rwatson [Sat, 4 Mar 2006 16:45:52 +0000 (16:45 +0000)]
Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 5:
- Update install notes to indicate /etc files are to be installed manually.
- On systems without LOG_SECURITY, use LOG_AUTH.
- Convert to autoconf/automake in order to move to a more portable (not
BSD-specific) build infrastructure, and more easy conditional building of
components. Currently, the primary feature loss is that automake does
not have native support for manual symlinks. This will be addressed in a
future OpenBSM release.
- Add compat/queue.h, to be used on systems dated BSD queue macro libraries
(as found on Linux).
- Rename CHANGELOG to HISTORY, as our change log doesn't follow some of the
existing conventions for a CHANGELOG.
- Some private data structures moved from audit.h to audit_internal.h to
prevent inappropriate use by applications and name space pollution.
- Improved detection and use of endian macros using autoconf.
- Avoid non-portable use of struct in6_addr, which is largely opaque.
- Avoid leaking BSD kernel socket related token code to user space in
bsm_token.c.
- Teach System V IPC calls to look for Linux naming variations for certain
struct ipc_perm fields.
- Test for audit system calls, and if not present, don't build
bsm_wrappers.c, bsm_notify.c, audit(8), and auditd(8), which rely on
those system calls.
- au_close() is not implemented on systems that don't have audit system
calls, but au_close_buffer() is.
- Work around missing BSDisms in bsm_wrapper.c.
- Fix nested includes so including libbsm.h in an application on Linux
picks up the necessary definitions.
rwatson [Sat, 4 Mar 2006 16:13:16 +0000 (16:13 +0000)]
Reduce number of spaces for full name by four, and reduce padding
after tty entry by one space in order to provide extra spaces for
the tty entry. As a result, full pts names are now visible (up
to 999 pts's anyway):
Before:
Login Name TTY Idle Login Time Office Phone
robert Robert Watson *v0 3:55 Fri 02:54
robert Robert Watson p0 19 Sat 11:01
robert Robert Watson pts Sat 14:55
After:
Login Name TTY Idle Login Time Office Phone
robert Robert Watson *v0 5:08 Fri 02:54
robert Robert Watson p0 8 Sat 11:01
robert Robert Watson pts/5 Sat 14:55
trhodes [Sat, 4 Mar 2006 02:38:40 +0000 (02:38 +0000)]
Instead of just hinting at available octets, list some.
Mention that the setting of securelevel may affect one's ability to alter flags.
Xref security.7.
Bump doc date.
davidxu [Sat, 4 Mar 2006 00:18:19 +0000 (00:18 +0000)]
Use a thread pool to process notification if sigev_notify_attributes
is default and caller does not require dedicated thread. timer needs
a dedicated thread to maintain overrun count correctly in notification
context. mqueue and aio can use thread pool to do notification
concurrently, the thread pool has lifecycle control, some threads will
exit if they have idled for a while.
Fix bug in malloc_uninit():
Releasing items from the mt_zone can not be done by a simple
uma_zfree() call since mt_zone is allocated with the UMA_ZONE_MALLOC
flag. Use uma_zfree_arg instead and supply the slab.
This bug caused panics in low memory situations on unloading kernel
modules containing MALLOC_DEFINE(..) statements.
yar [Fri, 3 Mar 2006 21:37:38 +0000 (21:37 +0000)]
Take the functionality contained in the former "options TDFX_LINUX"
into a separate module. Accordingly, convert the option into a device
named similarly.
Note for MFC: Perhaps the option should stay in RELENG_6 for POLA reasons.
Suggested by: scottl
Reviewed by: cokane
MFC after: 5 days
mux [Fri, 3 Mar 2006 18:54:33 +0000 (18:54 +0000)]
Cast the pointer to void * before casting it back to struct type * in
STAILQ_LAST. This quiets a warning from GCC about increased required
alignment for the cast.
mux [Fri, 3 Mar 2006 18:45:12 +0000 (18:45 +0000)]
Import today's csup sources to get the warning fix for queue.h. We
probably want to do something similar in sys/queue.h; it's bad to have
STAILQ_LAST() generate GCC warnings.
csjp [Fri, 3 Mar 2006 17:21:08 +0000 (17:21 +0000)]
Unbreak byte counters when network interfaces are in monitor mode by
re-organizing the monitor return logic. We perform interface monitoring
checks after we have determined if the CRC is still on the packet, if
it is, m_adj() is called which will adjust the packet length. This
ensures that we are not including CRC lengths in the byte counters for
each packet.
thompsa [Fri, 3 Mar 2006 09:12:21 +0000 (09:12 +0000)]
Since we are using random ethernet addresses for the bridge, it is possible
that we might have address collisions, so make sure that this hardware address
isn't already in use on another bridge.
Don't truncate f_mntfromname & f_mntonname to 16 characters when
translating statfs into ostatfs. This allows 4.x binaries making
statfs calls to work on 6.x.
csjp [Fri, 3 Mar 2006 05:58:18 +0000 (05:58 +0000)]
Slightly re-worked bpf(4) code associated with bridging: if we have a
destination interface as a member of our bridge or this is a unicast packet,
push it through the bpf(4) machinery.
