106751 Commits

Author SHA1 Message Date
Max Laier
c5be312a19 Loopback a fix from Cedric Berger:
Fix table add/replace commands with securelevel=2.
	Reported by James J. Lippard.

Discussed with:	yongari
MFC after:	5 days
2004-08-22 16:58:06 +00:00
Max Laier
ca7a789aa6 Allow early drop for non-ALTQ enabled queues in an ALTQ-enabled kernel.
Previously the early drop was disabled unconditionally for ALTQ-enabled
kernels.

This should give some benefit for the normal gateway + LAN-server case with
a busy LAN leg and an ALTQ managed uplink.

Reviewed and style help from:	cperciva, pjd
2004-08-22 16:42:28 +00:00
Pawel Jakub Dawidek
1c11fbbb6e Regression tests for 'verify reading' algorithm. 2004-08-22 16:26:09 +00:00
Pawel Jakub Dawidek
742925a31b Fix sysctl name. 2004-08-22 16:22:20 +00:00
Pawel Jakub Dawidek
dba915cfee Implementation of 'verify reading' algorithm, which uses parity data for
verification of regular data when device is in complete state.
On verification error, EIO error is returned for the bio and sysctl
kern.geom.raid3.stat.parity_mismatch is increased.

Suggested by:	phk
2004-08-22 16:21:12 +00:00
Søren Schmidt
d607fde675 Workaround devices that responds with registers as *both* master & slave,
but fail utterly when we try to talk to the "fake" device.
2004-08-22 15:54:08 +00:00
Max Laier
7fff37fc15 Use securelevel_gt instead of reading global securelevel unprotected.
Submitted by:	yongari
MFC after:	3 days
2004-08-22 15:23:48 +00:00
Yoshihiro Takahashi
cd6eccf9b8 opt_agp.h is not required anymore. 2004-08-22 15:14:44 +00:00
Yoshihiro Takahashi
3cabe66353 MFi386: revision 1.215. 2004-08-22 15:13:08 +00:00
Yoshihiro Takahashi
6d0e236ade Merged from sys/dev/fdc/fdc.c revision 1.283. 2004-08-22 15:10:53 +00:00
Robert Watson
d963815baf Make debug.kdb.stop_cpus also a TUNABLE() so it can be set prior to boot
to help debug early nasty hangs.
2004-08-22 15:10:52 +00:00
Robert Watson
201a36deca Don't need to assert Giant in fw_output(), only in the firewire start
routine.
2004-08-22 14:48:55 +00:00
Justin T. Gibbs
25edba1e56 In the PCI error interrupt handler, specify the width of the PCI configuration
cycle using the correct argument.  The location and width were reversed.

MFC in: 2 days
2004-08-22 14:02:43 +00:00
Justin T. Gibbs
4ddea3e2d4 Set AHD_BUSFREEREV_BUG in the bug field for Rev B chips, not the
feature field.

Reported by: Ken Westerback <krw@openbsd.org>
MFC in: 2 days
2004-08-22 13:54:27 +00:00
Lukas Ertl
45d0fdcda9 Add forgotten format specifier in a KASSERT and shut up the compiler.
Submitted by: Gavin Atkinson <gavin.atkinson@ury.york.ac.uk>
2004-08-22 13:34:24 +00:00
David Xu
a1ad8d2ae7 Only compile fbsd-thread.c on amd64 and i386, other architectures
have not been tested yet.
2004-08-22 10:59:33 +00:00
Hiroki Sato
867667fec1 Unbreak the build. Translators, please let me know
if I break something in your localized docs.
2004-08-22 09:53:24 +00:00
David Xu
44f53819a6 Fix comments, most are style fix. 2004-08-22 09:05:57 +00:00
Maxim Konovalov
d4c8cbf109 Trim EOL white spaces. 2004-08-22 08:57:05 +00:00
Maxim Konovalov
022c9a28ee Check a return code from read(2) correctly.
PR:		kern/70815
Submitted by:	info [at] haakh.de
2004-08-22 08:56:01 +00:00
David Xu
386c57b571 Fix some text messages. 2004-08-22 08:48:56 +00:00
Marcel Moolenaar
fa1fc9094a Part 2 of fixing the boot code: gcc 3.4 fixes.
The whole problem seems to be size. Which is odd, because it is said
that size doesn't matter. Anyway... Add -Os to strategic places in the
makefile to have the final loader be as mall as possible. This seems
to be enough to make it work. For now... I think something is more
fundamentally wrong; or something more fundamental is wrong. Potato,
potaato.
2004-08-22 06:24:59 +00:00
David Xu
97dc8984f9 Add code to support statically linked binary and .core file of threaded
program.
2004-08-22 05:53:38 +00:00
Ken Smith
2911ee00e8 Found another one. Why does mdconfig hate me? Add a "sleep 5" to
this script, without it sparc64 ISO building was consistently failing
because the /dev/md0 device name was not present when the commands
following mdconfig ran.  Apparently there is the possibility of a delay
between when mdconfig finishes and the names become visible in /dev.
Yes, we could code this better than an unconditional call to "sleep 5"
but IMHO we should fix the underlying problem instead.

