashkov <umka at sevcity dot net>,
                          Skip Ford <skip dot ford at verizon dot net>,
                          Antoine Brodin <antoine dot brodin at laposte dot net>

This restores fine-grained privilege support to System V IPC.

PR:	106078
2007-02-19 22:59:23 +00:00
rwatson
ef9ccd29e1 Remove call to ipcperm() in shmget_existing(). The flags argument is
ignored on other systems I investigated when accessing an existing
memory segment rather than creating a new one.  This call to ipcperm()
is the only one to pass in a complete mode flag to the permission
checks rather than a simple access request mask, and caused problems
for the revised ipcperm() based on the priv(9) interface, which can
now be restored.

PR:	106078
2007-02-19 22:56:10 +00:00
njl
ac3a9d22a9 Note problems I had with bsnmpd while updating from an older -current.
There may be better ways to fix/work around these issues but this worked
for me.
2007-02-19 22:49:43 +00:00
rwatson
f191f06add Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorize
adding a netatalk address to an interface.
2007-02-19 22:40:02 +00:00
rwatson
d298e8c0c2 Rename three quota privileges from the UFS privilege namespace to the
VFS privilege namespace: exceedquota, getquota, and setquota.  Leave
UFS-specific quota configuration privileges in the UFS name space.

This renumbers VFS and UFS privileges, so requires rebuilding modules
if you are using security policies aware of privilege identifiers.
This is likely no one at this point since none of the committed MAC
policies use the privilege checks.
2007-02-19 13:33:10 +00:00