mtm [Mon, 30 Jun 2008 08:01:47 +0000 (08:01 +0000)]
Rev. 1.8 broke matching on lines where the failure mode is at the head
of the message, such as:
Jun 30 10:49:21 rogue sshd[17553]: Invalid user iceman from 127.0.0.1
das [Sun, 29 Jun 2008 21:52:40 +0000 (21:52 +0000)]
Reduce the level of duplication between vfprintf() and vfwprintf()
by moving the positional argument handling code to a new file,
printf-pos.c, and moving common definitions to printflocal.h.
No functional change intended.
das [Sun, 29 Jun 2008 21:01:27 +0000 (21:01 +0000)]
Begin de-spaghettifying the code that handles positional arguments.
In particular, encapsulate the state of the type table in a struct,
and add inline functions to initialize, free, and manipulate that
state. This replaces some ugly macros that made proper error handling
impossible.
While here, remove an unneeded test for NULL and a variable that is
initialized (many times!) but never used. The compiler didn't catch
these because of rampant use of the same variable to mean different
things in different places.
This commit should not cause any changes in functionality.
alc [Sun, 29 Jun 2008 19:13:27 +0000 (19:13 +0000)]
Strictly speaking, the definition of VM_MAX_KERNEL_ADDRESS is wrong. However,
in practice, the error (currently) makes no difference because the computation
performed by KVADDR() hides the error. This revision fixes the error.
alc [Sun, 29 Jun 2008 18:35:00 +0000 (18:35 +0000)]
Increase the size of the kernel virtual address space to 6GB. Until the
maximum size of the kmem map can be greater than 4GB, there is little point
in making the kernel virtual address space larger than 6GB.
marck [Sun, 29 Jun 2008 16:56:18 +0000 (16:56 +0000)]
Add -m option to cron(8), overriding default mail recipient for cron mails,
unless explicitly provided by MAILTO= line in crontab. This feature can be
useful in massive hosting environment, where most users do not care about
autogenerated mails.
Setting recipient to null string disables default mails at all.
ed [Sun, 29 Jun 2008 13:17:01 +0000 (13:17 +0000)]
Remove the unused softc from the lo(4) driver.
Now that the pseudo-interface cloner has an internal list of instances,
there is no need to create a softc. The softc only contains a pointer to
the ifp, which means there is no valid reason to keep it. While there,
remove the corresponding malloc-pool.
jb [Sun, 29 Jun 2008 07:15:57 +0000 (07:15 +0000)]
Revice the way the CTF conversion is done per object. Avoid creating a second
shell (which was the problem with the original implementation) and avoid
letting make see an empty definition (which was the problem with the current
implementation).
julian [Sun, 29 Jun 2008 00:17:45 +0000 (00:17 +0000)]
Rename two vars so that they are different from the same vars in ipv4.
They are static so it was not a problem 'per se' but it was confusing to
the reader.
das [Sat, 28 Jun 2008 17:55:43 +0000 (17:55 +0000)]
Two FP-related setjmp/longjmp changes:
1. Save and restore the control part of the MXCSR in addition to the
i387 control word to ensure that the two are consistent.
Note that standards don't require longjmp to restore either control
word, and none of Linux, MacOS X 10.3 and earlier, NetBSD, OpenBSD,
or Solaris do it. However, it is historical FreeBSD behavior, and
bde points out that it is needed to make longjmping out of a signal
handler work properly, given the way FreeBSD clobbers the FPU state
on signal handler entry.
2. Don't clobber the FPU exception flags in longjmp. C99 requires them
to remain unchanged.
mtm [Sat, 28 Jun 2008 12:31:30 +0000 (12:31 +0000)]
Modify the DoParseCommand() to work on (const char *) instead of just
(char *). This is a slightly simplified version of the patch in the PR. It
fixes compilitation issues with -O3.
Without this change these devices are supported by the driver's family
support, but they then appear as "Adaptec RAID Controller" in boot
messages and the dev.aac.0.%desc sysctl.
rpaulo [Fri, 27 Jun 2008 12:04:36 +0000 (12:04 +0000)]
Add the missing support for Asus Eee PC in acpi_asus(4).
This includes hotkeys support and sysctl variables to control camera
and card reader. These new sysctls don't have CTFLAG_ANYBODY set.
