mav [Sun, 9 Mar 2008 20:05:39 +0000 (20:05 +0000)]
MFC rev. 1.93-1.94
Make session ID generator to use session ID hash.
Make session ID generator thread-safe.
Use more compact LIST instead of TAILQ for session hash.
Add all listening hooks into LIST to simplify searches.
Use ng_findhook() instead of own equal implementation.
rwatson [Sun, 9 Mar 2008 14:50:28 +0000 (14:50 +0000)]
Merge db_input.c:1.38 from HEAD to RELENG_6:
When redrawing an input line, count backspaces to get to the beginning of
the input field from the current cursor location, rather than the end of
the input line, as the cursor may not be at the end of the line.
Otherwise, we may overshoot, overwriting a bit of the previous line and
failing to fully overwrite the current line.
PR: 119079
Submitted by: Michael Plass <mfp49_freebsd@plass-family.net>
'spi' and the return value of ntohl are unsigned. Remove the extra >=0
check which was always true.
Document the special meaning of spi values of 0 and 1-255 with a comment.
In case of failure we can directly return ENOBUFS because
'result' is still NULL and we do not need to free anything.
That allows us to gc the entire goto parts and a now unused variable.
Add a missing return so that we drop out in case of an error and
do not continue with a NULL pointer. [1]
While here change the return of the error handling code path above.
I cannot see why we should always return 0 there. Neither does KAME
nor do we in here for the similar check in all the other functions.
Looking at {ah,esp}_input_cb it seems we might be able to end up
without an mtag in ipsec4_common_input_cb.
So in case of !IPCOMP (AH,ESP) only change the m_tag_id if an mtag
was passed to ipsec4_common_input_cb.
MFC rev. 1.15 ipsec_input.c
Though we are only called for the three security protocols we can
handle, document those sprotos using an IPSEC_ASSERT so that it will
be clear that 'spi' will always be initialized when used the first time.
Implement ICMPv6 support in ipsec6_get_ulp().
This is needed to make security policies work correctly if ICMPv6 type
and/or code are given. See setkey(8) 'upperspec' para. for details.
rafan [Sat, 8 Mar 2008 05:42:52 +0000 (05:42 +0000)]
MFC termcap changes for the END/ENTER keys
Log:
- Remove kH and *6 from xterm. They are defined to the same key as @7 (kp_end)
As ncurses has the limitation that it returns the first matched key symbol,
you can not use END in ncurses based program, like mutt, with xterm.
- Add @8 (kp_enter) definition for xterm so you can use ENTER in xterm with
ncurses based program.
I also found that NetBSD's xterm does the same thing.
PR: 100150
Reported by: Arseny Nasokin <tarc at tarc.po.cs.msu.su>
Discussed with: Thomas Dickey, Ulrich Spoerlein <uspoerlein at gmail.com>
Reviewed by: freebsd-arch@
jhb [Fri, 7 Mar 2008 20:19:33 +0000 (20:19 +0000)]
MFC: VIA Padlock changes:
- Read the brand string from VIA/IDT CPUs.
- Add a VIA Padlock feature line in dmesg.
- Support the newer Via C7 core (0x6d0).
mtm [Thu, 6 Mar 2008 14:13:11 +0000 (14:13 +0000)]
MFC: rev. 1.32
Add the -M command-line option, which will set home directory
permissions. Works both in interactive or batch mode. This is
a heavily modified version of the patch submitted in the PR.
delphij [Thu, 6 Mar 2008 01:05:30 +0000 (01:05 +0000)]
MFC revision 1.5
date: 2008/02/16 00:16:49; author: delphij; state: Exp; lines: +2 -1
Allow underscore in domain names while resolving. While having underscore
is a violation of RFC 1034 [STD 13], it is accepted by certain name servers
as well as other popular operating systems' resolver library.
rwatson [Sun, 2 Mar 2008 14:54:48 +0000 (14:54 +0000)]
Conditionally acquire Giant based on debug.mpsafenet around entry points
from if_re taskqueue and other potentially Giant-free spots. If we don't
do this, Giant may not be held entering KAME IPSEC, etc.
This problem appeared in FreeBSD 6.2 as a result of a move to fast
interrupts, and does not exist in 7.x due to not having debug.mpsafenet.
PR: 118719
Reported by: Dan Lukes <dan at obluda dot cz>
Reviwed by: yongari
rwatson [Sat, 1 Mar 2008 14:52:06 +0000 (14:52 +0000)]
Merge mac_mls.c:1.99 from HEAD to RELENG_6:
Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.
This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.
Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by: Google SoC 2007
rwatson [Sat, 1 Mar 2008 11:45:14 +0000 (11:45 +0000)]
Merge netisr.h:1.34 from HEAD to RELENG_6:
Update netisr comment for the SMPng world order: netisr is no longer
implemented using the ISR facility, and cannot be triggered by calling
splnet()/splx().
rwatson [Sat, 1 Mar 2008 11:33:22 +0000 (11:33 +0000)]
Merge nfs_vnops.c:1.277 from HEAD to RELENG_6:
Remove hacks from the NFSv2/3 client intended to handle a lack of a
server-side RPC retranmission cache for non-idempotent operations: these
hacks substituted 0 (success) for the expected EEXIST in the event that
a target name already existed for LINK, SYMLINK, and MKDIR operations,
under the assumption that EEXIST represented a second application of the
original RPC rather than a true failure.
