rwatson [Wed, 24 Aug 2005 04:45:02 +0000 (04:45 +0000)]
Merge if.c:1.240, if.c:1.241, if.c:1.242 from HEAD to RELENG_6, which
correct nits in the addition of if_addr_mtx:
if.c:1.240:
Initialize the if_addr mutex in if_alloc() rather than waiting until
if_attach(). This allows ethernet drivers to use it in their routines
to program their MAC filters before ether_ifattach() is called (de(4) is
one such driver). Also, the if_addr mutex is destroyed in if_free()
rather than if_detach(), so there was another potential bug in that a
driver that failed during attach and called if_free() without having
called ether_ifattach() would have tried to destroy an uninitialized
mutex.
Reported by: Holm Tiffe holm at freibergnet dot de
Discussed with: rwatson
if.c:1.241:
destroy lock _before_ free'ing the structure it resides in
if.c:1.242:
- Move IF_ADDR_LOCK_DESTROY(ifp) from if_free to if_free_type.
- Add a note that additions should be made to if_free_type and not
if_free to help avoid this in the future.
This apparently fixes a use after free in if_bridge and may fix bugs
in other direct if_free_type consumers.
rwatson [Wed, 24 Aug 2005 04:42:03 +0000 (04:42 +0000)]
Merge if.c:1.239, if_var.h:1.101 from HEAD to RELENG_6:
Protect link layer network interface multicast address list manipulation
using ifp->if_addr_mtx:
- Initialize if_addr_mtx when ifnet is initialized.
- Destroy if_addr_mtx when ifnet is torn down.
- Rename ifmaof_ifpforaddr() to if_findmulti(); assert if_addr_mtx.
Staticize.
- Extract ifmultiaddr allocation and initialization into if_allocmulti();
accept a 'mflags' argument to indicate whether or not sleeping is
permitted. This centralizes error handling and address duplication.
- Extract ifmultiaddr tear-down and deallocation in if_freemulti().
- Re-structure if_addmulti() to hold if_addr_mtx around manipulation of
the ifnet multicast address list and reference count manipulation.
Make use of non-sleeping allocations. Annotate the fact that we only
generate routing socket events for explicit address addition, not
implicit link layer address addition.
- Re-structure if_delmulti() to hold if_addr_mtx around manipulation of
the ifnet multicast address list and reference count manipulation.
Annotate the lack of a routing socket event for implicit link layer
address removal.
- De-spl all and sundry.
Problem reported by: Ed Maste <emaste at phaedrus dot sandvine dot ca>
rwatson [Wed, 24 Aug 2005 04:19:48 +0000 (04:19 +0000)]
Merge if.c:1.235 from HEAD to RELENG_6:
- Introduce a helper function if_setflag() containing the code common
to ifpromisc() and if_allmulti() instead of duplicating the code poorly,
with different bugs.
- Call ifp->if_ioctl() in a consistent way: always use more compatible C
syntax and check whether ifp->if_ioctl is not NULL prior to the call.
rwatson [Tue, 23 Aug 2005 01:50:19 +0000 (01:50 +0000)]
Merge vfs_subr.c:1.641 from HEAD to RELENG_6:
Silence "busy" warnings when unmounting devfs at system shutdown. This
is a workaround for non-symetric teardown of the file systems at
shutdown with respect to the mount order at boot. The proper long term
fix is to properly detach devfs from the root mount before unmounting
each, and should be implemented, but since the problem is non-harmful,
this temporary band-aid will prevent false positive bug reports and
unnecessary error output for 6.0-RELEASE.
rwatson [Sat, 20 Aug 2005 21:32:08 +0000 (21:32 +0000)]
Merge ip_output.c:1.244 from HEAD to RELENG_6:
Add helper function ip_findmoptions(), which accepts an inpcb, and attempts
to atomically return either an existing set of IP multicast options for the
PCB, or a newlly allocated set with default values. The inpcb is returned
locked. This function may sleep.
Call ip_moptions() to acquire a reference to a PCB's socket options, and
perform the update of the options while holding the PCB lock. Release the
lock before returning.
Remove garbage collection of multicast options when values return to the
default, as this complicates locking substantially. Most applications
allocate a socket either to be multicast, or not, and don't tend to keep
around sockets that have previously been used for multicast, then used for
unicast.
