yar [Sun, 15 Jun 2003 18:13:17 +0000 (18:13 +0000)]
Always set bio_resid properly in fdstrategy(),
as should every block device strategy routine.
There was at least one evil consequence of not doing so:
Some errors returned by fdstrategy() could be lost (EAGAIN,
in particular.)
PR: kern/52338 (in the audit-trail)
Discussed with: bde
yar [Sun, 15 Jun 2003 16:18:58 +0000 (16:18 +0000)]
Check whether the floppy type pointer has been set before trying
to access floppy parameters through it.
Note: The DIOCGSECTORSIZE and DIOCGMEDIASIZE handlers withing
fdioctl() couldn't be just moved to below the existing check
for blocking mode because fd->ft can be non-NULL while still
in non-blocking mode (fd->ft can be set with the FD_STYPE ioctl.)
yar [Sun, 15 Jun 2003 14:40:03 +0000 (14:40 +0000)]
Add missing descriptions of macros M_ALIGN and MH_ALIGN.
Remove a reference to the defunct macro M_COPY_PKTHDR;
document the new functions m_dup_pkthdr() and m_move_pkthdr(),
and the macro variant of the latter, M_MOVE_PKTHDR().
yar [Sun, 15 Jun 2003 14:14:11 +0000 (14:14 +0000)]
Add more markup to the mbuf(9) manpage. This includes:
- tagging plaintext "mbuf", "mbuf cluster", and "mbuf chain"
with .Vt (variable type) since all of them are ways of managing
data, i.e., they can be seen as data types;
- using .Vt/.Va instead of .Li (literal) where appropriate;
- tagging plaintext words that actually refer to function arguments
with .Fa.
davidxu [Sun, 15 Jun 2003 12:51:26 +0000 (12:51 +0000)]
1. Add code to support bound thread. when blocked, a bound thread never
schedules an upcall. Signal delivering to a bound thread is same as
non-threaded process. This is intended to be used by libpthread to
implement PTHREAD_SCOPE_SYSTEM thread.
2. Simplify kse_release() a bit, remove sleep loop.
iedowse [Sun, 15 Jun 2003 11:55:50 +0000 (11:55 +0000)]
If the device goes away during ulpt_reset(), make sure not to call
ulpt_status() afterwards. This fixes a crash that can occur if a
USB printer is power-cycled when printing is just starting. The
problem is similar to that fixed in revision 1.33, but it is much
less likely to occur.
iedowse [Sun, 15 Jun 2003 11:43:00 +0000 (11:43 +0000)]
Don't overwrite the static panicstr buffer for secondary and further
panics. Before revision 1.38, we used to just point panicstr at the
format string if panicstr was NULL, but since we now use a static
buffer for the formatted panic message, we have to be careful to
only write to it during the first panic.
mbr [Sun, 15 Jun 2003 10:37:22 +0000 (10:37 +0000)]
Fix the master yppasswd routines, so they really work
for root on ypmaster. yppasswd_local() did use YPPASSWDPROG
instead of MASTER_YPPASSWDPROG, and the domain was not set,
resulting in a coredump during xdr-encode.
mbr [Sun, 15 Jun 2003 10:34:11 +0000 (10:34 +0000)]
Only call pw_mkdb if passfile == _PATH_MASTERPASSWD.
Otherwise, rename master.passwd to a temp filename, rename
the new passwd to master.passwd, and let yppwupdate update
passwd as it sees fit.
PR: 52601, 7968
Reviewed by: des
Submitted by: Dan Nelson <dnelson@allantgroup.com>
mbr [Sun, 15 Jun 2003 10:32:01 +0000 (10:32 +0000)]
Replace the old SCM_CREDS cred procedures. They can now be
replaced just fine with getpeereid() and the whole code
gets a lot simpler. We don't break the ABI, since all server
programms use __rpc_get_local_uid(), and we just change library
internals.
charnier [Sun, 15 Jun 2003 09:28:17 +0000 (09:28 +0000)]
err() on allocation failure. WARNS=9 compliant
use #if 0, #ifndef lint, #endif /* not lint */, #endif ordering
when a message is provided, use errx() instead of err().
rwatson [Sun, 15 Jun 2003 06:54:36 +0000 (06:54 +0000)]
Now that the kernel access control for quotactl(2) appears to work
properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control;
if you queried directly using the system call, you could access
some of the data "restricted" by quota(1).
