scf [Thu, 6 Mar 2008 15:14:36 +0000 (15:14 +0000)]
MFC:
Replace the use of warnx() with direct output to stderr using _write().
This reduces the size of a statically-linked binary by approximately 100KB
in a trivial "return (0)" test application. readelf -S was used to verify
that the .text section was reduced and that using strlen() saved a few
more bytes over using sizeof(). Since the section of code is only called
when environ is corrupt (program bug), I went with fewer bytes over fewer
cycles.
I made minor edits to the submitted patch to make the output resemble
warnx().
mtm [Thu, 6 Mar 2008 14:13:11 +0000 (14:13 +0000)]
MFC: rev. 1.32
Add the -M command-line option, which will set home directory
permissions. Works both in interactive or batch mode. This is
a heavily modified version of the patch submitted in the PR.
delphij [Thu, 6 Mar 2008 01:05:30 +0000 (01:05 +0000)]
MFC revision 1.5
date: 2008/02/16 00:16:49; author: delphij; state: Exp; lines: +2 -1
Allow underscore in domain names while resolving. While having underscore
is a violation of RFC 1034 [STD 13], it is accepted by certain name servers
as well as other popular operating systems' resolver library.
rwatson [Sat, 1 Mar 2008 15:40:53 +0000 (15:40 +0000)]
Merge uipc_sockbuf.c:1.176, uipc_socket.c:1.305, socketvar.h:1.162 from
HEAD to RELENG_7:
Further clean up sorflush:
- Expose sbrelease_internal(), a variant of sbrelease() with no
expectations about the validity of locks in the socket buffer.
- Use sbrelease_internel() in sorflush(), and as a result avoid
initializing and destroying a socket buffer lock for the temporary
stack copy of the actual buffer, asb.
- Add a comment indicating why we do what we do, and remove an XXX
since things have gotten less ugly in sorflush() lately.
This makes socket close cleaner, and possibly also marginally faster.
rwatson [Sat, 1 Mar 2008 11:55:11 +0000 (11:55 +0000)]
Merge mac_mls.c:1.99 from HEAD to RELENG_7:
Properly return the error from mls_subject_privileged() in the ifnet
relabel check for MLS rather than returning 0 directly.
This problem didn't result in a vulnerability currently as the central
implementation of ifnet relabeling also checks for UNIX privilege, and
we currently don't guarantee containment for the root user in mac_mls,
but we should be using the MLS definition of privilege as well as the
UNIX definition in anticipation of supporting root containment at some
point.
Submitted by: Zhouyi Zhou <zhouzhouyi at gmail dot com>
Sponsored by: Google SoC 2007
rwatson [Sat, 1 Mar 2008 11:50:00 +0000 (11:50 +0000)]
Merge tcp_usrreq.c:1.166 from HEAD to RELENG_7:
In tcp_ctloutput(), don't hold the inpcb lock over sooptcopyin(), rather,
drop the lock and then re-acquire it, revalidating TCP connection state
assumptions when we do so. This avoids a potential lock order reversal
(and potential deadlock, although none have been reported) due to the
inpcb lock being held over a page fault.
PR: 102752
Reviewed by: bz
Reported by: Václav Haisman <v dot haisman at sh dot cvut dot cz>
rwatson [Sat, 1 Mar 2008 11:44:30 +0000 (11:44 +0000)]
Merge netisr.h:1.34 from HEAD to RELENG_7:
Update netisr comment for the SMPng world order: netisr is no longer
implemented using the ISR facility, and cannot be triggered by calling
splnet()/splx().
kib [Fri, 29 Feb 2008 14:58:08 +0000 (14:58 +0000)]
MFC
rev. 1.3 of linux_misc.h,
rev. 1.217 of linux_misc.c:
Sanitize arguments to linux_mremap().
Check that only MREMAP_FIXED and MREMAP_MAYMOVE flags are specified.