This closes a number of race conditions involving multiple threads or
processes modifying the IP multicast state of a socket simultaenously.
rwatson [Sat, 20 Aug 2005 21:25:21 +0000 (21:25 +0000)]
Merge libmemstat.3:1.10 from HEAD to RELENG_6:
The "Mbuf" zone was renamed "mbuf" to improve consistency, but the code
example in libmemstat.3 was not updated to take this rename into account.
Update the example.
PR: 84946
Submitted by: Wojciech A. Koszek <dunstan at freebsd dot czest dot pl>
rwatson [Sat, 20 Aug 2005 13:38:22 +0000 (13:38 +0000)]
Merge if_var.h:1.99 from HEAD to RELENG_6:
Allocate one of the spare ifnet integer fields to hold if_drv_flags,
which in the future will hold IFF_OACTIVE and IFF_RUNNING, and have
its access synchronized by the device driver rather than the
protocol stack. This will avoid potential races in the management
of flags in if_flags.
rwatson [Sat, 20 Aug 2005 13:34:59 +0000 (13:34 +0000)]
Merge in_pcb.c:1.166 from HEAD to RELENG_6:
Remove no-op spl references in in_pcb.c, since in_pcb locking has been
basically complete for several years now. Update one spl comment to
reference the locking strategy.
rwatson [Sat, 20 Aug 2005 13:24:28 +0000 (13:24 +0000)]
Merge mdoc.local:1.50 from HEAD to RELENG_6:
Hook up libmemstat(3) to the library list in mdoc.local. This will cause
the library description (specifically, -lmemstat) to render properly in
the libmemstat.3 man page.
* Add dynamic sysctl for net.inet6.ip6.fw.
* Correct handling of IPv6 Extension Headers.
* Add unreach6 code.
* Add logging for IPv6.
* Fix build without INET6 and IPFIREWALL compiled into kernel.[1]
Submitted by: sysctl handling derived from patch from ume needed for ip6fw
Obtained from: is_icmp6_query and send_reject6 derived from similar
functions of netinet6,ip6fw
Reviewed by: ume, gnn; silence on ipfw@
Spotted and tested by: Michal Mertl <mime at traveller.cz>[1]
Approved by: re (kensmith)
yar [Sat, 20 Aug 2005 08:05:01 +0000 (08:05 +0000)]
MFC rev. 1.29-1.31:
Make the procfs module buildable again in the MODULES_WITH_WORLD case.
This means defining a target for default opt_compat.h, but only if we
are not building the modules along with the kernel.
pjd [Fri, 19 Aug 2005 12:04:19 +0000 (12:04 +0000)]
MFC: sys/opencrypto/cryptodev.c 1.26
Fix bogus check. It was possible to panic the kernel by giving 0 length.
This is actually a local DoS, as every user can use /dev/crypto if there
is crypto hardware in the system and cryptodev.ko is loaded (or compiled
into the kernel).
Reported by: Mike Tancsa <mike@sentex.net>
Security: Local DoS on systems with crypto HW and with /dev/crypto available
Approved by: re (kensmith)
pjd [Fri, 19 Aug 2005 11:09:11 +0000 (11:09 +0000)]
MFC: usr.sbin/jls/jls.c 1.4,1.5
Not sure why, but SYSCTL_OUT() can sometimes keep returning ENOMEM
in sysctl_jail_list(). Because of this, jls(8) could enter into
an endless loop. The strange thing is, that we can call jls(8) while
the other one is in loop and it will succeed - SYSCTL_OUT() will
not return ENOMEM there.
glebius [Fri, 19 Aug 2005 09:29:25 +0000 (09:29 +0000)]
MFC:
Implement a new feature for ping(8) - sweeping pings. In a sweeping
ping ICMP payload of packets being sent is increased with given step.
Sweeping pings are useful for testing problematic channels, MTU
issues or traffic policing functions in networks.
PR: bin/82625
Submitted by: Chris Hellberg <chellberg juniper.net> (with some cleanups)
csjp [Fri, 19 Aug 2005 04:52:02 +0000 (04:52 +0000)]
MFC revision 1.157
date: 2005/08/18 22:30:52; author: csjp; state: Exp; lines: +4 -2
Add missing braces around bpf_filter which were missed when I
merged the bpfstat code.
csjp [Fri, 19 Aug 2005 04:50:08 +0000 (04:50 +0000)]
Synch with HEAD:
MFC revision 1.167
date: 2005/08/08 21:06:42; author: csjp; state: Exp; lines: +2 -0
Drop in a WITNESS_WARN into SYSCTL_IN to make sure that we are
not holding any non-sleep-able-locks locks when copyin is called.
