Jung-uk Kim [Wed, 3 Jun 2009 20:24:28 +0000 (20:24 +0000)]
Fix acpidump(8) disassmebly with option -d. iasl(8) creates disassembled
output file from input file name as a template. Honor TMPDIR environment
variable while I am here.
Robert Watson [Wed, 3 Jun 2009 19:41:12 +0000 (19:41 +0000)]
Add one further check with mac_policy_count to an mbuf copying case
(limited to netatalk) to avoid MAC label lookup on both mbufs if no
policies are registered.
Robert Watson [Wed, 3 Jun 2009 18:46:28 +0000 (18:46 +0000)]
Continue work to optimize performance of "options MAC" when no MAC policy
modules are loaded by avoiding mbuf label lookups when policies aren't
loaded, pushing further socket locking into MAC policy modules, and
avoiding locking MAC ifnet locks when no policies are loaded:
- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC
Framework entry points. We will still pay label lookup costs if MAC
policies are present but don't require labels (typically a single mbuf
header field read, but perhaps further indirection if IPSEC or other
m_tag consumers are in use).
- Further push socket locking for socket-related access control checks and
events into MAC policies from the MAC Framework, so that sockets are
only locked if a policy specifically requires a lock to protect a label.
This resolves lock order issues during sonewconn() and also in local
domain socket cross-connect where multiple socket locks could not be
held at once for the purposes of propagatig MAC labels across multiple
sockets. Eliminate mac_policy_count check in some entry points where it
no longer avoids locking.
- Add mac_policy_count checking in some entry points relating to network
interfaces that otherwise lock a global MAC ifnet lock used to protect
ifnet labels.
Stanislav Sedov [Wed, 3 Jun 2009 17:30:10 +0000 (17:30 +0000)]
- Remove unused sparc64-bitops.h file. Our ext2fs code doesn't use
sparc64-specific bitops implemetations and relies on generic ones.
Furthermore, bitops implementations present in sparc64-bitops.h
are written in C similarly to generic bitops.
Stanislav Sedov [Wed, 3 Jun 2009 14:18:37 +0000 (14:18 +0000)]
- Style(9) improvements.
- Convert all K&R definitions to ANSI equialents.
- Retire bsd_malloc and bsd_free macros and
use malloc/free directly.
- Drop some unused debugging calls.
Stanislav Sedov [Wed, 3 Jun 2009 13:25:50 +0000 (13:25 +0000)]
- Sync our copies of ext2fs Linux headers to current Linux versions.
Minimize differencies between our ext2fs headers and relevant Linux
versions by using EXT2_SB macro to access the superblock fields. Most
of the differencies in access to these fields are now hidden inside
this macro.
- Rename the s_db_per_group field of ext2fs_sb_info to s_gdb_count
to reflect the similar change in Linux headers. New name also seem
to be more appropriate for this field.
- Use proper types for s_first_inode and s_inode_size in-core superblock
fields. Now they reflec types used in the on-disk superblock version.
- Add support for older filesystem revisions that doesn't have proper
s_first_ino and s_inode_size fields in the on-disk superblock. In these
cases predefined values for these fields are used.
- Add simple sanity checks for s_first_inode and s_inode_size correctness.
Add vm_lowmem event handler for dirhash. This will cause dirhashes to be
deleted when the system is low on memory. This ought to allow an increase to
vfs.ufs.dirhash_maxmem on machines that have lots of memory, without
degrading performance by having too much memory reserved for dirhash when
other things need it. The default value for dirhash_maxmem is being kept at
2MB for now, though.
This work was mostly done during the 2008 Google Summer of Code.
Approved by: dwmalone (mentor), re
MFC after: 3 months
Robert Watson [Wed, 3 Jun 2009 08:49:44 +0000 (08:49 +0000)]
By default, label all network interfaces as biba/equal on attach. This
makes it easier for first-time users to configure and work with biba as
remote acess is still allowed. Effectively, this means that, by default,
only local security properties, not distributed ones, are enforced.
Robert Watson [Tue, 2 Jun 2009 22:22:09 +0000 (22:22 +0000)]
Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings that
might arise from WITNESS not understanding its locking protocol, which
should be deadlock-free. Currently these warnings generally don't occur,
but as object locking is pushed into policies for some object types, they
would otherwise occur more often.
Rick Macklem [Tue, 2 Jun 2009 22:15:47 +0000 (22:15 +0000)]
Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
Robert Watson [Tue, 2 Jun 2009 18:31:08 +0000 (18:31 +0000)]
Remove MAC kernel config files and add "options MAC" to GENERIC, with the
goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
Robert Watson [Tue, 2 Jun 2009 18:26:17 +0000 (18:26 +0000)]
Add internal 'mac_policy_count' counter to the MAC Framework, which is a
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.