While there add entries to devd.conf related to the Eee volume keys.
luigi [Fri, 27 Jun 2008 10:30:08 +0000 (10:30 +0000)]
Add USB ids for the Epson DX7400 / CX7300 multifunction scanner printer
card reader. Tested operation of the scanner part with Sane,
card and printer correctly recognised as /dev/da0 and /dev/ulpt0
jhb [Fri, 27 Jun 2008 05:39:04 +0000 (05:39 +0000)]
Rework the lifetime management of the kernel implementation of POSIX
semaphores. Specifically, semaphores are now represented as new file
descriptor type that is set to close on exec. This removes the need for
all of the manual process reference counting (and fork, exec, and exit
event handlers) as the normal file descriptor operations handle all of
that for us nicely. It is also suggested as one possible implementation
in the spec and at least one other OS (OS X) uses this approach.
Some bugs that were fixed as a result include:
- References to a named semaphore whose name is removed still work after
the sem_unlink() operation. Prior to this patch, if a semaphore's name
was removed, valid handles from sem_open() would get EINVAL errors from
sem_getvalue(), sem_post(), etc. This fixes that.
- Unnamed semaphores created with sem_init() were not cleaned up when a
process exited or exec'd. They were only cleaned up if the process
did an explicit sem_destroy(). This could result in a leak of semaphore
objects that could never be cleaned up.
- On the other hand, if another process guessed the id (kernel pointer to
'struct ksem' of an unnamed semaphore (created via sem_init)) and had
write access to the semaphore based on UID/GID checks, then that other
process could manipulate the semaphore via sem_destroy(), sem_post(),
sem_wait(), etc.
- As part of the permission check (UID/GID), the umask of the proces
creating the semaphore was not honored. Thus if your umask denied group
read/write access but the explicit mode in the sem_init() call allowed
it, the semaphore would be readable/writable by other users in the
same group, for example. This includes access via the previous bug.
- If the module refused to unload because there were active semaphores,
then it might have deregistered one or more of the semaphore system
calls before it noticed that there was a problem. I'm not sure if
this actually happened as the order that modules are discovered by the
kernel linker depends on how the actual .ko file is linked. One can
make the order deterministic by using a single module with a mod_event
handler that explicitly registers syscalls (and deregisters during
unload after any checks). This also fixes a race where even if the
sem_module unloaded first it would have destroyed locks that the
syscalls might be trying to access if they are still executing when
they are unloaded.
XXX: By the way, deregistering system calls doesn't do any blocking
to drain any threads from the calls.
- Some minor fixes to errno values on error. For example, sem_init()
isn't documented to return ENFILE or EMFILE if we run out of semaphores
the way that sem_open() can. Instead, it should return ENOSPC in that
case.
Other changes:
- Kernel semaphores now use a hash table to manage the namespace of
named semaphores nearly in a similar fashion to the POSIX shared memory
object file descriptors. Kernel semaphores can now also have names
longer than 14 chars (up to MAXPATHLEN) and can include subdirectories
in their pathname.
- The UID/GID permission checks for access to a named semaphore are now
done via vaccess() rather than a home-rolled set of checks.
- Now that kernel semaphores have an associated file object, the various
MAC checks for POSIX semaphores accept both a file credential and an
active credential. There is also a new posixsem_check_stat() since it
is possible to fstat() a semaphore file descriptor.
- A small set of regression tests (using the ksem API directly) is present
in src/tools/regression/posixsem.
rwatson [Thu, 26 Jun 2008 23:05:28 +0000 (23:05 +0000)]
Introduce locking around use of ifindex_table, whose use was previously
unsynchronized. While races were extremely rare, we've now had a
couple of reports of panics in environments involving large numbers of
IPSEC tunnels being added very quickly on an active system.
- Add accessor functions ifnet_byindex(), ifaddr_byindex(),
ifdev_byindex() to replace existing accessor macros. These functions
now acquire the ifnet lock before derefencing the table.
- Add IFNET_WLOCK_ASSERT().
- Add static accessor functions ifnet_setbyindex(), ifdev_setbyindex(),
which set values in the table either asserting of acquiring the ifnet
lock.
- Use accessor functions throughout if.c to modify and read
ifindex_table.
- Rework ifnet attach/detach to lock around ifindex_table modification.
Note that these changes simply close races around use of ifindex_table,
and make no attempt to solve the probem of disappearing ifnets. Further
refinement of this work, including with respect to ifindex_table
resizing, is still required.
In a future change, the ifnet lock should be converted from a mutex to an
rwlock in order to reduce contention.
jhb [Thu, 26 Jun 2008 22:36:38 +0000 (22:36 +0000)]
Tweak the output of event log messages from the controller:
- Each log entry contains a text description in the "description" field of
the entry. The existing decode logic always ended up duplicating
information that was already in the description string. This made the
logs overly verbose. Now we just print out the description string.
