Alan Cox [Wed, 8 Nov 2006 18:43:47 +0000 (18:43 +0000)]
Simplify the construction of the free queues in vm_page_startup(). Add
an assertion to test a hypothesis concerning other redundant computation
in vm_page_startup().
Bruce Evans [Wed, 8 Nov 2006 15:15:05 +0000 (15:15 +0000)]
Don't always print a space character in show_stat(), since a space
shouldn't be printed after the last column. This restores the
formatting to 79 columns.
Hartmut Brandt [Wed, 8 Nov 2006 10:36:57 +0000 (10:36 +0000)]
Make the generated oid.h dependend on the Makefile. The Makefile defines
the symbols to be extracted from the MIB and if that list of symbols is
changed, oid.h should be re-generated.
Alan Cox [Wed, 8 Nov 2006 06:31:28 +0000 (06:31 +0000)]
MFamd64/ia64/i386/sun4v
Use cnt.v_page_count, the actual count of available physical pages,
instead of vm_page_array_size to compute the maximum number of pv
entries.
Randall Stewart [Wed, 8 Nov 2006 00:21:13 +0000 (00:21 +0000)]
-Fixes first of all the getcred on IPv6 and V4. The
copy's were incorrect and so was the locking.
-A bug was also found that would create a race and
panic when an abort arrived on a socket being read
from.
-Also fix the reader to get MSG_TRUNC when a partial
delivery is aborted.
-Also addresses a couple of coverity caught error path
memory leaks and a couple of other valid complaints
Approved by: gnn
John Baldwin [Tue, 7 Nov 2006 19:45:05 +0000 (19:45 +0000)]
Simplify operations with sync_mtx in sched_sync():
- Don't drop the lock just to reacquire it again to check rushjob, this
only wastes time.
- Use msleep() to drop the mutex while sleeping instead of explicitly
unlocking around tsleep.
Marius Strobl [Tue, 7 Nov 2006 19:44:41 +0000 (19:44 +0000)]
- Don't bother to include IDs of PCnet chips which are not supported
by this driver and largely are not even PCI devices in pcn_chipid.
- Use device_printf(9)/if_printf(9) rather than implementing their
functionality with printf(9).
- Sprinkle some const.
John Baldwin [Tue, 7 Nov 2006 19:03:42 +0000 (19:03 +0000)]
Fix some edge cases in detach (including attach failures):
- Only call iwi_stop() if we got far enough along in iwi_attach() to
alloc an ifnet.
- Release the firmware after stopping the interface and detaching the
ifnet.
John Baldwin [Tue, 7 Nov 2006 18:53:49 +0000 (18:53 +0000)]
Add a new 'union l_sigval' to use in place of 'union sigval' in the
linux siginfo structure. l_sigval uses a l_uintptr_t for sival_ptr so
that sival_ptr is the right size for linux32 on amd64. Since no code
currently uses 'lsi_ptr' this is just a cosmetic nit rather than a bug
fix.
John Baldwin [Tue, 7 Nov 2006 18:48:18 +0000 (18:48 +0000)]
Remove old XXX comment about possibly adding a print_Intel_info() function
to dump CPUID level=2 stuff. A print_INTEL_info() function that does just
that was added a while ago.
Bruce Evans [Tue, 7 Nov 2006 10:03:10 +0000 (10:03 +0000)]
Second stage of unbreaking thr formatting of the NICE field: decode the
priority class and use this to:
- print "-" instead of a garbage value for ithreads. Print "-" instead
of the unused nice value for kthreads which are (mis)classified as
PRI_TIMESHARE. For such threads, the nice value can be set to nonzero
by root, but it is never used (at least by the 4bsd scheduler). For
ithreads, we didn't even print the unused value.
- print "i<priority>" and "r<priority>" instead of a biased "<priority>"
for idletime and realtime threads, Here <priority> is the priority
parameter to idprio/rtprio(1). Just add the prefix and remove the
bias for now. <priority> has been stored indirectly in the kernel
since 2001/02/12, and even the kernel cannot recover the original
value in all cases. Here we need to handle more cases than pri_to_rtp(),
but actually handle fewer cases, and end up printing garbage after
a thread changes its current priority while in the kernel.
