iedowse [Sun, 20 Oct 2002 21:44:31 +0000 (21:44 +0000)]
Split out most of the logic from in_pcbbind() into a new function
called in_pcbbind_setup() that does everything except commit the
changes to the PCB. There should be no functional change here, but
in_pcbbind_setup() will be used by the soon-to-appear IP_SENDSRCADDR
control message implementation to check or allocate the source
address and port.
alc [Sun, 20 Oct 2002 21:40:17 +0000 (21:40 +0000)]
- Replace two instances of vm_page_sleep_busy() with the page queue
mutex-friendly vm_page_sleep_if_busy().
- Introduce page queue locking in pmap_page_lookup() and
pmap_release_free_page().
- Simplify the invalidation of the pmap's ptphint in
pmap_release_free_page(). (MFi386 pmap.c revision 1.362.)
phk [Sun, 20 Oct 2002 20:48:56 +0000 (20:48 +0000)]
Change the definition of the debugging registers to be an array, so
that we can index into it, rather than do pointer gymnastics on a
structure containing 8 elements.
phk [Sun, 20 Oct 2002 20:28:24 +0000 (20:28 +0000)]
Now that the sectorsize and mediasize are properties of the provider,
don't take the detour over the I/O path to discover them using getattr(),
we can just pick them out directly.
Do note though, that for now they are only valid after the first open
of the underlying disk device due compatibility with the old disk_create()
API. This will change in the future so they will always be valid.
ache [Sun, 20 Oct 2002 19:56:15 +0000 (19:56 +0000)]
Add checks for DIGIT set consistency to prevent common misinterpretation
automatically.
Remove output file on error.
Staticize functions declared as static.
chris [Sun, 20 Oct 2002 19:20:26 +0000 (19:20 +0000)]
o Use .Cm for 'attach', 'detach', 'init', 'setkey', and 'destroy' commands
o Fix some punctuation and wording
o Wording consistency in command-line option documentation
o Make use of mdoc's markup a bit more (quoting and the like)
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
tmm [Sun, 20 Oct 2002 17:03:15 +0000 (17:03 +0000)]
Add kernel dump support, based on the ia64 version (which was committed
as sparc64/sparc64/dump_machdep.c a while back).
Other than ia64 (which uses ELF), sparc64 uses a homegrown format for
the dumps (headers are required because the physical address and size of
the tsb must be noted, and because physical memory may be discontiguous);
ELF would not offer any advantages here.
tjr [Sun, 20 Oct 2002 10:36:27 +0000 (10:36 +0000)]
When recycling a cached connection, increment the reference count so that
the heap block does not get freed and reused. This should fix the
pkg_add -r crashes that have been happening for months.
marcel [Sun, 20 Oct 2002 06:00:09 +0000 (06:00 +0000)]
Define IVT_ENTRY and IVT_END as special versions of ENTRY and END
for defining vectors. As a result, each vector will be a global
function with unwind directives to notify the unwinder that we're
in an interrupt handler. In the debugger this will show up something
like:
Debugger(0xe000000000a211d8, 0xe000000000748960) at Debugger+0x31
panic(0xe000000000a36858, 0xe0000000021d32d0, 0xe000000000ae42e8, ...
trap(0x14, 0x100000, 0xe0000000021d32d0, 0x0, 0xa0000000002095f0, ...
ivt_Data_TLB(0x14, 0x100000, 0xe0000000021d32d0) at ivt_Data_TLB+0x1f0
rwatson [Sun, 20 Oct 2002 03:41:09 +0000 (03:41 +0000)]
If MAC_MAX_POLICIES isn't defined, don't try to define it, just let the
compile fail. MAC_MAX_POLICIES should always be defined, or we have
bigger problems at hand.
grog [Sun, 20 Oct 2002 02:12:46 +0000 (02:12 +0000)]
Clarify holidays which apply only to the USA
Clarify that the USSR no longer exists, but some of the holidays are
celebrated anyway.
Reviewed in part by: ru
Remove Jewish and most Muslim holidays. They're all wrong, since they
don't apply to the Western calendar. The much more complete Jewish
holidays are in calendar.judaic. The Muslim holidays need to be
collected into a file, but there's not much point in having the wrong
date.
Remove many Fiji holidays. They change every year by Government
decree, and some were duplicated as a result.
Remove some duplicates.
There's still a lot to be done; in particular, I think the Japanese
and British holidays are very inaccurate. This file needs checking by
people who know the details.
kan [Sat, 19 Oct 2002 23:03:35 +0000 (23:03 +0000)]
Change the symbol lookup order to search RTLD_GLOBAL objects
before referencing object's DAG. This makes it possible for
C++ exceptions to work across shared libraries and brings
us closer to the search order used by Solaris/Linux.
peter [Sat, 19 Oct 2002 22:09:23 +0000 (22:09 +0000)]
Grab 416/417 real estate before I get burned while testing again.
This is for the not-quite-ready signal/fpu abi stuff. It may not see
the light of day, but I'm certainly not going to be able to validate it
when getting shot in the foot due to syscall number conflicts.
rwatson [Sat, 19 Oct 2002 21:25:51 +0000 (21:25 +0000)]
Add a new 'NOMACCHECK' flag to namei() NDINIT flags, which permits the
caller to indicate that MAC checks are not required for the lookup.
Similar to IO_NOMACCHECK for vn_rdwr(), this indicates that the caller
has already performed all required protections and that this is an
internally generated operation. This will be used by the NFS server
code, as we don't currently enforce MAC protections against requests
delivered via NFS.
