Rui Paulo [Fri, 27 Jun 2008 12:04:36 +0000 (12:04 +0000)]
Add the missing support for Asus Eee PC in acpi_asus(4).
This includes hotkeys support and sysctl variables to control camera
and card reader. These new sysctls don't have CTFLAG_ANYBODY set.
While there add entries to devd.conf related to the Eee volume keys.
Luigi Rizzo [Fri, 27 Jun 2008 10:30:08 +0000 (10:30 +0000)]
Add USB ids for the Epson DX7400 / CX7300 multifunction scanner printer
card reader. Tested operation of the scanner part with Sane,
card and printer correctly recognised as /dev/da0 and /dev/ulpt0
John Baldwin [Fri, 27 Jun 2008 05:39:04 +0000 (05:39 +0000)]
Rework the lifetime management of the kernel implementation of POSIX
semaphores. Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec. This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely. It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.
Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
the sem_unlink() operation. Prior to this patch, if a semaphore's name
was removed, valid handles from sem_open() would get EINVAL errors from
sem_getvalue(), sem_post(), etc. This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
process exited or exec'd. They were only cleaned up if the process
did an explicit sem_destroy(). This could result in a leak of semaphore
objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
'struct ksem' of an unnamed semaphore (created via sem_init)) and had
write access to the semaphore based on UID/GID checks, then that other
process could manipulate the semaphore via sem_destroy(), sem_post(),
sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
creating the semaphore was not honored. Thus if your umask denied group
read/write access but the explicit mode in the sem_init() call allowed
it, the semaphore would be readable/writable by other users in the
same group, for example. This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
then it might have deregistered one or more of the semaphore system
calls before it noticed that there was a problem. I'm not sure if
this actually happened as the order that modules are discovered by the
kernel linker depends on how the actual .ko file is linked. One can
make the order deterministic by using a single module with a mod_event
handler that explicitly registers syscalls (and deregisters during
unload after any checks). This also fixes a race where even if the
sem_module unloaded first it would have destroyed locks that the
syscalls might be trying to access if they are still executing when
they are unloaded.
XXX: By the way, deregistering system calls doesn't do any blocking
to drain any threads from the calls.
- Some minor fixes to errno values on error. For example, sem_init()
isn't documented to return ENFILE or EMFILE if we run out of semaphores
the way that sem_open() can. Instead, it should return ENOSPC in that
case.
Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
named semaphores nearly in a similar fashion to the POSIX shared memory
object file descriptors. Kernel semaphores can now also have names
longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
MAC checks for POSIX semaphores accept both a file credential and an
active credential. There is also a new posixsem_check_stat() since it
is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
in src/tools/regression/posixsem.
Robert Watson [Thu, 26 Jun 2008 23:05:28 +0000 (23:05 +0000)]
Introduce locking around use of ifindex_table, whose use was previously
unsynchronized. While races were extremely rare, we've now had a
couple of reports of panics in environments involving large numbers of
IPSEC tunnels being added very quickly on an active system.
- Add accessor functions ifnet_byindex(), ifaddr_byindex(),
ifdev_byindex() to replace existing accessor macros. These functions
now acquire the ifnet lock before derefencing the table.
- Add IFNET_WLOCK_ASSERT().
- Add static accessor functions ifnet_setbyindex(), ifdev_setbyindex(),
which set values in the table either asserting of acquiring the ifnet
lock.
- Use accessor functions throughout if.c to modify and read
ifindex_table.
- Rework ifnet attach/detach to lock around ifindex_table modification.
Note that these changes simply close races around use of ifindex_table,
and make no attempt to solve the probem of disappearing ifnets. Further
refinement of this work, including with respect to ifindex_table
resizing, is still required.
In a future change, the ifnet lock should be converted from a mutex to an
rwlock in order to reduce contention.
John Baldwin [Thu, 26 Jun 2008 22:36:38 +0000 (22:36 +0000)]
Tweak the output of event log messages from the controller:
- Each log entry contains a text description in the "description" field of
the entry. The existing decode logic always ended up duplicating
information that was already in the description string. This made the
logs overly verbose. Now we just print out the description string.
- Add some simple parsing of the timestamp and event classes.
John Baldwin [Thu, 26 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Adjust the handling of pending log events during boot:
- Fetch events from the controller in batches of 15 rather than a single
event at a time.
- When fetching events from the controller, honor the event class and
locale settings (via hw.mfi tunables). This also allows the firmware to
skip over unwanted log entries resulting in fewer requests to the
controller if there many unwanted log entries since the last clean
shutdown.
- Don't drop the driver mutex while decoding an event.
- If we get an error other than MFI_STAT_NOT_FOUND (basically EOF for
hitting the end of the event log) then emit a warning and bail on
processing further log entries.