MFC after: 3 days
2004-08-22 05:34:07 +00:00
Julian Elischer
ad59c36ba1 diff reduction for upcoming patch. Use a macro that masks
some of the odd goings on with sub-structures, because they will
go away anyhow.
2004-08-22 05:21:41 +00:00
Eric Anholt
7eed267f0c Add support for Intel E7205 AGP.
PR:		kern/69858
Submitted by:	Jacobo Arvelo <unix4all at gulic dot org>
2004-08-22 03:55:04 +00:00
Christian S.J. Peron
60088fb7b1 Currently, if the secure level is low enough, system flags can
be manipulated by prison root. In 4.x prison root can not manipulate
system flags, regardless of the security level. This behavior
should remain consistent to avoid any surprises which could lead
to security problems for system administrators which give out
privileged access to jails.

This commit changes suser_cred's flag argument from SUSER_ALLOWJAIL
to 0. This will prevent prison root from being able to manipulate
system flags on files.

This may be a MFC candidate for RELENG_5.

Discussed with:	cperciva
Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
PR:		kern/70298
2004-08-22 02:03:41 +00:00
Robert Watson
392e840716 When sliding the m_data pointer forward, update m_pktrhdr.len as well
as m_len, or the pkthdr length will be inconsistent with the actual
length of data in the mbuf chain.  The symptom of this occuring was
"out of data" warnings from in_cksum_skip() on large UDP packets sent
via the loopback interface.

Foot shot:	green
2004-08-22 01:32:48 +00:00
Marcel Moolenaar
dc2492d303 Part 1 of fixing the boot code: binutils 2.15 fixes.
The binutils 2.15 assembler now automaticly and non-optionally adds
the .eh_frame section for unwind information. This section appears
to wreck havoc to the final boot code. Fix this by using a special
linker script that discards the .eh_frame sections, but is otherwise
identical to the linker internal script used for -N.

Compiler used: gcc 3.3.5
Verified with: binutils 2.14 & binutils 2.15 (stock and in-tree)
Tested with: /boot/loader & /boot/netboot
2004-08-22 00:26:01 +00:00
Alan Cox
3268a1bf75 In the previous revision, I failed to condition an early release of Giant
in vm_fault() on debug_mpsafevm.  If debug_mpsafevm was not set, the result
was an assertion failure early in the boot process.

Reported by: green@
2004-08-22 00:08:43 +00:00
Robert Watson
b062951a3d If a tunable for the routing socket netisr queue max is defined, allow it
to override the default value, rather than the default value overriding
the tunable.
2004-08-21 21:45:40 +00:00
Robert Watson
190a4c9436 Allow the size of the routing socket netisr queue to be configured using
the tunable or sysctl 'net.route.netisr_maxqlen'.  Default the maximum
depth to 256 rather than IFQ_MAXLEN due to the downsides of dropping
routing messages.

MT5 candidate.

Discussed with:	mdodd, mlaier, Vincent Jardin <jardin at 6wind.com>
2004-08-21 21:20:06 +00:00
Pawel Jakub Dawidek
d12bd83e9b Add version history. 2004-08-21 21:15:03 +00:00
Tom Rhodes
84d5dfb47e Protect the period! And add a new line.
Guilty of bad merge:	trhodes
2004-08-21 20:40:51 +00:00
Tom Rhodes
45fd0f24bb Document recently added features and bump the doc date. 2004-08-21 20:26:03 +00:00
Thomas Quinot
66189a39ec Fix positional parameter reference to ${10}.
Fix target location for generation of fstab.

PR:	bin/70795
2004-08-21 20:21:49 +00:00
Tom Rhodes
60673f3572 Allow mac_bsdextended(4) to log failed attempts to syslog's AUTHPRIV
facility.  This is disabled by default but may be turned on by using
the mac_bsdextended_logging sysctl.

Reviewed by:	re (jhb)
Approved by:	re (jhb)
2004-08-21 20:19:19 +00:00
Tom Rhodes
fa31f18053 Give the mac_bsdextended(4) policy the ability to match and apply on a first
rule only in place of all rules match.  This is similar to how ipfw(8) works.

Provide a sysctl, mac_bsdextended_firstmatch_enabled, to enable this
feature.

