rwatson [Mon, 6 Feb 2006 22:50:39 +0000 (22:50 +0000)]
Add support for audit pipe special devices, which allow user space
applications to insert a "tee" in the live audit event stream. Records
are inserted into a per-clone queue so that user processes can pull
discreet records out of the queue. Unlike delivery to disk, audit pipes
are "lossy", dropping records in low memory conditions or when the
process falls behind real-time events. This mechanism is appropriate
for use by live monitoring systems, host-based intrusion detection, etc,
and avoids applications having to dig through active on-disk trails that
are owned by the audit daemon.
rwatson [Mon, 6 Feb 2006 22:30:54 +0000 (22:30 +0000)]
Manage audit record memory with the slab allocator, turning
initialization routines into a ctor, tear-down to a dtor, cleaning
up, etc. This will allow audit records to be allocated from
per-cpu caches.
On recent FreeBSD, dropping the audit_mtx around freeing to UMA is
no longer required (at one point it was possible to acquire Giant
on that path), so a mutex-free thread-local drain is no longer
required.
cognet [Mon, 6 Feb 2006 22:17:42 +0000 (22:17 +0000)]
- Call mii_phy_probe() after we allocated an ifp. mii has this evil
hack where it assumes the first field of the driver softc is the struct
ifnet, and it copies its value in mii_phy_probe().
- In the interrupt handler, set the mbuf m_len field on packet receive.
jhb [Mon, 6 Feb 2006 22:06:54 +0000 (22:06 +0000)]
- Always call exec_free_args() in kern_execve() instead of doing it in all
the callers if the exec either succeeds or fails early.
- Move the code to call exit1() if the exec fails after the vmspace is
gone to the bottom of kern_execve() to cut down on some code duplication.
jhb [Mon, 6 Feb 2006 21:56:13 +0000 (21:56 +0000)]
- Move the wakeup() for exiting kthreads out of exit1() and into
kthread_exit() as that is cleaner and less obscured. It also does the
wakeup sooner.
- Add some comments to kthread_exit().
rwatson [Mon, 6 Feb 2006 18:41:00 +0000 (18:41 +0000)]
Add information on audit pipe special devices, which allow user processes
to "tee" the BSM record stream for the purposes of live monitoring,
intrusion detection, etc. Support for audit pipes will be committed in
the near future.
jeff [Mon, 6 Feb 2006 10:19:50 +0000 (10:19 +0000)]
- Add a ref count to the mount structure. Sleep for up to 3 seconds in
vfs_mount_destroy waiting for this ref to hit 0. We don't print an
error if we are rebooting as the root mount always retains some refernces
by init proc.
- Acquire a mnt ref for every vnode allocated to a mount point. Drop this
ref only once vdestroy() has been called and the mount has been freed.
- No longer NULL the v_mount pointer in delmntque() so that we may release
the ref after vgone() has been called. This allows us to guarantee
that the mount point structure will be valid until the last vnode has
lost its last ref.
- Fix a few places that rely on checking v_mount to detect recycling.
Sponsored by: Isilon Systems, Inc.
MFC After: 1 week
jeff [Mon, 6 Feb 2006 10:14:12 +0000 (10:14 +0000)]
- Fix silly VI locking that is used to check a single flag. The vnode
lock also protects this flag so it is not necessary.
- Don't rely on v_mount to detect whether or not we've been recycled, use
the more appropriate VI_DOOMED instead.
Sponsored by: Isilon Systems, Inc.
MFC After: 1 week
rwatson [Mon, 6 Feb 2006 02:00:06 +0000 (02:00 +0000)]
Prefer AUE_FOO audit identifiers to AUE_O_FOO, which are largely left
over from the Darwin implementation.
When we implement a system call as a wrapper to sysctl(), audit it as
AUE_SYSCTL. This leads to greater compatibility with Solaris audit
trails as sysctl() argument tokens are not the same as the ones for
the originaly system calls (i.e., setdomainname()).
