rwatson [Tue, 4 Oct 2005 16:40:20 +0000 (16:40 +0000)]
Re-order MAC and DAC checks in shmget() in order to give precedence to
the MAC result, as well as avoid losing the DAC check result when MAC
is enabled.
MFC after: 3 days
Reported by: Patrick LeBlanc <Patrick dot LeBlanc at sparta dot com>
csjp [Tue, 4 Oct 2005 15:06:10 +0000 (15:06 +0000)]
Protect PID initializations for statistics by the bpf descriptor
locks. Also while we are here, protect the bpf descriptor during
knlist_remove{add} operations.
dds [Tue, 4 Oct 2005 14:58:58 +0000 (14:58 +0000)]
Update the vnode's access time after an mmap operation on it.
Before this change a copy operation with cp(1) would not update the
file access times.
According to the POSIX mmap(2) documentation: the st_atime field
of the mapped file may be marked for update at any time between the
mmap() call and the corresponding munmap() call. The initial read
or write reference to a mapped region shall cause the file's st_atime
field to be marked for update if it has not already been marked for
update.
csjp [Tue, 4 Oct 2005 14:47:47 +0000 (14:47 +0000)]
Use the correct object's backing_object_offset while calculating offsets.
While we are here, add a note that we need to lock the object before walking
the backing object list.
csjp [Tue, 4 Oct 2005 14:32:58 +0000 (14:32 +0000)]
Standard Giant push down operations for the Mandatory Access Control (MAC)
framework. This makes Giant protection around MAC operations which inter-
act with VFS conditional, based on the MPSAFE status of the file system.
Affected the following syscalls:
o __mac_get_fd
o __mac_get_file
o __mac_get_link
o __mac_set_fd
o __mac_set_file
o __mac_set_link
-Drop Giant all together in __mac_set_proc because the
mac_cred_mmapped_drop_perms_recurse routine no longer requires it.
-Move conditional Giant aquisitions to after label allocation routines.
-Move the conditional release of Giant to before label de-allocation
routines.
yar [Tue, 4 Oct 2005 11:48:03 +0000 (11:48 +0000)]
Use a callback to set up a vlan interface so that "vlan"
and "vlandev" commands can be specified in any order.
This makes the code more compact and clear as well.
davidxu [Tue, 4 Oct 2005 06:15:25 +0000 (06:15 +0000)]
Add function pthread_timedjoin_np, the function is similar with pthread_join
except the function will return ETIMEDOUT if target thread does not exit
before specified absolute time passes.
scottl [Tue, 4 Oct 2005 04:49:21 +0000 (04:49 +0000)]
For some utterly bizarre reason, sparc64 coerces PAGE_SIZE to be a long
instead of an int. No other FreeBSD architecture does this. Patch over
this problem in the lmc driver. While I'm here, correct a mistake with
DEVICE_POLLING.
truckman [Mon, 3 Oct 2005 21:57:43 +0000 (21:57 +0000)]
Initialize the inode i_flag field in ffs_valloc() to clean up any
stale flag bits left over from before the inode was recycled.
Without this change, a leftover IN_SPACECOUNTED flag could prevent
softdep_freefile() and softdep_releasefile() from incrementing
fs_pendinginodes. Because handle_workitem_freefile() unconditionally
decrements fs_pendinginodes, a negative value could be reported at
file system unmount time with a message like:
unmount pending error: blocks 0 files -3
The pending block count in fs_pendingblocks could also be negative
for similar reasons. These errors can cause the data returned by
statfs() to be slightly incorrect. Some other cleanup code in
softdep_releasefile() could also be incorrectly bypassed.
brooks [Mon, 3 Oct 2005 18:20:44 +0000 (18:20 +0000)]
Use more rc.subr bits to clean up pccard_ether and implement new
features. Both the presence of a NOAUTO keyword and an interface being
up can be ignored is the forcestart option is used. Additionally, a
restart option has been added.
jhb [Mon, 3 Oct 2005 15:52:34 +0000 (15:52 +0000)]
- Use if_printf() and device_printf() and axe lge_unit from the softc.