John Baldwin [Thu, 26 Jun 2008 13:51:25 +0000 (13:51 +0000)]
Change SEM_VALUE_MAX (maximum value of a POSIX semaphore) from UINT_MAX
to INT_MAX. Otherwise, a process could create a semaphore (or increase
its value via ksem_post()) beyond INT_MAX and sem_getvalue() would return
a negative value. sem_getvalue() is only supposed to return a negative
value if that is the number of waiters for that semaphore.
Some tests won't build at WARNS level 6 due to aliasing violations.
Add missing -I. so the tests will build when ${.OBJDIR} != ${.CURDIR}.
${.OBJDIR} does not need to be spelled out.
Doug Rabson [Thu, 26 Jun 2008 10:21:54 +0000 (10:21 +0000)]
Re-implement the client side of rpc.lockd in the kernel. This implementation
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).
Sponsored by: Isilon Systems
PR: 94256
MFC after: 2 weeks
Ruslan Ermilov [Thu, 26 Jun 2008 07:56:16 +0000 (07:56 +0000)]
Fix a fallout from SSP commit, and make this compile again.
Bonus: including kern.mk just to pick kernel warning flags
was an extremely bad idea anyway, because it also picked
up CFLAGS (it probably wasn't the case at the time of CVS
rev. 1.1, I haven't checked). Remove duplicate CWARNFLAGS
from CFLAGS.
Ruslan Ermilov [Thu, 26 Jun 2008 07:52:45 +0000 (07:52 +0000)]
Fix a chicken-and-egg problem: this files implements SSP support,
so we cannot compile it with -fstack-protector[-all] flags (or
it will self-recurse); this is ensured in sys/conf/files. This
OTOH means that checking for defines __SSP__ and __SSP_ALL__ to
determine if we should be compiling the support is impossible
(which it was trying, resulting in an empty object file). Fix
this by always compiling the symbols in this files. It's good
because it allows us to always have SSP support, and then compile
with SSP selectively.
Mike Makonnen [Thu, 26 Jun 2008 07:12:35 +0000 (07:12 +0000)]
Gcc barfs in glob.c when run with -O3. To fix this make g_strchr() work on
and return (const Char *) pointers instead of just (Char *) and get rid of
all the type casting.
Mike Makonnen [Thu, 26 Jun 2008 07:05:35 +0000 (07:05 +0000)]
The signature for a pthread function requires that it
return a pointer to a void. The send_thread() and disk_thread()
funtions; however, do not have a return value because they run for
the duration of the daemon's lifetime. This causes gcc to barf when
running with -O3. Make these functions return a null pointer to quiet it.
PR: bin/124342
Submitted by: Garrett Cooper <gcooper@FreeBSD.org> (minus his comments)
MFC after: 1 week
Ruslan Ermilov [Wed, 25 Jun 2008 21:33:28 +0000 (21:33 +0000)]
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
Marius Strobl [Wed, 25 Jun 2008 21:04:59 +0000 (21:04 +0000)]
Use "__asm __volatile" rather than "__asm" for instruction sequences
that modify condition codes (the carry bit, in this case). Without
"__volatile", the compiler might add the inline assembler instructions
between unrelated code which also uses condition codes, modifying the
latter.
This prevents the TCP pseudo header checksum calculation done in
tcp_output() from having effects on other conditions when compiled
with GCC 4.2.1 at "-O2" and "options INET6" left out. [1]
Reported & tested by: Boris Kochergin [1]
MFC after: 3 days
Ed Schouten [Wed, 25 Jun 2008 07:45:31 +0000 (07:45 +0000)]
Remove the unused major/minor numbers from iodev and memdev.
Now that st_rdev is being automatically generated by the kernel, there
is no need to define static major/minor numbers for the iodev and
memdev. We still need the minor numbers for the memdev, however, to
distinguish between /dev/mem and /dev/kmem.
In case of interface initialization failure remove struct in_ifaddr* from
in_ifaddrhashtbl in in_ifinit because error handler in in_control removes
entries only for AF_INET addresses. If in_ifinit is called for the cloned
inteface that has just been created its address family is not AF_INET and
therefor LIST_REMOVE is not called for respective LIST_INSERT_HEAD and
freed entries remain in in_ifaddrhashtbl and lead to memory corruption.
David Xu [Tue, 24 Jun 2008 07:32:12 +0000 (07:32 +0000)]
Add two commands to _umtx_op system call to allow a simple mutex to be
locked and unlocked completely in userland. by locking and unlocking mutex
in userland, it reduces the total time a mutex is locked by a thread,
in some application code, a mutex only protects a small piece of code, the
code's execution time is less than a simple system call, if a lock contention
happens, however in current implemenation, the lock holder has to extend its
locking time and enter kernel to unlock it, the change avoids this disadvantage,
it first sets mutex to free state and then enters kernel and wake one waiter
up. This improves performance dramatically in some sysbench mutex tests.
