Gleb Smirnoff [Tue, 6 Jun 2006 08:03:49 +0000 (08:03 +0000)]
The procedure of raceless switching between polling mode and
taskqueued interrupt mode is going to be quite complex. Since
the polling mode is considered legacy feature for em(4) driver,
the decision is made to make polling and new interrupt handler
mutually exclusive, selected at compile time.
If kernel is compiled with DEVICE_POLLING, the fast taskqueued
interrupt handler code is disabled and the em_poll() and legacy
em_intr() functions are enabled. Otherwise, legacy functions
are disabled and only em_intr_fast() code is compiled.
Xin LI [Tue, 6 Jun 2006 05:01:12 +0000 (05:01 +0000)]
Cleanups for mailwrapper(8):
- K&R -> ANSI prototype [O]
- Do not bother to do free right before exit() or execve() [O]
- Remove some dead code in addarg()
- Make additional parameters specified in mailer.conf(5)
actually work and document the fact. [N]
- Avoid using __progname but instead use getprogname()
and setprogname() to provide more sensible messages. [O, N]
- Update $OpenBSD$ and $NetBSD$ to reflect the fact that we
have sync'ed with their code.
- WARNS=6
Matt Jacob [Mon, 5 Jun 2006 22:22:14 +0000 (22:22 +0000)]
Add PIM_SEQSCAN for HBA misc flags and code that understands
what to do with it.
This forces us to scan targets sequentially, not in parallel.
The reason we might want to do this is that SPI negotiation
might not work right at the SIM level if we try to do it
in parallel. We *could* fix this for each SIM where this is
broken, but it's a lot harder to do that when we can simply
ask CAM to probe sequentially.
If PIM_SEQSCAN is not set (default), the original behaviour for
probing is unchanged.
LUN probing is still done in parallel for each target in either
case.
While we're at it, clean up some resource leakage for error
cases.
Userland bits of geli(8) data authentication.
Now, encryption algorithm is given using '-e' option, not '-a'.
The '-a' option is now used to specify authentication algorithm.
Supported by: Wheel Sp. z o.o. (http://www.wheel.pl)
Qing Li [Mon, 5 Jun 2006 21:20:21 +0000 (21:20 +0000)]
Assuming the interface has an address of x.x.x.195, a mask of
255.255.255.0, and a default route with gateway x.x.x.1. Now if
the address mask is changed to something more specific, e.g.,
255.255.255.128, then after the mask change the default gateway
is no longer reachable.
Since the default route is still present in the routing table,
when the output code tries to resolve the address of the default
gateway in function rt_check(), again, the default route will be
returned by rtalloc1(). Because the lock is currently held on the
rtentry structure, one more attempt to hold the lock will trigger
a crash due to "lock recursed on non-recursive mutex ..."
This is a general problem. The fix checks for the above condition
so that an existing route entry is not mistaken for a new cloned
route. Approriately, an ENETUNREACH error is returned back to the
caller
Alan Cox [Mon, 5 Jun 2006 20:35:27 +0000 (20:35 +0000)]
Introduce the function pmap_enter_object(). It maps a sequence of resident
pages from the same object. Use it in vm_map_pmap_enter() to reduce the
locking overhead of premapping objects.
Sam Leffler [Mon, 5 Jun 2006 17:43:51 +0000 (17:43 +0000)]
Version 0.9.17.2:
o define HAL_SOFTC, HAL_BUS_TAG, and HAL_BUS_HANDLE to be machine
independent; this fixes portability issues with bsd systems
o add ah_disable api for turning off operation of both MAC and PHY
o add ah_getAntennaSwitch and ah_setAntennaSwitch api's for better control
of antenna usage and diversity
o add ah_setAckCTSRate and ah_setAckCTSRate for controlling tx rate of
h/w generated frames
o add ah_setBeaconTimers api for simpler setting of the beacon timer registers
o remove ah_waitForBeaconDone api
o add HAL_TXDESC_DURENA flag to enable h/w duration setting in tx descriptor
o correct documentation of min/max tx power units (.5 dBm)
o switch arm, mips, and powerpc builds to use functions for register
read/write operations
o fix sparc builds to not reference %g2 and %g3 registers
o add public builds for SoC's
- Document that padlock(4) pretends to accelerate HMAC algorithms.
