Commit Graph

96957 Commits

Author SHA1 Message Date
rwatson
b7bf2a8dfd A variety of content cleanups:
(1) Document the notion of using jail(8) to run "virtual servers" or
    just to constrain specific applications.  If only running specific
    applications, some configuration steps are unnecessary (such as
    editing rc.conf).

(2) Add some more subsection headers to break up the bigger chunks of
    text.

(3) Clarify the problems associated with applications binding all IP
    addresses in the host, and attempt to be more specific about
    potential application problems.  Document how to force sshd to
    bind the the right socket.

(4) Suggest that in a jailed application scenario, you might want to
    have the host syslogd listen on the socket in the jail, rather
    than running syslogd in the jail.

(5) Catch another reference to /stand/sysinstall.

Approved by:	re (bmah implicitly)
2003-11-20 03:47:50 +00:00
rwatson
6b9c80ba7a No need to copy sysinstall into a jail with -CURRENT, since in
-CURRENT, we have /usr/sbin/sysinstall.

Approved by:	re (bmah implicitly)
2003-11-20 02:46:44 +00:00
sam
6b540b6f1a eliminate an unnecessary 8Kbyte bzero that was being done for each
submitted operation

Submitted by:	Thor Lancelot Simon
Reviewed by:	jhb
Approved by:	re (jhb)
2003-11-19 22:42:34 +00:00
njl
13274cd798 Clean up one more sentence that was wrapped unnecessarily.
Approved by:	re (implicitly)
2003-11-19 20:37:15 +00:00
njl
fefd7b2994 Update the man page for hw.acpi.reset_video and a few mdoc(7) cleanups.
Submitted by:	Andreas Kohn <andreas.kohn@gmx.net>
Approved by:	re (implicitly)
2003-11-19 20:30:18 +00:00
njl
66237b7d67 Improve the section on Cx states, documenting the removal of -1 as a
valid value for cx_lowest.  To disable sleeping, use machdep.cpu_idle_hlt
instead.  Update the version of the ACPI spec we implement.

Approved by:	re (implicitly)
2003-11-19 20:28:56 +00:00
njl
bae72efa1a * Add a DEVMETHOD for acpi so that child detach methods get called. Add
an acpi_cpu method for shutdown that disables entry to acpi_cpu_idle
  and then IPIs/waits for threads to exit.  This fixes a panic late in
  reboot in the SMP case.

* In the !SMP case, don't use the processor id filled out by the MADT
  since there can only be one processor.  This was causing a panic in
  acpi_cpu_idle if the id was 1 since the data was being dereferenced from
  cpu_softc[1] even though the actual data was in cpu_softc[0] (which is
  correct).

* Rework the initialization functions so that cpu_idle_hook is written
  late in the boot process.

* Make the P_BLK, P_BLK_LEN, and cpu_cx_count all softc-local variables.
  This will help SMP boxes that have _CST or multiple P_BLKs.  No such
  boxes are known at this time.

* Always allocate the C1 state, even if the P_BLK is invalid.  This means
  we will always take over idling if enabled.  Remove the value -1 as
  valid for cx_lowest since this is redundant with machdep.cpu_idle_hlt.

* Reduce locking for the throttle initialization case to around the write
  to the smi_cmd port.  Add disabled code to write the CST_CNT.  It will
  be enabled once _CST re-evaluation is tested (post 5.2R).

Thank you:	dfr, imp, jhb, marcel, peter
Tested by:	rwatson, Harald Schmalzbauer <h@schmalzbauer.de>
Approved by:	re (rwatson)
2003-11-19 20:27:06 +00:00
gordon
2f101d59e8 Make init statically linked by default. It's not worth the pain of having
a dynamically linked init as recently seen by ia64 woes.

Approved by:	re (jhb)
2003-11-19 19:57:20 +00:00
alc
e054e0d248 - Avoid a lock-order reversal between Giant and a system map mutex that
occurs when kmem_malloc() fails to allocate a sufficient number of vm
   pages.  Specifically, we avoid the lock-order reversal by not grabbing
   Giant around pmap_remove() if the map is the kmem_map.

Approved by:	re (jhb)
Reported by:	Eugene <eugene3@web.de>
2003-11-19 18:48:45 +00:00
peter
404972795a Sync with i386.
- turn on SMP in generic
- add 'device atpic' - this is unconditional on i386, but certain nvidia
  based systems need to disable acpi because the reference bios seems to be
  hosed.  If acpi is disabled, we won't find the apic.  amd64 has the
  mptable code in a seperate compile option as well.
- turn sym back on, it doesn't fail to compile anymore.

Approved by: re
2003-11-19 18:11:27 +00:00
marcel
6b53de4a19 Force a staticly linked /bin and /sbin for ia64. The necessary changes
to gcc have not been made for ia64, which means that executables still
have /usr/libexec/ld-elf.so.1 as the dynamic linker. This simply does
not work if /usr is a seperate filesystem not mounted when the kernel
tries to execute init(8).

