114193 Commits

Author SHA1 Message Date
den
80a56fb607 Update copyright years. 2005-03-24 12:19:46 +00:00
cperciva
fdbab8722b If "dangerous" environment variables (LD_PRELOAD, LD_LIBMAP,
LD_LIBMAP_DISABLE, LD_LIBRARY_PATH) are used, then make sure the
libraries being loaded aren't on a noexec-mounted filesystem.

This is a compromise position: I'm assuming that nobody will be silly
enough to set the noexec mount flag on part of the default library
path, in order to avoid adding extra overhead into the common case
(where those environment variables aren't used).

Discussed with:	csjp, secteam
MFC after:	1 week
2005-03-24 10:12:29 +00:00
jeff
e8e02448a8 - Fail an assert if we attempt to return with any lockmgr locks held in
userret().

Sponsored by:	Isilon Systems, Inc.
2005-03-24 09:35:38 +00:00
jeff
5fffa95033 - Complete the implementation of td_locks. Track the number of outstanding
lockmgr locks that this thread owns.  This is complicated due to
   LK_KERNPROC and because lockmgr tolerates unlocking an unlocked lock.

Sponsored by:	Isilon Systes, Inc.
2005-03-24 09:35:06 +00:00
jeff
56f1fc7189 - Update vfs_root implementations to match the new prototype. None of
these filesystems will support shared locks until they are explicitly
   modified to do so.  Careful review must be done to ensure that this
   is safe for each individual filesystem.

Sponsored by:   Isilon Systems, Inc.
2005-03-24 07:39:03 +00:00
jeff
226bf6ead4 - Update vfs_root implementations to match the new prototype. None of
these filesystems will support shared locks until they are explicitly
   modified to do so.  Careful review must be done to ensure that this
   is safe for each individual filesystem.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:36:16 +00:00
jeff
c9591f9ecd - Call VFS_ROOT() with LK_EXCLUSIVE.
Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:33:45 +00:00
jeff
ca7edef8ef - Update the ufs_root() prototype.
- Pass the ufs_root() flags argument to VFS_VGET() to allow callers to
   specify shared locks.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:32:50 +00:00
jeff
0210925e42 - Pass LK_EXCLUSIVE to VFS_ROOT() to satisfy the new flags argument. For
now, all calls to VFS_ROOT() should still acquire exclusive locks.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:31:38 +00:00
jeff
5528d705e8 - Fixup the default vfs_root function to match the new prototype.
Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:30:00 +00:00
jeff
cc2d1630ca - Add a 'flags' parameter to VFS_ROOT(). This is intended to allow
lookup to do shared locks on the root.  Filesystems are free to ignore
   flags and instead acquire an exclusive lock if they do not support
   shared locks.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 07:29:23 +00:00
jeff
6d5bd3a0a2 - Grab the lock type that the caller requests in vfs_hash_insert().
Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:16:27 +00:00
jeff
bf2e6f43e8 - If vput() is called with a shared lock it must upgrade to an exclusive
before it can call VOP_INACTIVE().  This must use the EXCLUPGRADE path
   because we may violate some lock order with another locked vnode if
   we drop and reacquire the lock.  If EXCLUPGRADE fails, we mark the
   vnode with VI_OWEINACT.  This case should be very rare.
 - Clear VI_OWEINACT in vinactive() and vbusy().
 - If VI_OWEINACT is set in vgone() do the VOP_INACTIVE call here as well.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:08:58 +00:00
jeff
c6119ea3e7 - Remove some long dead LOOKUP_SHARED code that tracked the lock state.
- Always pass LOCKSHARED and rely on namei() to ignore it when
   LOOKUP_SHARED is not set.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:04:35 +00:00
jeff
b84afc39aa - Remove the #ifdef LOOKUP_SHARED from some calls to NDINIT. The
LOCKSHARED flag is simply ignored in namei() if LOOKUP_SHARED is not
   enabled.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:03:31 +00:00
jeff
9b04831cbb - Clear LOCKSHARED if LOOKUP_SHARED is not enabled. This is not strictly
necessary since we disable the shared locks in vfs_cache, but it is
   prefered that the option not leak out into filesystems when it is
   disabled.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:02:37 +00:00
jeff
6ef6841ac5 - All of the bugs which lead to the complication of the LOOKUP_SHARED
config option have now been fixed.  All filesystems are properly locked
   and checked via DEBUG_VFS_LOCKS.  Remove the workaround code.