- Remove "device cryptodev" as it is not needed for compiling padlock(4)
into the kernel. Actually it is not advisable, because padlock
instructions can be used directly from userland, so passing the work
through the kernel is a bad idea.
- Pretend to accelerate various HMAC algorithms, so padlock(4) can be used
with fast_ipsec(4) and geli(8) authentication (comming soon).
If consumer requests only for HMAC algorithm (without encryption), return
EINVAL.
- Add support for the CRD_F_KEY_EXPLICIT flag, for both encryption and
authentication.
Robert Watson [Mon, 5 Jun 2006 16:12:00 +0000 (16:12 +0000)]
When generating the process token, need to check whether the
process was sucessfully audited. Otherwise, generate the PID
token. This change covers the pid < 0 cases, and pid lookup
failure cases.
Robert Watson [Mon, 5 Jun 2006 15:26:09 +0000 (15:26 +0000)]
Break out description of the audit pipe facility from audit.4 into a new
man page, auditpipe.4, which describes the behavior of audit pipes, the
ioctls, preselection, etc.
Marius Strobl [Mon, 5 Jun 2006 15:14:14 +0000 (15:14 +0000)]
Revert the part of rev. 1.3 which changed the software style to be
set to ILACC rather than PCnet-PCI as VMware doesn't implement ILACC
compatibility, resulting in the VMware virtual machine to crash if
enabled. Add a comment regarding usage of ILACC vs. PCnet-PCI mode.
Replace absolute addressing in the call instructions with position-independend
calls. This eliminates TEXTREL from libc, making its text segment relocatable.
PR: i386/85242
Approved by: kan (mentor)
MFC after: 1 month
Robert Watson [Mon, 5 Jun 2006 14:48:17 +0000 (14:48 +0000)]
Introduce support for per-audit pipe preselection independent from the
global audit trail configuration. This allows applications consuming
audit trails to specify parameters for which audit records are of
interest, including selecting records not required by the global trail.
Allowing application interest specification without changing the global
configuration allows intrusion detection systems to run without
interfering with global auditing or each other (if multiple are
present). To implement this:
- Kernel audit records now carry a flag to indicate whether they have
been selected by the global trail or by the audit pipe subsystem,
set during record commit, so that this information is available
after BSM conversion when delivering the BSM to the trail and audit
pipes in the audit worker thread asynchronously. Preselection by
either record target will cause the record to be kept.
- Similar changes to preselection when the audit record is created
when the system call is entering: consult both the global trail and
pipes.
- au_preselect() now accepts the class in order to avoid repeatedly
looking up the mask for each preselection test.
- Define a series of ioctls that allow applications to specify whether
they want to track the global trail, or program their own
preselection parameters: they may specify their own flags and naflags
masks, similar to the global masks of the same name, as well as a set
of per-auid masks. They also set a per-pipe mode specifying whether
they track the global trail, or user their own -- the door is left
open for future additional modes. A new ioctl is defined to allow a
user process to flush the current audit pipe queue, which can be used
after reprogramming pre-selection to make sure that only records of
interest are received in future reads.
- Audit pipe data structures are extended to hold the additional fields
necessary to support preselection. By default, audit pipes track the
global trail, so "praudit /dev/auditpipe" will track the global audit
trail even though praudit doesn't program the audit pipe selection
model.
- Comment about the complexities of potentially adding partial read
support to audit pipes.
By using a set of ioctls, applications can select which records are of
interest, and toggle the preselection mode.
Ian Dowse [Mon, 5 Jun 2006 14:44:39 +0000 (14:44 +0000)]
Fix a number of cases where ugen would panic, especially when the
device went away while open or if you tried to change the config
number while devices were open. Based on the patch from the PR with
a number of changes as discussed with the submitter.
Robert Watson [Mon, 5 Jun 2006 14:09:59 +0000 (14:09 +0000)]
No longer unconditionally drain the audit record queue if there is
not an active audit trail: instead, continue to iterate through
each record in case an audit pipe is interested.
Robert Watson [Mon, 5 Jun 2006 13:50:02 +0000 (13:50 +0000)]
Pull BSM conversion logic out of audit_record_write(), as well as
knowledge of user vs. kernel audit records into
audit_worker_process_record(). This largely confines vnode
knowledge to audit_record_write(), but avoids that logic knowing
about BSM as opposed to byte streams. This will allow us to
improve our ability to support real-time audit stream processing
by audit pipe consumers while auditing is disabled, but this
support is not yet complete.
