rwatson [Tue, 10 Oct 2006 13:11:32 +0000 (13:11 +0000)]
Merge audit_bsm.c:1.15 from HEAD to RELENG_6:
Add BSM conversion switch entries for a number of system calls, many
administrative, to prevent console warnings and enable basic event
auditing (generally without arguments).
tegge [Mon, 9 Oct 2006 20:04:46 +0000 (20:04 +0000)]
MFC: If the buffer lock has waiters after the buffer has changed identity
then getnewbuf() needs to drop the buffer in order to wake waiters that
might sleep on the buffer in the context of the old identity.
tegge [Mon, 9 Oct 2006 19:47:17 +0000 (19:47 +0000)]
MFC: Use mount interlock to protect all changes to mnt_flag and
mnt_kern_flag. This eliminates a race where MNT_UPDATE flag could be
lost when nmount() raced against sync(), sync_fsync() or quotactl().
simon [Mon, 9 Oct 2006 18:41:37 +0000 (18:41 +0000)]
MFC:
- Remove SCHED_ULE from GENERIC to better avoid foot-shooting by
unsuspecting users.
- Add a comment in NOTES about experimental status of SCHED_ULE.
- Make warning about experimental status in sched_ule(4) a bit
stronger.
This is not an exact MFC since we don't have alpha in -CURRENT.
maxim [Sun, 8 Oct 2006 05:52:49 +0000 (05:52 +0000)]
MFC rev. 1.45: fixes from NetBSD:
restore owner/group/mode/atime/mtime of symbolic links;
extract file flags of symbolic link;
call getfile() before altering file attributes;
open file with mode 0600 instead of 0666;
move skipfile() before altering file attributes in IF{CHR,BLK} and
IFIFO cases;
use file mode 0600 when creating special file or fifo, revs. 1.33;
remove redundant -N check.
delphij [Sun, 8 Oct 2006 02:24:33 +0000 (02:24 +0000)]
MFC rev. 1.16 (iedowse):
Add missing parentheses to fix a segmentation fault that is easily
reproducable with `jot -s " " 400 1 | column -t'. The bug was present
in the the original CSRG 'column -t' added in 1989.
trhodes [Sat, 7 Oct 2006 23:17:05 +0000 (23:17 +0000)]
Sync with CURRENT:
Kill the BUGS section, and remove a similar line noted under -T. As far
as I know, Sun's NFS support works with TCP just fine. This is even
hinted at in the PR.
PR: 71782
Properly separate sentences by adding a semi-colon.
bms [Sat, 7 Oct 2006 10:45:05 +0000 (10:45 +0000)]
MFC: Fix the IPv4 multicast routing detach path. On interface detach whilst
the MROUTER is running, the system would panic as described in the PR.
The fix in the PR is a good start, however, the other state associated
with the multicast forwarding cache has to be freed in order to avoid
leaking memory and other possible panics.
More care and attention is needed in this area.
PR: kern/82882
Approved by: re (rwatson)
Revs: 1.119 src/sys/netinet/ip_mroute.c
bms [Sat, 7 Oct 2006 10:43:40 +0000 (10:43 +0000)]
MFC: The IPv4 code should clean up multicast group state when an interface
goes away. Without this change, it leaks in_multi (and often ether_multi
state) if many clonable interfaces are created and destroyed in quick
succession.
The concept of this fix is borrowed from KAME. Detailed information about
this behaviour, as well as test cases, are available in the PR.
andre [Fri, 6 Oct 2006 20:26:06 +0000 (20:26 +0000)]
MFC:
- Fix the socket option IP_ONESBCAST by giving it its own case in ip_output()
and skip over the normal IP processing.
- Add a supporting function ifa_ifwithbroadaddr() to verify and validate the
supplied subnet broadcast address.
- Check inp_flags instead of inp_vflag for INP_ONESBCAST flag.
delphij [Fri, 6 Oct 2006 14:58:16 +0000 (14:58 +0000)]
MFC revision 1.101 (cognet@):
A temporary fix that in case of pwd == NULL, do not call audit_logout()
which attempts to deference it. This is not quite correct, as we should
audit the event even it is not attributable to a specific user. For now,
just put the temporary fix in, so login(1) would not get signal 11 upon
the case that for instance, ^D at the Login: prompt without providing a
valid login before.i
Approved by: re (rwatson)
PR: bin/103873
Discussed with: rwatson, csjp
kib [Fri, 6 Oct 2006 05:06:58 +0000 (05:06 +0000)]
MFC rev. 1.198:
Fix the glitch introduced in rev. 1.93. In softdep_sync_metadata(),
switch by worklist type contains two for() loops, for D_INDIRDEP and
D_PAGEDEP. On error, these loops are exited by break, where the switch
actually shall be leaved. Use goto instead of break to reach the error
handling code.
