kientzle [Mon, 6 Nov 2006 00:24:57 +0000 (00:24 +0000)]
Computing SHLIB_MAJOR is not a good idea. It's really a FreeBSD
system value that has no real relation to the libarchive version.
(Except, of course, that any ABI breakage will force both to be
incremented.)
csjp [Mon, 6 Nov 2006 00:15:44 +0000 (00:15 +0000)]
Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage. This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.
We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.
marcel [Sun, 5 Nov 2006 22:03:04 +0000 (22:03 +0000)]
Major rework of the ia64 loaders. The two primary objectives are:
1. Make libefi portable by removing ia64 specific code and build
it on i386 and amd64 by default to prevent regressions. These
changes include fixes and improvements over previous code to
establish or improve APIs where none existed or when the amount
of kluging was unacceptably high.
2. Increase the amount of sharing between the efi and ski loaders
to improve maintainability of the loaders and simplify making
changes to the loader-kernel handshaking in the future.
The version of the efi and ski loaders are now both changed to 1.2
as user visible improvements and changes have been made.
stefanf [Sun, 5 Nov 2006 18:36:05 +0000 (18:36 +0000)]
When parsing an invalid parameter expansion (eg. ${} or ${foo@bar}) do not
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done. This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).
csjp [Sun, 5 Nov 2006 17:56:25 +0000 (17:56 +0000)]
Fix possible leak when bridge is in monitor mode. Use m_freem() which will
free the entire chain, instead of using m_free() which will free just the
mbuf that was passed.
rrs [Sun, 5 Nov 2006 13:25:18 +0000 (13:25 +0000)]
Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
pjd [Sat, 4 Nov 2006 23:59:51 +0000 (23:59 +0000)]
When the source and destination objects for VOP_RENAME() are the same,
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.
Remove the KDTRACE option again because of the complaints about having
it as a default.
For the record, the KDTRACE option caused _no_ additional source files
to be compiled in; certainly no CDDL source files. All it did was to
allow existing BSD licensed kernel files to include one or more CDDL
header files.
By removing this from DEFAULTS, the onus is on a kernel builder to add
the option to the kernel config, possibly by including GENERIC and
customising from there. It means that DTrace won't be a feature
available in FreeBSD by default, which is the way I intended it to be.
Without this option, you can't load the dtrace module (which contains
the dtrace device and the DTrace framework). This is equivalent to
requiring an option in a kernel config before you can load the linux
emulation module, for example.
I think it is a mistake to have DTrace ported to FreeBSD, but not
to have it available to everyone, all the time. The only exception
to this is the companies which distribute systems with FreeBSD embedded.
Those companies will customise their systems anyway. The KDTRACE
option was intended for them, and only them.
csjp [Sat, 4 Nov 2006 20:54:37 +0000 (20:54 +0000)]
Currently, we initialize "error" to zero when it's declared, then
we never initialize it to anything else. However, in the case that
m_uiotombuf fails, we return error (effectively reporting success).
This appears to be a relic of an older revision of this file, where
"error" used to be doing something useful. (See revision 1.1, where
error is used in a loop with uiomove() instead of using m_uiotomubf).
So instead on unconditionally reporting success in the case there is
a failure in m_uiotombuf, explicitly return ENOBUFS. While we are
here, garbage collect the error variable since it's no longer required.
thompsa [Sat, 4 Nov 2006 10:40:59 +0000 (10:40 +0000)]
When the packet is for the bridge then note which interface to send the reply
to, previously it was always broadcast to all interfaces (a bug). This is
useful when the bridge is the default gateway and vlans are used to isolate
each client, the reply is now kept private to the vlan which the client
resides.
Reported by: Jon Otterholm
Tested by: Jon Otterholm
MFC after: 3 days
dougb [Sat, 4 Nov 2006 07:53:25 +0000 (07:53 +0000)]
Update to version 9.3.2-P2, which addresses the vulnerability
announced by ISC dated 31 October (delivered via e-mail to the
bind-announce@isc.org list on 2 November):
Description:
Because of OpenSSL's recently announced vulnerabilities
(CAN-2006-4339, CVE-2006-2937 and CVE-2006-2940) which affect named,
we are announcing this workaround and releasing patches. A proof of
concept attack on OpenSSL has been demonstrated for CAN-2006-4339.
OpenSSL is required to use DNSSEC with BIND.
Fix for version 9.3.2-P1 and lower:
Upgrade to BIND 9.3.2-P2, then generate new RSASHA1 and
RSAMD5 keys for all old keys using the old default exponent
and perform a key rollover to these new keys.
These versions also change the default RSA exponent to be
65537 which is not vulnerable to the attacks described in
CAN-2006-4339.