Robert Watson [Mon, 5 Jun 2006 13:46:55 +0000 (13:46 +0000)]
Assert audit mtx in audit_worker_drain().
Break out logic to call audit_record_write() and handle error
conditions into audit_worker_process_record(). This will be the
future home of some logic now present in audit_record_write()
also.
Robert Watson [Mon, 5 Jun 2006 13:13:02 +0000 (13:13 +0000)]
Merge OpenBSM 1.0 alpha 6 changes for BSM token creation to
src/sys/security/audit:
- Clarify and clean up AUR_ types to match Solaris.
- Clean up use of host vs. network byte order for IP addresses.
- Remove combined user/kernel implementations of some token creation
calls, such as au_to_file(), header calls, etc.
Robert Watson [Mon, 5 Jun 2006 10:52:12 +0000 (10:52 +0000)]
Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
buffer. Not likely to be used much by applications, but useful for
writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
kernel -- this is not a Solaris BSM API so can be modified without
causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
argument to the ordinary au_to_header32(), which is now implemented by
wrapping au_to_header32_tm() and calling gettimeofday(). #ifndef KERNEL
the APIs that invoke gettimeofday(), rather than having a variable
definition. Don't try to retrieve time zone information using
gettimeofday(), as it's not needed, and introduces possible failure
modes.
- Don't perform byte order transformations on the addr/machine fields of
the terminal ID that appears in the process32/subject32 tokens. These
are assumed to be IP addresses, and as such, to be in network byte
order.
- Universally, APIs now assume that IP addresses and ports are provided
in network byte order. APIs now generally provide these types in
network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
error information.
- Support for audit filters introduced: audit filters are dynamically
loaded shared objects that run in the context of a new daemon,
auditfilterd. The daemon reads from an audit pipe and feeds both BSM and
parsed versions of records to shared objects using a module API. This
will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
record submission for many applications.
Before the change if a hardware crypto driver was loaded after
the software crypto driver, calling crypto_newsession() with
hard=0, will always choose software crypto.
Fix unaligned memory accesses on Alpha and possible other platforms.
By using a pointer to struct dos_partition, we implicitly tell the
compiler that the pointer is 4-bytes aligned, even though we know
that's not the case. The fact that we only dereference the pointer
to access a byte-wide field (field dp_ptyp) is not a guarantee that
the compiler will in fact use a byte-wide load. On some platforms
it's more efficient to use long word or quad word loads and use
bit-shifting and bit-masking to get the intended byte. On those
platforms an misaligned load will be the result.
The fix is to use byte-wide pointer arithmetic based on sizeof() and
offsetof() to avoid invalid casts which avoids that the compiler
makes invalid assumptions.
Ian Dowse [Sun, 4 Jun 2006 14:42:38 +0000 (14:42 +0000)]
Add a sleep lock that protects access to sequences of blocking
axe_cmd() calls. Without this the device can get confused if multiple
threads attempt these operations concurrently. The problem was
easily reproducible by running "ifconfig axe0" in a loop because
eventually it would conflict with axe_tick_task().
A similar approach is probably required in all USB ethernet drivers.
- Add defines with hash length for each hash algorithm.
- Add defines with block length for each HMAC algorithm.
- Add AES_BLOCK_LEN define which is an alias for RIJNDAEL128_BLOCK_LEN.
- Add NULL_BLOCK_LEN define.
Robert Watson [Sun, 4 Jun 2006 09:31:34 +0000 (09:31 +0000)]
Push acquisition of pcbinfo lock out of tcp_usr_attach() into
tcp_attach() after the call to soreserve(), as it doesn't require
the global lock. Rearrange inpcb locking here also.
Nate Lawson [Sun, 4 Jun 2006 08:04:19 +0000 (08:04 +0000)]
Clean up many of the debugging messages and move them under bootverbose.
Move the code for printing timer statistics into a test function instead of
an ifdef (accessible via the debug.acpi.hpet_test tunable). Also use defines
for register offsets instead of magic values.
projects / FreeBSD / FreeBSD.git / log