- Don't bzero the softc first thing in attach.
- Cleanup error handling in attach() to avoid lots of duplication.
- Don't initialize the callout handle twice.
cognet [Mon, 3 Oct 2005 14:19:55 +0000 (14:19 +0000)]
Import dummy drivers for the i80321 DMA controller and AAU.
The DMA controller driver only knows how to do memory to memory copies, and
the AAU driver how to zero a chunk of memory.
Use them to process big (>=1KB) copying/zeroing.
glebius [Mon, 3 Oct 2005 14:15:26 +0000 (14:15 +0000)]
o Move a lot of parameter checking from netisr_poll() to
dedicated sysctl handlers. Protect manipulations with
poll_mtx. The affected sysctls are:
- kern.polling.burst_max
- kern.polling.each_burst
- kern.polling.user_frac
- kern.polling.reg_frac
o Use CTLFLAG_RD on MIBs that supposed to be read-only.
o u_int32t -> uint32_t
o Remove unneeded locking from poll_switch().
cognet [Mon, 3 Oct 2005 14:13:50 +0000 (14:13 +0000)]
- Provide the kernel l1pt physical address, for userland.
- Use the new API for pmap_copy_page() and pmap_zero_page().
- Just write-back the pages in pmap_qenter(), and invalidate it in
pmap_qremove().
- Nuke the cache flushing in pmap_enter_quick(), it's not needed anymore.
cognet [Mon, 3 Oct 2005 14:09:36 +0000 (14:09 +0000)]
Import a small ELF trampoline, in which the kernel is embedded, and that
is able to load the kernel into memory, symbol table included. This is
needed to be able to access the symbol table from DDB without a boot
loader.
cognet [Mon, 3 Oct 2005 14:07:57 +0000 (14:07 +0000)]
*blush*
Don't try to dereference map if it's NULL.
While I'm there, increase the minimum value to write-back/invalidate the
whole dcache in bus_dmamap_sync().
cperciva [Mon, 3 Oct 2005 12:49:54 +0000 (12:49 +0000)]
If sufficiently bad things happen during a call to kern_execve(), it is
possible for do_execve() to call exit1() rather than returning. As a
result, the sequence "allocate memory; call kern_execve; free memory"
can end up leaking memory.
This commit documents this astonishing behaviour and adds a call to
exec_free_args() before the exit1() call in do_execve(). Since all
the users of kern_execve() in the tree use exec_free_args() to free
the command-line arguments after kern_execve() returns, this should
be safe, and it fixes the memory leak which can otherwise occur.
Submitted by: Peter Holm
MFC after: 3 days
Security: Local denial of service
rwatson [Mon, 3 Oct 2005 11:09:39 +0000 (11:09 +0000)]
Acquire Giant conditionally in in_addmulti() and in_delmulti() based on
whether the interface being accessed is IFF_NEEDSGIANT or not. This
avoids lock order reversals when calling into the interface ioctl
handler, which could potentially lead to deadlock.
The long term solution is to eliminate non-MPSAFE network drivers.
scottl [Mon, 3 Oct 2005 07:05:34 +0000 (07:05 +0000)]
Reintroduce the lmc T1/E1/T3 WAN driver. This version is locked, supports
interface polling, compiles on 64-bit platforms, and compiles on NetBSD,
OpenBSD, BSD/OS, and Linux. Woo! Thanks to David Boggs for providing this
driver.
Altq, sppp, netgraph, and bpf are required for this driver to operate.
