97071 Commits

Author SHA1 Message Date
rwatson
cc012e0835 Add a sysctl, security.bsd.see_other_gids, similar in semantics
to see_other_uids but with the logical conversion.  This is based
on (but not identical to) the patch submitted by Samy Al Bahra.

Submitted by:	Samy Al Bahra <samy@kerneled.com>
2003-11-17 20:20:53 +00:00
rwatson
36df19adf8 Staticize label_default_head to prevent it from leaking out of mac.c.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 19:48:35 +00:00
cognet
b60bc6ed20 In rip_abort(), unlock the inpcb if we didn't detach it, or we may
recurse on the lock before destroying the mutex.

Submitted by:	sam
2003-11-17 19:21:53 +00:00
sam
2ddfca621f move rate control change messages under ath_debug 2003-11-17 19:15:09 +00:00
ru
832e732357 Fixed two memory leaks.
Reviewed by:	harti
2003-11-17 19:13:44 +00:00
ru
6e59ab8e66 Check the correct set of interface flags and fix a memory leak.
Reviewed by:	harti
2003-11-17 19:13:01 +00:00
sam
c99017ddcc o fix WEP use in hostap mode; need to reset the pointer to the
802.11 packet header after stripping the WEP header on input
2003-11-17 19:12:52 +00:00
sam
846a1e2173 on a beacon miss try to reassociate before starting a scan
Submitted by:	Henry Qian
2003-11-17 19:02:18 +00:00
rwatson
9ade8a4b03 Add a MAC check for VOP_LOOKUP() in the Linux getwcd() implementation.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 18:57:20 +00:00
alc
3172dd04e4 - Change the i386's sf_buf implementation so that it never allocates
more than one sf_buf for one vm_page.  To accomplish this, we add
   a global hash table mapping vm_pages to sf_bufs and a reference
   count to each sf_buf.  (This is similar to the patches for RELENG_4
   at http://www.cs.princeton.edu/~yruan/debox/.)

   For the uninitiated, an sf_buf is nothing more than a kernel virtual
   address that is used for temporary virtual-to-physical mappings by
   sendfile(2) and zero-copy sockets.  As such, there is no reason for
   one vm_page to have several sf_bufs mapping it.  In fact, using more
   than one sf_buf for a single vm_page increases the likelihood that
   sendfile(2) blocks, hurting throughput.
   (See http://www.cs.princeton.edu/~yruan/debox/.)
2003-11-17 18:22:24 +00:00
gordon
e89562677a Update hier(7) to reflect the world with respect to /lib and /libexec. 2003-11-17 17:29:04 +00:00
rwatson
48f23495d4 Add an entry to the BUGS section indicating that Vinum cannot currently
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device.  Swap-backed md devices use a 4k block size.
2003-11-17 16:04:52 +00:00
rwatson
c03b1418da Don't attempt to make devices if we're using devfs. This
substantially cleans up the output when running the vinum
management tool, and also makes it work better.

Long sustained silence from:	grog
2003-11-17 15:56:00 +00:00
markm
f703361585 No need for two copies of this file; there is already a distribution
copy in src/crypto/heimdal/...

Reported by:	ru
2003-11-17 14:59:06 +00:00
eivind
1043231f84 * Auto-detect what device to use if none is specified
* Replace references to mcd0 with acd0 (doc only)
* Remove references to the "c" partition (doc only - code was already fixed)
2003-11-17 14:02:04 +00:00
des
ded472a318 __FBSDID; remove duplicate <ctype.h>; try to reduce style inconsistencies. 2003-11-17 11:26:51 +00:00
des
ef53be6069 Sort includes, and remove superfluous <sys/types.h> 2003-11-17 11:14:34 +00:00
des
6c6b3db302 Instead of blindly loading the ums module and bailing out if that fails,
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.