Backout the previous change. It was not intended to be part of the
commit and, while something like that is probably required for sparc64,
it hadn't been tested.
Build in kernel support for loading DTrace modules by default. This
adds the hooks that DTrace modules register with, and adds a few functions
which have the dtrace_ prefix to allow the DTrace FBT (function boundary
trace) provider to avoid tracing because they are called from the DTtrace
probe context.
Unlike other forms of tracing and debug, DTrace support in the kernel
incurs negligible run-time cost.
I think the only reason why anyone wouldn't want to have kernel support
enabled for DTrace would be due to the license (CDDL) under which DTrace
is released.
kmacy [Fri, 3 Nov 2006 23:41:53 +0000 (23:41 +0000)]
- map hardware trap numbers to those used by by sparc64 for inter-compatibility
and to make user-level trap handlers work
- add new trap entry to trap table to enable fast fetching of floating point trap
context
- remove unused debug code
- map unimplemented floating point trap to SIGFPE
Approved by: scottl (standing in for mentor rwatson)
rrs [Fri, 3 Nov 2006 18:57:49 +0000 (18:57 +0000)]
This commits the remake in kern/ make sysent to get
the correct syscalls.master's $FreeBSD$ tag record and
a make sysent in sys/compat/freebsd32. Thanks Ruslan
for pointing out the steps I missed :-0
Approved by: gnn
rrs [Fri, 3 Nov 2006 15:23:16 +0000 (15:23 +0000)]
Ok, here it is, we finally add SCTP to current. Note that this
work is not just mine, but it is also the works of Peter Lei
and Michael Tuexen. They both are my two key other developers
working on the project.. and they need ata-boy's too:
****
peterlei@cisco.com
tuexen@fh-muenster.de
****
I did do a make sysent which updated the
syscall's and sysproto.. I hope that is correct... without
it you don't build since we have new syscalls for SCTP :-0
So go out and look at the NOTES, add
option SCTP (make sure inet and inet6 are present too)
and play with SCTP.
I will see about comitting some test tools I have after I
figure out where I should place them. I also have a
lib (libsctp.a) that adds some of the missing socketapi
functions that I need to put into lib's.. I will talk
to George about this :-)
There may still be some 64 bit issues in here, none of
us have a 64 bit processor to test with yet.. Michael
may have a MAC but thats another beast too..
If you have a mac and want to use SCTP contact Michael
he maintains a web site with a loadable module with
this code :-)
Remove the -C option as it does more harm than good. To be fully
compatible, it would have to (at least):
- support the "compat-compat" -T option,
- *not* support the -l, -O, and -v options,
- default to soft updates being disabled.
Worse, the compatibility mode makes it impossible to mount_mfs(8)
a file system from fstab(5) with soft updates disabled (-S). [1]
Now, the only difference when called as "mount_mfs" or "mfs" (as
opposed to "mdmfs") is that the file mode of the mount point is
set by default to 01777. All options available to mdmfs(8) are
also available to mount_mfs(8); the -C option is still recognized
but ignored for backward compatibility.
imp [Fri, 3 Nov 2006 07:39:37 +0000 (07:39 +0000)]
MFp4:
o Fix the packet statistics
o Make sure we set the FD bit when in full duplex
o Improve TX side efficency by eliminating a data copy for
unfragmented mbufs (the hardware can't do s/g).
o Minor busdma pedantry
o better comments in some places, more XXX in others
o Minor style nits.
This solves a problem I was seeing where I'd get no ethernet when not
booting with a NFS root. Well, unless I unplugged the cable and
plugged it back in first so I'd get the same up down up messages I get
for NFS root...
Thanks to sam and scottl for suggestions on making this driver more
efficient through better use of approrpiate APIs.
Always init the console before trying to cnadd it to
avoid the case where the console name isn't set and
cnadd wants to use printf to complain about it.
n_hibma [Thu, 2 Nov 2006 20:43:20 +0000 (20:43 +0000)]
Only use the filename part of the kernel configuration file as an argument to
KERNCONF after the file has been copied to the sys/${ARCH}/conf directory. This
allows the use of one kernel config file for multiple images. E.g.:
andre [Thu, 2 Nov 2006 17:45:28 +0000 (17:45 +0000)]
Use the improved m_uiotombuf() function instead of home grown sosend_copyin()
to do the userland to kernel copying in sosend_generic() and sosend_dgram().
sosend_copyin() is retained for ZERO_COPY_SOCKETS which are not yet supported
by m_uiotombuf().
