rwatson [Sun, 28 Oct 2007 15:55:23 +0000 (15:55 +0000)]
Move towards more explicit support for various network protocol stacks
in the TrustedBSD MAC Framework:
- Add mac_atalk.c and add explicit entry point mac_netatalk_aarp_send()
for AARP packet labeling, rather than using a generic link layer
entry point.
- Add mac_inet6.c and add explicit entry point mac_netinet6_nd6_send()
for ND6 packet labeling, rather than using a generic link layer entry
point.
- Add expliict entry point mac_netinet_arp_send() for ARP packet
labeling, and mac_netinet_igmp_send() for IGMP packet labeling,
rather than using a generic link layer entry point.
- Remove previous genering link layer entry point,
mac_mbuf_create_linklayer() as it is no longer used.
- Add implementations of new entry points to various policies, largely
by replicating the existing link layer entry point for them; remove
old link layer entry point implementation.
- Make MAC_IFNET_LOCK(), MAC_IFNET_UNLOCK(), and mac_ifnet_mtx global
to the MAC Framework rather than static to mac_net.c as it is now
needed outside of mac_net.c.
miwi [Sun, 28 Oct 2007 13:33:25 +0000 (13:33 +0000)]
Actually the keyword tells network.subr to launch wpa_supplicant on the
selected interface. wpa_supplicant does not only handle WPA
authentication but also EAP/LEAP as well as WEP encryption or no
encryption at all. The patch clarifies this.
kientzle [Sat, 27 Oct 2007 22:45:40 +0000 (22:45 +0000)]
When skipping input data, don't overflow a 32-bit size_t.
This can only happen on 32-bit systems when you're reading
an uncompressed archive and the skip request is an exact
multiple of 4G (e.g., skipping a tar entry with an 8G body).
The symptom is that the read_ahead() ends up returning zero
bytes, and the extraction stops with a premature end-of-file.
Using '1' here is more correct anyway, as it allows read_ahead()
to function opportunistically and minimize copying.
jhb [Sat, 27 Oct 2007 22:14:17 +0000 (22:14 +0000)]
Don't return an error from resume() if execution of _DIS fails for some
reason (not all BIOSen have _DIS methods for all link devices for example).
This matches the behavior of attach() with respect to _DIS as well.
jhb [Sat, 27 Oct 2007 22:07:40 +0000 (22:07 +0000)]
Change the roundrobin implementation in the 4BSD scheduler to trigger a
userland preemption directly from hardclock() via sched_clock() when a
thread uses up a full quantum instead of using a periodic timeout to cause
a userland preemption every so often. This fixes a potential deadlock
when IPI_PREEMPTION isn't enabled where softclock blocks on a lock held
by a thread pinned or bound to another CPU. The current thread on that
CPU will never be preempted while softclock is blocked.
Note that ULE already drives its round-robin userland preemption from
sched_clock() as well and always enables IPI_PREEMPT.
yar [Sat, 27 Oct 2007 19:57:41 +0000 (19:57 +0000)]
Add a comment explaining why disc(4) bears the IFF_LOOPBACK flag.
It should be the final follow-up to an old yet unfinished discussion
on whether IFF_LOOPBACK is necessary for disc(4) and why.
yar [Sat, 27 Oct 2007 18:40:34 +0000 (18:40 +0000)]
Allow the shell used by make(1) to be changed early via the
__MAKE_SHELL variable. This feature isn't supposed to be in wide
use, but it's needed now to make `installworld' independent of the
stock binaries and libs so that radical ABI changes can go in safely.
yar [Sat, 27 Oct 2007 18:25:53 +0000 (18:25 +0000)]
if_loop doesn't need to keep the list of lo(4) interfaces. Today
a private softc list is needed neither for tracking clones in general
nor for destroying all clones before the module unload -- if_clone
takes care of all that. (Note that some other interface drivers do
need a softc list to be able to scan it for their private purposes.)
yar [Sat, 27 Oct 2007 18:18:58 +0000 (18:18 +0000)]
Add some essential tools to rescue(8) in order to make it
a versatile emergency tool:
o sed(1) as a multi-purpose text filter -- can do grep's job and much more.
o head(1), tail(1), and tee(1) as idiomatic text filters.
o mt(1) to control tape drives (PR misc/98383).
o chown(8) aka chgrp(8) to complement the ch* subset.
o pkill(1) aka pgrep(1) to control running processes easily and thus to be
able to recover from a serious problem or a fatal typo in an otherwise live
system w/o a reboot. (It also deserves adding to rescue(8) for its having
triggered a latent bug in crunchgen(1), but we had better add a regression
test for that. :-)
The resulting change in rescue(8) size has the following order of magnitude
on i386: 3787656 - 3727872 = 59784, i.e. just a tad.