PR:		bin/59368
Submitted by:	Jens Rehsack <rehsack@liwing.de>
2003-11-17 11:08:28 +00:00
peter
acbbfb5fbd Add SMP changes as should have been committed as rev 1.28 2003-11-17 09:19:12 +00:00
peter
f55fcb6647 Restore file accidently killed in the crossfire from the smp commit. 2003-11-17 09:11:04 +00:00
peter
9dedda25aa Initial landing of SMP support for FreeBSD/amd64.
- This is heavily derived from John Baldwin's apic/pci cleanup on i386.
- I have completely rewritten or drastically cleaned up some other parts.
  (in particular, bootstrap)
- This is still a WIP.  It seems that there are some highly bogus bioses
  on nVidia nForce3-150 boards.  I can't stress how broken these boards
  are.  I have a workaround in mind, but right now the Asus SK8N is broken.
  The Gigabyte K8NPro (nVidia based) is also mind-numbingly hosed.
- Most of my testing has been with SCHED_ULE.  SCHED_4BSD works.
- the apic and acpi components are 'standard'.
- If you have an nVidia nForce3-150 board, you are stuck with 'device
  atpic' in addition, because they somehow managed to forget to connect the
  8254 timer to the apic, even though its in the same silicon!  ARGH!
  This directly violates the ACPI spec.
2003-11-17 08:58:16 +00:00
jeff
71a2f6d146 - Mark ksq_assigned as volatile so that when this code is used without
sched_lock we can be sure that we'll pick up the new value.
2003-11-17 08:27:11 +00:00
jeff
a6911261a3 - Remove long dead code. rslices hasn't been used in some time and neither
has sched_pickcpu().
2003-11-17 08:24:14 +00:00
ume
11df5d4f1a correct to look right interface. 2003-11-17 07:53:32 +00:00
peter
ac20ea6dcd Oh, how embarresing. I broke my own platform. :-) 2003-11-17 07:50:59 +00:00
bde
19df5781b8 Tweaked the siointr1() so that it works better at 921600 bps, especially
with multiple ports on a shared interrupt demultiplexed by the puc_intr()
handler.

siointr1() first read as much input as possible and then checked all
possibly-relevant status registers, partly for robustness and partly
for historical reasons.  This is very bad if it is called for every
port sharing an interrupt like puc_intr() does.  It can spend too long
reading all the input for some ports when the interrupt is for a more
urgent event on another, or just too long checking all the status
registers when there are lots of ports.  The inter-character time is
too long for reading all the input even when the interrupt is for a
transmitter interrupt on the same port, and at 921600 bps the inter-char
time is 10.85 usec and was often exceeded with just 2 ports, leaving
the transmitters idle for about 6% of the time.

The tweak is to break out of the read loop after reading 1 char if
output can be done.  This avoids most of the idle transmitter time for
2 active ports at 921600 bps bidirectional on the test system.  It
also reduces overhead by about 20%.  More complete fixes use the
programmable tx low watermark on 16950's and reduce overhead by another
65%.
2003-11-17 07:21:19 +00:00
das
701bcfabb9 Remove the BUGS section introduced in rev 1.11 now that the problem
has been addressed.
2003-11-17 06:39:54 +00:00
das
9c28e36b31 Reimplement nologin(8) as a C program. This allows us to statically
link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.

Suggested by:	rwatson
2003-11-17 06:39:38 +00:00
peter
d29883b254 Widen the enable/disable helper function's argument in line with the
ithread_create() changes etc.  This should be mostly a NOP.
2003-11-17 06:10:15 +00:00
peter
38ebd79a92 Expand the argument to the ithread enable/disable helper hooks from an
int to something big enough to hold a pointer.  amd64 needs this.
2003-11-17 06:08:10 +00:00
marcel
69f4b4a520 Declare crc32 static. There's a copy in libz that conflicts for the
crunched binary.

Found by: make release
2003-11-17 05:47:42 +00:00
bmah
c4844bec2f Start turning on a few devices in the amd64 hardware notes, based on
things that I've observed to work.