- Add some simple parsing of the timestamp and event classes.
jhb [Thu, 26 Jun 2008 22:33:24 +0000 (22:33 +0000)]
Adjust the handling of pending log events during boot:
- Fetch events from the controller in batches of 15 rather than a single
event at a time.
- When fetching events from the controller, honor the event class and
locale settings (via hw.mfi tunables). This also allows the firmware to
skip over unwanted log entries resulting in fewer requests to the
controller if there many unwanted log entries since the last clean
shutdown.
- Don't drop the driver mutex while decoding an event.
- If we get an error other than MFI_STAT_NOT_FOUND (basically EOF for
hitting the end of the event log) then emit a warning and bail on
processing further log entries.
jhb [Thu, 26 Jun 2008 13:51:25 +0000 (13:51 +0000)]
Change SEM_VALUE_MAX (maximum value of a POSIX semaphore) from UINT_MAX
to INT_MAX. Otherwise, a process could create a semaphore (or increase
its value via ksem_post()) beyond INT_MAX and sem_getvalue() would return
a negative value. sem_getvalue() is only supposed to return a negative
value if that is the number of waiters for that semaphore.
des [Thu, 26 Jun 2008 11:58:26 +0000 (11:58 +0000)]
Some tests won't build at WARNS level 6 due to aliasing violations.
Add missing -I. so the tests will build when ${.OBJDIR} != ${.CURDIR}.
${.OBJDIR} does not need to be spelled out.
dfr [Thu, 26 Jun 2008 10:21:54 +0000 (10:21 +0000)]
Re-implement the client side of rpc.lockd in the kernel. This implementation
provides the correct semantics for flock(2) style locks which are used by the
lockf(1) command line tool and the pidfile(3) library. It also implements
recovery from server restarts and ensures that dirty cache blocks are written
to the server before obtaining locks (allowing multiple clients to use file
locking to safely share data).
Sponsored by: Isilon Systems
PR: 94256
MFC after: 2 weeks
ru [Thu, 26 Jun 2008 07:56:16 +0000 (07:56 +0000)]
Fix a fallout from SSP commit, and make this compile again.
Bonus: including kern.mk just to pick kernel warning flags
was an extremely bad idea anyway, because it also picked
up CFLAGS (it probably wasn't the case at the time of CVS
rev. 1.1, I haven't checked). Remove duplicate CWARNFLAGS
from CFLAGS.
ru [Thu, 26 Jun 2008 07:52:45 +0000 (07:52 +0000)]
Fix a chicken-and-egg problem: this files implements SSP support,
so we cannot compile it with -fstack-protector[-all] flags (or
it will self-recurse); this is ensured in sys/conf/files. This
OTOH means that checking for defines __SSP__ and __SSP_ALL__ to
determine if we should be compiling the support is impossible
(which it was trying, resulting in an empty object file). Fix
this by always compiling the symbols in this files. It's good
because it allows us to always have SSP support, and then compile
with SSP selectively.
mtm [Thu, 26 Jun 2008 07:12:35 +0000 (07:12 +0000)]
Gcc barfs in glob.c when run with -O3. To fix this make g_strchr() work on
and return (const Char *) pointers instead of just (Char *) and get rid of
all the type casting.
mtm [Thu, 26 Jun 2008 07:05:35 +0000 (07:05 +0000)]
The signature for a pthread function requires that it
return a pointer to a void. The send_thread() and disk_thread()
funtions; however, do not have a return value because they run for
the duration of the daemon's lifetime. This causes gcc to barf when
running with -O3. Make these functions return a null pointer to quiet it.
PR: bin/124342
Submitted by: Garrett Cooper <gcooper@FreeBSD.org> (minus his comments)
MFC after: 1 week
ru [Wed, 25 Jun 2008 21:33:28 +0000 (21:33 +0000)]
Enable GCC stack protection (aka Propolice) for userland:
- It is opt-out for now so as to give it maximum testing, but it may be
turned opt-in for stable branches depending on the consensus. You
can turn it off with WITHOUT_SSP.
- WITHOUT_SSP was previously used to disable the build of GNU libssp.
It is harmless to steal the knob as SSP symbols have been provided
by libc for a long time, GNU libssp should not have been much used.
- SSP is disabled in a few corners such as system bootstrap programs
(sys/boot), process bootstrap code (rtld, csu) and SSP symbols themselves.
- It should be safe to use -fstack-protector-all to build world, however
libc will be automatically downgraded to -fstack-protector because it
breaks rtld otherwise.
- This option is unavailable on ia64.
Enable GCC stack protection (aka Propolice) for kernel:
- It is opt-out for now so as to give it maximum testing.