- for idletime and realtime threads, if they are kthreads then add a prefix
of "k" to the previous string.
- for idletime and realtime threads, if they in the FIFO scheduling class
then add a suffix of "F" to the previous string (if it fits; the other
parts of the string are sure to fit unless <priority> is garbage).
Instead of re-implementing hton[ls] and friends for each arch, add a new MI
file, net/ntoh.c, which just implement them using the inline functions from
<sys/endian.h>.
Ruslan Ermilov [Mon, 6 Nov 2006 19:06:07 +0000 (19:06 +0000)]
Sometimes the vty switching has to be delayed; the vty
to be switched to is saved in sc->delayed_next_scr and
the actual switch is performed later. It was possible
to get into the endless loop when attempting to switch
to a closed vty (which is not allowed and beep-alerted
when attempted) and when the visual beep was in effect.
This caused sc->delayed_next_scr to never be reset and
endless attempts to switch to a closed vty and endless
visual beeping. How to repeat:
- boot into single-user
- run "kbdcontrol -b visual"
- quickly press Alt+F2 two times
Style facelift.
- Reduce the number of global variables
- Make global objects static
- Use bool consistently
- Sort getopt arguments and their processing
- Add function comments
- Change notlast != 0 into !last
Robert Watson [Mon, 6 Nov 2006 15:11:24 +0000 (15:11 +0000)]
Add auditd_program variable to defaults, in order to make it more clear
how to change the auditd instance. When using a port/package-based
OpenBSM, changing the auditd pointer may be desirable.
Robert Watson [Mon, 6 Nov 2006 14:54:06 +0000 (14:54 +0000)]
Convert three new suser(9) calls introduced between when the priv(9)
patch was prepared and committed to priv(9) calls. Add XXX comments
as, in each case, the semantics appear to differ from the TCP/UDP
versions of the calls with respect to jail, and because cr_canseecred()
is not used to validate the query.
Randall Stewart [Mon, 6 Nov 2006 14:34:21 +0000 (14:34 +0000)]
This changes tracks down the EEOR->NonEEOR mode failure
to wakeup on close of the sender. It basically moves
the return (when the asoc has a reader/writer) further
down and gets the wakeup and assoc appending (of the
PD-API event) moved up before the return. It also
moves the flag set right before the return so we can
assure only once adding the PD-API events.
Do What I Mean when the user asks for random integers or characters.
Up to now jot would fail to generate the last character in the range
or skew the integer distribution in a way that would generate the numbers
in the range's limits with half the probability of the rest.
This modification fixes the program, rather than documenting the
strange behavior, as suggested in docs/54879.
Robert Watson [Mon, 6 Nov 2006 13:42:10 +0000 (13:42 +0000)]
Sweep kernel replacing suser(9) calls with priv(9) calls, assigning
specific privilege names to a broad range of privileges. These may
require some future tweaking.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
Robert Watson [Mon, 6 Nov 2006 13:37:19 +0000 (13:37 +0000)]
Add a new priv(9) kernel interface for checking the availability of
privilege for threads and credentials. Unlike the existing suser(9)
interface, priv(9) exposes a named privilege identifier to the privilege
checking code, allowing more complex policies regarding the granting of
privilege to be expressed. Two interfaces are provided, replacing the
existing suser(9) interface:
A comprehensive list of currently available kernel privileges may be
found in priv.h. New privileges are easily added as required, but the
comments on adding privileges found in priv.h and priv(9) should be read
before doing so.
The new privilege interface exposed sufficient information to the
privilege checking routine that it will now be possible for jail to
determine whether a particular privilege is granted in the check routine,
rather than relying on hints from the calling context via the
SUSER_ALLOWJAIL flag. For now, the flag is maintained, but a new jail
check function, prison_priv_check(), is exposed from kern_jail.c and used
by the privilege check routine to determine if the privilege is permitted
in jail. As a result, a centralized list of privileges permitted in jail
is now present in kern_jail.c.
