111569 Commits

Author SHA1 Message Date
Robert Watson
7e400ed143 Update mac_test for MAC Framework policy entry points System V IPC
objects (message queues, semaphores, shared memory), exercising and
validating MAC labels on these objects.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 20:31:29 +00:00
Sam Leffler
4ef04d32f3 when ssid suppression is enabled don't respond to probe requests
unless our ssid is specified
2005-01-22 20:31:22 +00:00
Sam Leffler
e5a96ac7fb be consistent in naming inactivity timers;
net.wlan.X.inact -> net.wlan.X.inact_run
2005-01-22 20:29:23 +00:00
Robert Watson
ba53d9c937 Update mac_stub for MAC Framework policy entry points System V IPC
objects (message queues, semaphores, shared memory).

Submitted by:   Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:  TrustedBSD Project
Sponsored by:   DARPA, SPAWAR, McAfee Research
2005-01-22 20:26:43 +00:00
Sam Leffler
a88be5f1ae o replace out-of-line copy of FCS w/ a flag that indicates the
frame includes FCS (requires applications to be updated, but since
  we weren't doing the out-of-line FCS stuff anyway app changes
  were needed already)
o add a flag to indicate padding exists between the 802.11 header and
  the payload (e.g. for Atheros cards)
o diff reducation against netbsd

MFC after:	1 week
2005-01-22 20:12:05 +00:00
Robert Watson
82d16d5e03 Implement MLS confidentiality protection for System V IPC objects
(message queues, semaphores, shared memory).

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 20:11:16 +00:00
Robert Watson
842b39018a Implement Biba integrity protection for System V IPC objects (message
queues, semaphores, shared memory).

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 20:07:11 +00:00
Pawel Jakub Dawidek
0d79319a76 Allow to specify device size in bytes.
MFC after:	1 week
2005-01-22 20:02:01 +00:00
Wilko Bulte
0447ccf320 s/principals/principles/
Fortune was duplicated, remove one copy.
2005-01-22 20:00:50 +00:00
Pawel Jakub Dawidek
1db17c6db2 - Don't destroy UMA zone on error in mdcreate_malloc(), because we need it
in mddestroy() to properly free already allocated memory.
  This fixes a panic when we want to create too big memory backed device
  with preallocate memory (-o reserve).
- Remove redundant { }.

MFC after:	1 week
2005-01-22 19:56:03 +00:00
Xin LI
980b4f7474 Make sure that we don't define INET6 when NO_INET6 is defined.
Without this change, when running netstat with a kernel without
INET6 built in, you will get a complain at the end of "netstat -s"
output.

X-MFC:		NO_INET6 was called "NOINET6" on RELENG_5
2005-01-22 19:35:48 +00:00
Alan Cox
75337a5677 Guard against address wrap in kernacc(). Otherwise, a program accessing a
bad address range through /dev/kmem can panic the machine.

Submitted by: Mark W. Krentel
Reported by: Kris Kennaway
MFC after: 1 week
2005-01-22 19:21:29 +00:00
Robert Watson
14cedfc842 Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC shared memory.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 19:10:25 +00:00
Poul-Henning Kamp
9d3a77c463 Add a couple of mtx_asserts() to try to narrow down the window on
a bug repeatedly reported.
2005-01-22 19:08:50 +00:00
Robert Watson
a6009aa7c1 Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC semaphores.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 19:04:17 +00:00
Robert Watson
e6a543f8db Invoke label initialization, creation, cleanup, and tear-down MAC
Framework entry points for System V IPC message queues.

Submitted by:	Dandekar Hrishikesh <rishi_dandekar at sbcglobal dot net>
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, SPAWAR, McAfee Research
2005-01-22 18:51:43 +00:00
Andrey A. Chernov
d308373710 Especially mention that setting errno to EINVAL in "no conversion" case
is not portable.

