sam [Fri, 5 Jun 2009 17:19:55 +0000 (17:19 +0000)]
Do not force the mtu to 2290; this was done to insure large EAPOL frames
could be handled w/o fragmentation but clobbers user-specified values
such as those required when the interface is bridged.
luigi [Fri, 5 Jun 2009 16:16:07 +0000 (16:16 +0000)]
Several ipfw options and actions use a 16-bit argument to indicate
pipes, queues, tags, rule numbers and so on.
These are all different namespaces, and the only thing they have in
common is the fact they use a 16-bit slot to represent the argument.
There is some confusion in the code, mostly for historical reasons,
on how the values 0 and 65535 should be used. At the moment, 0 is
forbidden almost everywhere, while 65535 is used to represent a
'tablearg' argument, i.e. the result of the most recent table() lookup.
For now, try to use explicit constants for the min and max allowed
values, and do not overload the default rule number for that.
Also, make the MTAG_IPFW declaration only visible to the kernel.
NOTE: I think the issue needs to be revisited before 8.0 is out:
the 2^16 namespace limit for rule numbers and pipe/queue is
annoying, and we can easily bump the limit to 2^32 which gives
a lot more flexibility in partitioning the namespace.
Clists were originally used by the TTY layer as a text buffer interface.
The advantage of clists were that it would allocate a small set of
additional buffers that could be shared between TTYs when needed. In
the modern days we can just allocate some more KBs of memory to keep the
TTYs satisfied. The global cfreelist also requires synchronisation,
which may not be useful when trying to improve scalability.
The MPSAFE TTY layer uses its own text buffers (ttyinq and ttyoutq). We
had a small amount of drivers in the tree that still uses clists, like
the old USB stack and some keyboard drivers. With the old USB stack gone
and the keyboard drivers changed to use a circular buffer, we can safely
remove clists from the kernel.
Move buffer management into kbd and kbdmux drivers.
These two drivers seem to be the last consumers of clists. clists are
quite overengineered for simple circular buffers, so I'm adding similar
buffer management routines to the kbd and kbdmux drivers. The input
buffer is now part of the softc structures, instead of having
dynamically allocated cblocks.
rwatson [Fri, 5 Jun 2009 14:55:22 +0000 (14:55 +0000)]
Move "options MAC" from opt_mac.h to opt_global.h, as it's now in GENERIC
and used in a large number of files, but also because an increasing number
of incorrect uses of MAC calls were sneaking in due to copy-and-paste of
MAC-aware code without the associated opt_mac.h include.
rwatson [Fri, 5 Jun 2009 14:31:03 +0000 (14:31 +0000)]
Unifdef MAC label pointer in syncache entries -- in general, ifdef'd
structure contents are a bad idea in the kernel for binary
compatibility reasons, and this is a single pointer that is now included
in compiles by default anyway due to options MAC being in GENERIC.
rwatson [Fri, 5 Jun 2009 14:29:49 +0000 (14:29 +0000)]
Correct MAC compile problems resulting from the new RPC code copying and
pasting code from the general socket code without also bringing along
required opt_mac.h includes.
rwatson [Fri, 5 Jun 2009 13:55:33 +0000 (13:55 +0000)]
Fix spelling of MAC check for 8.x version of MAC Framework, not noticed due
to a lack of an opt_mac.h include, which I won't add for now as options MAC
will soon move to opt_global.h.
luigi [Fri, 5 Jun 2009 13:44:30 +0000 (13:44 +0000)]
More cleanup in preparation of ipfw relocation (no actual code change):
+ move ipfw and dummynet hooks declarations to raw_ip.c (definitions
in ip_var.h) same as for most other global variables.
This removes some dependencies from ip_input.c;
+ remove the IPFW_LOADED macro, just test ip_fw_chk_ptr directly;
+ remove the DUMMYNET_LOADED macro, just test ip_dn_io_ptr directly;
+ move ip_dn_ruledel_ptr to ip_fw2.c which is the only file using it;
edwin [Fri, 5 Jun 2009 13:05:14 +0000 (13:05 +0000)]
[patch] Portuguese timedef
In Portuguese, the names of the days of the week are not capitalized.
Also there is always a dash before "feira" in the names of the days.
For example: "segunda-feira" and not "segunda feira" (which has a
completely different meaning).
x_fmt is not correct either. The date separator should not be a dot
but a slash. Example: 31/12/2005 if far more used in Portugal than
31.12.2005.
