We need to check if file system size is equal to provider's size, because
sysinstall(8) still bogusly puts first partition at offset 0 instead of 16,
so glabel/ufs will find file system on slice instead of partition.
Before sysinstall is fixed, we must keep this code, which means that we
wont't be able to detect UFS file systems created with 'newfs -s ...'.
Robert Watson [Sat, 4 Mar 2006 17:00:55 +0000 (17:00 +0000)]
Update src/sys/security/audit for OpenBSM 1.0 alpha 5:
- Include audit_internal.h to get definition of internal audit record
structures, as it's no longer in audit.h. Forward declare au_record
in audit_private.h as not all audit_private.h consumers care about
it.
- Remove __APPLE__ compatibility bits that are subsumed by configure
for user space.
- Don't expose in6_addr internals (non-portable, but also cleaner
looking).
- Avoid nested include of audit.h in audit_private.h.
Robert Watson [Sat, 4 Mar 2006 16:45:52 +0000 (16:45 +0000)]
Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 5:
- Update install notes to indicate /etc files are to be installed manually.
- On systems without LOG_SECURITY, use LOG_AUTH.
- Convert to autoconf/automake in order to move to a more portable (not
BSD-specific) build infrastructure, and more easy conditional building of
components. Currently, the primary feature loss is that automake does
not have native support for manual symlinks. This will be addressed in a
future OpenBSM release.
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
(as found on Linux).
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
existing conventions for a CHANGELOG.
- Some private data structures moved from audit.h to audit_internal.h to
prevent inappropriate use by applications and name space pollution.
- Improved detection and use of endian macros using autoconf.
- Avoid non-portable use of struct in6_addr, which is largely opaque.
- Avoid leaking BSD kernel socket related token code to user space in
bsm_token.c.
- Teach System V IPC calls to look for Linux naming variations for certain
struct ipc_perm fields.
- Test for audit system calls, and if not present, don't build
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
those system calls.
- au_close() is not implemented on systems that don't have audit system
calls, but au_close_buffer() is.
- Work around missing BSDisms in bsm_wrapper.c.
- Fix nested includes so including libbsm.h in an application on Linux
picks up the necessary definitions.
Robert Watson [Sat, 4 Mar 2006 16:13:16 +0000 (16:13 +0000)]
Reduce number of spaces for full name by four, and reduce padding
after tty entry by one space in order to provide extra spaces for
the tty entry. As a result, full pts names are now visible (up
to 999 pts's anyway):
Before:
Login Name TTY Idle Login Time Office Phone
robert Robert Watson *v0 3:55 Fri 02:54
robert Robert Watson p0 19 Sat 11:01
robert Robert Watson pts Sat 14:55
After:
Login Name TTY Idle Login Time Office Phone
robert Robert Watson *v0 5:08 Fri 02:54
robert Robert Watson p0 8 Sat 11:01
robert Robert Watson pts/5 Sat 14:55
Tom Rhodes [Sat, 4 Mar 2006 02:38:40 +0000 (02:38 +0000)]
Instead of just hinting at available octets, list some.
Mention that the setting of securelevel may affect one's ability to alter flags.
Xref security.7.
Bump doc date.
David Xu [Sat, 4 Mar 2006 00:18:19 +0000 (00:18 +0000)]
Use a thread pool to process notification if sigev_notify_attributes
is default and caller does not require dedicated thread. timer needs
a dedicated thread to maintain overrun count correctly in notification
context. mqueue and aio can use thread pool to do notification
concurrently, the thread pool has lifecycle control, some threads will
exit if they have idled for a while.
Paul Saab [Fri, 3 Mar 2006 22:36:52 +0000 (22:36 +0000)]
Fix bug in malloc_uninit():
Releasing items from the mt_zone can not be done by a simple
uma_zfree() call since mt_zone is allocated with the UMA_ZONE_MALLOC
flag. Use uma_zfree_arg instead and supply the slab.
This bug caused panics in low memory situations on unloading kernel
modules containing MALLOC_DEFINE(..) statements.
Yaroslav Tykhiy [Fri, 3 Mar 2006 21:37:38 +0000 (21:37 +0000)]
Take the functionality contained in the former "options TDFX_LINUX"
into a separate module. Accordingly, convert the option into a device
named similarly.
