Robert Watson [Sun, 19 Mar 2006 15:44:53 +0000 (15:44 +0000)]
Merge Perforce change 93569 from TrustedBSD audit3 branch:
Do install sys/security/audit include files. It would be nice just
to install audit_ioctl.h, but we seem only to support installing
directories, so we get them all. The two not intended for extra-
kernel use have !_KERNEL #error's, which should help.
David Malone [Sun, 19 Mar 2006 11:48:48 +0000 (11:48 +0000)]
Make net.inet.ip.portrange.reservedhigh and
net.inet.ip.portrange.reservedlow apply to IPv6 aswell as IPv4.
We could have made new sysctls for IPv6, but that potentially makes
things complicated for mapped addresses. This seems like the least
confusing option and least likely to cause obscure problems in the
future.
This change makes the mac_portacl module useful with IPv6 apps.
Back out fd optimization introduced in revision 1.280 as it appears to be
really breaking things. Simple "close(0); dup(fd)" does not return descriptor
"0" in some cases. Further, this change also breaks some MAC interactions with
mac_execve_will_transition(). Under certain circumstances, fdcheckstd() can
be called in execve(2) causing an assertion that checks to make sure that
stdin, stdout and stderr reside at indexes 0, 1 and 2 in the process fd table
to fail, resulting in a kernel panic when INVARIANTS is on.
This should also kill the "dup(2) regression on 6.x" show stopper item on the
6.1-RELEASE TODO list.
This is a RELENG_6 candidate.
PR: kern/87208
Silence from: des
MFC after: 1 week
Robert Watson [Sat, 18 Mar 2006 18:31:24 +0000 (18:31 +0000)]
Merge perforce change 93199:
Change send_trigger() prototype to return an int, so that user
space callers can tell if the message was successfully placed
in the trigger queue. This isn't quite the same as it being
successfully received, but is close enough that we can generate
a more useful warning message in audit(8).
Ian Dowse [Sat, 18 Mar 2006 13:55:16 +0000 (13:55 +0000)]
Let the EHCI hardware track the toggle state for bulk and interrupt
transfers. This fixes some cases where the software toggle tracking
was not doing the right thing. For example, a short transfer that
transferred 0 bytes of the requested qTD transfer size does cause
a toggle change, but the existing code was assuming it didn't.
Warner Losh [Sat, 18 Mar 2006 01:45:29 +0000 (01:45 +0000)]
MFp4:
Add bus attachment for the ohci device on this chip. The bus and hub
are detected correctly, but the children devices aren't detected
correctly for reasons unknown.
Warner Losh [Sat, 18 Mar 2006 01:43:25 +0000 (01:43 +0000)]
MFp4:
o update TODO list
o Better use of busdma
o mark RX dtors as COHERENT. This helps performance a lot by not requiring
so many EXPENSIVE cache flushes. The cost of accessing it non-cached
is much smaller.
o Copy data from Rx buffers to make IP header 4 byte aligned.
o CRC length included in reported length, so cope
o Don't free TX buffer twice
o Manage TX buffers better.
o Enable just the interrupts we want.
o Manage OACTIVE better
# Some of these done by cognet
# These changes let us get to # via NFS root.
Warner Losh [Sat, 18 Mar 2006 01:35:49 +0000 (01:35 +0000)]
MFp4:
o Add memory barrier to bus space
o Allow for up to 3 IRQs per device
o Move to table driven population of children devices.
o Add support for usb ohci memory mapped controller resource allocation.
o Clean up a bunch of extra writes to disable interrupts that are now
done elsewhere.
o Force all system interrupt handlers be fast. We get deadlock if they
aren't.
John-Mark Gurney [Sat, 18 Mar 2006 01:06:13 +0000 (01:06 +0000)]
fix spelling of ozfod... I've been wondering why we'd need to fill a page
w/ non-zero data, and it turns out we don't... This is really optimized
zero filled on demand, or pages that were already zero'd for us...
Chuck Lever [Fri, 17 Mar 2006 22:14:23 +0000 (22:14 +0000)]
If an NFS server returns more than a few EJUKEBOX errors for a given RPC
request, the FreeBSD NFS client will quickly back off to a excessively
long wait (days, then weeks) before retrying the request.
Change the behavior of the FreeBSD NFS client to match the behavior of
the reference NFS client implementation (Solaris). This provides a fixed
delay of 10 seconds between each retry by default. A sysctl, called
nfs3_jukebox_delay, is now available to tune the delay. Unlike Solaris,
the sysctl value on FreeBSD is in seconds, rather than in HZ.
Sponsored by: Network Appliance, Incorporated
Reviewed by: rick
Approved by: silby
MFC after: 3 days
Robert Watson [Fri, 17 Mar 2006 20:40:17 +0000 (20:40 +0000)]
Modify netatalk to ensure, and assert, that pcb's remain attached to
sockets as long as the sockets have not been aborted or detached. Do
not try to free the socket in pru_detach(), since sofree() will do so,
if needed, once pru_detach() returns.
Annotate a bug in ddp_abort(), which fails to free the socket; this
is probably OK as ddp_abort() should never be called, so should
instead be deleted.
Robert Watson [Fri, 17 Mar 2006 18:25:57 +0000 (18:25 +0000)]
Change so_pcb invariants in netnatm, such that netnatm sockets always have
pcb's allocated:
- Universally ensure (and assert) that so_pcb is not NULL, removing lots
of checks and error cases. Don't free the pcb without clearing the
so_pcb pointer.
