Robert Watson [Wed, 1 Feb 2006 20:01:18 +0000 (20:01 +0000)]
Import kernel audit framework:
- Management of audit state on processes.
- Audit system calls to configure process and system audit state.
- Reliable audit record queue implementation, audit_worker kernel
thread to asynchronously store records on disk.
- Audit event argument.
- Internal audit data structure -> BSM audit trail conversion library.
- Audit event pre-selection.
- Audit pseudo-device permitting kernel->user upcalls to notify auditd
of kernel audit events.
Much work by: wsalamon
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Robert Watson [Wed, 1 Feb 2006 19:54:22 +0000 (19:54 +0000)]
Update src/sys/bsm include files to match OpenBSM (albeit with a
couple of FreeBSD-specific modifications that may be merged out
later). These include files define the basic audit data
structures, types, and definitions use by the kernel, or shared
by the kernel and user space.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
John Baldwin [Wed, 1 Feb 2006 15:45:29 +0000 (15:45 +0000)]
Don't add an agp child in vgapci's attach routine if the PCIY_AGP
capability is present as not all devices supported by the agp_i810 driver
(such as i915) have the AGP capability. Instead, add an identify routine
to the agp_i810 driver that uses the PCI ID to determine if it should
create an agp child device.
Oleg Bulyzhin [Wed, 1 Feb 2006 15:16:03 +0000 (15:16 +0000)]
Optimize bge_rxeof() & bge_txeof(): return immediately if there are no packets
to process. It could give us [significant?] perfomance increase if there is big
difference between RX/TX flows.
Submitted by: Mihail Balikov <mihail.balikov AT interbgc DOT com>
Approved by: glebius (mentor)
MFC after: 3 days
Andre Oppermann [Wed, 1 Feb 2006 13:55:03 +0000 (13:55 +0000)]
Move the IPSEC related code blocks to their own file to unclutter
and signifincantly improve the readability of ip_input() and
ip_output() again.
The resulting IPSEC hooks in ip_input() and ip_output() may be
used later on for making IPSEC loadable.
This move is mostly mechanical and should preserve current IPSEC
behaviour as-is. Nothing shall prevent improvements in the way
IPSEC interacts with the IPv4 stack.
Yaroslav Tykhiy [Wed, 1 Feb 2006 13:04:52 +0000 (13:04 +0000)]
Record the change in vnone_create_vobject() argument size,
which broke kernel ABI to filesystem modules on i386, where
sizeof(size_t) != sizeof(off_t).
Yaroslav Tykhiy [Wed, 1 Feb 2006 12:43:13 +0000 (12:43 +0000)]
Use off_t for file size passed to vnode_create_vobject().
The former type, size_t, was causing truncation to 32 bits on i386,
which immediately led to undersizing of VM objects backed by
files >4GB. In particular, sendfile(2) was broken for such files.
Jeff Roberson [Wed, 1 Feb 2006 09:34:32 +0000 (09:34 +0000)]
- Solve a problem where a vput could be called on an outgoing directory
without Giant held. Do this by tracking the vfslocked state for
the directory seperate from the child. This is only important
in the case where we cross a mountpoint.
Sponsored by: Isilon Systems, Inc.
MFC After: 3 days
Jeff Roberson [Wed, 1 Feb 2006 00:30:05 +0000 (00:30 +0000)]
- Solve a race where we could lose a call to VOP_INACTIVE. If vget() waiting
on a lock held the last usecount ref on a vnode and the lock failed we
would not call INACTIVE. Solve this by only holding a holdcnt to prevent
the vnode from disappearing while we wait on vn_lock. Other callers
may now VOP_INACTIVE while we are waiting on the lock, however this race
is acceptable, while losing INACTIVE is not.
Jeff Roberson [Wed, 1 Feb 2006 00:25:26 +0000 (00:25 +0000)]
- Reorder calls to vrele() after calls to vput() when the vrele is a
directory. vrele() may lock the passed vnode, which in these cases would
give an invalid lock order of child -> parent. These situations are
deadlock prone although do not typically deadlock because the vrele
is typically not releasing the last reference to the vnode. Users of
vrele must consider it as a call to vn_lock() and order it appropriately.