Sam Leffler [Tue, 2 Jun 2009 16:57:27 +0000 (16:57 +0000)]
Remove hack used to deal with ifnet teardown now that if_detach and the
bridge do a better job.
o move ether_ifdetach to the top of ieee80211_detach
o do not clear if_softc at the top of ieee80211_detach; we no longer need
this because we are safeguarded against calls coming back through if_ioctl
o simplify the bpf tracker now that we don't null if_softc
This also fixes an issue where having a bpf consumer active when a vap
is destroyed would cause a crash because bpf referenced free'd memory.
Andrew Gallatin [Tue, 2 Jun 2009 16:52:33 +0000 (16:52 +0000)]
Buf-ring fixes for mxge
- always maintain byte/mcast/drop stats via drbr
- move #define of IFNET_BUF_RING so that its picked
up by all files in the driver
- conditionalize IFNET_BUF_RING on the FreeBSD_version
bump just after it appeared in the tree.
Warner Losh [Tue, 2 Jun 2009 16:48:10 +0000 (16:48 +0000)]
In bwi_newstate, only zero the bssid when we stop a STA. And only
when we've not stopped the card. It hangs the system when we touch
the CSR after bwistop.
Ed Schouten [Tue, 2 Jun 2009 13:44:36 +0000 (13:44 +0000)]
Remove window(1) from the base system.
Some time ago Tom Rhodes sent me an email that he was willing to perform
various cleanups to the window(1) source code. After some discussion, we
both decided the best thing to do, was to move window(1) to the ports
tree. The application isn't used a lot nowadays, mainly because it has
been superseeded by screen, tmux, etc.
A couple of hours ago Tom committed window(1) to ports (misc/window), so
I'm removing it from the tree. I don't think people will really miss it,
but I'm describing the change in UPDATING anyway.
Alan Cox [Tue, 2 Jun 2009 08:02:27 +0000 (08:02 +0000)]
Correct a boundary case error in the management of a page's dirty bits by
shm_dotruncate() and vnode_pager_setsize(). Specifically, if the length of
a shared memory object or a file is truncated such that the length modulo
the page size is between 1 and 511, then all of the page's dirty bits were
cleared. Now, a dirty bit is cleared only if the corresponding block is
truncated in its entirety.
Brian Somers [Tue, 2 Jun 2009 07:35:51 +0000 (07:35 +0000)]
Rather than using both -prune (which requires directory-first tree traversal)
and -delete (which implies depth-first traversal), avoid using -delete in
favour of -execdir.
This has a side-effect of not removing directories that contain files,
even if we delete all of those files, but IMHO that's a better option
than specifying all possible local filesystem types in this script.
Pyun YongHyeon [Tue, 2 Jun 2009 04:59:29 +0000 (04:59 +0000)]
Add Rx checksum offloading support for Yukon FE+ and Yukon Extreme.
These controllers use newer descriptor format and the new descriptor
format uses status LE to indicate the status of checksum. Rx
checksummed value used in previous controllers were very cryptic
and I failed to understand how to use them. In addition most
controllers in previous generations had Rx checksum offloading bug.
While I'm here introduce a MSK_FLAG_NORX_CSUM flag to bypass
checking Rx checksum offloading as Yukon FE+ A0 has status LE bug.
Pyun YongHyeon [Tue, 2 Jun 2009 04:35:44 +0000 (04:35 +0000)]
Add frame parser capability of Yukon FE+ and Yukon Extreme. With
this feature hardware automatically computes TCP/UDP payload
offset. Introduce MSK_FLAG_AUTOTX_CSUM to mark the capability.
Yukon Extreme B0 revision is known to have a silicon for the
feature so disable it. Yukon Extreme B0 still can do Tx checksum
offloading but CPU have to compute TCP/UDP payload offset. To
enable traditional checksum offloading, disable automatic Tx
checksum calculation capability.
Yukon Extreme A0 revision could not use store-and-forward mode for
jumbo frames(silicon bug) so disable Tx checksum offloading for
jumbo frames.
I believe controllers that have MSK_FLAG_AUTOTX_CSUM capability or
new descriptor format do not have Tx checksum offload bug so
disable checksum offloading workaround for for short frames.
Pyun YongHyeon [Tue, 2 Jun 2009 04:00:17 +0000 (04:00 +0000)]
Add preliminary Yukon Extreme support and register definitions.