Userland tools and man pages will be committed next.
yar [Mon, 3 Oct 2005 02:24:21 +0000 (02:24 +0000)]
Improve handling flags that must be propagated
to the parent interface, such as IFF_PROMISC and
IFF_ALLMULTI. In addition, vlan(4) gains ability
to migrate from one parent to another w/o losing
its own flags.
yar [Mon, 3 Oct 2005 02:14:51 +0000 (02:14 +0000)]
Clean up consistency checks in if_setflag():
. use KASSERT for all checks so that the source of an error can be detected;
. use __func__ instead of spelling function name each time;
. fix a typo.
yar [Mon, 3 Oct 2005 01:47:43 +0000 (01:47 +0000)]
Log a message about entering or leaving permanently promiscuous mode,
as it is done for usual promiscuous mode already. This info is important
because promiscuous mode in the hands of a malicious party can jeopardize
the whole network.
truckman [Sun, 2 Oct 2005 23:27:56 +0000 (23:27 +0000)]
Always wire the sysctl output buffer in sysctl_kern_proc() before
calling sysctl_out_proc(). -- fix from jhb
Move the code in fill_kinfo_thread() that gathers data from struct proc
into the new function fill_kinfo_proc_only().
Change all callers of fill_kinfo_thread() to call both
fill_kinfo_proc_only() and fill_kinfo() thread. When gathering
data from a multi-threaded process, fill_kinfo_proc_only() only needs
to be called once.
Grab sched_lock before accessing the process thread list or calling
fill_kinfo_thread().
cognet [Sun, 2 Oct 2005 22:57:31 +0000 (22:57 +0000)]
- Call db_setup_paging() for traceall.
- Make it so one can't call db_setup_paging() if it has already been called
before. traceall needs this, or else the db_setup_paging() call from
db_trace_thread() will reset the printed line number, and override its
argument.
This is not perfect for traceall, because even if one presses 'q' while in
the middle of printing a backtrace it will finish printing the backtrace
before exiting, as db_trace_thread() won't be notified it should stop, but
it is hard to do better without reworking the pager interface a lot more.
hrs [Sun, 2 Oct 2005 21:02:37 +0000 (21:02 +0000)]
New release notes:
gre(4) IPv6 over GRE support,
ipfw IPv6 support,
new sysctl net.inet6.ip6.stealth added,
g_label now supports Ext2FS and ReiserFS,
bsdiff(1) and bspatch(1) added,
ping(8) "sweeping ping" support,
wcsdup() function added,
rc.d/gbde_swap renamed to rc.d/encswap,
rc.d/geli and rc.d/geli2 added, and
portsnap(8) imported.
yar [Sun, 2 Oct 2005 19:12:42 +0000 (19:12 +0000)]
Record dependency on the newly introduced pfsync.
Start before routing for better system protection.
(pf used to start late during system boot, after
many a network daemon have started already, which
sucked from security POV.)
Remark: For maximum security, pf should start before
netif, but it would create a dependency loop because
pfsync has to start after netif, yet before pf.
yar [Sun, 2 Oct 2005 18:59:02 +0000 (18:59 +0000)]
Add an rc.d script to start pfsync at the right moment of the
system boot, and hook it up in the system.
The separate script is needed because in the presence of various
interface lists in rc.conf ($network_interfaces, $cloned_interfaces,
$sppp_interfaces, $gif_interfaces, more to come) it is hard to start
them orderly, so that pfsync is brought up after its syncdev, which
is required for the proper startup of pfsync.
netchild [Sun, 2 Oct 2005 15:56:36 +0000 (15:56 +0000)]
* Fixed rate operation for es1370 chip to solve conflicting
sampling rate between playback and recording. This can be
disabled / enabled via kernel hints
(hint.pcm.<unit>.fixed_rate=0/4000-48000) or sysctl
hw.snd.pcm<unit>.fixed_rate=0/4000-48000). Default to 48khz
fixed rate. [1]
* Basic cleanup. *_es1371x_* -> *_es137x_*.