Replace references to AUE_ events that are equivilent to AUE_NULL with
AUE_NULL. In the case of process signal configuration, this is
because these events do not require auditing.
Move from the Darwin spelling of getsockopt() to the FreeBSD/Solaris
one.
rwatson [Mon, 6 Feb 2006 01:51:08 +0000 (01:51 +0000)]
When exiting a thread, submit any pending record. Today, we don't
audit thread exit, but should that happen, this will prevent
unhappiness, as the thread exit system call will never return, and
hence not commit the record.
Pointed out by/with: cognet
Obtained from: TrustedBSD Project
rwatson [Mon, 6 Feb 2006 00:06:04 +0000 (00:06 +0000)]
Vendor branch import of OpenBSM 1.0 alpha 3:
- Man page formatting, cross reference, mlinks, and accuracy improvements.
- auditd and tools now compile and run on FreeBSD/arm.
- auditd will now fchown() the trail file to the audit review group, if
defined at compile-time.
- Added AUE_SYSARCH for FreeBSD.
- Definition of AUE_SETFSGID fixed for Linux.
Many thanks to: brueffer, cognet
Obtained from: TrustedBSD Project
rwatson [Sun, 5 Feb 2006 23:28:01 +0000 (23:28 +0000)]
Assign audit event identfiers to Xenix system calls. Note: AUE_EACCESS
is assigned to xenix_eaccess() instead of AUE_ACCESS, as that is the
intended meaning of the system call. xenix_eaccess() should be
reimplemented using our native eaccess() implementation so that it
works as intended.
rwatson [Sun, 5 Feb 2006 21:06:09 +0000 (21:06 +0000)]
When GC'ing a thread, assert that it has no active audit record.
This should not happen, but with this assert, brueffer and I would
not have spent 45 minutes trying to figure out why he wasn't
seeing audit records with the audit version in CVS.
ceri [Sun, 5 Feb 2006 19:23:05 +0000 (19:23 +0000)]
The rpc.pcnfsd server was in the base for a little over seven minutes
back in 1994. Change the example entry to point at the port, as per
the entries for uucpd et al.
rwatson [Sun, 5 Feb 2006 15:42:01 +0000 (15:42 +0000)]
Add AUDITVNODE[12] flags to namei(), which cause namei() to audit path
and vnode attribute information for looked up vnodes during the lookup
operation. This will allow consumers of namei() to specify that this
information be added to the in-process audit record.
imp [Sat, 4 Feb 2006 23:32:13 +0000 (23:32 +0000)]
Import support for the Atmel AT91RM9200 CPU/Microcontroller. This SoC
is a ARM920T based CPU with a bunch of built-in peripherals. The
inital import supports the SPI bus, the TWI bus (although iicbus
integration is not complete), the uarts, the system timer and the
onboard ethernet. Support for the Kwikbyte KB9202
(http://www.kwikbyte.com) board is also included, although there's no
reason why the 9200 and the 9201 wouldn't also work. Primitive
support for running under the skyeye emulator is also provided
(although skyeye's support for the AT91RM9200 is a little weak).
The code has been structured so that other members of Atmel's arm family can
be supported in the future. The AT91SAM9260 is not presently supported
due to lack of hardware. The arm7tdmi families are also not supported
becasue they lack an MMU.
Many thanks to cognet@ for his help and assistance in bringing up this
board. He did much of the vm work and wrote parts of the uart and
system timer code as well as the bus space implementation.
The system boots to single user w/o problem, although the serial
console is a little slow and the ethernet driver is still in flux.