Check for the page alignment of the addr argument.
scf [Thu, 28 Feb 2008 04:25:03 +0000 (04:25 +0000)]
MFC:
Add the groupmod '-d' option to pw to allow the deletion of existing users
from a group without the need to perform the same operation by replacing
the existing list via the '-M' option. The '-M' option requires someone
to fetch the existing members with pw, deleting the undesired members from
the list and sending the altered list back to pw.
rrs [Tue, 26 Feb 2008 11:33:12 +0000 (11:33 +0000)]
- Fix a bug in the connect() routine. A ref count was incremented
in the wrong place, which could cause a incorrect accounting undre
certain error conditions. And worse when we have a duplicate
connect we called TCB_LOCK() not TCB_UNLOCK().... which will
lead to a system lockup (escalting lock wait scenario).
jhb [Mon, 25 Feb 2008 22:20:13 +0000 (22:20 +0000)]
MFC: Mostly sync kgdb with HEAD including the following changes:
- Add a new 'add-kld <kld>' command to locate a kld and load its symbols.
- If the quiet flag is specified, don't dump the unread portion of the
message buffer on startup.
- Remove the warnx() from kgdb_lookup() and add it in callers where a
failed lookup is warning worthy.
- Add a shared library backend for kernel files that treats klds as shared
libraries and auto-load symbols for klds on startup.
- Build a section table from the kernel file so that 'info files' output
looks sane.
remko [Sun, 24 Feb 2008 14:31:41 +0000 (14:31 +0000)]
MFC rev 1.597 to 1.598 Makefile.inc1
rev 1.597
Give usr.bin/kdump/kdump_subr.c the same treatment as usr.bin/kdump/ioctl.c
and usr.bin/truss/ioctl.c. This is the correct way to address the problem
that arises when doing an incremental build after a header used by kdump
has been removed (cf. i4b disconnect a while ago)
Explained by: ru
MFC after: 2 weeks
rev 1.598
Satisfy a particularly obstinate nit-picker :)
Approved by: imp (mentor, implicit for trivial changes), des
(I am doing several MFC's for him)
remko [Sun, 24 Feb 2008 14:26:44 +0000 (14:26 +0000)]
MFC rev 1.10 100.chksetuid
rev 1.10
Rewrite to consume significantly less memory, by using find -s instead of
find | sort. As a bonus, this simplifies the logic considerably. Also
remove the bogus "overruning the args to ls" comment and the corresponding
"-n 20" argument to xargs; the whole point with xargs is precisely that it
knows how large the argument list can safely get.
Note that the first run of the updated script may hypotheticall produce
false positives due to differences between find's and sort's sorting
algorithm. I haven't seen this during testing, but others might.
MFC after: 2 weeks
Approved by: imp (mentor, implicit for trivial changes), des
(doing some MFC's for him)
- Allow IP in firewall_nat_interface, just like natd_interface
- Allow additional configuration parameters passed to ipfw via
firewall_nat_flags
- Document firewall_nat_* in defaults/rc.conf
Tested by: Albert B. Wang <abwang at gmail.com> MFC after: 1 month
markus [Sat, 16 Feb 2008 16:21:17 +0000 (16:21 +0000)]
MFC rev. 1.50:
Fix calculation of descriptor tag checksums. According to ECMA-167, Part 4,
7.2.3, bytes 0-3 and 5-15 are used to calculate the checksum of a descriptor
tag.
ume [Sat, 16 Feb 2008 12:45:26 +0000 (12:45 +0000)]
MFC 1.66: Add sysctl mibs for _TSP, _TC1 and _TC2 which is user
overridable but is blocked on user_override mib.
Not a few people want to use a passive cooling without their ACPI
BIOS support.
rwatson [Sat, 16 Feb 2008 11:59:23 +0000 (11:59 +0000)]
Merge priv.h:1.16 from HEAD to RELENG_7:
date: 2007/10/21 22:50:11; author: rwatson; state: Exp; lines: +1 -0
Add PRIV_VFS_STAT privilege, which will allow overriding policy limits on
the right to stat() a file, such as in mac_bsdextended.
marcel [Thu, 14 Feb 2008 19:15:46 +0000 (19:15 +0000)]
Insta MFC: machdep.c:1.230, pmap.c:1.197
On Montecito processors, the instruction cache is in fact not
coherent with the data caches. Implement a quick fix to allow
us to boot on Montecito, while I'm working on a better fix in
the mean time.
Add `hw.ciss.nop_message_heartbeat' tunable (default disabled) for
NOP-message polling in ciss_periodic().
Note that setting the tunable to non-zero can be workaround only for
`ADAPTER HEARTBEAT FAILED' problem, and may freeze the system w/o
the problem.