* Some locking fixes. [2]
Submitted by: Ariff Abdullah <skywizard@MyBSD.org.my>
Discussed with: yongari [2]
See also: http://lists.freebsd.org/pipermail/freebsd-multimedia/2005-September/002758.html [1]
Reported by: Jos Backus <jos at catnook.com> [1]
yar [Sun, 2 Oct 2005 15:54:26 +0000 (15:54 +0000)]
Use rc.subr(8) appropriately:
- utilize default methods instead of rolling local ones;
- avoid to specify BEFORE conditions we don't really need
(pflog will be REQUIRE'd by pf);
- omit extra decoration from warning messages, warn() will
decorate them sufficiently.
netchild [Sun, 2 Oct 2005 15:43:57 +0000 (15:43 +0000)]
sys/dev/sound/pcm/sndstat.c:
* General spl* cleanup. It doesn't serve any purpose anymore.
* Nuke sndstat_busy(). Addition of sndstat_acquire() /
sndstat_release() for sndstat exclusive access. [1]
sys/dev/sound/pcm/sound.c:
* Remove duplicate SLIST_INIT()
* Use sndstat_acquire() / release() to lock / release the entire
sndstat during pcm_unregister(). This should fix LOR #159 [1]
sys/dev/sound/pcm/sound.h:
* Definition of SD_F_SOFTVOL (part of feeder volume)
* Nuke sndstat_busy(). Addition of sndstat_acquire() /
sndstat_release() for exclusive sndstat access. [1]
rwatson [Sun, 2 Oct 2005 11:41:12 +0000 (11:41 +0000)]
Add a DDB "traceall" function, which stack traces all known process
threads. This is quite useful if generating a debug log for post-mortem
by another developer, in which case the person at the console may not
know which threads are of interest. The output of this can be quite
long.
maxim [Sun, 2 Oct 2005 08:43:57 +0000 (08:43 +0000)]
o Teach sysctl_drop() how to deal with the sockets in TIME_WAIT state.
This is a special case because tcp_twstart() destroys a tcp control
block via tcp_discardcb() so we cannot call tcp_drop(struct *tcpcb) on
such connections. Use tcp_twclose() instead.
avatar [Sun, 2 Oct 2005 04:29:08 +0000 (04:29 +0000)]
Fixing WEP bustage in hostap mode since 5.2-RELEASE.
- WEP TX fix:
The original code called software crypto, ieee80211_crypto_encap(),
which never worked since IEEE80211_KEY_SWCRYPT was never flagged due to
ieee80211_crypto_newkey() assumes that wi always supports hardware based
crypto regardless of operational mode(by virtue of IEEE80211_C_WEP).
This fix works around that issue by adding wi_key_alloc() to force
the use of s/w crypto. Also if anyone ever decides to cleanup ioctl
handling where key changes wouldn't cause a call to wi_init() every time,
we'll need wi_key_alloc() to DTRT.
In addition to that, this fix also adds code to wi_write_wep() to force
existing keys to be switched between h/w and s/w crypto such that an
operation mode change(sta <-> hostap) will flag IEEE80211_KEY_SWCRYPT
properly.
- WEP RX fix:
Clear IEEE80211_F_DROPUNENC even in hostap mode. Quote from Sam:
"This is really gross but I don't see an easy way around it.
By doing it we lose the ability to independently drop unencode
frames (and support mixed wep/!wep use). We should really be
setting the EXCLUDE_UNENCRYPTED flag written in wi_write_wep
based on IEEE80211_F_DROPUNENC but with our clearing it we can't
depend on it being set properly."
Reported by: Holm Tiffe <holm at freibergnet dot de>
Submitted by: sam
MFC after: 3 days
yar [Sat, 1 Oct 2005 20:58:03 +0000 (20:58 +0000)]
Fix the usage of rc_usage. The rc_usage function takes
a list of possible keywords, not all them in a single argument.
This also fixes the issue of extra delimiter characters appearing
on the help line from rc.d scripts not setting $extra_commands.