In the new world order, the ability to inspect the (live) quotas of
other uids and gids via the kernel is controlled by the privilege
requirement sysctl. The ability to query via the file is controlled
by the file permissions on the quota database backing files
(root:operator, group readable by default).
rwatson [Sun, 15 Jun 2003 06:46:24 +0000 (06:46 +0000)]
Now that the kernel access control for quotactl(2) appears to work
properly, clean up quota(1). quota(1) has the ability to query
quotas either directly from the kernel, or if that fails, by reading
the quota.user or quota.group files specified for the file system
in /etc/fstab. The setuid bit existed solely (apparently) to let
non-operator users query their quotas and consumption when quotas
weren't enabled for the file system.
o Remove the setuid bit from quota(1).
o Remove the logic used by quota(1) when running setuid to prevent
users from querying the quotas of other users or groups. Note
that this papered over previously broken kernel access control.
rwatson [Sun, 15 Jun 2003 06:36:19 +0000 (06:36 +0000)]
Re-implement kernel access control for quotactl() as found in the
UFS quota implementation. Push some quite broken access control
logic out of ufs_quotactl() into the individual command
implementations in ufs_quota.c; fix that logic. Pass in the thread
argument to any quotactl command that will need to perform access
control.
o quotaon() requires privilege (PRISON_ROOT).
o quotaoff() requires privilege (PRISON_ROOT).
o getquota() requires that:
If the type is USRQUOTA, either the effective uid match the
requested quota ID, that the unprivileged_get_quota flag be
set, or that the thread be privileged (PRISON_ROOT).
If the type is GRPQUOTA, require that either the thread be
a member of the group represented by the requested quota ID,
that the unprivileged_get_quota flag be set, or that the
thread be privileged (PRISON_ROOT).
o setquota() requires privilege (PRISON_ROOT).
o setuse() requires privilege (PRISON_ROOT).
o qsync() requires no special privilege (consistent with what
was present before, but probably not very useful).
Add a new sysctl, security.bsd.unprivileged_get_quota, which when
set to a non-zero value, will permit unprivileged users to query user
quotas with non-matching uids and gids. Set this to 0 by default
to be mostly consistent with the previous behavior (the same for
USRQUOTA, but not for GRPQUOTA).
rwatson [Sun, 15 Jun 2003 06:26:08 +0000 (06:26 +0000)]
Tighten up the string->integer conversion in sysctl(8):
(1) Reject zero-length strings for CTLTYPE_INT, _UINT, _LONG,
_ULONG. Do not silently convert to 0.
(2) When converting CTLTYPE_INT, _UINT, _LONG, and _ULONG, check the
end pointer generated by strtol() and strtoul() rather than
discarding it. Reject the string if either none of the string
was useful for conversion to an integer, or if there was
trailing garbage.
I.e., we will not allow you to set a numeric sysctl to a value unless
we can completely convert the string argument to a numeric value.
I tripped over this when I put the following in /etc/sysctl.conf:
imp [Sun, 15 Jun 2003 04:15:29 +0000 (04:15 +0000)]
The en module has been broken for the last 40 hours. Disconnect it
from the tree until it is fixed. Since it is an atm driver, it isn't
commonly used so this will not negatively impact too many people.
harti can reconnect it when he resurfaces and corrects the en module
problems. This should allow snapshots to start succeeding again.
jeff [Sun, 15 Jun 2003 02:18:29 +0000 (02:18 +0000)]
- Fix the maximum slice value. I accidentally checked in a value of '2'
which meant no process would run for longer than 20ms.
- Slightly redo the interactivity scorer. It follows the same algorithm but
in a slightly more correct way. Previously values above half were
incorrect.
- Lower the interactivity threshold to 20. It seems that in testing non-
interactive tasks are hardly ever near there and expensive interactive
tasks can sometimes surpass it. This area needs more testing.
- Remove an unnecessary KTR.
- Fix a case where an idle thread that had an elevated priority due to
priority prop. would be placed back on the idle queue.
- Delay setting NEEDRESCHED until userret() for threads that haad their
priority elevated while in kernel. This gives us the same context switch
optimization as SCHED_4BSD.
- Limit the child's slice to 1 in sched_fork_kse() so we detect its behavior
more quickly.
- Inhert some of the run/slp time from the child in sched_exit_ksegrp().
- Redo some of the priority comparisons so they are more clear.
- Throttle the frequency of sched_pctcpu_update() so that rounding errors
do not make it invalid.
grog [Sun, 15 Jun 2003 01:42:01 +0000 (01:42 +0000)]
check_drive: If the partition isn't a Vinum drive, release it again
and return NULL.
vinum_scandisk: Don't handle NULL device pointers.
Only look at compatibility partition for i386. This
is a kludge which should go away once I have adequate
documentation for the New World Order.