Ed Maste [Tue, 24 Jun 2008 03:26:41 +0000 (03:26 +0000)]
Fix test for waiting AIFs in aac_poll(). This seems to solve the
problem where Adaptec's arcconf monitoring tool hangs after producing
its expected output.
Submitted by: Adaptec, via driver ver 15317
MFC after: 1 week
Mike Makonnen [Mon, 23 Jun 2008 22:06:28 +0000 (22:06 +0000)]
The sysctl(8) program exits on some errors and only emits warnings on
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.
Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
John Baldwin [Mon, 23 Jun 2008 21:37:53 +0000 (21:37 +0000)]
Remove the posixsem_check_destroy() MAC check. It is semantically identical
to doing a MAC check for close(), but no other types of close() (including
close(2) and ksem_close(2)) have MAC checks.
Mike Makonnen [Mon, 23 Jun 2008 20:50:11 +0000 (20:50 +0000)]
Implement a "quiet" mode for rc.d/netif, which only outputs
the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
+Computers can't cruise. Meandering is a foreign concept to them.
+The computer assumes that all behavior is in pursuit of an ultimate
+goal. Whenever a motorist changes his or her mind and veers off
+course, the GPS lady issues that snippy announcement: "Recalculating!"
+ -- Joel Achenbach (www.slate.com, 20 jun 2008)
John Baldwin [Mon, 23 Jun 2008 18:16:25 +0000 (18:16 +0000)]
- Use bus_foo() rather than bus_space_foo() and retire the bus tag and handle
from the softc.
- Rework the watchdog timer to match other NIC drivers:
- Start a timer in fe_init() that runs once a second and checks a counter
in the softc that is identical to the deprecated 'if_timer'.
- Just adjust the softc tx timeout value when sending packets instead of
scheduling the timer.
- Use IFQ_SET_MAXLEN().
Andrew Thompson [Mon, 23 Jun 2008 16:08:40 +0000 (16:08 +0000)]
Ensure the channel is a number and not a range, the 'channel' command can be
easily mixed up with 'chanlist' and would give unexpected results by fixing the
channel on the first number in the range.
Andrew Thompson [Mon, 23 Jun 2008 15:40:56 +0000 (15:40 +0000)]
- Fix compile if WPI_DEBUG is not defined
- Allow debug.wpi to be set from a tunable
- Put ring reset messages back under debug
- Add more debug output around channel init
Mike Makonnen [Mon, 23 Jun 2008 12:06:35 +0000 (12:06 +0000)]
Set the sysctl(8) value in the same shell, not a subshell. This was
causing calls to netoptions_init() to not properly set a global variable,
which ended up being in the parent shell.
Ed Schouten [Mon, 23 Jun 2008 05:22:06 +0000 (05:22 +0000)]
Turn execvpe() into an internal libc routine.
Adding exevpe() has caused some ports to break. Even though execvpe() is
a useful routine, it does not conform to any standards.
This patch is a little bit different from the patch sent to the mailing
list. I forgot to remove execvpe from the Symbol.map (which does not
seem to miscompile libc, though).
Mike Makonnen [Mon, 23 Jun 2008 05:09:09 +0000 (05:09 +0000)]
Move the diagnostic output when the rc.subr(8) glue automatically starts a
service behind $rc_quiet. Instead, output a warning if the pre-command
routine or the command itself failed. Arguably, it's more useful to know when
a command failed to start than it is to have an endless list of
"Starting ...." lines[1].
[1] - This change actually helped me to discover a bug in rc.d/{lockd,statd}
(fixed in r179941) that used to fail silently before.
Robert Watson [Sun, 22 Jun 2008 21:51:32 +0000 (21:51 +0000)]
If S_IFIFO is passed to mknod(2), invoke kern_mkfifoat(9) to create a
FIFO, as required by SUSv3. No specific privilege check is performed
in this case, as FIFOs may be created by unprivileged processes
(subject to the normal file system name space restrictions that may be
in place).
Unlike the Apple implementation, we reject requests to create a FIFO
using mknod(2) if there is a non-zero dev argument to the system call,
which is permitted by the Open Group specification ("... undefined
..."). We might want to revise this if we find it causes
compatibility problems for applications in practice.
Robert Watson [Sun, 22 Jun 2008 21:03:26 +0000 (21:03 +0000)]
Teach fifo_create regression test to also try to use mknod(2) to create
fifos, as this is required by the Single UNIX Specification, although
not currently implemented on FreeBSD.
While here, fix a bug in the directory timestamp checking test by
sleeping after querying the starting timestamp, rather than before.
Get pointer to devfs_ruleset struct after garbage collection has been
performed. Otherwise if ruleset is used by given mountpoint and is empty
it's freed by devfs_ruleset_reap and pointer becomes bogus.