This gets executed un-conditionally since we have no function
to wire the buffer in this direction.
MFC revision 1.166
date: 2005/08/08 18:54:35; author: csjp; state: Exp; lines: +6 -1
Check to see if we wired the user-supplied buffers in SYSCTL_OUT, if
the buffer has not been wired and we are holding any non-sleep-able locks,
drop a witness warning. If the buffer has not been wired, it is possible
that the writing of the data can sleep, especially if the page is not in
memory. This can result in a number of different locking issues, including
dead locks.
cperciva [Fri, 19 Aug 2005 04:12:41 +0000 (04:12 +0000)]
MFC: Pad the strings sccs[], version[], and osrelease[], and add a
BRANCH_OVERRIDE environment variable (which, if set, overrides the
BRANCH specified here). These make my FreeBSD Update build code
simpler by making it easier to recognize when two kernels are identical
modulo version numbers.
cperciva [Fri, 19 Aug 2005 02:53:00 +0000 (02:53 +0000)]
MFC: Remove dates, since they serve no purpose and result in files
spuriosuly changing each time they are built. Also add $FreeBSD$ tags,
because cvs wants them.
thompsa [Fri, 19 Aug 2005 02:43:07 +0000 (02:43 +0000)]
MFC: if_bridge.c, r1.17; bridgestp.c, r1.5
> Ensure that we are holding the lock when initialising the bridge interface. We
> could initialise while unlocked if the bridge is not up when setting the inet
> address, ether_ioctl() would call bridge_init.
>
> Change it so bridge_init is always called unlocked and then locks before
> calling bstp_initialization().
rwatson [Fri, 19 Aug 2005 00:07:06 +0000 (00:07 +0000)]
Merge Makefile:1.12, vmstat.c:1.87 from HEAD to RELENG_6:
Teach vmstat -m and vmstat -z to use libmemstat(3). Certain
statistics from -z are now a bit different due to changes in the
way statistics are now measured. Reproduce with some amount of
accuracy the slightly obscure layouts adopted by the two kernel
sysctls. In the future, we might want to normalize them.
GC dosysctl(), which is now no longer used.
Merge vmstat.c:1.88 from HEAD to RELENG_6:
Minor syntax tweaks:
- Remove some extra blank lines.
- Remove comments that don't contribute to understanding.
- Remove additional blank lines in output added to maximize
compatibility with older vmstat output, but that is actually
somewhat gratuitous.
glebius [Thu, 18 Aug 2005 10:12:42 +0000 (10:12 +0000)]
o Make rt_check() return a locked rtentry.
o Make rt_check() function more strict:
- rt0 passed to rt_check() must not be NULL, assert this.
- rt returned by rt_check() must be valid locked rtentry,
if no error occured.
o Modify callers, so that they never pass NULL rt0
to rt_check().
o Modify callers, so that they unlock rtentry.
avatar [Wed, 17 Aug 2005 14:35:20 +0000 (14:35 +0000)]
MFC: (1.26) Fixing a regression introduced in rev1.25 by honouring the errno.
This should keep 'ugidfw list' to stop complaining about "Data error in
security.mac.bsdextended.rules.N: Unknown error: 0" if there is a "hole"
within the rule set.
cperciva [Wed, 17 Aug 2005 13:53:11 +0000 (13:53 +0000)]
MFC revision 1.149: Change the default partition sizes to provide more
space in /, /var, and /tmp, and if the device is large enough, provide
extra space to /var sufficient to store a crash dump.
kensmith [Wed, 17 Aug 2005 13:32:29 +0000 (13:32 +0000)]
MFC v1.125:
> Log:
> The /stand directory now disappears out from under sysinstall while
> it is running during installations. The vsystem() function does get
> used after this happens (e.g. if you manually configure the network
> interface and ask it to enable the interface) so it needs to be a
> little smarter about whether it uses /stand/sh or /bin/sh.
- Remove gbde_swap_enable variable (it has no effect).
- Add geli_swap_flags variable which holds flags used by geli(8) when
configuring GELI-encrypted swap partitions.