Marius Strobl [Tue, 31 Jan 2006 23:04:55 +0000 (23:04 +0000)]
- Sync the list of supported chips with pcn_probe() as of sys/pci/if_pcn.c
rev. 1.77, i.e. remove Am53C974/Am79C970/Am79C974 PCnet-PCI and Am79C970A
PCnet-PCI II.
- Change the entry of the PCnet-Home in the list of supported chips to
match the other ones, i.e. s,PCnet/Home HomePNA,Am79C978 PCnet-Home,.
- s,familly,family
Marius Strobl [Tue, 31 Jan 2006 22:34:13 +0000 (22:34 +0000)]
Hook up le(4) to the build. For now it's only added to the sparc64 GENERIC
in order to support the on-board LANCE in Ultra 1 and to the MI NOTES as
it should work just fine with the AMD PCnet family of chips on all archs
but is not yet meant to replace lnc(4). If a kernel includes all of le(4),
lnc(4) and pcn(4) precedence is given to lnc(4)/pcn(4) for now.
Andrew Thompson [Tue, 31 Jan 2006 21:29:41 +0000 (21:29 +0000)]
Now that the bridge also processes Ethernet frames as itself, two arp replies
will be sent if there is an address on the bridge. Exclude the bridge from the
special arp handling.
This has been tested with all combinations of addresses on the bridge and members.
Andrew Thompson [Tue, 31 Jan 2006 21:21:28 +0000 (21:21 +0000)]
Fix two bugs with the bridge
- code expects memcmp() to return a signed value, our memcmp() returns 0 if
args are equal and > 0 if not.
- It's possible to hijack interface for static entry. If bridge recieves
packet from interface marked as learning it will replace the bridge_rtnode
entry for the source address even if such entry marked as static.
Submitted by: Gleb Kurtsov <k-gleb yandex.ru>
MFC after: 3 days
Luigi Rizzo [Tue, 31 Jan 2006 21:21:02 +0000 (21:21 +0000)]
some updates to the manpage.
remove references to mdconfig/vnconfig, and remove
some of the references to floppies since they are rarely
used at all now.
Luigi Rizzo [Tue, 31 Jan 2006 20:36:01 +0000 (20:36 +0000)]
tweaks to let this configuratio build and run under, e.g., qemu:
- add -lgeom
- use bsdlabel instead of disklabel
- increase image size to 2.88M (plenty of free space left)
note, this is not really a bridge because the old-style
bridging code is not in 7.0 anymore, so the kernel config
file should be changed.
Robert Watson [Tue, 31 Jan 2006 19:40:12 +0000 (19:40 +0000)]
Initial vendor import of the TrustedBSD OpenBSM distribution, version
1.0 alpha 1, an implementation of the documented Sun Basic Security
Module (BSM) Audit API and file format, as well as local extensions to
support the Mac OS X and FreeBSD operating systems. Also included are
command line tools for audit trail reduction and conversion to text,
as well as documentation of the commands, file format, and APIs. This
distribution is the foundation for the TrustedBSD Audit implementation,
and is a pre-release.
This is the first in a series of commits to introduce support for
Common Criteria CAPP security event audit support.
This software has been made possible through the generous
contributions of Apple Computer, Inc., SPARTA, Inc., as well as
members of the TrustedBSD Project, including Wayne Salamon <wsalamon>
and Tom Rhodes <trhodes>. The original OpenBSM implementation was
created by McAfee Research under contract to Apple Computer, Inc., as
part of their CC CAPP security evaluation.
Many thanks to: wsalamon, trhodes
Obtained from: TrustedBSD Project
Warner Losh [Tue, 31 Jan 2006 19:09:38 +0000 (19:09 +0000)]
ADDON is registered as 0x0d7d, not PNY. Don't confuse the two as we
try to use the registrant for numbers in this file, not the OEM that
put their label on it. Use PNY's real number 0x154b. Add another PNY
atachmate with quirks from a PR filed a while ago, but that I can't
seem to find now...
Allow root in the host environment to open ptys within jailed environments.
This logic change was introduced in revision 1.74:
Correct an oversight in jail() that allowed processes in jail to access
ptys in ways that might be unethical, especially towards processes not in
jail, or in other jails.