For broadcast or multicast packets, don't bother with the bpf(4) because it will
be re-injected into ether_input. We do this before we pass the packets through
the pfil(9) framework, as it is possible that pfil(9) will drop the packet or
possibly modify it, making it very difficult to debug firewall issues on the
bridge.
Further, implemented IFF_MONITOR for bridge interfaces. This does much the same
thing that it does for regular network interfaces: it pushes the packet to any
bpf(4) peers and then returns. This bypasses all of the bridge machinery,
saving mutex acquisitions, list traversals, and other operations performed by
the bridging code.
This change to the bridging code is useful in situations where individuals use a
bridge to multiplex RX/TX signals from two interfaces, as is required by some
network taps for de-multiplexing links and transmitting the RX/TX signals
out through two separate interfaces. This behaviour is quite common for network
taps monitoring links, especially for certain manufacturers.
tegge [Thu, 2 Mar 2006 22:13:28 +0000 (22:13 +0000)]
Eliminate a deadlock when creating snapshots. Blocking vn_start_write() must
be called without any vnode locks held. Remove calls to vn_start_write() and
vn_finished_write() in vnode_pager_putpages() and add these calls before the
vnode lock is obtained to most of the callers that don't already have them.
davidxu [Thu, 2 Mar 2006 14:06:40 +0000 (14:06 +0000)]
Add signal set sq_kill to sigqueue structure, the member saves all
signals sent by kill() syscall, without this, a signal sent by
sigqueue() can cause a signal sent by kill() to be lost.
jeff [Thu, 2 Mar 2006 08:52:53 +0000 (08:52 +0000)]
- Acquire lk in softdep_slowdown so that it's owned when we call
softdep_speedup().
- Assert that lk is held in softdep_speedup() rather than acquiring it.
This avoids a potential lock recursion.
jeff [Thu, 2 Mar 2006 05:50:23 +0000 (05:50 +0000)]
- Move softdep from using a global worklist to per-mount worklists. This
has many positive effects including improved smp locking, reducing
interdependencies between mounts that can lead to deadlocks, etc.
- Add the softdep worklist and various counters to the ufsmnt structure.
- Add a mount pointer to the workitem and remove mount pointers from the
various structures derived from the workitem as they are now redundant.
- Remove the poor-man's semaphore protecting softdep_process_worklist and
softdep_flushworklist. Several threads may now process the list
simultaneously.
- Add softdep_waitidle() to block the thread until all pending
dependencies being operated on by other threads have been flushed.
- Use softdep_waitidle() in unmount and snapshots to block either
operation until the fs is stable.
- Remove softdep worklist processing from the syncer and move it into the
softdep_flush() thread. This thread processes all softdep mounts
once each second and when it is called via the new softdep_speedup()
when there is a resource shortage. This removes the softdep hook
from the kernel and various hacks in header files to support it.
cognet [Wed, 1 Mar 2006 23:04:25 +0000 (23:04 +0000)]
Try to honor BUS_DMA_COHERENT : if the flag is set, normally allocate memory
with malloc() or contigmalloc() as usual, but try to re-map the allocated
memory into a VA outside the KVA, non-cached, thus making the calls to
bus_dmamap_sync() for these buffers useless.
ume [Wed, 1 Mar 2006 16:13:17 +0000 (16:13 +0000)]
- Reduce needless DNS query by lookup only appropriate address
family. [1]
- Specify appropriate hints to getaddrinfo(3). [1]
- Obtain address family from peername in inet mode.
sos [Wed, 1 Mar 2006 07:48:41 +0000 (07:48 +0000)]
Work around the deadlock that occours when ATA waits for the taskqueue
to call back for completition and something else is holding the taskqueue
waiting for ATA to return data.
This should clear up the "semaphore timeout !! DANGER Will Robinson !!"
in most situations, and log "taskqueue timeout - completing request directly"
instead, with a delayed "WARNING - freeing taskqueue zombie request" when
the taskqueue finally calls us back with the now stale request.
(It would have been nice if there was a way to remove a scheduled item from
a taskqueue, but that is not currently implemented in the kernel).
A real fix for this is in the works but wont make it to 6.1RELEASE
scottl [Wed, 1 Mar 2006 07:24:39 +0000 (07:24 +0000)]
Big update to the iir driver:
- Don't use a common buffer in the softc to store per-command data. Reserve
a buffer in the command itself.
- Don't allocate DMA memory for the kernel command structures when all you
really need is DMA memory for the scratch buffer embedded in them. Instead
allocate a slab for the scratch buffers and divide it up as needed.
- Call bus_dmamap_unload() at the completion of commands.
- Preserve and clear the CAM CCB status flags at completion.
- Reorder some low-level command operations to try to close races.
- Limit the simq to 32 commands for now. There are some serious problems
with the driver under load that are not well understood, so keeping the
simq lower helps avoid this. It has been tested at a higher value, but
this is a safe value that doesn't show much performance degredation.
These changes allow the driver to work reliably with >4GB of memory on i386
and amd64, and also work around deadlocks seen under very high load in
certain situations. The work-around is far from ideal, but without and
documentation it is hard to know what the right fix is.
davidxu [Wed, 1 Mar 2006 06:37:34 +0000 (06:37 +0000)]
Bring in my initial version of POSIX realtime extension library.
Current the library implements mqueue, timer and aio with SIGEV_THREAD
notification supported.