The MAC Framework is now also able to instrument privilege checks, both
to deny privileges otherwise granted (mac_priv_check()), and to grant
privileges otherwise denied (mac_priv_grant()), permitting MAC Policy
modules to implement privilege models, as well as control a much broader
range of system behavior in order to constrain processes running with
root privilege.
The suser() and suser_cred() functions remain implemented, now in terms
of priv_check() and the PRIV_ROOT privilege, for use during the transition
and possibly continuing use by third party kernel modules that have not
been updated. The PRIV_DRIVER privilege exists to allow device drivers to
check privilege without adopting a more specific privilege identifier.
This change does not modify the actual security policy, rather, it
modifies the interface for privilege checks so changes to the security
policy become more feasible.
Sponsored by: nCircle Network Security, Inc.
Obtained from: TrustedBSD Project
Discussed on: arch@
Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri,
Alex Lyashkov <umka at sevcity dot net>,
Skip Ford <skip dot ford at verizon dot net>,
Antoine Brodin <antoine dot brodin at laposte dot net>
Rink Springer [Mon, 6 Nov 2006 12:19:43 +0000 (12:19 +0000)]
Added PCI ID's for:
- 0x1065: Intel 82562ET/EZ/GT/GZ PRO/100 VE Ethernet [1], as found on
Tyan GS14 barebones.
- 0x1094: Intel Pro/100 946GZ (ICH7) Network Connection [2], as found on
Intel 946GZis motherboards.
Restore jot's ability to use a seed for producing a deterministic
sequence of random numbers.
This functionality was lost in revision 1.9 when the random number
generator was switched to arc4random.
Tim Kientzle [Mon, 6 Nov 2006 00:24:57 +0000 (00:24 +0000)]
Computing SHLIB_MAJOR is not a good idea. It's really a FreeBSD
system value that has no real relation to the libarchive version.
(Except, of course, that any ABI breakage will force both to be
incremented.)
Change the type of ar_arg_sockaddr from struct sockaddr to struct
sockaddr_storage. This structure is defined in RFC 2553 and is a more
semantically correct structure for holding IP and IP6 sockaddr information.
struct sockaddr is not big enough to hold all the required information for
IP6, resulting in truncated addresses et al when auditing IP6 sockaddr
information.
We also need to assume that the sa->sa_len has been validated before the call to
audit_arg_sockaddr() is made, otherwise it could result in a buffer overflow.
This is being done to accommodate auditing of network related arguments (like
connect, bind et al) that will be added soon.
Major rework of the ia64 loaders. The two primary objectives are:
1. Make libefi portable by removing ia64 specific code and build
it on i386 and amd64 by default to prevent regressions. These
changes include fixes and improvements over previous code to
establish or improve APIs where none existed or when the amount
of kluging was unacceptably high.
2. Increase the amount of sharing between the efi and ski loaders
to improve maintainability of the loaders and simplify making
changes to the loader-kernel handshaking in the future.
The version of the efi and ski loaders are now both changed to 1.2
as user visible improvements and changes have been made.
When parsing an invalid parameter expansion (eg. ${} or ${foo@bar}) do not
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done. This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).
Fix possible leak when bridge is in monitor mode. Use m_freem() which will
free the entire chain, instead of using m_free() which will free just the
mbuf that was passed.
Randall Stewart [Sun, 5 Nov 2006 13:25:18 +0000 (13:25 +0000)]
Tons of fixes to get all the 64bit issues removed.
This also moves two 16 bit int's to become 32 bit
values so we do not have to use atomic_add_16.
Most of the changes are %p, casts and other various
nasty's that were in the orignal code base. With this
commit my machine will now do a build universe.. however
I as yet have not tested on a 64bit machine .. it may not work :-(
When the source and destination objects for VOP_RENAME() are the same,
POSIX advice to just ignore the operation and return 0.
We already handle this case in kern_rename(), but don't give bad example -
the source is not removed.