References:
- a Portuguese online dictionary http://priberam.pt/dlpo/dlpo.aspx
- http://answers.com/days_of_the_week (there are translations to
various languages, including Portuguese, at the bottom of the
page)
- http://en.wikipedia.org/wiki/Week-day_names (there are translations
to various languages, including Portuguese, at the bottom of the
page)
- a Portuguese style guide
http://www.publico.clix.pt/nos/livro_estilo/16d-palavras.html
("datas" section)
brian [Fri, 5 Jun 2009 09:16:52 +0000 (09:16 +0000)]
If we're passed garbage in malloc_init(), panic() rather than expecting
a KASSERT to handle it. People are likely to turn off INVARIANTS RSN
and loading an old module can cause garbage-in here.
I saw the issue with an older nvidia driver (x11/nvidia-driver) loading
into a new kernel - a crash wasn't seen 'till sysctl_kern_malloc_stats().
I was lucky that mtp->ks_shortdesc was NULL and not something horrible.
While I'm here, KASSERT that malloc_uninit() isn't passed something that's
not in kmemstatistics.
raj [Fri, 5 Jun 2009 09:09:46 +0000 (09:09 +0000)]
Fill PTEs covering kernel code and data.
Without this fix pte_vatopa() was not able to retrieve physical address of
data structures inside kernel, for example EFAULT was reported while acessing
/dev/kmem ('netstat -nr').
Submitted by: Piotr Ziecik
Obtained from: Semihalf
brian [Fri, 5 Jun 2009 09:08:53 +0000 (09:08 +0000)]
Change the behaviour of -F slightly; it now persists (forever) in
trying to open files rather than giving up when it encounters an
error. ENOENT errors are not reported.
As a result, files that are moved away then recreated are not at
risk of being 'lost' to tail. Files that are recreated and
temporarily have unreadable permissions will be shown when they
are fixed.
This behaviour is consistent with the GNU version of tail but
without the verbiage that goes with the GNU version.
This change also fixes error messages accompanying -f and -F.
They no longer report problems with (null)!
benno [Thu, 4 Jun 2009 23:43:08 +0000 (23:43 +0000)]
Perform some checking on the requested list of modules to warn people if they
try to load modules by filename out of the current directory where the module
in question may be further up the module path or not in the module path at all.
Also add some text to the man page to help explain what's going on.
edwin [Thu, 4 Jun 2009 22:01:50 +0000 (22:01 +0000)]
[patch] fortune(6): George Bernard Shaw quote fix
From the original PR:
s/milestones/millstones/
and less important..
s/man/Man/
Not every source I've seen capitalizes 'Man', but it seems
right. Uncapitalized 'man' would usually be preceded by
an 'a'. But I haven't seen any reference cite the orignal
source yet, so I can't say for sure.
http://quotationsbook.com/quote/31568/
PR: conf/131469
Submitted by: John Hein <jhein@timing.com>
MFC after: 2 days
Support shared vnode locks for write operations when the offset is
provided on filesystems that support it. This really improves mysql
+ innodb performance on ZFS.
sam [Thu, 4 Jun 2009 15:57:38 +0000 (15:57 +0000)]
o station mode channel switch support
o IEEE80211_IOC_CHANSWITCH fixups:
- restrict to hostap vaps
- return EOPNOTSUPP instead of EINVAL when applied to !hostap vap
or to a vap w/o 11h enabled
- interpret count of 0 to mean cancel the current CSA
rmacklem [Thu, 4 Jun 2009 14:49:27 +0000 (14:49 +0000)]
Fix upcall races in the client side krpc. For the client side upcall,
holding SOCKBUF_LOCK() isn't sufficient to guarantee that there is
no upcall in progress, since SOCKBUF_LOCK() is released/re-acquired
in the upcall. An upcall reference counter was added to the upcall
structure that is incremented at the beginning of the upcall and
decremented at the end of the upcall. As such, a reference count == 0
when holding the SOCKBUF_LOCK() guarantees there is no upcall in
progress. Add a function that is called just after soupcall_clear(),
which waits until the reference count == 0.
Also, move the mtx_destroy() down to after soupcall_clear(), so that
the mutex is not destroyed before upcalls are done.
rmacklem [Thu, 4 Jun 2009 14:13:06 +0000 (14:13 +0000)]
Fix two races in the server side krpc w.r.t upcalls:
Add a flag so that soupcall_clear() is only called once to cancel
an upcall.