Note that this is a temporary fix until a new gcc has been imported
that does have the required changes.

Approved: re@
2003-11-19 16:59:00 +00:00
dds
36934d35fe Fix problem where initgroups would silently truncate groups with
more than NGROUP elements without providing the opportunity to
setgroups to fail and correctly return error and set errno.

MFC after:	2 weeks
2003-11-19 15:51:26 +00:00
jhb
e9c1e3387f Add a special check for a stray IRQ 7 or IRQ 15 to see if it is actually
a spurious interrupt from one of the 8259As.  If so, don't log it as a
stray IRQ, but just silently ignore it.

Approved by:	re (rwatson)
2003-11-19 15:40:23 +00:00
jhb
1e7f54677c - Add counts to the ATPIC interrupt sources and point the ATPIC interrupt
source count pointers at them so that intr_execute_handlers() won't
  choke when it tries to handle an unregisterd ATPIC interrupt source.
- Install the low-level ATPIC interrupt handlers when we first program the
  ATPIC in atpic_startup() rather than at SI_SUB_INTR.  This is only
  necessary to work around buggy code that enables interrupts too early
  in the boot process (namely, the vm86 code).

Approved by:	re (rwatson)
2003-11-19 15:38:56 +00:00
phk
2a56ea9233 Off by one error in malloc.
Approved by:	re@
2003-11-19 15:28:21 +00:00
dds
3a434d3212 Documented missing EINVAL errno value
kern_prot.c:
if (ngrp > NGROUPS)
	return (EINVAL);

MFC after:	2 weeks
2003-11-19 13:05:50 +00:00
imp
9015041e23 o Remove @- from the ln and change it to a -sf. This was bogus, and
regocnized as such at the time.  Now that the other bogons in the
  tree have been fixed, we can remove this ugly kludge.
o Remove stale/bogus opt_foo.h files.  These are left over from
  by-gone resources.  And they point to the need, yet again, to
  improve the build system so meta information is only in one place.

Submitted by: ru
Reviewed by: bde
Approved by: re@ (jhb)
2003-11-19 05:08:27 +00:00
kan
23ba01be79 Fix vnode locking in fdesc_setattr. Lock vnode before invoking
VOP_SETATTR on it.

Approved by:	re@ (rwatson)
2003-11-19 04:14:42 +00:00
kan
75a6d15c52 Do not call VOP_GETATTR in getdents function. It does not serve any
purpose and the resulting vattr structure was ignored. In addition,
the VOP_GETATTR call was made with no vnode lock held, resulting in
vnode locking violation panic with debug kernels.

Reported by:	truckman

Approved by:	re@ (rwatson)
2003-11-19 04:12:32 +00:00
archie
7328a76791 Lower the maximum ACK timeout for GRE packets from 10 to 1 second.
In practice it seems that in situations of high packet loss the ACK
timeout seems to hit this maximum (perhaps inappropriately, but the
estimation algorithm is not perfect, so apparently it happens). In
any case, 10 seconds is way too high a value so lower to 1 second.

MFC after:	3 days
2003-11-18 20:43:23 +00:00
phk
89aeb7d1df Use the class->init() to hitch up preload devices, rather than rely on
the "old" SYSINIT.  This makes sure things happen in the right order.

XXX: md(4) needs to be fully geom-ified and in particluar /dev/md.ctl
should be abandonded for the GEOM OaM api.

Approved by:	re@
2003-11-18 18:19:26 +00:00
phk
d7fc6b258d Call class->init() an class->fini() while the class is hooked up,
rather than right before and right after.  This allows these routines
to manipulate the mesh.

KASSERT that nobody creates a geom on an alien class.

Assert topology in g_valid_obj().

Approved by:	re@
2003-11-18 18:17:39 +00:00
sos
7755abc4df Add support for the SiS964 ATA/SATA southbridge.
This could not have been done without the support from kuriyama.

Approved by: re@
2003-11-18 15:27:28 +00:00
sos
b25c284c76 Work around the problem that some CDROM drives might return different
TOC's for the same media!! that borks up GEOM.
Although this looks like bad HW the following patch removes the
chance for GEOM panic'ing.

Approved by: re@
2003-11-18 15:23:37 +00:00
markm
832b97971f Hackfix to patch around a kernel panic I introduced. Real fix to
follow. In the meanwhile, we are not harvesting interrupt entropy.

Approved by:	re (jhb)
2003-11-18 14:35:43 +00:00
jake
3b85e0cc9c Install the user trap handlers that libc provides from a constructor, so
that they will be installed before application constructors are invoked.
Its possible to link applications such that this fails, application code
is invoked before they are installed, but, well, Don't Do That.

Approved by:	re (jhb)
2003-11-18 14:21:41 +00:00
tjr
419b586bae Replace the dangerous strcpy() call with strlcpy(), instead of the safe one
that was incorrectly changed in rev. 1.61.