It should be fine to allow root in the host environment to do this. This
allows for more effective monitoring of prisons from the host environment.
Yaroslav Tykhiy [Tue, 31 Jan 2006 16:41:05 +0000 (16:41 +0000)]
Set IFF_BROADCAST and IFF_MULTICAST on vlan interfaces from the
beginning and simply refuse to attach to a parent without either
flag.
Our network stack cannot handle well IFF_BROADCAST or IFF_MULTICAST
on an interface changing on the fly. E.g., IP will or won't assign
a broadcast address to an interface and join the all-hosts multicast
group on it depending on its IFF_BROADCAST and IFF_MULTICAST settings.
Should the flags alter later, IP will miss the change and keep using
bogus settings. This can lead to evil things like supplying an
invalid broadcast address or trying to leave a multicast group that
hasn't been joined. So just avoid touching the flags since an
interface was created. This has no practical purpose.
Marius Strobl [Tue, 31 Jan 2006 14:48:58 +0000 (14:48 +0000)]
Add le(4), a driver for AMD Am7900 LANCE and Am79C9xx PCnet NICs ported
from NetBSD. This driver actually can replace lnc(4). Advantages over
lnc(4) are:
- Cleaner and more flexible regarding MD needs.
- Endian-clean and MPSAFE.
- Supports ALTQ, VLAN_MTU, ifmedia.
- Uses 32bit DMA for the PCI variants.
This commit includes front-ends for the dma(4) pseudo-bus found on SBus-
based sparc64 machines (thus supports the on-board LANCE in Sun Ultra 1)
and PCI. In order to actually replace lnc(4), the front-ends for ISA and
the PC98 CBUS would have to be added but for which I don't have hardware
to test.
Reviewed and some improvements by: yongari
Tested on: i386, sparc64
Luigi Rizzo [Tue, 31 Jan 2006 13:35:30 +0000 (13:35 +0000)]
make sure that the start and end preloaded MFS markers are
in contiguous strings, and that the compiler does not optimize them
away because it thinks they are unused.
Marius Strobl [Tue, 31 Jan 2006 12:50:02 +0000 (12:50 +0000)]
o lsi64854_enet_intr():
- Like lsi64854_scsi_intr() return -1 in case there was a DMA error so
the caller can distinguish it from a normal interrupt and leave the
reset of the DMA engine to the caller so we don't kill any state there.
- Move the static 'dodrain' flag to struct lsi64854_softc as there can
be more than one LSI64854 used for a LANCE in a system and reset it
again once draining the E-cache is done so we don't keep draining the
cache with every interrupt.
- Remove calling sc->sc_intrchain(), we will call lsi64854_enet_intr()
via sc->intr() in the interrupt handler of the LANCE driver and not
use it in chained mode.
o lsi64854_pp_intr():
- Like lsi64854_scsi_intr() return -1 in case there was a DMA error so
the caller can distinguish it from a normal interrupt.
o Remove the no longer used sc_intrchain* from struct lsi64854_softc.
o Make lsi64854_reset(), lsi64854_setup*() and lsi64854_*_intr() static
to lsi64854.c as we do and will only call them via the respective
function pointers in struct lsi64854_softc.
o While here fix style(9) bugs (variable definition inside a nested scope).
Add buffer corruption protection (RedZone) for kernel's malloc(9).
It detects both: buffer underflows and buffer overflows bugs at runtime
(on free(9) and realloc(9)) and prints backtraces from where memory was
allocated and from where it was freed.
Marius Strobl [Mon, 30 Jan 2006 21:43:14 +0000 (21:43 +0000)]
Revert the part of rev. 1.3 which enabled the chaining of the DMA engine
interrupt handler for the LANCE devices and remove dma_setup_intr(). We
just can't completely ignore the DMA engine in a LANCE driver anyway and
calling the DMA engine interrupt handler in the LANCE driver directly
allows to cover it by the LANCE driver lock.