Obtained from:	sledge, various dmesg(1) output messages from peter
2003-11-17 05:45:21 +00:00
imp
7112f192a8 Ignore errors on ln. This is a quick fix for the make depend twice in
a row being broken.  A better filx will come as soon as I have time to
analyse things more deeply.
2003-11-17 05:21:18 +00:00
obrien
23f12a30bc /rescue/b{,un}zip exists, so build this dynamically now. 2003-11-17 05:19:37 +00:00
obrien
ce573b8938 /rescue/g{{,un}zip,zcat} exist, so build this dynamically now. 2003-11-17 05:18:36 +00:00
obrien
65465e41cd /rescue/tar exists, so build this dynamic now. 2003-11-17 05:16:26 +00:00
bde
efa9a611d9 Fixed pedantic warnings for statement-expressions using __extension__
and by not using a statement-expression for the non-expression
__PCPU_SET().
2003-11-17 04:40:58 +00:00
imp
52658f2fb9 Copy ukbdmap.h rules from .i386.
# maybe this should be in files.

# This may fix sparc64 tinderbox.  I'll kinow in a few hours.
2003-11-17 04:38:14 +00:00
nectar
72e88767d2 Baby steps. Set WARNS=1 for libc. 2003-11-17 04:20:02 +00:00
nectar
2736f7d1fc Detect range errors when using the %s specifier. Previously, LONG_MAX
was rejected as a range error, while any values less than LONG_MIN
were silently substituted with LONG_MIN.  Furthermore, on some
platforms `time_t' has less range than `long' (e.g. alpha), which may
give incorrect results when parsing some strings.
2003-11-17 04:19:15 +00:00
bde
59742d249e Fixed a pedantic syntax error (a stray semicolon at the end of
PCPU_MD_FIELDS).
2003-11-17 03:40:41 +00:00
green
fc779a7573 Fix a few cases where MT_TAG-type "fake mbufs" are created on the stack, but
do not have mh_nextpkt initialized.  Somtimes what's there is "1", and the
ip_input() code pukes trying to m_free() it, rendering divert sockets and
such broken.
This really underscores the need to get rid of MT_TAG.

Reviewed by:	rwatson
2003-11-17 03:17:49 +00:00
bde
1c7581a731 Fixed pedantic syntax errors. Many macros didn't permit a semicolon after
their invocation in the !KLD_MODULE case, but a semicolon is provided after
all invocations and is required in the KLD_MODULE case.
2003-11-17 02:55:25 +00:00
bde
a2958cef1d Avoid a warning for compiling with `gcc -Wbad-function cast'. (This
is the warning that points to the bug in `(char *)malloc(...)' where
malloc() is implicitly declared as returning int.  We do similar things
here, but they work because u_int is the same as uintptr_t on i386's.)
2003-11-17 02:11:13 +00:00
truckman
e31c4979dd Print the dirpref avgfilesize and avgfpdir parameters.
MFC after:	2 weeks
2003-11-17 01:22:07 +00:00
rwatson
aac8ea56d6 Don't implement mpo_destroy() for Biba, LOMAC, and MLS, as they
aren't allowed to be unloaded.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 01:04:07 +00:00
rwatson
67e52cf8e4 Update a comment about needing to fix NFS server credential use
by 5.0-RELEASE: make it now read 5.3-RELEASE to be realistic.  Still
needs fixing...
2003-11-17 00:56:53 +00:00
das
8f7c80b0f5 Document nologin(8) as being insecure in conjunction with a dynamic
root and suggest alternatives.
2003-11-17 00:08:28 +00:00
alc
aea6af995e - Remove unnecessary synchronization from sf_buf_init(). (There is only
one active CPU when sf_buf_init() is performed.)
2003-11-16 23:40:06 +00:00
rwatson
7aa5c2497a Implement sockets support for __mac_get_fd() and __mac_set_fd()
system calls, and prefer these calls over getsockopt()/setsockopt()
for ABI reasons.  When addressing UNIX domain sockets, these calls
retrieve and modify the socket label, not the label of the
rendezvous vnode.

- Create mac_copy_socket_label() entry point based on
  mac_copy_pipe_label() entry point, intended to copy the socket
  label into temporary storage that doesn't require a socket lock
  to be held (currently Giant).

- Implement mac_copy_socket_label() for various policies.

- Expose socket label allocation, free, internalize, externalize
  entry points as non-static from mac_net.c.

- Use mac_socket_label_set() in __mac_set_fd().

MAC-aware applications may now use mac_get_fd(), mac_set_fd(), and
mac_get_peer() to retrieve and set various socket labels without
directly invoking the getsockopt() interface.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-16 23:31:45 +00:00