Approved by:	re
2003-11-18 14:21:34 +00:00
phk
aeb3231da5 Fix a harmless bug and add a ')' in a debugging printf.
Submitted by: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
2003-11-18 07:54:12 +00:00
rwatson
ebb0b7ecda Use UMA zone allocator for Biba and MLS labels rather than MALLOC(9).
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 04:11:52 +00:00
obrien
156325cd78 Catch up with the latest in device naming. 2003-11-18 02:33:27 +00:00
rwatson
0f5a052597 Revert a NOOP change to Makefile that slipped into the last commit.
Pointed out by:	tjr
2003-11-18 00:52:30 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
mckusick
c428ace885 Document that the live dump command (`dump -L') creates its snapshot
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
2003-11-18 00:36:40 +00:00
rwatson
14ef4aedea Clarify UPDATING language: do buildworld before buildkernel, and
do installkernel before installworld, rather than don't make world
before installkernel.

Pointed out by:	gad
2003-11-17 23:25:16 +00:00
bde
32b3c399d1 Merged from sys/dev/sio/sio.c revisions 1.415 and 1.416.
Approved by:	nyan
(Blanket approval for simple changes in sio.)
2003-11-17 23:13:08 +00:00
markm
f9c9435156 Overhaul the entropy device:
o Each source gets its own queue, which is a FIFO, not a ring buffer.
  The FIFOs are implemented with the sys/queue.h macros. The separation
  is so that a low entropy/high rate source can't swamp the harvester
  with low-grade entropy and destroy the reseeds.

o Each FIFO is limited to 256 (set as a macro, so adjustable) events
  queueable. Full FIFOs are ignored by the harvester. This is to
  prevent memory wastage, and helps to keep the kernel thread CPU
  usage within reasonable limits.

o There is no need to break up the event harvesting into ${burst}
  sized chunks, so retire that feature.

o Break the device away from its roots with the memory device, and
  allow it to get its major number automagically.
2003-11-17 23:02:21 +00:00
rwatson
cc012e0835 Add a sysctl, security.bsd.see_other_gids, similar in semantics
to see_other_uids but with the logical conversion.  This is based
on (but not identical to) the patch submitted by Samy Al Bahra.

Submitted by:	Samy Al Bahra <samy@kerneled.com>
2003-11-17 20:20:53 +00:00
rwatson
36df19adf8 Staticize label_default_head to prevent it from leaking out of mac.c.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 19:48:35 +00:00
cognet
b60bc6ed20 In rip_abort(), unlock the inpcb if we didn't detach it, or we may
recurse on the lock before destroying the mutex.

Submitted by:	sam
2003-11-17 19:21:53 +00:00
sam
2ddfca621f move rate control change messages under ath_debug 2003-11-17 19:15:09 +00:00
ru
832e732357 Fixed two memory leaks.
Reviewed by:	harti
2003-11-17 19:13:44 +00:00
ru
6e59ab8e66 Check the correct set of interface flags and fix a memory leak.
Reviewed by:	harti
2003-11-17 19:13:01 +00:00
sam
c99017ddcc o fix WEP use in hostap mode; need to reset the pointer to the
802.11 packet header after stripping the WEP header on input
2003-11-17 19:12:52 +00:00
sam
846a1e2173 on a beacon miss try to reassociate before starting a scan
Submitted by:	Henry Qian
2003-11-17 19:02:18 +00:00
rwatson
9ade8a4b03 Add a MAC check for VOP_LOOKUP() in the Linux getwcd() implementation.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 18:57:20 +00:00
alc
3172dd04e4 - Change the i386's sf_buf implementation so that it never allocates
more than one sf_buf for one vm_page.  To accomplish this, we add
   a global hash table mapping vm_pages to sf_bufs and a reference
   count to each sf_buf.  (This is similar to the patches for RELENG_4
   at http://www.cs.princeton.edu/~yruan/debox/.)

   For the uninitiated, an sf_buf is nothing more than a kernel virtual
   address that is used for temporary virtual-to-physical mappings by
   sendfile(2) and zero-copy sockets.  As such, there is no reason for
   one vm_page to have several sf_bufs mapping it.  In fact, using more
   than one sf_buf for a single vm_page increases the likelihood that
   sendfile(2) blocks, hurting throughput.
   (See http://www.cs.princeton.edu/~yruan/debox/.)
2003-11-17 18:22:24 +00:00
gordon
e89562677a Update hier(7) to reflect the world with respect to /lib and /libexec. 2003-11-17 17:29:04 +00:00
rwatson
48f23495d4 Add an entry to the BUGS section indicating that Vinum cannot currently
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device.  Swap-backed md devices use a 4k block size.
2003-11-17 16:04:52 +00:00
rwatson
c03b1418da Don't attempt to make devices if we're using devfs. This
substantially cleans up the output when running the vinum
management tool, and also makes it work better.

Long sustained silence from:	grog
2003-11-17 15:56:00 +00:00
markm
f703361585 No need for two copies of this file; there is already a distribution
copy in src/crypto/heimdal/...

Reported by:	ru
2003-11-17 14:59:06 +00:00