Marius Strobl [Sun, 22 Jun 2008 13:54:51 +0000 (13:54 +0000)]
o The FreeBSD bus_dmamap_sync(9) supports ored together flags for quite
some time now so collapse calls accordingly.
o Given that gem_load_txmbuf() is allowed to fail resulting in a packet
drop also for quite some time now implement the functionality of
gem_txcksum() by means of m_pullup(9), which de-obfuscates the code
and allows to always retrieve the correct length of the IP header.
o Add missing BUS_DMASYNC_PREREAD when syncing the control DMA maps in
gem_rint() and gem_start_locked().
o Correct some bus_barrier(9) calls to do a read/write barrier as we
do a read after a write. Add some missing ones in gem_mii_readreg()
and gem_mii_writereg().
o According to the Apple GMAC driver, the GEM ASIC specification and
the OpenSolaris eri(7D) the TX FIFO threshold has to be set to 0x4ff
for the Gigabit variants and 0x100 for the ERI in order do avoid TX
underruns.
o In gem_init_locked():
- be conservative and enable the RX and TX MACs,
- don't clear GEM_LINK otherwise we don't ever mark the link as up
again if gem_init_locked() is called from gem_watchdog(),
- remove superfluous setting of sc_ifflags.
o Don't bother to check whether the interface is running or whether its
queue is empty before calling gem_start_locked() in gem_tint(), the
former will check these anyway.
o Call gem_start_locked() in gem_watchdog() in order to try to get
some more packets going.
o In gem_mii_writereg() after reseting the PCS restore its configuration.
Alexander Motin [Sun, 22 Jun 2008 11:39:42 +0000 (11:39 +0000)]
Partially revert previous commit. DeleteLink() does not deletes permanent
links so we should be aware of it and try to delete every link only once
or we will loop forever.
Alan Cox [Sun, 22 Jun 2008 04:54:27 +0000 (04:54 +0000)]
Make preparations for increasing the size of the kernel virtual address space
on the amd64 architecture. The amd64 architecture requires kernel code and
global variables to reside in the highest 2GB of the 64-bit virtual address
space. Thus, the memory allocated during bootstrap, before the call to
kmem_init(), starts at KERNBASE, which is not necessarily the same as
VM_MIN_KERNEL_ADDRESS on amd64.
Alan Cox [Sat, 21 Jun 2008 21:02:13 +0000 (21:02 +0000)]
KERNBASE is not necessarily an address within the kernel map, e.g.,
PowerPC/AIM. Consequently, it should not be used to determine the maximum
number of kernel map entries. Intead, use VM_MIN_KERNEL_ADDRESS, which marks
the start of the kernel map on all architectures.
Alan Cox [Sat, 21 Jun 2008 19:19:09 +0000 (19:19 +0000)]
Prepare for a larger kernel virtual address space. Specifically, once
KERNBASE and VM_MIN_KERNEL_ADDRESS are no longer the same, the physical
memory allocated during bootstrap will be offset from the low-end of the
kernel's page table.
Tim Kientzle [Sat, 21 Jun 2008 19:11:51 +0000 (19:11 +0000)]
Refactor one of the ISO extraction tests: Move the reference
file into a separate file (instead of embedding it in the C code)
and use later timestamps (timestamps too close to the Epoch fail
predictably on systems that lack timegm(), whose mktime() doesn't
support dates before the Epoch and which are running in timezones
with negative offsets from GMT). The goal here is to test the ISO
extraction, not the local platform's time support.
Tim Kientzle [Sat, 21 Jun 2008 19:06:37 +0000 (19:06 +0000)]
MfP4: Joerg Sonnenberg's extensions to the mtree support for more
complete quoting. In particular, this handles escaped newlines
and common C-style escapes.
Tim Kientzle [Sat, 21 Jun 2008 19:05:29 +0000 (19:05 +0000)]
A security-check failure here should be ARCHIVE_FAILED (cannot continue this
operation) and not ARCHIVE_WARN, since we don't actually open the file.
Both bsdtar and bsdcpio will try to copy file contents after an ARCHIVE_WARN,
which will fail loudly.
Tim Kientzle [Sat, 21 Jun 2008 17:47:56 +0000 (17:47 +0000)]
If we're using -l and can't hardlink the file because of a cross-device
link, just ignore the -l option and copy the file instead.
In particular, this should fix the COPYTREE_* macros used in the
ports infrastructure which use -l to preserve space but often get
used for cross-device copies.
Alexander Motin [Sat, 21 Jun 2008 16:22:56 +0000 (16:22 +0000)]
Add support for PORT/EPRT FTP commands in lowercase.
Use strncasecmp() instead of huge local implementation to reduce code size.
Check space presence after command/code.