Benchmaring shows significant improvements (95% confidence):
66% less cpu (or 2.9 times better) with new sosend vs. old sosend (non-TSO)
65% less cpu (or 2.8 times better) with new sosend vs. old sosend (TSO)
(Sender AMD Opteron 852 (2.6GHz) with em(4) PCI-X-133 interface and receiver
DELL Poweredge SC1425 P-IV Xeon 3.2GHz with em(4) LOM connected back to back
at 1000Base-TX full duplex.)
andre [Thu, 2 Nov 2006 17:37:22 +0000 (17:37 +0000)]
Rename m_getm() to m_getm2() and rewrite it to allocate up to page sized
mbuf clusters. Add a flags parameter to accept M_PKTHDR and M_EOR mbuf
chain flags. Provide compatibility macro for m_getm() calling m_getm2()
with M_PKTHDR set.
Rewrite m_uiotombuf() to use m_getm2() for mbuf allocation and do the
uiomove() in a tight loop over the mbuf chain. Add a flags parameter to
accept mbuf flags to be passed to m_getm2(). Adjust all callers for the
extra parameter.
Revert the last change. Masking only 2 MSBs of the virtual address
to get the physical address doesn't work for all values of KVA_PAGES,
while masking 8 MSBs works for all values of KVA_PAGES that are
multiple of 4 for non-PAE and 8 for PAE. (This leaves us limited
with 12MB for non-PAE kernels and 14MB for PAE kernels.)
To get things right, we'd need to subtract the KERNBASE from the
virtual address (but KERNBASE is not easy to figure out from here),
or have physical addresses set properly in the ELF headers.
andre [Thu, 2 Nov 2006 16:53:26 +0000 (16:53 +0000)]
Rewrite kern_sendfile() to work in two loops, the inner which turns as many
VM pages into mbufs as it can -- up to the free send socket buffer space.
The outer loop then drops the whole mbuf chain into the send socket buffer,
calls tcp_output() on it and then waits until 50% of the socket buffer are
free again to repeat the cycle. This way tcp_output() gets the full amount
of data to work with and can issue up to 64K sends for TSO to chop up in
the network adapter without using any CPU cycles. Thus it gets very efficient
especially with the readahead the VM and I/O system do.
The previous sendfile(2) code simply looped over the file, turned each 4K
page into an mbuf and sent it off. This had the effect that TSO could only
generate 2 packets per send instead of up to 44 at its maximum of 64K.
Add experimental SF_MNOWAIT flag to sendfile(2) to return ENOMEM instead of
sleeping on mbuf allocation failures.
Benchmarking shows significant improvements (95% confidence):
45% less cpu (or 1.81 times better) with new sendfile vs. old sendfile (non-TSO)
83% less cpu (or 5.7 times better) with new sendfile vs. old sendfile (TSO)
(Sender AMD Opteron 852 (2.6GHz) with em(4) PCI-X-133 interface and receiver
DELL Poweredge SC1425 P-IV Xeon 3.2GHz with em(4) LOM connected back to back
at 1000Base-TX full duplex.)
kib [Thu, 2 Nov 2006 11:47:38 +0000 (11:47 +0000)]
On trap while inside ddb, the trap handler calls kdb_reenter(), that
longjmp to the default context. As result, "alltrace" command may
be prematurely terminated (without error message). This is happens,
for instance, when system is low on memory and referenced page in
kernel-mode thread stack is swapped out.
Protect "alltrace" against termination on trap by setting temporary
kdb_jmpbuf context.
pjd [Thu, 2 Nov 2006 09:14:18 +0000 (09:14 +0000)]
- Use g_duplicate_bio() instead of g_clone_bio(), so there memory is
allocated with M_WAITOK flag.
- Check 'buf' instead of 'error' so Prevent is not confused.
CID: 1562, 1563
Found by: Coverity Prevent analysis tool
thompsa [Thu, 2 Nov 2006 08:44:19 +0000 (08:44 +0000)]
Do not test all the conditions if the port is already forwarding. Also print a
debug message if the port is agreed as it is an important condition of the
protocol.
marcel [Thu, 2 Nov 2006 02:42:48 +0000 (02:42 +0000)]
Sync the EFI headers with version 1.10.14.62 of the Intel sample EFI
implementation. This re-introduces C99 style comments that previously
were replaced by original C comments.
marcel [Thu, 2 Nov 2006 01:23:18 +0000 (01:23 +0000)]
Extend struct devdesc with a unit field, called d_unit. Promote the
device (kind) specific unit field to the common field. This change
allows a future version of libefi to work without requiring anything
more than what is defined in struct devdesc and as such makes it
possible to compile said version of libefi for different platforms
without requiring that those platforms have identical derivatives
of struct devdesc.
marcel [Thu, 2 Nov 2006 00:26:45 +0000 (00:26 +0000)]
Don't unconditionally compile-in the bcache code. It's only used on
i386/amd64 and pc98. Remove useless calls to bcache_init() from the
ia64 and sparc64 loaders, as well as from the OFW common code.