This work was sponsored by Timing Solutions, Corporation. I am
grateful to their support of the FreeBSD project in this manner.
marius [Sat, 4 Feb 2006 23:30:09 +0000 (23:30 +0000)]
Enable getty(8) on ttyu2 by default in order to get machines that use a
RSC (Remote System Control) connected via uart2 as console working out
of the box. On machines that use uart2 to connect a keyboard and thus
the ttyu2 node doesn't exist this will trigger a warning from getty(8)
but cause no real harm.
marius [Sat, 4 Feb 2006 23:27:16 +0000 (23:27 +0000)]
- Add support for using LOM (Lights Out Management) and RSC (Remote System
Control) devices as console. These are microcontrollers which are either
on-board or part of an add-on card and provide terminal server, remote
power switch and monitoring functionality. For console usage these are
connected to the rest of the system via a SCC or an UART. This commit adds
support for the following variants (corresponds to what 'input-device' and
'output-device' have to be set to):
rsc found on-board in E250 and supposedly some Netra, connected
via a SAB82532, com. parameters can be determined via OFW
rsc-console RSC card found in E280R, Fire V4x0, Fire V8x0, connected
via a NS16550, hardwired to 115200 8N1
lom-console LOMlite2 card found in Netra 20/T4, connected via a NS16550,
hardwired to 9600 8N1
- Add my copyright to uart_cpu_sparc64.c as I've rewritten about one third
of that file over time.
Tested on: E250, E280R
Thanks to: dwhite@ for providing access to an E280R
OK'ed by: marcel
MFC after: 1 week
imp [Sat, 4 Feb 2006 22:51:03 +0000 (22:51 +0000)]
Silence the strict-alias warnings. Make a trip through (void *) when
casting a structure to a uint32_t *. Many drivers in the tree do this, but
I'll not update them until these changes can be reviewed by the pedantic
standards folks.
wsalamon [Sat, 4 Feb 2006 20:20:02 +0000 (20:20 +0000)]
Make login audit-enabled, submitting audit records for the login and logout
events. The specifics of submitting the records is contained within
login_audit.c.
Document the auditing behavior in the man page.
Obtained from: TrustedBSD Project, Apple Computer, Inc.
Approved by: rwatson (mentor)
wpaul [Sat, 4 Feb 2006 19:42:49 +0000 (19:42 +0000)]
When ndis_attach() runs, it has to very briefly initialize the card
in order to query the underlying Windows driver for the station address
and some other properties. There is a slim chance that the card may
receive a packet and indicate it up to us before ndis_attach() can call
ndis_halt_nic(). This is bad, because both the softc structure and
the ifnet structure aren't fully initialized yet: many pointers are
still NULL, so if we make it into ndis_rxeof(), we will panic.
To fix this, we need to do the following:
- Move the calls to IoAllocateWorkItem() to before the call to ndis_init_nic().
- Move the initialization of the RX DPC and status callback function pointers
to before ndis_init_nic() as well.
- Modify ndis_rxeof() to check if the IFF_DRV_RUNNING flag is set. If it
isn't, we return any supplied NDIS_PACKETs to the NIC without processing
them.
This fixes a crash than can occur when activating a wireless NIC in
close proximity to a very busy wireless network, reported by Ryan
Beasley (ryan%^$!ATgoddamnbastard-****!!!DOTorg.
rwatson [Sat, 4 Feb 2006 18:29:51 +0000 (18:29 +0000)]
Add a brief FREEBSD-upgrade file to provide direction on how to perform
OpenBSM upgrades. Right now, this is very easy, but in the future it
will probably become more complicated.
rwatson [Sat, 4 Feb 2006 18:24:06 +0000 (18:24 +0000)]
Add a -A argument to mergemaster to allow explicitly specifying an
architecture to pass through to the underlying makefiles. This is
quite useful when building on an i386 box to populate an amd64 NFS
root.
cognet [Sat, 4 Feb 2006 18:01:15 +0000 (18:01 +0000)]
Don't forget to set the address of the next descriptor to 0 when we're
zeroing a physical page, or we could end up re-zeroing portions of
memory we have zeroed before, which is clearly not wanted.
scottl [Sat, 4 Feb 2006 17:56:17 +0000 (17:56 +0000)]
Squash another use of vtophys. Instead of creating separate busdma objects
for doing static memory transfers, start collecting them into a single
object.