alc [Fri, 22 Aug 2003 17:50:32 +0000 (17:50 +0000)]
Use the requested page's object field instead of the vnode's. In some
cases, the vnode's object field is not initialized leading to a NULL
pointer dereference when the object is locked.
rwatson [Fri, 22 Aug 2003 17:36:23 +0000 (17:36 +0000)]
As new objects begin to support new labels, start to generalize
the default label support in /etc/mac.conf. Rather than maintain
each default label type in an explicit global variable in mac.c,
keep a list of defaults loaded from the configuration file.
Generalize the parsing so that we support both the older:
default_labels file foo
default_labels ifnet foo
default_labels process foo
We now accept arbitrary object classes in the first argument. If
the same object is specified more than once, we discard the
earlier definition in favor of the later one.
Add a new API, mac_prepare_type(), which accepts a mac_t to
prepare, as well as an object name in the second argument, which
will pull a default label set for the object out of the
configuration loaded by mac_init_internal(). This permits the libc
to adapt to new objects known about by applications but not by libc
at compile-time.
Also liberalize the error handling a bit: if we're using implicit
initialization (i.e., the application didn't explicitly initialize
the MAC code), ignore syntax errors and only use valid lines. In
the future, we may want to add explicit warnings and do this a
bit more consistently.
While here, add support for a MAC_CONFFILE environmental variable,
which may be used to specify an alternative mac.conf configuration
file if the application isn't running with modified privilege
(issetugid()).
njl [Fri, 22 Aug 2003 16:35:53 +0000 (16:35 +0000)]
Add the DA_Q_NO_PREVENT quirk which keeps da(4) from sending PREVENT/ALLOW
commands. Add a quirk for the Creative Nomad MuVo USB device that uses
it as well as NO_SYNCHRONIZE_CACHE.
PR: kern/53094
Submitted by: Richard Nyberg <rnyberg@it.su.se>
MFC after: 3 days
imp [Fri, 22 Aug 2003 15:28:22 +0000 (15:28 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 15:06:24 +0000 (15:06 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 08:49:56 +0000 (08:49 +0000)]
Add newly discovered ENE Technologies CardBus bridges to the list:
CB710, CB720, CB1211, CB1225, CB1410 and CB1420
These are likely licensed designed from TI, and the Linux PCMCIA code
treats them as TI chips.
Add comment, but no ID for the 711E1 from O2Micro.
imp [Fri, 22 Aug 2003 07:39:05 +0000 (07:39 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 07:20:27 +0000 (07:20 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 07:08:17 +0000 (07:08 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 06:42:59 +0000 (06:42 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 06:17:16 +0000 (06:17 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 06:06:16 +0000 (06:06 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 06:00:27 +0000 (06:00 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
imp [Fri, 22 Aug 2003 05:54:52 +0000 (05:54 +0000)]
Prefer new location of pci include files (which have only been in the
tree for two or more years now), except in a few places where there's
code to be compatible with older versions of FreeBSD.
kan [Fri, 22 Aug 2003 03:26:30 +0000 (03:26 +0000)]
Merge FreeBSD modifications into gcc 3.3.1-prerelease:
1.2 don't let gcc(1) hide warnings in system headers.
Don't disable warning suppression unconditionally, but rather
make in dependent on warn_system_headers flag, one should be
able to use -Wno-system-headers flag if warnings from system
headers are not desired.
kan [Fri, 22 Aug 2003 03:13:20 +0000 (03:13 +0000)]
Merge FreeBSD modifications into gcc 3.3.1-release:
1.2 -fformat-extensions.
1.7 FORCE_OPTIMIZATION_DOWNGRADE knob for Alpha.
1.14 -O0 -O1 optimize alignment for time, not size.
imp [Fri, 22 Aug 2003 01:59:28 +0000 (01:59 +0000)]
Many newer CF do not handle having the entire track read from them at
boot time. Instead, read it a sector at a time. While this sounds
like a significant slowdown, I've not been able to measure any
signficant difference.