While here, add NOCROSSMOUNT to PARAMASK; apparently this was used at
one point for name lookup flag checking, but isn't any longer or it
would have triggered from the NFS server code passing it to indicate
that mountpoints shouldn't be crossed in lookups.
rwatson [Sat, 19 Oct 2002 21:06:57 +0000 (21:06 +0000)]
Add a placeholder for the execve_mac() system call, similar to SELinux's
execve_secure() system call, which permits a process to pass in a label
for a label change during exec. This permits SELinux to change the
label for the resulting exec without a race following a manual label
change on the process. Because this interface uses our general purpose
MAC label abstraction, we call it execve_mac(), and wrap our port of
SELinux's execve_secure() around it with appropriate sid mappings.
rwatson [Sat, 19 Oct 2002 20:30:12 +0000 (20:30 +0000)]
Make sure to clear the 'registered' flag for MAC policies when they
unregister. Under some obscure (perhaps demented) circumstances,
this can result in a panic if a policy is unregistered, and then someone
foolishly unregisters it again.
rwatson [Sat, 19 Oct 2002 20:25:57 +0000 (20:25 +0000)]
Hook up most of the MAC entry points relating to file/directory/node
creation, deletion, and rename. There are one or two other stray
cases I'll catch in follow-up commits (such as unix domain socket
creation); this permits MAC policy modules to limit the ability to
perform these operations based on existing UNIX credential / vnode
attributes, extended attributes, and security labels. In the rename
case using MAC, we now have to lock the from directory and file
vnodes for the MAC check, but this is done only in the MAC case,
and the locks are immediately released so that the remainder of the
rename implementation remains the same. Because the create check
takes a vattr to know object type information, we now initialize
additional fields in the VATTR passed to VOP_SYMLINK() in the MAC
case.
marcel [Sat, 19 Oct 2002 19:30:38 +0000 (19:30 +0000)]
Update the unwind information when modules are loaded and unloaded
by using the linker hooks. Since these hooks are called for the
kernel as well, we don't need to deal with that with a special
SYSINIT. The initialization implicitly performed on the first
update of the unwind information is made explicit with a SYSINIT.
We now don't need the _ia64_unwind_{start|end} symbols.
marcel [Sat, 19 Oct 2002 19:16:03 +0000 (19:16 +0000)]
Add two hooks to signal module load and module unload to MD code.
The primary reason for this is to allow MD code to process machine
specific attributes, segments or sections in the ELF file and
update machine specific state accordingly. An immediate use of this
is in the ia64 port where unwind information is updated to allow
debugging and tracing in/across modules. Note that this commit
does not add the functionality to the ia64 port. See revision 1.9
of ia64/ia64/elf_machdep.c.
marcel [Sat, 19 Oct 2002 18:59:33 +0000 (18:59 +0000)]
Reduce code duplication by moving the common actions in
link_elf_init(), link_elf_link_preload_finish() and
link_elf_load_file() to link_elf_link_common_finish().
Since link_elf_init() did initializations as a side-effect
of doing the common actions, keep the initialization in
that function. Consequently, link_elf_add_gdb() is now also
called to insert the very first link_map() (ie the kernel).
marcel [Sat, 19 Oct 2002 18:43:37 +0000 (18:43 +0000)]
Non-functional change in preparation of the next commit:
Move link_elf_add_gdb(), link_elf_delete_gdb() and link_elf_error()
near the top of the file. The *_gdb() functions are moved inside
the #ifdef DDB already present there.
alc [Sat, 19 Oct 2002 18:34:39 +0000 (18:34 +0000)]
Complete the page queues locking needed for the page-based copy-
on-write (COW) mechanism. (This mechanism is used by the zero-copy
TCP/IP implementation.)
- Extend the scope of the page queues lock in vm_fault()
to cover vm_page_cowfault().
- Modify vm_page_cowfault() to release the page queues lock
if it sleeps.
phk [Sat, 19 Oct 2002 17:02:17 +0000 (17:02 +0000)]
Add Geom Based Disk Encryption to the tree.
This is an encryption module designed for to secure denial of access
to the contents of "cold disks" with or without destruction activation.
Major features:
* Based on AES, MD5 and ARC4 algorithms.
* Four cryptographic barriers:
1) Pass-phrase encrypts the master key.
2) Pass-phrase + Lock data locates master key.
3) 128 bit key derived from 2048 bit master key protects sector key.
3) 128 bit random single-use sector keys protect data payload.
* Up to four different changeable pass-phrases.
* Blackening feature for provable destruction of master key material.
* Isotropic disk contents offers no information about sector contents.
* Configurable destination sector range allows steganographic deployment.
This commit adds the kernel part, separate commits will follow for the
userland utility and documentation.
This software was developed for the FreeBSD Project by Poul-Henning Kamp and
NAI Labs, the Security Research Division of Network Associates, Inc. under
DARPA/SPAWAR contract N66001-01-C-8035 ("CBOSS"), as part of the DARPA CHATS
research program.
Many thanks to Robert Watson, CBOSS Principal Investigator for making this
possible.
rwatson [Sat, 19 Oct 2002 16:54:15 +0000 (16:54 +0000)]
Permits UFS ACLs to be used with the GENERIC kernel. Due to recent
ACL configuration changes, this shouldn't result in different code paths
for file systems not explicitly configured for ACLs by the system
administrator. For UFS1, administrators must still recompile their
kernel to add support for extended attributes; for UFS2, it's sufficient
to enable ACLs using tunefs or at mount-time (tunefs preferred for
reliability reasons). UFS2, for a variety of reasons, including
performance and reliability, is the preferred file system for use with
ACLs.
projects / FreeBSD / FreeBSD.git / log