Reviewed by:	re (jhb)
Aprroved by:	re (jhb)
2004-08-21 20:15:08 +00:00
David E. O'Brien
fb022e3c1e Clarify __FreeBSD_version scheme.
Submitted by:	ru
2004-08-21 20:05:33 +00:00
David E. O'Brien
d0e54ab4ce Hit people over the head so they realize run-time errors of the form
/libexec/ld-elf.so.1: Undefined symbol "_ZNSs20_S_empty_rep_storageE"
does mean they are hitting the GCC 3.4 ABI change issue.
2004-08-21 19:44:43 +00:00
Alan Cox
b99e61353f Further reduce the use of Giant by vm_fault(): Giant is held only when
manipulating a vnode, e.g., calling vput().  This reduces contention for
Giant during many copy-on-write faults, resulting in some additional
speedup on SMPs.

Note: debug_mpsafevm must be enabled for this optimization to take effect.
2004-08-21 19:20:21 +00:00
Alan Cox
0b6a0b955a Properly free the temporary sf_buf in uiomove_fromphys() if a copyin or
copyout fails.

Obtained from: DragonFlyBSD
2004-08-21 18:50:34 +00:00
Nate Lawson
85bafe5ec3 Fix PCI link irq programming on resume. A logic bug prevented a device
match, inverting which links actually got resumed.

Submitted by:	Hiroyuki Aizu <eyes_at_navi.org>
MFC after:	3 days
2004-08-21 18:18:32 +00:00
Pawel Jakub Dawidek
3e90f289df Add regression test for the new "round-robin reading" feature. 2004-08-21 18:14:55 +00:00
Pawel Jakub Dawidek
f5a2f7feac Implement new reading algorithm, which will use parity component for reading
as well, even if device is in complete state.
I observe 40% of speed-up with this option for random read operations,
but slowdown for sequential reads.
Basically, without this option reading from a RAID3 device built from 5
components (c0-c4) looks like this:

	Request no.	Used components
	1		c0+c1+c2+c3
	2		c0+c1+c2+c3
	3		c0+c1+c2+c3

With the new feature:

	Request no.	Used components
	1		c0+c1+c2+c3
	2		(c1^c2^c3^c4)+c1+c2+c3
	3		c0+(c0^c2^c3^c4)+c2+c3
	4		c0+c1+(c0^c1^c3^c4)+c3
	5		c0+c1+c2+(c0^c1^c2^c4)
	6		c0+c1+c2+c3
	[...]
2004-08-21 18:11:46 +00:00
David E. O'Brien
9295c6c555 Fix where my automated script blew the SCM ID format conversion. 2004-08-21 17:44:57 +00:00
Christian S.J. Peron
5090559b7f When a prison is given the ability to create raw sockets (when the
security.jail.allow_raw_sockets sysctl MIB is set to 1) where privileged
access to jails is given out, it is possible for prison root to manipulate
various network parameters which effect the host environment. This commit
plugs a number of security holes associated with the use of raw sockets
and prisons.

This commit makes the following changes:

- Add a comment to rtioctl warning developers that if they add
  any ioctl commands, they should use super-user checks where necessary,
  as it is possible for PRISON root to make it this far in execution.
- Add super-user checks for the execution of the SIOCGETVIFCNT
  and SIOCGETSGCNT IP multicast ioctl commands.
- Add a super-user check to rip_ctloutput(). If the calling cred
  is PRISON root, make sure the socket option name is IP_HDRINCL,
  otherwise deny the request.

Although this patch corrects a number of security problems associated
with raw sockets and prisons, the warning in jail(8) should still
apply, and by default we should keep the default value of
security.jail.allow_raw_sockets MIB to 0 (or disabled) until
we are certain that we have tracked down all the problems.

Looking forward, we will probably want to eliminate the
references to curthread.

This may be a MFC candidate for RELENG_5.

Reviewed by:	rwatson
Approved by:	bmilekic (mentor)
2004-08-21 17:38:57 +00:00
Robert Watson
5a0192650e When notifying protocol components of an event on an in6pcb, use the
result of the notify() function to decide if we need to unlock the
in6pcb or not, rather than always unlocking.  Otherwise, we may unlock
and already unlocked in6pcb.

Reported by:	kuriyama, Gordon Bergling <gbergling at 0xfce3.net>
Tested by:	kuriyama, Gordon Bergling <gbergling at 0xfce3.net>
Discussed with:	mdodd
2004-08-21 17:38:48 +00:00
Robert Watson
e6ccd70936 When prepending space onto outgoing UDP datagram payloads to hold the
UDP/IP header, make sure that space is also allocated for the link
layer header.  If an mbuf must be allocated to hold the UDP/IP header
(very likely), then this will avoid an additional mbuf allocation at
the link layer.  This trick is also used by TCP and other protocols to
avoid extra calls to the mbuf allocator in the ethernet (and related)
output routines.
2004-08-21 16:14:04 +00:00
Hiroki Sato
b282bdf0ef Add &release.type.current; to unbreak the build. 2004-08-21 14:27:21 +00:00