Lock the interface address list when searching for a matching interface
by address, or when implementing 'me' rules on IPv6. Prefer the field
name if_addrhead to the macro if_addrlist.
Lock interface address lists in in_pcbladdr() when searching for a
source address for a connection and there's no route or now interface
for the route.
Protect against some writer-writer races in in_control() by acquiring
the interface address list lock around interface address list
modifications. More to do here.
Lock interface address list lock around ifaddr inserts and deletes
in at_control(). This locking is not yet complete but should prevent
some classes of race conditions.
Lock the interface address list while iterating a network interface's
address list when searching for a link-layer address to use during uuid
generation.
In both pageout oom handler and vm_daemon, acquire the reference to
the vmspace of the examined process instead of directly accessing its
vmspace, that may change. Also, as an optimization, check for P_INEXEC
flag before examining the process.
For each architecture, define CACHE_LINE_SHIFT and a derived
CACHE_LINE_SIZE constant. These constants are intended to
over-estimate the cache line size, and be used at compile-time
when a run-time tuning alternative isn't appropriate or
available.
Defaults for all architectures are 64 bytes, except powerpc
where it is 128 bytes (used on G5 systems).
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Vendor import of OpenBSM 1.1, which incorporates the following changes
since the last imported OpenBSM release:
OpenBSM 1.1
- Change auditon(2) parameters and data structures to be 32/64-bit architecture
independent. Add more information to man page about auditon(2) parameters.
- Add wrapper functions for auditon(2) to use legacy commands when the new
commands are not supported.
- Add default for 'expire-after' in audit_control to expire trail files when
the audit directory is more than 10 megabytes ('10M').
- Interface to convert between local and BSM fcntl(2) command values has been
added: au_bsm_to_fcntl_cmd(3) and au_fcntl_cmd_to_bsm(3), along with
definitions of constants in audit_fcntl.h.
- A bug, introduced in OpenBSM 1.1 alpha 4, in which AUT_RETURN32 tokens
generated by audit_submit(3) were improperly encoded has been fixed.
- Fix example in audit_submit(3) man page. Also, make it clear that we want
the audit ID as the argument.
- A new audit event class 'aa', for post-login authentication and
authorization events, has been added.
Obtained from: TrustedBSD Project
Sponsored by: Apple, Inc.
Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:
- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
commands, as has happened in Solaris, and add compatibility code to
handle the old comments.
Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it. Once userspace
is updated, I'll GCC the kernel constant.
Remove support for FUTEX_REQUEUE operation.
Glibc does not use this operation since 2.3.3 version (Jun 2004),
as it is racy and replaced by FUTEX_CMP_REQUEUE operation.
Glibc versions prior to 2.3.3 fall back to FUTEX_WAKE when
FUTEX_REQUEUE returned EINVAL.
Any application directly using FUTEX_REQUEUE without return
value checking are definitely broken.
Limit quantity of messages per process about unsupported
operation.
struct malloc_type has had a 'magic' field statically initialized to
M_MAGIC by MALLOC_DEFINE() for a long time; add assertions that
malloc_type's passed to malloc(), free(), etc have that magic set.
Garbage collect now-unused struct malloc_type fields, bump __FreeBSD_version
as kernel modules will need to be rebuilt. These fields existed to support
binary compatibility with kernel modules from before the introduction of
libmemstat(3) in FreeBSD 6.x, so they are no longer required.
When allocating 'struct acl' instances, use malloc(9) instead of uma(9).
This struct will get much bigger soon, and we don't want to waste too much
memory on UMA caches.
Now that IFF_NEEDSGIANT has been removed from the network
stack, catch up with this in IGMPv3 and remove dead code.
This has the side-effect of not being back-portable to RELENG_7
w/o further changes.
Calling pmap_clear_modify() after calling pmap_remove_write() is pointless.
The latter function already clears the modified status from each of the
page's mappings.
When compiled for the release crunches, be a bit
more selective about what libarchive features we pull in:
* No compression support
* Only cpio and ustar writing
* Only cpio and tar/pax readers
This reduces a statically linked, stripped binary from 900k to 680k
and completely eliminates the dependency on libcrypto.
Fix a typo in the SRR1 comparison for program exceptions. While here,
replace magic numbers with constants to keep this from happening again.
Without this fix, some programs would occasionally get SIGTRAP instead
of SIGILL on an illegal instruction. This affected Altivec detection
in pixman, and possibly other software.
When verifying '..' after VFS_VGET() in ufs_lookup(), do not return
error if '..' is still there but changed between lookup and check.
Start relookup instead. Rename is supposed to change '..' reference
atomically, so transient failures introduced by r191137 are wrong.
While rearranging the code to allow lookup restart in ufs_lookup(),
remove the comment that only distracts the reader.
