MFC: cp.1 1.34,1.35
MFC: utils.c 1.47,1.48,1.49
MFC: extern.h 1.21
MFC: cp.c 1.54
Add an option to allow copying of a hierarchy while linking the regular files.
Bikeshedded to death on: hackers
Submitted by:andersonatcenttech.com
Approved by: re (ken)
It is possible for bpf to return a length such that:
length != BPF_WORDALIGN(length)
This meeans that it is possible for this to be true:
interface->rbuf_offset > interface->rbuf_len
Handle this case in the test for running out of packets. While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.
This should fix the problem of dhclient running away and consuming 100%
CPU.
PR: bin/102226
Submitted by: Joost Bekkers <joost at jodocus.org>
Approved by: re (ken)
Correct multiple vulnerabilities in crypto(3).
Limit the size of public keys used in order to protect applications
from a denial of service via insane key sizes.
Security: FreeBSD-SA-06:23.openssl
Approved by: re (htimsnek)
MFC
Correct a very old and very obscure bug: vmspace_fork() calls
pmap_copy() if the mapping is VM_INHERIT_SHARE. Suppose the mapping
is also wired. vmspace_fork() clears the wiring attributes in the vm
map entry but pmap_copy() copies the PG_W attribute in the PTE. I
don't think this is catastrophic. It blocks pmap_remove_pages() from
destroying the mapping and corrupts the pmap's wiring count.
This revision fixes the problem by changing pmap_copy() to clear the
PG_W attribute.
MFC: Revert back to using *(int *)arg when accessing integer ioctl
arguments. For now, this is a work-around only, as sparc64 remains
broken for these ioctls, but it makes keyboard ioctls for little
endian LP64 platforms such as amd64 work again when using kbdmux
(it is used in the GENERIC kernel). A one true fix for all is in
works, and will be committed to -CURRENT shortly.
Sleep for one second after calling audit -t to give the audit daemon a
chance to actually terminate the audit service and exit. Otherwise, on
an rc.d/auditd restart, the new audit daemon instance may try to start
auditing while the previous session is still running. Likewise, this
ensures a chance for auditd to terminate the audit trail at system
shutdown.
Perhaps more ideally, the script would wait synchronously for auditd to
exit rather than for an arbitrary but short period of time.
Rework the way errors are handled with respect to how audit records are
written to the audit trail file:
- audit_record_write() now returns void, and all file system specific
error handling occurs inside this function. This pushes error handling
complexity out of the record demux routine that hands off to both the
trail and audit pipes, and makes trail behavior more consistent with
pipes as a record destination.
- Rate limit kernel printfs associated with running low on space. Rate
limit audit triggers for low space. Rate limit printfs for fail stop
events. Rate limit audit worker write error printfs.
- Document in detail the types of limits and space checks we perform, and
combine common cases.
This improves the audit subsystems tolerance to low space conditions by
avoiding toasting the console with printfs are waking up the audit daemon
continuously.
MFC revision 1.38
The sparc64/sparc64/pmap.c implementations of pmap_remove(),
pmap_protect(), and pmap_copy() have optimizations for regions
larger than PMAP_TSB_THRESH (which works out to 16MB). This
caused a panic in tsb_foreach for kernel mappings, since
pm->pm_tsb is NULL in that case. This fix teaches tsb_foreach
to use the kernel's tsb in that case.
pccard_ether rev 1.51:
Search the list of up interfaces provided by "ifconfig -ul" instead of
greping for UP in "ifconfig $ifn". This eliminates a dependancy on /usr.
pccard_ether rev 1.53 and network.subr rev 1.173:
Introduce a new method ipv6if which attemptes to figure out if an
interface is an IPv6 interface.
Use this method to decide if we should attempt to configure an interface
with an IPv6 address in pccard_ether. The mechanism pccard_ether uses
to do this is unsuited to the task because it assumes the list of
interfaces it is passed is the full list of IPv6 interfaces and makes
decissions based on that. This is at least a step in the right
direction and is probably about as much as we can MFC safely.
Merge Makefile:1.12, id.1:1.16,1.17, id.c:1.28,1.29 from HEAD to RELENG_6:
Add a -a argument to id(1), which causes id(1) to print out process
audit properties, including the audit user id. This can be quite
helpful in debugging audit problems.
Obtained from: TrustedBSD Project
Rename "-a" flag to "-A" in order to avoid conflicting with the "-a" flag
as found on Solaris.
MFC: Fix an incompatibility between CARP and IPv4 multicast routing, whereby
advertisements originate from the wrong source address. This only affects
MROUTING kernels.
MFC r1.81
Revert r1.11.2.38 as the ethernet header was inadvertently stripped from ARP
packets. Reimplement this correctly and use a sysctl that defaults to off so
the user doesnt get any suprises if ipfw blocks the ARP packet.
Do not try to call keyboard callback unless keyboard is active and busy.
This should fix 'kbdcontrol -K < /dev/console' panic on sparc64 with sunkbd(4).
MFC 1.106: Fix a number of cases where ugen would panic, especially
when the device went away while open or if you tried to change the
config number while devices were open.