Background: certain NFS operations (in this case, LINK, SYMLINK, and
MKDIR) are not idempotent, as they leave behind persisting state on the
server that prevents them from being replayed without an error;if an UDP
RPC reply is lost leading to a retransmission by theclient, the second
reply will return EEXIST rather than success, asthe new object has
already been created. The NFS client previouslysilently mapped the
EEXIST return into success to paper over thisproblem.
However, in all modern NFS server implementations, a reply cache is kept
in order to retransmit the original reply to a retransmitted request,
rather than performing the operation a second time, allowing this hack
to be avoided. This allows link()-based filelocking over NFS to operate
correctly, as an application requestingthe creation of a new link for a
file to tell if it succeededatomically or not.
Other NFS clients, including Solaris and Linux, generally follow this
behavior for the same reasons. Most clients also now default to TCP,
which also helps avoid the issue of retransmitted but non-idempotent
requests in most cases.
Reported by: Adam McDougall <mcdouga9 at egr dot msu dot edu>,
Timo Sirainen <tss at iki dot fi>
Reviewed by: mohans
obrien [Tue, 26 Feb 2008 18:19:49 +0000 (18:19 +0000)]
Back out MFC of "eradicate caddr_t".
Turn's out Kris' suspisions were right - from a suttle code compatability
point of view. Robert Watson found that ARLA code had something like this:
typedef int (*foo_t)(caddr_t); ... foo_t fred;
The compile gets all snarky when it finds int fred(void *) { .. }.
jhb [Mon, 25 Feb 2008 22:20:13 +0000 (22:20 +0000)]
MFC: Mostly sync kgdb with HEAD including the following changes:
- Add a new 'add-kld <kld>' command to locate a kld and load its symbols.
- If the quiet flag is specified, don't dump the unread portion of the
message buffer on startup.
- Remove the warnx() from kgdb_lookup() and add it in callers where a
failed lookup is warning worthy.
- Add a shared library backend for kernel files that treats klds as shared
libraries and auto-load symbols for klds on startup.
- Build a section table from the kernel file so that 'info files' output
looks sane.
obrien [Mon, 25 Feb 2008 10:36:09 +0000 (10:36 +0000)]
MFC: rev 1.295: adjust maxfilesize for UFS1 and old 4.4 FFS.
UFS1: increase the limit to (max block - 1) * bsize.
4.4 FFS: decrease the limit from 0.5 TB to 2 GB - 1.
obrien [Mon, 25 Feb 2008 10:00:19 +0000 (10:00 +0000)]
MFC: rev 1.52: remove the buffers from the bufobj properly.
rev 1.53: rearrange the recover code to do the ffs_blkfree() after
second ffs_syncvnode(), that clears the pointers chain.
remko [Sun, 24 Feb 2008 14:25:18 +0000 (14:25 +0000)]
MFC rev 1.9 to 1.10 100.chksetuid
rev 1.9
Also check setuid executables on ZFS.
rev 1.10
Rewrite to consume significantly less memory, by using find -s instead of
find | sort. As a bonus, this simplifies the logic considerably. Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
Approved by: imp (mentor, implicit for trivial changes), des
(doing some MFC's for him)
remko [Sun, 24 Feb 2008 14:14:40 +0000 (14:14 +0000)]
MFC rev 1.11 to 1.14 for ichwd.c
rev 1.11
Add PCI device support for Intel S7000FC4UR in usb and ichwd, systems
will not install without the usb changes in the install kernel, so I
would like to MFC this in time for 7.0 RC
rev 1.5
Add PCI device support for Intel S7000FC4UR in usb and ichwd, systems
will not install without the usb changes in the install kernel, so I
would like to MFC this in time for 7.0 RC
remko [Sun, 24 Feb 2008 13:55:43 +0000 (13:55 +0000)]
MFC rev 1.26 verify.c
When applying a spec, traverse the existing directory tree in lexical
order. This allows direct comparison of the output of two different
runs, regardless of the order in which readdir(2) returns directory
entries.
MFC after: 3 weeks
Approved by: imp (mentor, implicit for trivial changes), des
(I am doing several MFC's for him).
mav [Sun, 24 Feb 2008 13:21:13 +0000 (13:21 +0000)]
Partial MFC rev. 1.23-1.24
- Avoid data copying. bpf_filter() is able to work directly on mbuf chain
- Prepare hooks direct pointers on setup to avoid heavy ng_findhook() calls
during operarion.
Merge is 'Partial' due to lack of JITTER support on 6.x.
markus [Sat, 16 Feb 2008 16:21:26 +0000 (16:21 +0000)]
MFC rev. 1.50:
Fix calculation of descriptor tag checksums. According to ECMA-167, Part 4,
7.2.3, bytes 0-3 and 5-15 are used to calculate the checksum of a descriptor
tag.
ume [Sat, 16 Feb 2008 12:45:26 +0000 (12:45 +0000)]
MFC 1.66: Add sysctl mibs for _TSP, _TC1 and _TC2 which is user
overridable but is blocked on user_override mib.
Not a few people want to use a passive cooling without their ACPI
BIOS support.
jhb [Fri, 15 Feb 2008 16:57:22 +0000 (16:57 +0000)]
MFC: Fix some bugs in dealing with DCMD's without data. MegaCli was sending
down some DCMD's without any data. Thanks to Dell and LSI for helping
to provide clues to figure out this problem. Now MegaCli can upgrade
the firmware and should work identical when run on Linux.