Noted and reviewed by: tegge
Also reported by: pho
MFC after: 1 month
- put larger flowtable members at the end
- fix bug where tail pointer of the free list would not get advanced
- clear entry's next pointer when it is added to the freelist to avoid freeing
an entry that it still points to
Allow valid pages to be mapped for read access when they have a non-zero
busy count. Only mappings that allow write access should be prevented by
a non-zero busy count.
(The prohibition on mapping pages for read access when they have a non-
zero busy count originated in revision 1.202 of i386/i386/pmap.c when
this code was a part of the pmap.)
- Import infrastructure for caching flows as a means of accelerating L3 and L2 lookups
as well as providing stateful load balancing when used with RADIX_MPATH.
- Currently compiled in to i386 and amd64 but disabled by default, it can be enabled at
runtime with 'sysctl net.inet.flowtable.enable=1'.
- Embedded users can remove it entirely from the kernel by adding 'nooption FLOWTABLE' to
their kernel config files.
- A minimal hookup will be added to ip_output in a subsequent commit. I would like to see
more review before bringing in changes that require more churn.
Use acl_alloc() and acl_free() instead of using uma(9) directly.
This will make switching to malloc(9) easier; also, it would be
neccessary to add these routines if/when we implement variable-size
ACLs.
- Remove assertion of topology lock remaining from 7.x gvinum. It is not needed,
as the renaming only changes internal gvinum names and will not alter the geom
topology.
- The topology lock was not held when calling g_wither_geom after renaming.
sam [Sat, 18 Apr 2009 16:14:03 +0000 (16:14 +0000)]
Cleanups to prepare this code for wider use (likely merged into hostapd):
o add (required) cmd line args to specify the set of ifnet's to monitor
for WDS discovery msgs; "any" is a wildcard
o change the default script run on wds vap create to the "null script"
o auto-daemonize; add -f option to force foreground operation
o add -P option for integration with rc.d (implementation missing, tba)
o use syslog; default to log up to LOG_INFO, -t (terse) gives you up to
LOG_ERR, and -v (verbose) gives you up to LOG_DEBUG
o scan for existing vaps on startup to recover existing state
o correct some types
Rely on OpenSSL bits only if we're building a system with OpenSSL.
Also, adjust the MD5 calls to rely on libmd instead of libcrypto,
so we keep MD5 support even in the !OpenSSL case.
Libarchive is sprouting dependencies on libmd and libcrypto.
Because crunchgen drops any repeated library (keeping only the
first), the -lcrypto reference must be moved to after -larchive,
not merely duplicated.
I'm considering changing crunchgen's handling of duplicate
libraries, but that's a rather more delicate issue.
Establish the interrupt handler AFTER we successfully attach. We need
to do this in case we have a shared interrupt that fires during the
attach process....
- Add a few more register defintions for the PCI express capability
registers.
- Cleanup PCI-X capability printf to not leave a dangling "supports" for
some PCI-X bridges.
- Display additional PCI express details including the negotiated and max
link width and the actual and maximum supported max payload.
The vlan code has not required the miibus code since 6.0 when
if_link_state_change() was added and the vlan link-state hook was moved
out of miibus and into net/if.c.
das [Fri, 17 Apr 2009 14:19:18 +0000 (14:19 +0000)]
Revert r190943, since the problem in ports seems to be fixed now.
It's amazing how a well-placed eyesore generates more motivation in a
day than email generates in three weeks.
Restore bus DMA bounce pages to an offset of 0 when they are released by
a tag that has BUS_DMA_KEEP_PG_OFFSET set. Otherwise the page could be
reused with a non-zero offset by a tag that doesn't have
BUS_DMA_KEEP_PG_OFFSET leading to data corruption.
Merge from libarchive.googlecode.com:
* Lots of new tests.
* New -n / --numeric-uid-gid option
* More sanity-checking of arguments
* Various Windows portability improvements
* Sync up version number to 2.7.0
Merge remaining changes from libarchive.googlecode.com:
* Add xz and lzma compression options
* Rename --format-options to simply --options
* Add --same-owner for GNU tar compat
* Add -lmd and -lcrypto to fix link
* Documentation
Implement command-line fallbacks for gzip and bzip2 decompression as well.
Not an issue for FreeBSD, since the base system has the necessary libraries.
Since all decompressors are always available now, we can unconditionally
enable them in archive_read_support_compression_all().
Merge new xz/lzma support from libarchive.googlecode.com.
Since FreeBSD doesn't have liblzma in the base system, the
read side will always fall back to the unxz/unlzma commands for now.
(Which will in turn fail if those commands are not currently
installed.) The write side does not yet have a fallback, so
that will just fail.
Don't use the open callback, which is deprecated (because it's
never necessary). Also, simplify just a tad by delegating
to read_open_fd() when we know the file descriptor, instead
of duplicating that logic.
Prevent atkbd(4) interrupt handler from calling keyboard callback function
when polled mode is enabled. This should help with duplicated/missing
characters problem at mountroot, geli, etc. prompts on multi CPU systems
while kbdmux(4) is enabled.