- Do not compile your kernel with -fstack-protector-all, it won't work.
marius [Wed, 25 Jun 2008 21:04:59 +0000 (21:04 +0000)]
Use "__asm __volatile" rather than "__asm" for instruction sequences
that modify condition codes (the carry bit, in this case). Without
"__volatile", the compiler might add the inline assembler instructions
between unrelated code which also uses condition codes, modifying the
latter.
This prevents the TCP pseudo header checksum calculation done in
tcp_output() from having effects on other conditions when compiled
with GCC 4.2.1 at "-O2" and "options INET6" left out. [1]
Reported & tested by: Boris Kochergin [1]
MFC after: 3 days
ed [Wed, 25 Jun 2008 07:45:31 +0000 (07:45 +0000)]
Remove the unused major/minor numbers from iodev and memdev.
Now that st_rdev is being automatically generated by the kernel, there
is no need to define static major/minor numbers for the iodev and
memdev. We still need the minor numbers for the memdev, however, to
distinguish between /dev/mem and /dev/kmem.
gonzo [Tue, 24 Jun 2008 13:58:28 +0000 (13:58 +0000)]
In case of interface initialization failure remove struct in_ifaddr* from
in_ifaddrhashtbl in in_ifinit because error handler in in_control removes
entries only for AF_INET addresses. If in_ifinit is called for the cloned
inteface that has just been created its address family is not AF_INET and
therefor LIST_REMOVE is not called for respective LIST_INSERT_HEAD and
freed entries remain in in_ifaddrhashtbl and lead to memory corruption.
davidxu [Tue, 24 Jun 2008 07:32:12 +0000 (07:32 +0000)]
Add two commands to _umtx_op system call to allow a simple mutex to be
locked and unlocked completely in userland. by locking and unlocking mutex
in userland, it reduces the total time a mutex is locked by a thread,
in some application code, a mutex only protects a small piece of code, the
code's execution time is less than a simple system call, if a lock contention
happens, however in current implemenation, the lock holder has to extend its
locking time and enter kernel to unlock it, the change avoids this disadvantage,
it first sets mutex to free state and then enters kernel and wake one waiter
up. This improves performance dramatically in some sysbench mutex tests.
emaste [Tue, 24 Jun 2008 03:26:41 +0000 (03:26 +0000)]
Fix test for waiting AIFs in aac_poll(). This seems to solve the
problem where Adaptec's arcconf monitoring tool hangs after producing
its expected output.
Submitted by: Adaptec, via driver ver 15317
MFC after: 1 week
mtm [Mon, 23 Jun 2008 22:06:28 +0000 (22:06 +0000)]
The sysctl(8) program exits on some errors and only emits warnings on
others. In the case where it displayed warnings it would still return
succesfully. Modify it so that it returns the number of sysctls that
it was not able to set.
Make use of this in rc.d to display only *unsuccessfull* attempts to
set sysctls.
jhb [Mon, 23 Jun 2008 21:37:53 +0000 (21:37 +0000)]
Remove the posixsem_check_destroy() MAC check. It is semantically identical
to doing a MAC check for close(), but no other types of close() (including
close(2) and ksem_close(2)) have MAC checks.
mtm [Mon, 23 Jun 2008 20:50:11 +0000 (20:50 +0000)]
Implement a "quiet" mode for rc.d/netif, which only outputs
the interface name of interfaces that were configured.
This change has the added benefit that ifn_start() and
ifn_stop() in network.subr no longer write to standard output.
Whether to output and what to output is now handled entirely
in rc.d/netif.
phk [Mon, 23 Jun 2008 20:27:37 +0000 (20:27 +0000)]
+Computers can't cruise. Meandering is a foreign concept to them.
+The computer assumes that all behavior is in pursuit of an ultimate
+goal. Whenever a motorist changes his or her mind and veers off
+course, the GPS lady issues that snippy announcement: "Recalculating!"
+ -- Joel Achenbach (www.slate.com, 20 jun 2008)
jhb [Mon, 23 Jun 2008 18:16:25 +0000 (18:16 +0000)]
- Use bus_foo() rather than bus_space_foo() and retire the bus tag and handle
from the softc.
- Rework the watchdog timer to match other NIC drivers:
- Start a timer in fe_init() that runs once a second and checks a counter
in the softc that is identical to the deprecated 'if_timer'.
- Just adjust the softc tx timeout value when sending packets instead of
scheduling the timer.
- Use IFQ_SET_MAXLEN().
thompsa [Mon, 23 Jun 2008 16:08:40 +0000 (16:08 +0000)]
Ensure the channel is a number and not a range, the 'channel' command can be
easily mixed up with 'chanlist' and would give unexpected results by fixing the
channel on the first number in the range.