Discussed on: -hackers (I seem to have wearied all opponents :-)
PR: misc/98383
rodrigc [Sat, 27 Oct 2007 16:28:05 +0000 (16:28 +0000)]
Add the following mount options to the nfs_opts array:
noatime, noexec, suiddir, nosuid, nosymfollow, union,
noclusterr, noclusterw, multilabel, acls, force, update,
async. These options correspond to MOPT_STDOPTS, MOPT_FORCE, MOPT_UPDATE,
and MOPT_ASYNC.
Currently, mount_nfs converts these "-o" options from strings
to MNT_ flags via getmntopts(),
and passes the flags from userspace to the kernel.
This change will allow us in future to pass these mount options
as strings directly to the kernel via nmount() when doing NFS mounts.
yar [Sat, 27 Oct 2007 16:13:31 +0000 (16:13 +0000)]
Set the program name if the crunched program is selected through
argv[1] to mimic crt0 behaviour. Do the job by a direct assignment
to __progname in order to stay compatible with NetBSD, whose
setprogname() is a deliberate no-op.
The reason for this change is that some programs (usually those
imported from NetBSD) use getprogname() to distinguish between their
aliases. (See pkill aka pgrep for example.)
This change can be useful, and applicable, to NetBSD, too.
rodrigc [Sat, 27 Oct 2007 15:59:18 +0000 (15:59 +0000)]
In nmount(), if MNT_ROOT is in the mount flags, filter it
out instead of returning an error.
(1) This makes the behavior consistent with mount(2).
(2) This makes update mounts on the root file system work properly.
(3) The explicit checks for MNT_ROOTFS in src/sbin/fsck_ffs/main.c
and src/usr.sbin/mountd/mountd.c which were put in to
eliminate errors during update mounts on the root file system
can be removed.
The only place were MNT_ROOTFS can be validly set
is inside the kernel, i.e. with vfs_mountroot_try().
jhb [Sat, 27 Oct 2007 14:54:43 +0000 (14:54 +0000)]
Don't destroy an ACPI device_t for a PCI device and reassign the ACPI
handle to the PCI device_t if the ACPI device_t is already attached to a
driver. This happens on the Tablet TC1000 which for some reason includes
two PCI-ISA bridges and treats the second bridge as an ACPI system resource
device.
jhb [Sat, 27 Oct 2007 13:34:53 +0000 (13:34 +0000)]
Don't test the APIC flag in the cpuid features for amd64 to see if a
local APIC is present or not. All amd64 CPUs have a local APIC and some
BIOSen don't set the CPUID_APIC flag.
rwatson [Sat, 27 Oct 2007 10:38:57 +0000 (10:38 +0000)]
Give each posixsem MAC Framework entry point its own counter and test case
in the mac_test policy, rather than sharing a single function for all of
the access control checks.
julian [Sat, 27 Oct 2007 00:42:40 +0000 (00:42 +0000)]
Initialise the initial process pointer to NULL so that we know we don't
have an idle process yet.
I'm guessing that on my system this was always 0 already.
alc [Sat, 27 Oct 2007 00:09:30 +0000 (00:09 +0000)]
Change vm_page_cache_transfer() such that it does not transfer pages
that would have an offset beyond the end of the target object. Such
pages should remain in the source object.
MFC after: 3 days
Diagnosed and reviewed by: Kostik Belousov
Reported and tested by: Peter Holm
julian [Fri, 26 Oct 2007 22:18:20 +0000 (22:18 +0000)]
If kthread_exit() is called on the last kthread in a kproc, then
all the work in kproc_exit must be done.
We don't actually have a user of this yet but why leave it to chance.
jhb [Fri, 26 Oct 2007 21:02:31 +0000 (21:02 +0000)]
Use the smaller cgbase() macro in ufsread.c if UFS_SMALL_CGBASE is
defined. This lets each boot program choose which version of cgbase() it
wants to use rather than forcing ufsread.c to have that knowledge.
imp [Fri, 26 Oct 2007 15:00:34 +0000 (15:00 +0000)]
The arm boot code uses this function as well. Redefining cgbase()
saves about 500 bytes in the boot code. While the AT91RM9200 has 12k
of space for the boot loader, which is more than i386's 8k, the code
generated by gcc is a bit bigger.
simon [Fri, 26 Oct 2007 10:12:26 +0000 (10:12 +0000)]
If the INDEX file cannot be opened, print the actual filename / path
pkg_version tried to open instead of just "INDEX" to make the actual
problem more clear (e.g. missing INDEX-8).
julian [Fri, 26 Oct 2007 08:00:41 +0000 (08:00 +0000)]
Introduce a way to make pure kernal threads.
kthread_add() takes the same parameters as the old kthread_create()
plus a pointer to a process structure, and adds a kernel thread
to that process.
kproc_kthread_add() takes the parameters for kthread_add,
plus a process name and a pointer to a pointer to a process instead of just
a pointer, and if the proc * is NULL, it creates the process to the
specifications required, before adding the thread to it.