Asked by:       joerg
2005-01-22 18:02:58 +00:00
Ruslan Ermilov
d591eb90f7 Document -l and -n options in usage(). 2005-01-22 14:37:57 +00:00
Ruslan Ermilov
a1761aecf5 Polish previous revision:
- Bump document date.
- Spell "file system" properly.
- Add missing markup bits.
2005-01-22 14:36:51 +00:00
David Schultz
d5580d091a Add fma() and fmaf(), which implement a fused multiply-add operation. 2005-01-22 09:53:18 +00:00
Matt Jacob
c81d2c74ac Don't pass unadulterated unit numbers to make_dev and its ilk- if you
have more than 256 units, you die. Horribly. Convert them using
unit2minor.

MFC after:	1 week
2005-01-22 07:21:25 +00:00
David Schultz
00646ca204 Replace the ldexp() implementation in libc with a renamed copy of the
scalbn() implementation from libm.  (The two functions are defined to
be identical, but ldexp() lives in libc for backwards compatibility.)
The old ldexp() implementation...
  - was more complicated than this one
  - set errno instead of raising FP exceptions
  - got some corner cases wrong
    (e.g. ldexp(1.0, 2000) in round-to-zero mode)

The new implementation lives in libc/gen instead of
libc/$MACHINE_ARCH/gen, since we don't need N copies of a
machine-independent file.  The amd64 and i386 platforms
retain their fast and correct MD implementations and
override this one.
2005-01-22 06:03:40 +00:00
David E. O'Brien
4d28b4d206 Embellish rev 1.61. If we're not building a debug kernel, use -O2 as before.
Submitted by:	ru
2005-01-22 00:58:34 +00:00
Bosko Milekic
eca64e79b5 s/round_page/trunc_page/g
I meant trunc_page.  It's only a coincidence this hasn't caused
problems yet.

Pointed out by: Antoine Brodin <antoine.brodin@laposte.net>
2005-01-22 00:09:34 +00:00
Wes Peters
6860a76294 Forced commit to note:
MFC after:	2 weeks
2005-01-21 22:53:51 +00:00
Wes Peters
34b59b6bf2 Add an option to suppress the creation of the .snap directory in
the new filesystem.  This is intended for memory and vnode filesystems
that will never be fsck'ed or dumped.

Obtained from:	St. Bernard Software RAPID
MFC after:	2 weeks
2005-01-21 22:20:25 +00:00
Wes Peters
73e31afa1a Improved error checking for existence of a .snap directory to
generate snapshots in when -L is requested.  If the .snap directory
does not exist, or is not a directory, issue a warning and revert
to the non- live behavior.

Obtained from:	St. Bernard Software RAPID
2005-01-21 22:13:25 +00:00
Ruslan Ermilov
a5947c18a8 - Soften sentence breaks.
- Remove double whitespace.
- Sort sections.
2005-01-21 21:57:05 +00:00
Ruslan Ermilov
8dd6d434d4 Fixed macro abuse. 2005-01-21 20:51:09 +00:00
Ruslan Ermilov
49aa339e39 Fixed xrefs. 2005-01-21 20:50:39 +00:00
Ruslan Ermilov
ead5223f54 Fixed punctuation in xrefs. 2005-01-21 20:48:00 +00:00
Warner Losh
327f4aba35 we don't need the offset in the attr memory to get the ethernet
address, nor do we need the alignment requirements, so eliminate them.
This likely means that we can now collapse some of the entries as we
have no need of them anymore (they match other entries and were there
only to get the right attr memory offset of the enet addr).
2005-01-21 19:51:23 +00:00
Lukas Ertl
f9b7569c09 Only report state changes of subdisks and plexes when there's
really a state change.