Move the test for xprt_registered in the upcall down to after the
mtx_lock() of the pool mutex, to catch the case where it is
unregistered while the upcall is waiting for the mutex.
Also, move the mtx_destroy() of the pool mutex to after SVC_RELEASE(),
so that it isn't destroyed before the upcalls are disabled.
luigi [Thu, 4 Jun 2009 12:27:57 +0000 (12:27 +0000)]
fix a bug introduced in rev.190865 related to the signedness
of the credit of a pipe. On passing, also use explicit
signed/unsigned types for two other fields.
Noticed by Oleg Bulyzhin and Maxim Ignatenko long ago,
i forgot to commit the fix.
rwatson [Thu, 4 Jun 2009 10:30:18 +0000 (10:30 +0000)]
Re-add opt_mac.h include, which is required in order for MNT_MULTILABEL
to be set properly on devfs. Otherwise, it isn't possible to set labels
on /dev nodes.
Reported by: Sergio Rodriguez <sergiorr at yahoo.com>
MFC after: 3 days
dfr [Thu, 4 Jun 2009 08:13:51 +0000 (08:13 +0000)]
Don't panic in nlm_record_lock if we get ENOENT from lf_advlockasync. This
is likely to be because the file was just removed and in our context this is
harmless.
weongyo [Thu, 4 Jun 2009 02:49:50 +0000 (02:49 +0000)]
reimplements RF logic for GCT chipset (as known as UW2453) to support
ICIDU NI-707503 which is donated by Nick Hibma (great thanks!). Though
it has a MAXIM RF (0x8) there's some success reports with using GCT RF
(0x9) codes and it worked well for ICIDU NI-707503 too. So codes for
MAXIM and GCT RFs are integrated.
Before this commit, if I rememeber correctly, MAXIM RF is never tested
that it seems it's a first report working with FreeBSD.
sam [Wed, 3 Jun 2009 23:33:09 +0000 (23:33 +0000)]
When a channel switch is done to a channel with different operating
characteristics force the stations to re-associate so protocol state
is re-initialized. Note that for 11h/DFS this is irrelevant as channel
changes are never cross-band.
sam [Wed, 3 Jun 2009 23:30:25 +0000 (23:30 +0000)]
After a channel switch mark associated stations so they will immediately
be probed as inactive; this more quickly weeds out stations that don't
follow to the new channel.
jkim [Wed, 3 Jun 2009 20:24:28 +0000 (20:24 +0000)]
Fix acpidump(8) disassmebly with option -d. iasl(8) creates disassembled
output file from input file name as a template. Honor TMPDIR environment
variable while I am here.
rwatson [Wed, 3 Jun 2009 19:41:12 +0000 (19:41 +0000)]
Add one further check with mac_policy_count to an mbuf copying case
(limited to netatalk) to avoid MAC label lookup on both mbufs if no
policies are registered.
rwatson [Wed, 3 Jun 2009 18:46:28 +0000 (18:46 +0000)]
Continue work to optimize performance of "options MAC" when no MAC policy
modules are loaded by avoiding mbuf label lookups when policies aren't
loaded, pushing further socket locking into MAC policy modules, and
avoiding locking MAC ifnet locks when no policies are loaded:
- Check mac_policies_count before looking for mbuf MAC label m_tags in MAC
Framework entry points. We will still pay label lookup costs if MAC
policies are present but don't require labels (typically a single mbuf
header field read, but perhaps further indirection if IPSEC or other
m_tag consumers are in use).
- Further push socket locking for socket-related access control checks and
events into MAC policies from the MAC Framework, so that sockets are
only locked if a policy specifically requires a lock to protect a label.
This resolves lock order issues during sonewconn() and also in local
domain socket cross-connect where multiple socket locks could not be
held at once for the purposes of propagatig MAC labels across multiple
sockets. Eliminate mac_policy_count check in some entry points where it
no longer avoids locking.
- Add mac_policy_count checking in some entry points relating to network
interfaces that otherwise lock a global MAC ifnet lock used to protect
ifnet labels.
stas [Wed, 3 Jun 2009 17:30:10 +0000 (17:30 +0000)]
- Remove unused sparc64-bitops.h file. Our ext2fs code doesn't use
sparc64-specific bitops implemetations and relies on generic ones.