Submitted by: luigi
Reviewed by: jhb, sam (both a while ago)
MFC After: 3 days
alc [Thu, 21 Aug 2003 20:59:07 +0000 (20:59 +0000)]
Assert that the vm object's lock is held on entry to vm_page_grab(); remove
code from this function that was needed when vm object locking was
incomplete.
rwatson [Thu, 21 Aug 2003 18:39:16 +0000 (18:39 +0000)]
Introduce two new MAC Framework and MAC policy entry points:
mac_reflect_mbuf_icmp()
mac_reflect_mbuf_tcp()
These entry points permit MAC policies to do "update in place"
changes to the labels on ICMP and TCP mbuf headers when an ICMP or
TCP response is generated to a packet outside of the context of
an existing socket. For example, in respond to a ping or a RST
packet to a SYN on a closed port.
rwatson [Thu, 21 Aug 2003 18:21:22 +0000 (18:21 +0000)]
Introduce two new MAC Framework and MAC policy entry points:
mac_reflect_mbuf_icmp()
mac_reflect_mbuf_tcp()
These entry points permit MAC policies to do "update in place"
changes to the labels on ICMP and TCP mbuf headers when an ICMP or
TCP response is generated to a packet outside of the context of
an existing socket. For example, in respond to a ping or a RST
packet to a SYN on a closed port.
rwatson [Thu, 21 Aug 2003 18:07:52 +0000 (18:07 +0000)]
Correct logic for filling out a "new" label during a credential
change in mac_lomac: if both flags are set on the new label, we
may not need to always fill out the label (only if one flag is
set, not both). Avoid stomping on a section of the label if we
are in fact modifying both elements.
Because we know that both flags will be set, we don't need to
test whether the range or single are set in later consistency
checks of the range and single -- just test them.
By checking the range of the new vs. the range of the old label
before testing the single against the new range, we implicitly
test that the new single is in the old range. Document this
with a comment.
imp [Thu, 21 Aug 2003 18:05:35 +0000 (18:05 +0000)]
Sort the vendors into three sections. First section is for those
vendors that list the vendor ID in the proper byte order. The second
section is for vendors that get it backwards. The third is for what
appear to be 'random' ones (although 0xcxxx appears to be coherent
enough that maybe somebody else is assigning those numbers).
imp [Thu, 21 Aug 2003 17:49:50 +0000 (17:49 +0000)]
Compaq's ID is 0x138. However, it looks like they also released
something with the vendor ID of 0x183. That could be a typo, or it
could be Paralon Technologies. Add an entry for Paralon, but don't
use it yet.
rwatson [Thu, 21 Aug 2003 17:28:45 +0000 (17:28 +0000)]
Retrofit of mac_test regression and consistency test module for MAC
Framework labels:
- Re-work the label state assertions to use a set of central
ASSERT_type_LABEL() assertions.
- Test to make sure labels passed to externalize/internalize calls haven't
been destroyed.
- For access control checks, assert the condition of all labels passed in.
- For life cycle events, assert the condition of all labels passed in.
- Add new entry point implementations for new MAC Framework entry points:
mac_test_reflect_mbuf_icmp(), mac_test_reflect_mbuf_tcp(),
mac_test_check_vnode_deleteextattr(), mac_test_check_vnode_listextattr().
imp [Thu, 21 Aug 2003 16:40:20 +0000 (16:40 +0000)]
Vendor 0xb is intersil, not Netgear. The MA401RA is just Netgear's
modle number, and I continue to use it as a place holder until I find
out what Intersil's name for it is.
rwatson [Thu, 21 Aug 2003 16:22:52 +0000 (16:22 +0000)]
Generally rename things to represent the fact that this is now the
mac_stub policy and no longer mac_none (as found in the repocopy).
Add comment to this effect.