Together, these fixes remove occasional error messages about
non-existent drives. They may also fix a number of problems that have
been reported without a PR.
das [Sat, 14 Jun 2003 23:48:20 +0000 (23:48 +0000)]
Introduce malloc types M_UNDCACHE and M_UNPATH for important
unionfs-related data structures to aid in debugging memory leaks.
Use NULL and NULLVP instead of 0 as appropriate.
das [Sat, 14 Jun 2003 23:27:29 +0000 (23:27 +0000)]
Factor out the process of freeing ``directory caches'', which unionfs
directory vnodes use to refer to their constituent vnodes, into
union_dircache_free(). Also s/union_dircache/union_dircache_get/ and
tweak the structure of union_dircache_r().
alc [Sat, 14 Jun 2003 23:23:55 +0000 (23:23 +0000)]
Migrate the thread stack management functions from the machine-dependent
to the machine-independent parts of the VM. At the same time, this
introduces vm object locking for the non-i386 platforms.
Two details:
1. KSTACK_GUARD has been removed in favor of KSTACK_GUARD_PAGES. The
different machine-dependent implementations used various combinations
of KSTACK_GUARD and KSTACK_GUARD_PAGES. To disable guard page, set
KSTACK_GUARD_PAGES to 0.
2. Remove the (unnecessary) clearing of PG_ZERO in vm_thread_new. In
5.x, (but not 4.x,) PG_ZERO can only be set if VM_ALLOC_ZERO is passed
to vm_page_alloc() or vm_page_grab().
njl [Sat, 14 Jun 2003 22:17:41 +0000 (22:17 +0000)]
Merge common XPT_CALC_GEOMETRY functions into a single convenience function.
Devices below may experience a change in geometry.
* Due to a bug, aic(4) never used extended geometry. Changes all drives
>1G to now use extended translation.
* sbp(4) drives exactly 1 GB in size now no longer use extended geometry.
* umass(4) drives exactly 1 GB in size now no longer use extended geometry.
For all other controllers in this commit, this should be a no-op.
njl [Sat, 14 Jun 2003 22:17:38 +0000 (22:17 +0000)]
Merge common XPT_CALC_GEOMETRY functions into a single convenience function.
Devices below may experience a change in geometry.
* Due to a bug, aic(4) never used extended geometry. Changes all drives
>1G to now use extended translation.
* sbp(4) drives exactly 1 GB in size now no longer use extended geometry.
* umass(4) drives exactly 1 GB in size now no longer use extended geometry.
For all other controllers in this commit, this should be a no-op.
imp [Sat, 14 Jun 2003 17:50:13 +0000 (17:50 +0000)]
Minor tweaks to the build process so that we can build 5.1-current on
4.8-stable:
Must build lib/libc before libpthread. Fix how we do this to be more
consistant with how lists are handled in the file. Also, don't bother
to prebuild libc if we're not building libpthread.
imp [Sat, 14 Jun 2003 17:41:59 +0000 (17:41 +0000)]
Put on the core hat and back out all of the CSTD= changes. Core will
deal with working with the parties to define a coherent definition for
CSTD that doesn't break things.
markm [Sat, 14 Jun 2003 17:28:13 +0000 (17:28 +0000)]
Some glue to allow lint(1) to work on the kernel. This is not
complete without some config(8) work. Config(8) needs to provide
some ${NORMAL_LINT} rules to make foo.ln files.
tjr [Sat, 14 Jun 2003 15:45:34 +0000 (15:45 +0000)]
Avoid dereferencing the thread pointer in smb_iod_addrq() if it's NULL.
Fixes mdconfig -t vnode on smbfs: mdsetcred()'s "horrible kludge"
calls into smbfs VOP_READ with a NULL uio_td.
tjr [Sat, 14 Jun 2003 15:24:54 +0000 (15:24 +0000)]
Don't follow smbnode n_parent pointer when NREFPARENT flag is not set
in smb_fphelp(): the parent vnode may have already been recycled
since we don't hold a reference to it. Fixes a panic when rebooting
with mdconfig -t vnode devices referring to vnodes on a smbfs mount.
trhodes [Sat, 14 Jun 2003 13:41:31 +0000 (13:41 +0000)]
Don't truncate the output file before making sure that we can
read at least 1 byte from the input file without problems. This
fixes a bug in uncompress(1) that causes the accidental removal
of files that happen to have the same name as the output file,
even when the uncompression fails and is aborted, i.e.:
$ echo hello world > hello
$ touch hello.Z
$ ls -l hello*
-rw-rw-r-- 1 giorgos giorgos 12 Jun 14 13:33 hello
-rw-rw-r-- 1 giorgos giorgos 0 Jun 14 13:33 hello.Z
$ ./uncompress -f hello
uncompress: hello.Z: Inappropriate file type or format
$ ls -l hello*
-rw-rw-r-- 1 giorgos giorgos 0 Jun 14 13:33 hello.Z
$
trhodes [Sat, 14 Jun 2003 13:23:49 +0000 (13:23 +0000)]
Remove the old xref to kerberos(1), and replace it with an xref to
kerberos(8). According to markm, the kerberos(8) manual page is
installed if NO_KERBEROS is set.