- Don't try to free the socket in pru_detach(), since the caller will
immediately free the socket.
- Do retain the sotryfree() in pru_abort() for now, although eventually
the caller will do it unconditionally.
This script symlinks /boot/kernel to the directory that contains the kernel
you booted from, unless /boot/kernel already exists and is not a symlink.
This should only affect people like me who juggle multiple kernels and
have KODIR = /boot/${KERN_IDENT} in /etc/make.conf to keep them apart.
Robert Watson [Fri, 17 Mar 2006 13:52:57 +0000 (13:52 +0000)]
Modify UNIX domain sockets to guarantee, and assume, that so_pcb is always
defined for an in-use socket. This allows us to eliminate countless tests
of whether so_pcb is non-NULL, eliminating dozens of error cases. For
now, retain the call to sotryfree() in the uipc_abort() path, but this
will eventually move to soabort().
These new assumptions should be largely correct, and will become more so
as the socket/pcb reference model is fixed. Removing the notion that
so_pcb can be non-NULL is a critical step towards further fine-graining
of the UNIX domain socket locking, as the so_pcb reference no longer
needs to be protected using locks, instead it is a property of the socket
life cycle.
Jason Evans [Fri, 17 Mar 2006 09:00:27 +0000 (09:00 +0000)]
Modify allocation policy, in order to avoid excessive fragmentation for
allocation patterns that involve a relatively even mixture of many
different size classes.
Reduce the chunk size from 16 MB to 2 MB. Since chunks are now carved up
using an address-ordered first best fit policy, VM map fragmentation is
much less likely, which makes smaller chunks not as much of a risk. This
reduces the virtual memory size of most applications.
Remove redzones, since program buffer overruns are no longer as likely to
corrupt malloc data structures.
Remove the C MALLOC_OPTIONS flag, and add H and S.
Maksim Yevmenkin [Thu, 16 Mar 2006 18:22:01 +0000 (18:22 +0000)]
Add kqueue(2) support on if_tap(4) interfaces. While I'm here, replace
K&R style function declarations with ANSI style. Also fix endian bugs
accessing ioctl arguments that are passed by value.
PR: kern/93897
Submitted by: Vilmos Nebehaj < vili at huwico dot hu >
MFC after: 1 week
Maksim Yevmenkin [Thu, 16 Mar 2006 17:42:28 +0000 (17:42 +0000)]
Reorganize /etc/rc.d/syscons and move all keyboard related settings
into one function syscons_configure_keyboard(). Call new function from
both syscons_start() and sysconst_setkeyboard(). The reason for this
is because syscons_start() will (re)configure both keyboard and screen
settings. Apparently, some graphics cards have problems with running
vidcontrol(1) while X11 is running.
Remove "/etc/rc.d/syscons restart" from /etc/devd.conf. It is no longer
required. Using "/etc/rc.d/syscons setkeyboard" is enough. This also
should fix annoying "syscons not running?" message.
Tested by: Ulrich Spoerlein < q at galgenberg dot net >
MFC after: 3 days
Joseph Koshy [Thu, 16 Mar 2006 16:32:56 +0000 (16:32 +0000)]
When compiled with -DDEBUG, only print the old value of a PMC in a
debugging message if the flag PMC_F_OLDVALUE was specified in the
PMC_OP_RW request being acted upon. This should fix Coverity bug
CID 671.
Remove nested includes of <sys/_lock.h> and <sys/_mutex.h> which spill into
userland. The comment indicated that something in userland needed them, but
make universe can't seem to find any traces of it.
Robert Watson [Thu, 16 Mar 2006 07:03:14 +0000 (07:03 +0000)]
Change soabort() from returning int to returning void, since all
consumers ignore the return value, soabort() is required to succeed,
and protocols produce errors here to report multiple freeing of the
pcb, which we hope to eliminate.
Ariff Abdullah [Thu, 16 Mar 2006 04:12:49 +0000 (04:12 +0000)]
Fix severe 8bit integer overflow during channel creation and destruction,
especially for vchans. It turns out that channel numbering always depend
on d->devcount counter (which keep increasing), while PCMMKMINOR() truncate
everything to 8bit length. At some point the truncation cause the newly
created character device overlapped with the existence one, causing erratic
overall system behaviour and panic. Easily reproduce with something like:
(Luckily, only root can reproduce this)
while : ; do
sysctl hw.snd.pcm0.vchans=200
sysctl hw.snd.pcm0.vchans=100
done
- Enforce channel/chardev numbering within 8bit boundary. Return E2BIG
if necessary.
- Traverse d->channels SLIST and try to reclaim "free" counter during channel
creation. Don't rely on d->devcount at all.
- Destroy vchans in reverse order.
Anyway, this is not the fault of vchans. It is just that vchans are so cute
and begging to be abused ;) . Don't blame her.
Sam Leffler [Wed, 15 Mar 2006 21:27:08 +0000 (21:27 +0000)]
when doing s/w crypto make sure work is done w/ a writable mbuf chain;
this corrects problems with drivers that rely on the host to do
crypto (iwi, ipw, ral, ural, wi (hostap), awi)
Hard work by: luigi, mlaier
Reviewed by: luigi, mlaier
MFC after: 1 week