Sponsored by:	Isilon Systems, Inc.
2005-03-24 06:00:45 +00:00
jcamou
89443b9b9a Add manual page for snd_via8233(4) and add it to the build.
PR:		docs/78322
Submitted by:	Joel Dahl <joel@automatvapen.se>
Approved by:	trhodes (mentor)
2005-03-24 04:45:09 +00:00
mdodd
f256ac44d7 - Break after nested switch.
- Default returns an error.
2005-03-24 02:08:22 +00:00
mdodd
db71ab789f Offer unhandled IOCTLS to fddi_ioctl(). 2005-03-24 01:58:20 +00:00
mdodd
377f2a351a POWERSTATECHANGE was misspelled. 2005-03-24 01:26:40 +00:00
ps
114057c633 - The NFS client was incorrectly masking SIGSTOP (which is
non-maskable).
- The NFS client needs to guard against spurious wakeups
  while waiting for the response. ltrace causes the process
  under question to wakeup (possibly from ptrace()), which
  causes NFS to wakeup from tsleep without the response being
  delivered.

Submitted by:	Mohan Srinivasan
2005-03-23 22:10:10 +00:00
jmg
c4e1819a9b relocate the power state transition statements to the
pci_set_powerstate_method function...

Reviewed by:	imp
MFC after:	1 week
2005-03-23 21:24:29 +00:00
hrs
4795f0f4c9 MFC: BIND 9.3.1. 2005-03-23 20:42:09 +00:00
jmg
289671837a fix kldloading of pci driver modules after boot on sparc64... since
we weren't using the pci module, we weren't restoring the pci state...

Submitted by:	imp
MFC after:	5 days
2005-03-23 18:16:26 +00:00
cognet
be61853d53 Unbreak buildworld on i386 when MODULES_WITH_WORLD is defined. 2005-03-23 17:13:08 +00:00
gibbs
15f1e17020 Restore queue depth settings across tag disable events. The system often
disables tag queuing temporarily in order to allow controllers a window
to safely perform transfer negotiation with non-compliant devices.  Before
this change, CAM would restore the queue depth to the controller specified
maximum or device quirk level rather than any depth determined by reactions
to QUEUE FULL/BUSY events or an explicit user setting.

During device probe, initialize the flags field for XPT_SCAN_BUS.
The uninitialized value often confused CAM into not bothering to
issue an AC_FOUND_DEVICE async event for new devices.  The reason
this bug wasn't reported earlier is that CAM manually announces
devices after the initial system bus scans.

MFC: 3 days
2005-03-23 16:43:29 +00:00
harti
b6830526cf Style: de-lispify by removing extra parantheses in conditional expressions. 2005-03-23 16:28:57 +00:00
jhb
98334e0392 Document SEPARATE_LIVEFS (forgot this in previous commit). 2005-03-23 16:17:30 +00:00
harti
f40119114e Style: make indentation 8 characters. 2005-03-23 16:14:41 +00:00
jhb
b470f7dcfe - Document the top-level package-split target.
- Update the description of the cdrom.1 target and add notes for cdrom.2
  and cdrom.3.
- Document CD_PACKAGES_TREE (CD_EXTRA_BITS wasn't documented before).
- Document CVSARGS.
- Remove DISC[12]_{LABEL,NAME}.
- Remove NOPORTREADMES.
- Remove references to drivers.conf files and man page.
- Update version number for a CURRENT snapshot to 6.0.
2005-03-23 15:44:40 +00:00
jhb
34b7e3bece Belatedly remove the drivers.conf(5) man page. The actual files and
supporting scripts were removed as part of the splitfs floppy rework.
2005-03-23 15:34:45 +00:00
jhb
d9e318f46b What should be the last major changes to the ISO layout:
- When a separate livefs ISO is used, change the name of the tree directory
  to be R/cdrom/livefs and change the name of the iso to livefs.iso rather
  than using disc2.  Instead, disc2 is now always going to be the packages
  disc regardless of the presence of a separate livefs which makes things
  simpler.
- Build a very simple disc2 tree under R/cdrom that just includes the
  cdrom.inf file that the packages need.  Also, build a disc2.iso image
  in the iso.1 target.  Disc 2's volume label is "FreeBSD_Packages".
- Retire CD_EXTRA_BITS and replace it with CD_PACKAGE_TREE.  CD_EXTRA_BITS
  was specific to disc1, but CD_PACKAGE_TREE instead should point to a
  directory that has disc1 and disc2 subdirectories that contain the extra
  bits for each image.
- Rename the bootonly volume label to "FreeBSD_bootonly" and just hardcode
  the disc1 and livefs volume names and iso suffixes.
2005-03-23 15:01:54 +00:00
harti
4fa1581ab5 Make paths an explicite datatype instead of using the generic Lst.
A Path is now a TAILQ of PathElements each of which just points to
a reference counted directory. Rename all functions dealing with Paths
from the Dir_ prefix to a Path_ prefix.
2005-03-23 12:56:15 +00:00
glebius
6074d030e0 - Reword HOOKS paragraph also mentioning how data received on out* hooks
is handled.
- Xref flowctl.8
2005-03-23 10:08:28 +00:00
glebius
62bbb153cc Describe usage of newly implemented out* hooks. 2005-03-23 10:01:43 +00:00
glebius
85fd9c4181 Implement "verbose" optional keyword for "show" command. This is analog
of Cisco's "show ip cache verbose flow" command.
2005-03-23 09:40:18 +00:00
maxim
56ed6f8b75 o Document net.inet.ip.portrange.random* sysctls.
o Correct a comment about random port allocation threshold
implementation.