MFC 1.42, 1.43: Let the EHCI hardware track the toggle state for
bulk and interrupt transfers. This fixes some cases where the
software toggle tracking was not doing the right thing. For example,
a short transfer that transferred 0 bytes of the requested qTD
transfer size does cause a toggle change, but the existing code was
assuming it didn't.
MFC rev. 1.187:
- don't reboot() when feed with wrong parameters (and enough permissions) [1]
- add support to power off the system [2]
- check the linux magic values [3]
Submitted by: Marcin Cieslak <saper@SYSTEM.PL> [1,2]
Modelled after: linux man page of the reboot() syscall [3]
Found by: LTP testcase "reboot02" [1]
Tested with: LTP testcase "reboot02" [1,3]
MFC: Minor overhaul of SMBus support including:
- Changing the smbus_bread() function in the smbus interface to return the
actual number of bytes read.
- Changing the SMB_BREAD ioctl of /dev/smbX to return the actual number of
bytes read.
- Attaching smb(4) to smbus(4) via an identify routine.
- Adding locking to smbus(4).
- Fixing the bread() and bwrite() methods of alpm(4), amdpm(4), and
viapm(4) to only perform a single transaction.
- Fix several buffer overflows with bread() and SMB_BREAD.
Rather than allocating all buffer memory for the completed BSM record
when allocating the record in the first place, allocate the final buffer
when closing the BSM record. At that point, more size information is
available, so a sufficiently large buffer can be allocated.
This allows the kernel to generate audit records in excess of
MAXAUDITDATA bytes, but is consistent with Solaris's behavior. This only
comes up when auditing command line arguments, in which case we presume
the administrator really does want the data as they have specified the
policy flag to gather them.
MFC:
Clean obsolete reference to the old NMBCLUSTERS kernel option.
It seems the last reference (modulo manual pages where such obsoleteness
clearly highlighted).
Log:
Integrate audit_submit(3) bits into su. This means that records for
successful and failed su attempts will be recorded using the AUE_su
event type (login or lo class) if auditing is present in the system.
Currently, the records will have a header, subject, text (with the
actual diagnostics), a return and trailer token.
This should conclude the userspace audit bits for 6.2, there will be
a lot more to come in future releases!
MFC rev 1.25:
Avoid an infinite loop in empty_both_buffers() by adding a timeout.
This helps systems that don't actually have atkbd controllers, such as
the Intel SBX82 blade, boot without device.hints hacks.
PR: 94822
Submitted by: Devon H. O'Dell <devon.odell@coyotepoint.com>
Approved by: re
Hopefully close up race between the TTY (t_session) subsystem and exit(2)
date: 2006/09/13 15:47:53; author: csjp; state: Exp; lines: +2 -2
Back out one of the Giant removals from revision 1.272. Giant was not here to
protect the vnode, it was present to synchronize access to TTY session
information between exit(2) and the TTY code. While we are here, note that
Giant is required for TTY protection.
Merge audit event assignments for 32-bit FreeBSD binary compatibility
from HEAD to RELENG_6: syscalls.master:1.63, 1.72, 1.73, 1.75. With
this change, 6.x 32-bit binary compatibility will also generate system
call audit events.
Add AUE_SYSARCH to the list of audit events during BSM conversion to
prevent a console warning. Eventually, we will capture more arguments
for sysarch.
MFC if_re.c 1.73 to RELENG_6.
Make 8139C+ work again which was broken since rev 1.68.
Ever since rev 1.68 re(4) checks the validity of link in re_start.
But rlphy(4) got a garbled data due to a different bit layout used on
8139C+ and it couldn't report correct link state. To fix it, ignore
BMCR_LOOP and BMCR_ISO bits which have different meanings on 8139C+.
I think this also make dhclient(8) work on 8139C+.
MFC audit work which fully implements processing of user supplied records
Log:
Correct a slight regression which was introduced with the implementation of
audit pipes. If the kernel record was not selected for the trail or the pipe,
any user supplied record attached to it would be tossed away, resulting in
otherwise selected events being lost.
- Introduce two new masks: AR_PRESELECT_USER_TRAIL AR_PRESELECT_USER_PIPE,
currently we have AR_PRESELECT_TRAIL and AR_PRESELECT_PIPE, which tells
the audit worker that we are interested in the kernel record, with
the additional masks we can determine if either the pipe or trail is
interested in seeing the kernel or user record.
- In audit(2), we unconditionally set the AR_PRESELECT_USER_TRAIL and
AR_PRESELECT_USER_PIPE masks under the assumption that userspace has
done the preselection [1].
Currently, there is work being done that allows the kernel to parse and
preselect user supplied records, so in the future preselection could occur
in either layer. But there is still a few details to work out here.
[1] At some point we need to teach au_preselect(3) about the interests of
all the individual audit pipes.
This fixes kernel panics which occur when the firewall sends out a packet.
This can happen for keep alives, or instances when the firewall is
configured to return RST or ICMP unreach packets. These panics occured
only if MLS, BIBA or LOMAC security policies were loaded.