All other old kthread_xxx() calls return, but act on (struct thread *)
instead of (struct proc *). One reason to change the name is so that
any old kernel modules that are lying around and expect kthread_create()
to make a process will not just accidentally link.
fix top to show kernel threads by their thread name in -SH mode
add a tdnam formatting option to ps to show thread names.
make all idle threads actual kthreads and put them into their own idled process.
make all interrupt threads kthreads and put them in an interd process
(mainly for aesthetic and accounting reasons)
rename proc 0 to be 'kernel' and it's swapper thread is now 'swapper'
pjd [Fri, 26 Oct 2007 06:55:00 +0000 (06:55 +0000)]
Save stack only when KTR_GEOM is both compiled into the kernel and enabled
in debug.ktr.mask. Because saving stack is very expensive, it's better only
to do it when one really wants to.
peter [Fri, 26 Oct 2007 03:23:54 +0000 (03:23 +0000)]
Split /dev/nvram driver out of isa/clock.c for i386 and amd64. I have not
refactored it to be a generic device.
Instead of being part of the standard kernel, there is now a 'nvram' device
for i386/amd64. It is in DEFAULTS like io and mem, and can be turned off
with 'nodevice nvram'. This matches the previous behavior when it was
first committed.
csjp [Fri, 26 Oct 2007 01:23:07 +0000 (01:23 +0000)]
Implement AUE_CORE, which adds process core dump support into the kernel.
This change introduces audit_proc_coredump() which is called by coredump(9)
to create an audit record for the coredump event. When a process
dumps a core, it could be security relevant. It could be an indicator that
a stack within the process has been overflowed with an incorrectly constructed
malicious payload or a number of other events.
- We allocate a completely new record to make sure we arent clobbering
the audit data associated with the syscall that produced the core
(assuming the core is being generated in response to SIGABRT and not
an invalid memory access).
- Shuffle around expand_name() so we can use the coredump name at the very
beginning of the coredump call. Make sure we free the storage referenced
by "name" if we need to bail out early.
- Audit both successful and failed coredump creation efforts
cognet [Thu, 25 Oct 2007 23:02:42 +0000 (23:02 +0000)]
Add an option to be able to override the value of the AT91 master clock
frequency. It'd be better to be able to calculate it at runtime, but we need
the information very early, to setup the uart.
rwatson [Thu, 25 Oct 2007 22:45:25 +0000 (22:45 +0000)]
Sort entry points in mac_framework.h and mac_policy.h alphabetically by
primary object type, and then by secondarily by method name. This sorts
entry points relating to particular objects, such as pipes, sockets, and
vnodes together.
Sponsored by: SPARTA (original patches against Mac OS X)
Obtained from: TrustedBSD Project, Apple Computer
jhb [Thu, 25 Oct 2007 17:30:18 +0000 (17:30 +0000)]
Don't attach to the "IBM0057" ID. This ID is used by IBM machines for
the PS/2 mouse controller. Thus, when acpi_ibm(4) claimed the mouse
device, the mouse would stop working. The one ACPI dump of an R40 that
I've looked at includes an HKEY device with the proper "IBM0068" ID, so
I'm not sure how the "IBM0057" ID could have helped at all.
nyan [Thu, 25 Oct 2007 12:57:46 +0000 (12:57 +0000)]
MFi386: part of revision 1.51
Rework the read/write support in the bios disk driver some to cut down
on duplicated code.
- All of the bounce buffer and retry logic duplicated in bd_read() and
bd_write() are merged into a single bd_io() routine that takes an
extra direction argument. bd_read() and bd_write() are now simple
wrappers around bd_io().
rwatson [Thu, 25 Oct 2007 12:34:14 +0000 (12:34 +0000)]
Rename mac_associate_nfsd_label() to mac_proc_associate_nfsd(), and move
from mac_vfs.c to mac_process.c to join other functions that setup up
process labels for specific purposes. Unlike the two proc create calls,
this call is intended to run after creation when a process registers as
the NFS daemon, so remains an _associate_ call..
rwatson [Thu, 25 Oct 2007 11:31:11 +0000 (11:31 +0000)]
Consistently name functions for mac_<policy> as <policy>_whatever rather
than mac_<policy>_whatever, as this shortens the names and makes the code
a bit easier to read.
When dealing with label structures, name variables 'mb', 'ml', 'mm rather
than the longer 'mac_biba', 'mac_lomac', and 'mac_mls', likewise making
the code a little easier to read.