Yukon Extreme uses new descriptor format for TSO and has Tx frame
parser which greatly reduces CPU cycles spent in computing TCP/UDP
payload offset calculation in Tx checksum offloading path. The new
descriptor format also removed TCP/UDP payload computation for TSO
which in turn results in better TSO performance. It seems Yukon
Extreme has a lot of new (unknown) features but only basic
offloading is supported at this time. So far there are two known
issues.
o Sometimes Rx overrun errors happen when pulling data over
gigabit link. Running over 100Mbps seem to ok.
o Ethernet hardware address shows all-zeroed value on 88E8070.
Assigning ethernet address with ifconfig is necessary to make it
work.
Support for Yukon Extreme is not perfect but it would be better
than having a non-working device. Special thanks to jbh who fixed
several bugs of initial patch.
Sam Leffler [Tue, 2 Jun 2009 00:33:28 +0000 (00:33 +0000)]
Fix monitor mode vaps to work as intended:
o track # bpf taps on monitor mode vaps instead of # monitor mode vaps
o spam monitor mode taps on tx/rx
o fix ieee80211_radiotap_rx_all to dispatch frames only if the vap is up
o while here print radiotap (and superg) state in show com
Pyun YongHyeon [Tue, 2 Jun 2009 00:30:30 +0000 (00:30 +0000)]
Program LED registers for 88E1116/88E1149 PHYs. These PHYs are
found on Marvell Yukon Ultra, Marvell Yukon Extreme controllers.
While I'm here explicitly issue 'powerup' command for 88E1149 PHY.
John Baldwin [Mon, 1 Jun 2009 21:32:52 +0000 (21:32 +0000)]
Add an extension to the character device interface that allows character
device drivers to use arbitrary VM objects to satisfy individual mmap()
requests.
- A new d_mmap_single(cdev, &foff, objsize, &object, prot) callback is
added to cdevsw. This function is called for each mmap() request.
If it returns ENODEV, then the mmap() request will fall back to using
the device's device pager object and d_mmap(). Otherwise, the method
can return a VM object to satisfy this entire mmap() request via
*object. It can also modify the starting offset into this object via
*foff. This allows device drivers to use the file offset as a cookie
to identify specific VM objects.
- vm_mmap_vnode() has been changed to call vm_mmap_cdev() directly when
mapping V_CHR vnodes. This avoids duplicating all the cdev mmap
handling code and simplifies some of vm_mmap_vnode().
- D_VERSION has been bumped to D_VERSION_02. Older device drivers
using D_VERSION_01 are still supported.
John Baldwin [Mon, 1 Jun 2009 21:17:03 +0000 (21:17 +0000)]
Rework socket upcalls to close some races with setup/teardown of upcalls.
- Each socket upcall is now invoked with the appropriate socket buffer
locked. It is not permissible to call soisconnected() with this lock
held; however, so socket upcalls now return an integer value. The two
possible values are SU_OK and SU_ISCONNECTED. If an upcall returns
SU_ISCONNECTED, then the soisconnected() will be invoked on the
socket after the socket buffer lock is dropped.
- A new API is provided for setting and clearing socket upcalls. The
API consists of soupcall_set() and soupcall_clear().
- To simplify locking, each socket buffer now has a separate upcall.
- When a socket upcall returns SU_ISCONNECTED, the upcall is cleared from
the receive socket buffer automatically. Note that a SO_SND upcall
should never return SU_ISCONNECTED.
- All this means that accept filters should now return SU_ISCONNECTED
instead of calling soisconnected() directly. They also no longer need
to explicitly clear the upcall on the new socket.
- The HTTP accept filter still uses soupcall_set() to manage its internal
state machine, but other accept filters no longer have any explicit
knowlege of socket upcall internals aside from their return value.
- The various RPC client upcalls currently drop the socket buffer lock
while invoking soreceive() as a temporary band-aid. The plan for
the future is to add a new flag to allow soreceive() to be called with
the socket buffer locked.
- The AIO callback for socket I/O is now also invoked with the socket
buffer locked. Previously sowakeup() would drop the socket buffer
lock only to call aio_swake() which immediately re-acquired the socket
buffer lock for the duration of the function call.
John Baldwin [Mon, 1 Jun 2009 20:35:39 +0000 (20:35 +0000)]
Add a simple API to manage scatter/gather lists of phyiscal addresses.
Each list describes a logical memory object that is backed by one or more
physical address ranges. To minimize locking, the sglist objects
themselves are immutable once they are shared.
These objects may be used in the future to facilitate I/O requests using
physically-addressed buffers. For the immediate future I plan to use them
to implement a new type of VM object and pager.
Robert Watson [Mon, 1 Jun 2009 20:26:51 +0000 (20:26 +0000)]
Add a flags field to struct ucred, and export that via kinfo_proc,
consuming one of its spare fields. The cr_flags field is currently
unused, but will be used for features, including capability mode and
pay-as-you-go audit.