- Add variables used by rc.d/geli and rc.d/geli2 scripts.
pjd [Tue, 16 Aug 2005 09:20:32 +0000 (09:20 +0000)]
MFC:
Add scripts for GELI device configuration on boot.
rc.d/geli - configures encryption (ask for passphrases, etc.);
rc.d/geli2 - is called after file systems are mounted and mark devices for
detach on last close.
rwatson [Tue, 16 Aug 2005 09:15:14 +0000 (09:15 +0000)]
Merge if_var.h:1.100 from HEAD to RELENG_6:
Add if_addr_mtx to struct ifnet, a mutex to protect ifnet-related address
lists. Add accessor macros.
This changes the size of struct ifnet, but ideally, all ifnet consumers
are now using if_alloc() to allocate these structures rather than
embedding them into device driver softc's, so this won't modify the
network device driver ABI.
pjd [Tue, 16 Aug 2005 09:02:22 +0000 (09:02 +0000)]
MFC: sbin/geom/class/eli/geom_eli.c 1.2
When keys were configured without passphrase, number of iterations in
metadata is equal to -1. if we then wanted to attach provider (or change
keys) and forget about '-p' flag it failed on assertion (quite ok, without
assertion it could call PKCS#5v2 with 4294967295 iterations).
Instead of failing on assertion, remind about '-p' flag.
- GELI doesn't need cryptodev.
- Because code paths for I/O requests are quite complex, add comments above
the functions which participate in I/O paths.
pjd [Tue, 16 Aug 2005 08:45:11 +0000 (08:45 +0000)]
MFC: sbin/geom/core/geom.c 1.23
Unfortunately dlerror(3) returns string, so there is no clean way to
ignore "no such file" errors only, which I wanted to do.
Because of this I ignored all other errors on dlopen(3) failure as well,
which isn't good.
Fix this situation by calling access(2) on library file first and ignore
only ENOENT error. This allows to report all the rest of dlopen(3) errors.
pjd [Tue, 16 Aug 2005 08:43:06 +0000 (08:43 +0000)]
MFC: etc/rc.d/jail 1.25
Skip jails which are already running and inform why.
We're checking for /var/run/jail_<name>.id file and if it exists, we don't
start the jail. It should be also safe in case of reboot(8), because
rc.d/cleanvar script is going to remove /var/run/jail_* files.
It helps to avoid potential mess when the same jail is started twice,
because of an administrator mistake (been there, done that).
marcel [Tue, 16 Aug 2005 03:29:22 +0000 (03:29 +0000)]
Partial MFC rev 1.3:
o Remove the obscure tid command, because it does what the thread
command does, but worse.
o Move the PID to the extra thread info, where it makes sense and
where it doesn't confuse users. The extra thread info holds some
process information, to which the PID belongs.
o Implement the to_find_new_threads target method by having it call
the target beneath us if we're not using KVM. This makes sure that
new threads are found when using the remote target.
o Fix various core dump scenarios:
- Implement the to_files_info target method. Previously the
'info target' command would cause a NULL pointer dereference.
- Don't assume there's a current thread. We're not initialized
in all cases. This prevents a NULL pointer dereference.
- When we're not ussing KVM, have the to_xfer_memory target
method call the target beneath us. This avoids calling into
KVM with a NULL pointer.
marcel [Tue, 16 Aug 2005 00:29:26 +0000 (00:29 +0000)]
MFC 1.8:
o As mentioned in the previous commit: make the KVM error buffer
static.
o Register a function with atexit(3) to close the KVM object if
we have one open.
o Show the unread portion of the kernel's message buffer before
presenting the prompt. It's bound to provide some useful info.
o Don't call kgdb_target() twice. It results in having all threads
listed twice.
Fail the module loading process if the currently executing kernel
was not compiled with 'options HWPMC_HOOKS' or if the compiled-in
version numbers of the kernel and module are not in sync.
kan [Mon, 15 Aug 2005 14:04:47 +0000 (14:04 +0000)]
MFC: Do not use vm_pager_init() to initialize vnode_pbuf_freecnt variable.
vm_pager_init() is run before required nswbuf variable has been set
to correct value. This caused system to run with single pbuf available
for vnode_pager. Handle both cluster_pbuf_freecnt and vnode_pbuf_freecnt
variableis in the same way.