Reviewed by:	silby, ru
MFC after:	3 days
2005-03-23 09:26:38 +00:00
brueffer
b86551e866 Document support for the ITE IT8212F.
MFC after:	3 days
2005-03-23 08:58:51 +00:00
das
6a2a1d9492 Bounds check the user-supplied length used in a copyout() in
svr4_do_getmsg().  In principle this bug could disclose data from
kernel memory, but in practice, the SVR4 emulation layer is probably
not functional enough to cause the relevant code path to be executed.
In any case, the emulator has been disconnected from the build since
5.0-RELEASE.

Found by:	Coverity Prevent analysis tool
2005-03-23 08:28:06 +00:00
das
d1fb7b8c2a Bounds check the length parameter to i386_set_ldt() before passing it
to kmem_alloc().  Failure to do this made it possible for user
processes to cause a hard lock on i386 kernels.  I believe this only
affects 6-CURRENT on or after 2005-01-26.

Found by:	Coverity Prevent analysis tool
Security:	Local DOS
2005-03-23 08:28:03 +00:00
das
fbf7a9b2ee Reject packets larger than IP_MAXPACKET in linux_sendto() for sockets
with the IP_HDRINCL option set.  Without this change, a Linux process
with access to a raw socket could cause a kernel panic.  Raw sockets
must be created by root, and are generally not consigned to untrusted
applications; hence, the security implications of this bug are
minimal.  I believe this only affects 6-CURRENT on or after 2005-01-30.

Found by:	Coverity Prevent analysis tool
Security:	Local DOS
2005-03-23 08:28:00 +00:00
das
a556c42bd8 Make ps_nargvstr and ps_nenvstr unsigned. This fixes an input
validation error in procfs/linprocfs that can be exploited by local
users to cause a kernel panic.  All versions of FreeBSD with the patch
referenced in SA-04:17.procfs have this bug, but versions without that
patch have a more serious bug instead.  This problem only affects
systems on which procfs or linprocfs is mounted.

Found by:	Coverity Prevent analysis tool
Security:	Local DOS
2005-03-23 08:27:59 +00:00
rse
1ffe796d8f 1. Annotate the rc.conf reference with a hint to the "cloned_interfaces"
variable, because it might be not obvious how to configure carp(4)
   devices in rc.conf.

2. Remove the sentence about the not implemented "carpdev" option (this
   was not imported from OpenBSD according to our source code) to avoid
   confusion.

Reviewed by:    glebius@
MFC after:      3 days
2005-03-23 08:06:38 +00:00
cperciva
b11927ff86 Add verbiage to the description of the noexec mount option clarifying
that it really wasn't intended as a security feature.

Wording mostly by: simon
Discussed with:	secteam
2005-03-23 04:17:48 +00:00
avatar
ac3022cbb0 The live CD itself no longer has /stand since a long time ago; however,
there are still a couple of places under src/release such like fixit.profile
assumed that system binary can be retrivied from /stand(ex: boot with the
live CD and run "disklabel -e" in the fixit CD shell).

Since /stand is still functional in fixit floppy, and there are more than
one places in src/release needs to be updated(document for example) if we
want to make use of something like /mnt2/rescue/vi.  This commit try to
deal with aforementioned inconsistency with minimal effort by simply
create a symbolic link to /rescue.

Reviewed by:	jhb, sam (mentor)
2005-03-23 02:51:19 +00:00
pjd
26774156e7 Fix use of uninitialized buf[0].
Reported by:	stefanf
MFC after:	3 days
2005-03-22 22:05:44 +00:00
njl
73fde55ff0 Add support for bus_delete_resource() and make acpi_bus_alloc_gas() do
this before setting a new resource.
2005-03-22 20:00:57 +00:00
delphij
4a3a074690 MFen: 1.27 -> 1.30
Obtained from:	The FreeBSD Simplified Chinese Project CVS
2005-03-22 19:21:31 +00:00
delphij
362a6563f3 MFen: 1.13 -> 1.14
Obtained from:	The FreeBSD Simplified Chinese Project CVS
2005-03-22 19:20:19 +00:00