Reword the info a bit.
2005-01-21 18:27:23 +00:00
Lukas Ertl
0d93122102 Don't initialize error with ENXIO as we might end up here when
the plex has no more consumers (e.g. orphaning).
2005-01-21 18:24:20 +00:00
Bruce M Simpson
2e8b465618 Braino. Revert previous commit, NO_MAN was already corrected.
Noticed by:	imp
2005-01-21 18:12:47 +00:00
Hajimu UMEMOTO
5b8c5ac438 we don't need to make fake sockaddr_in6 to compare subject address.
MFC after:	1 week
2005-01-21 18:12:46 +00:00
Bosko Milekic
e4eb384b47 Bring in MemGuard, a very simple and small replacement allocator
designed to help detect tamper-after-free scenarios, a problem more
and more common and likely with multithreaded kernels where race
conditions are more prevalent.

Currently MemGuard can only take over malloc()/realloc()/free() for
particular (a) malloc type(s) and the code brought in with this
change manually instruments it to take over M_SUBPROC allocations
as an example.  If you are planning to use it, for now you must:

	1) Put "options DEBUG_MEMGUARD" in your kernel config.
	2) Edit src/sys/kern/kern_malloc.c manually, look for
	   "XXX CHANGEME" and replace the M_SUBPROC comparison with
	   the appropriate malloc type (this might require additional
	   but small/simple code modification if, say, the malloc type
	   is declared out of scope).
	3) Build and install your kernel.  Tune vm.memguard_divisor
	   boot-time tunable which is used to scale how much of kmem_map
	   you want to allott for MemGuard's use.  The default is 10,
	   so kmem_size/10.

ToDo:
	1) Bring in a memguard(9) man page.
	2) Better instrumentation (e.g., boot-time) of MemGuard taking
	   over malloc types.
	3) Teach UMA about MemGuard to allow MemGuard to override zone
	   allocations too.
	4) Improve MemGuard if necessary.

This work is partly based on some old patches from Ian Dowse.
2005-01-21 18:09:17 +00:00
Bruce M Simpson
dc5ae70194 Catch up with NO_MAN->NOMAN change. 2005-01-21 17:38:02 +00:00
Bruce M Simpson
a3119c562c If a device resides in physical slot 0, report it as being on-board as
per PIR specification.
Add the VIA VT82C686 PCI interrupt routing function as a known chipset.
2005-01-21 17:11:38 +00:00
Bruce M Simpson
92a50b006d Fix a masking error. Update copyright. 2005-01-21 17:05:33 +00:00
Bruce M Simpson
56bcfb6d4e Do not treat an invalid PIR table checksum as a fatal error condition, but
do print a warning about it.
Correct a stupid logic error.
Update copyrights.  Fix whitespace bug.

MFC after:	1 week
2005-01-21 16:15:24 +00:00
Pawel Jakub Dawidek
b0a99991d9 Fix handling of providers with / in them (e.g. mirror/foo).
Submitted by:	Attila Nagy <bra@fsn.hu>
MFC after:	1 week
2005-01-21 14:38:44 +00:00
Andrey A. Chernov
db0e25eeb9 Whitespace/style tweaking of prev. commit.
Noted by:       bde
2005-01-21 13:31:02 +00:00
Ruslan Ermilov
720e293ae7 Reflect the reality; only crypt(3) uses /etc/auth.conf
for the time being.
2005-01-21 12:07:46 +00:00
Ruslan Ermilov
a3f9c9fc03 Fixed xref. 2005-01-21 12:01:00 +00:00
Ruslan Ermilov
75f7ea160c Removed remnants of Kerberos support. 2005-01-21 11:22:34 +00:00
Ruslan Ermilov
02a8121a17 Removed Kerberos remnants. 2005-01-21 11:09:40 +00:00
Ruslan Ermilov
3ac17feb8a Fixed xref. 2005-01-21 10:48:35 +00:00
Ruslan Ermilov
0a75bcd459 Fixed macro abuse. 2005-01-21 10:46:36 +00:00
Ruslan Ermilov
5c8e5f2462 Fixed xrefs. 2005-01-21 10:35:40 +00:00