Furthermore, bitops implementations present in sparc64-bitops.h
are written in C similarly to generic bitops.
stas [Wed, 3 Jun 2009 14:18:37 +0000 (14:18 +0000)]
- Style(9) improvements.
- Convert all K&R definitions to ANSI equialents.
- Retire bsd_malloc and bsd_free macros and
use malloc/free directly.
- Drop some unused debugging calls.
stas [Wed, 3 Jun 2009 13:25:50 +0000 (13:25 +0000)]
- Sync our copies of ext2fs Linux headers to current Linux versions.
Minimize differencies between our ext2fs headers and relevant Linux
versions by using EXT2_SB macro to access the superblock fields. Most
of the differencies in access to these fields are now hidden inside
this macro.
- Rename the s_db_per_group field of ext2fs_sb_info to s_gdb_count
to reflect the similar change in Linux headers. New name also seem
to be more appropriate for this field.
- Use proper types for s_first_inode and s_inode_size in-core superblock
fields. Now they reflec types used in the on-disk superblock version.
- Add support for older filesystem revisions that doesn't have proper
s_first_ino and s_inode_size fields in the on-disk superblock. In these
cases predefined values for these fields are used.
- Add simple sanity checks for s_first_inode and s_inode_size correctness.
snb [Wed, 3 Jun 2009 09:44:22 +0000 (09:44 +0000)]
Add vm_lowmem event handler for dirhash. This will cause dirhashes to be
deleted when the system is low on memory. This ought to allow an increase to
vfs.ufs.dirhash_maxmem on machines that have lots of memory, without
degrading performance by having too much memory reserved for dirhash when
other things need it. The default value for dirhash_maxmem is being kept at
2MB for now, though.
This work was mostly done during the 2008 Google Summer of Code.
Approved by: dwmalone (mentor), re
MFC after: 3 months
rwatson [Wed, 3 Jun 2009 08:49:44 +0000 (08:49 +0000)]
By default, label all network interfaces as biba/equal on attach. This
makes it easier for first-time users to configure and work with biba as
remote acess is still allowed. Effectively, this means that, by default,
only local security properties, not distributed ones, are enforced.
rwatson [Tue, 2 Jun 2009 22:22:09 +0000 (22:22 +0000)]
Mark MAC Framework sx and rm locks as NOWITNESS to suppress warnings that
might arise from WITNESS not understanding its locking protocol, which
should be deadlock-free. Currently these warnings generally don't occur,
but as object locking is pushed into policies for some object types, they
would otherwise occur more often.
rmacklem [Tue, 2 Jun 2009 22:15:47 +0000 (22:15 +0000)]
Add support for the experimental nfs subsystem to the scripts in
/etc/rc.d. They use the following new rc variables:
nfsv4_server_enable - set to "YES" to run the experimental server
nfsuserd_enable - set to "YES" to run nfsuserd for NFSv4 client and
server
nfsuserd_flags - command line flags for nfsuserd
nfscbd_enable - set to "YES" to run the experimental nfs client's
NFSv4 callback daemon
nfscbd_flags - command line flags for nfscbd
rwatson [Tue, 2 Jun 2009 18:31:08 +0000 (18:31 +0000)]
Remove MAC kernel config files and add "options MAC" to GENERIC, with the
goal of shipping 8.0 with MAC support in the default kernel. No policies
will be compiled in or enabled by default, but it will now be possible to
load them at boot or runtime without a kernel recompile.
While the framework is not believed to impose measurable overhead when no
policies are loaded (a result of optimization over the past few months in
HEAD), we'll continue to benchmark and optimize as the release approaches.
Please keep an eye out for performance or functionality regressions that
could be a result of this change.
Approved by: re (kensmith)
Obtained from: TrustedBSD Project
rwatson [Tue, 2 Jun 2009 18:26:17 +0000 (18:26 +0000)]
Add internal 'mac_policy_count' counter to the MAC Framework, which is a
count of the number of registered policies.
Rather than unconditionally locking sockets before passing them into MAC,
lock them in the MAC entry points only if mac_policy_count is non-zero.
This avoids locking overhead for a number of socket system calls when no
policies are registered, eliminating measurable overhead for the MAC
Framework for the socket subsystem when there are no active policies.
Possibly socket locks should be acquired by policies if they are required
for socket labels, which would further avoid locking overhead when there
are policies but they don't require labeling of sockets, or possibly
don't even implement socket controls.