Note for MFC: Perhaps the option should stay in RELENG_6 for POLA reasons.
Suggested by: scottl
Reviewed by: cokane
MFC after: 5 days
Maxime Henrion [Fri, 3 Mar 2006 18:54:33 +0000 (18:54 +0000)]
Cast the pointer to void * before casting it back to struct type * in
STAILQ_LAST. This quiets a warning from GCC about increased required
alignment for the cast.
Maxime Henrion [Fri, 3 Mar 2006 18:45:12 +0000 (18:45 +0000)]
Import today's csup sources to get the warning fix for queue.h. We
probably want to do something similar in sys/queue.h; it's bad to have
STAILQ_LAST() generate GCC warnings.
Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.
Andrew Thompson [Fri, 3 Mar 2006 09:12:21 +0000 (09:12 +0000)]
Since we are using random ethernet addresses for the bridge, it is possible
that we might have address collisions, so make sure that this hardware address
isn't already in use on another bridge.
Paul Saab [Fri, 3 Mar 2006 07:20:54 +0000 (07:20 +0000)]
Don't truncate f_mntfromname & f_mntonname to 16 characters when
translating statfs into ostatfs. This allows 4.x binaries making
statfs calls to work on 6.x.
Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.
For broadcast or multicast packets, don't bother with the bpf(4) because it will
be re-injected into ether_input. We do this before we pass the packets through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.
Further, implemented IFF_MONITOR for bridge interfaces. This does much the same
thing that it does for regular network interfaces: it pushes the packet to any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed by
the bridging code.
This change to the bridging code is useful in situations where individuals use a
bridge to multiplex RX/TX signals from two interfaces, as is required by some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for network
taps monitoring links, especially for certain manufacturers.
Tor Egge [Thu, 2 Mar 2006 22:13:28 +0000 (22:13 +0000)]
Eliminate a deadlock when creating snapshots. Blocking vn_start_write() must
be called without any vnode locks held. Remove calls to vn_start_write() and
vn_finished_write() in vnode_pager_putpages() and add these calls before the
vnode lock is obtained to most of the callers that don't already have them.
David Xu [Thu, 2 Mar 2006 14:06:40 +0000 (14:06 +0000)]
Add signal set sq_kill to sigqueue structure, the member saves all
signals sent by kill() syscall, without this, a signal sent by
sigqueue() can cause a signal sent by kill() to be lost.
Jeff Roberson [Thu, 2 Mar 2006 08:52:53 +0000 (08:52 +0000)]
- Acquire lk in softdep_slowdown so that it's owned when we call
softdep_speedup().
- Assert that lk is held in softdep_speedup() rather than acquiring it.
This avoids a potential lock recursion.
Jeff Roberson [Thu, 2 Mar 2006 05:50:23 +0000 (05:50 +0000)]
- Move softdep from using a global worklist to per-mount worklists. This
has many positive effects including improved smp locking, reducing
interdependencies between mounts that can lead to deadlocks, etc.
- Add the softdep worklist and various counters to the ufsmnt structure.
- Add a mount pointer to the workitem and remove mount pointers from the
various structures derived from the workitem as they are now redundant.
- Remove the poor-man's semaphore protecting softdep_process_worklist and
softdep_flushworklist. Several threads may now process the list
simultaneously.
- Add softdep_waitidle() to block the thread until all pending
dependencies being operated on by other threads have been flushed.
- Use softdep_waitidle() in unmount and snapshots to block either
operation until the fs is stable.
- Remove softdep worklist processing from the syncer and move it into the
softdep_flush() thread. This thread processes all softdep mounts
once each second and when it is called via the new softdep_speedup()
when there is a resource shortage. This removes the softdep hook
from the kernel and various hacks in header files to support it.
Try to honor BUS_DMA_COHERENT : if the flag is set, normally allocate memory
with malloc() or contigmalloc() as usual, but try to re-map the allocated
memory into a VA outside the KVA, non-cached, thus making the calls to
bus_dmamap_sync() for these buffers useless.
Hajimu UMEMOTO [Wed, 1 Mar 2006 16:13:17 +0000 (16:13 +0000)]
- Reduce needless DNS query by lookup only appropriate address
family. [1]
- Specify appropriate hints to getaddrinfo(3). [1]
- Obtain address family from peername in inet mode.