des [Sat, 14 Jun 2003 12:35:05 +0000 (12:35 +0000)]
Add a system policy, and have the login and su policies include it rather
than duplicate it. This requires OpenPAM Dianthus, which was committed two
weeks ago; installing these files on a system running a world older than
June 1st, 2003 will cause login(1) and su(1) to fail.
green [Sat, 14 Jun 2003 08:26:47 +0000 (08:26 +0000)]
In the last clean-up of this code, the fact that the default tty mode
information could only be gleaned from the the tty descriptor itself
was neglected, so never did the tty's default settings get copied from
the kernel. Specifically, this caused all manner of ctrl-keys to not
work. Fix this by calling dogettytab() in all the proper places, and
retrieving the terminfo temporarily in dogettytab().
alc [Sat, 14 Jun 2003 06:20:25 +0000 (06:20 +0000)]
Move the *_new_altkstack() and *_dispose_altkstack() functions out of the
various pmap implementations into the machine-independent vm. They were
all identical.
ken [Sat, 14 Jun 2003 05:28:01 +0000 (05:28 +0000)]
Remove MAINTAINER= lines in the makefiles for camcontrol, iostat, libcam
and libdevstat, since the new way of doing things is to just list
maintainership in src/MAINTAINERS.
Also, remove duplicate entries in src/MAINTAINERS for those utilities. I
already had entries for them.
ticso [Fri, 13 Jun 2003 22:34:03 +0000 (22:34 +0000)]
Fix alignment requirements of tulip_rombuf by further increasing
tulip_boardid size.
Add a comment to tulip_rombuf about this requirement.
I have had panics on alpha while probing a de card.
peter [Fri, 13 Jun 2003 22:25:41 +0000 (22:25 +0000)]
When building a shared library, link it against libgcc_pic.a instead of the
non-PIC libgcc.a. Linking non-pic code into a shared library is not
a good thing. It happens to break amd64 at compile time, and the ppc
folks want it too. The problem is mainly with C++ code, unwind-dw2.c
in particular. Most of the other functions in libgcc.a are self
contained so most of the time it isn't a problem. The dwarf2 unwinder
is not safe though since it does make global variable references.
peter [Fri, 13 Jun 2003 21:56:30 +0000 (21:56 +0000)]
This is unusable on amd64. Remove it before it causes more confusion.
It is only possible to do this on an ABI that has a compulsory frame
pointer, which the amd64 ABI does not. Thus, it is only possible to
implement this as a compiler builtin.
peter [Fri, 13 Jun 2003 21:54:21 +0000 (21:54 +0000)]
We cannot use c99 on amd64 either due to lack of alloca(). libc:strptime()
uses alloca() and alloca is impossible to implement as a callable function
on amd64. It has to be a compiler builtin. Note that the bigger problem
is that libc is not c99 clean internally.
imp [Fri, 13 Jun 2003 21:30:29 +0000 (21:30 +0000)]
Add a comment about the MPSAFEness of this pccard_intr handler. Given
how we registered pccard_intr, it is MPSAFE. However, since we
register the pccard_intr handler with the flags of the ISR we call,
that is the gating factor. We need do nothing specific here.
mux [Fri, 13 Jun 2003 20:46:34 +0000 (20:46 +0000)]
Remove code that tries to detect if the MCLSHIFT and MSIZE macros
are the same that those of the kernel in the KLD_MODULE case. If
we ever want to detect that kind of problems, this is not the right
place to do this since every network driver would be affected by
such desynchronisation.
mux [Fri, 13 Jun 2003 20:07:49 +0000 (20:07 +0000)]
- Document the fact that you can specify several DMA operations to
bus_dmamap_sync() by OR'ing them together.
- Don't document what BUS_DMASYNC_PREREAD|BUS_DMASYNC_PREWRITE and
BUS_DMASYNC_POSTREAD|BUS_DMASYNC_POSTWRITE is supposed to do when
passed to bus_dmamap_sync(). There are other possible combinations
and the reader just needs to know what the individual flags do and
that he can combine different DMA operations.
- Use .An when listing authors.