Matteo Riondato [Mon, 30 Jan 2006 19:23:24 +0000 (19:23 +0000)]
Make df output more consistent:
Remove -k now that -h is present
use -l instead of -t nonfs to match smbfs too [1]
PR: conf/50956 [1]
Approved by: philip (mentor)
MFC after: 3 days
Gleb Smirnoff [Mon, 30 Jan 2006 13:45:15 +0000 (13:45 +0000)]
Merge the //depot/user/yar/vlan branch into CVS. It contains some collective
work by yar, thompsa and myself. The checksum offloading part also involves
work done by Mihail Balikov.
The most important changes:
o Instead of global linked list of all vlan softc use a per-trunk
hash. The size of hash is dynamically adjusted, depending on
number of entries. This changes struct ifnet, replacing counter
of vlans with a pointer to trunk structure. This change is an
improvement for setups with big number of VLANs, several interfaces
and several CPUs. It is a small regression for a setup with a single
VLAN interface.
An alternative to dynamic hash is a per-trunk static array with
4096 entries, which is a compile time option - VLAN_ARRAY. In my
experiments the array is not an improvement, probably because such
a big trunk structure doesn't fit into CPU cache.
o Introduce an UMA zone for VLAN tags. Since drivers depend on it,
the zone is declared in kern_mbuf.c, not in optional vlan(4) driver.
This change is a big improvement for any setup utilizing vlan(4).
o Use rwlock(9) instead of mutex(9) for locking. We are the first
ones to do this! :)
o Some drivers can do hardware VLAN tagging + hardware checksum
offloading. Add an infrastructure for this. Whenever vlan(4) is
attached to a parent or parent configuration is changed, the flags
on vlan(4) interface are updated.
In collaboration with: yar, thompsa
In collaboration with: Mihail Balikov <mihail.balikov interbgc.com>
Yaroslav Tykhiy [Mon, 30 Jan 2006 13:37:34 +0000 (13:37 +0000)]
Do address assignment/removal operations after callbacks.
Presently, ifconfig callbacks are used for L2 configuration, media
and vlan, so actions associated with address assignment, like sending
out a gratuitous ARP, should go when L2 is running already.
This also should fix the problem with setting up vlan interfaces
from rc.conf, when both IP and vlan+vlandev parameters are passed
to ifconfig at once.
Future work: Consider introducing several ifconfig callback lists
to invoke callbacks orderly.
Robert Watson [Mon, 30 Jan 2006 11:59:19 +0000 (11:59 +0000)]
Move pts master devices into /dev/pty/ instead of littering /dev with them;
this is more consistent with the placement of slaves in /dev/pts. The
actual name doesn't matter as it's not part of the exposed API or used by
libc. In some sense, it would be nice if these device nodes didn't have to
have names in devfs at all.
Suggested by: Stephen McKay <smckay at internode dot on dot net>
Gleb Smirnoff [Mon, 30 Jan 2006 08:39:09 +0000 (08:39 +0000)]
Add some initial locking to gif(4). It doesn't covers the whole driver,
however IPv4-in-IPv4 tunnels are now stable on SMP. Details:
- Add per-softc mutex.
- Hold the mutex on output.
The main problem was the rtentry, placed in softc. It could be
freed by ip_output(). Meanwhile, another thread being in
in_gif_output() can read and write this rtentry.
Reported by: many
Tested by: Alexander Shiryaev <aixp mail.ru>
Gleb Smirnoff [Mon, 30 Jan 2006 08:25:04 +0000 (08:25 +0000)]
- In pipe() return the error returned by pipe_create(), rather then
hardcoded ENFILES, which is incorrect. pipe_create() can fail due
to ENOMEM.
- Update manual page, describing ENOMEM return code.
Jeff Roberson [Mon, 30 Jan 2006 08:21:23 +0000 (08:21 +0000)]
- Add a comment warning about an anomalous condition where we VOP_UNLOCK
and then vrele rather than vput because we would like to VOP_UNLOCK with
a specific thread.
Philip Paeps [Sun, 29 Jan 2006 23:59:43 +0000 (23:59 +0000)]
Add support for Asus A4D laptops. Currently without display switching
support. Which reminds me that I'm not even sure if this works on _any_
laptop at all. :-o
PR: kern/90607
Submitted by: "Wojciech A. Koszek" <dunstan -at- freebsd.czest.pl>
MFC after: 3 days