ceri [Thu, 5 Oct 2006 20:52:21 +0000 (20:52 +0000)]
MFC: id.1, revision 1.18; id.c, revision 1.31
Add a -a option as a no-op for Solaris compatibility, as briefly
discussed on src-committers. This is intentionally not included in
the usage() function as it would confuse the output too much.
marck [Wed, 4 Oct 2006 21:09:12 +0000 (21:09 +0000)]
Add an entry regarding NMBCLUSTERS kernel option remove, as it can affect
(though in rare curcumstances) existing kernel configurations.
Requested by: simon
Reworded by: brd
Approved by: security-officer (simon)
Approved by: re (I suppose so@ is representative enough for that,
provided re@ had been in CC: for discussion)
cognet [Wed, 4 Oct 2006 11:44:12 +0000 (11:44 +0000)]
MFC kb920x_machdep.c rev1.13:
Use virtual_avail instead of freemempos as the starting point of the available
physical memory, as the vm uses the memory between freemempos and
virtual_avail.
and kb920x_machdep.c rev 1.16 at91.c rev 1.8 at91rm92reg.h rev 1.4:
Relocate the vector page for AT91, to work around bugs with the LOW_VECTOR
code.
matteo [Mon, 2 Oct 2006 18:43:57 +0000 (18:43 +0000)]
MFC rev. 1.12 and rev. 1.13
rev. 1.12 : use socklen_t where appropriate
rev. 1.13 : Set txrx_error to 1 when we reach abort. This makes the program correctly set the exit code.
The PR has further details on this. [2]
MFC accumulated changes to sys/boot/. Notable changes include:
- Make 4G of memory directly accesible to the i386 loader(8). This
allows using memory above first megabyte for heap if necessary.
(by sobomax@)
- If loader is compiled with LOADER_BZIP2_SUPPORT, allocate heap in
the last 3MB of physical memory. This provides enough room for
decompression and is safe to use with PAE and amd64 kernels. This
makes bzip2 support practically useable.
(by sobomax@)
- Drop the gateA20() function in the loader as it is unused.
(by jhb@)
silby [Sun, 1 Oct 2006 05:33:50 +0000 (05:33 +0000)]
MFC revs 1.263, 1.264: Limit the number of TIME_WAIT sockets we allocate
so that the ephemeral port range can not be exhausted by sockets in
TIME_WAIT.
mohans [Sun, 1 Oct 2006 05:03:18 +0000 (05:03 +0000)]
MFC change 1.138.
Fix for a NFS/TCP client bug which would cause the NFS/TCP stream to get
out of sync under heavy loads, forcing frequent reconnets, causing EBADRPC
errors etc.
Any call of tty_close() with a tty refcount of <= 1 is wrong and we will
free the tty in this case. This is a workaround until the underlaying
devfs/tty problems are fixed.
sos [Sat, 30 Sep 2006 14:51:49 +0000 (14:51 +0000)]
MFC:
CF devices are ATA not ATAPI.
Add support for the ALI/ULI M5288 AHCI part
Busmaster DMA address fix in VIA 6421 case
Add support for a few more Serverworks and lookalikes chips
If current_heads or current_sectors in the disk cap page are zero, dont try to use the current_ geometry. This avoids a panic with BIOS'n that sets these to zero.
Format mask lacks one bit.
Merge OpenBSM 1.0 alpha 12 from HEAD to RELENG_6, which includes a broad
range of bug fixes made as a result of reports on 6.x, as well as some
minor enhancements:
OpenBSM 1.0 alpha 12
- Correct bug in auditreduce which prevented the -c option from working
correctly when the user specifies to process successful or failed events.
The problem stemmed from not having access to the return token at the time
the initial preselection occurred, but now a second preselection process
occurs while processing the return token.
- getacfilesz(3) API added to read new audit_control(5) filesz setting,
which auditd(8) now sets the kernel audit trail rotation size to.
- auditreduce(1) now uses stdin if no file names are specified on the command
line; this was the documented behavior previously, but it was not
implemented. Be more specific in auditreduce(1)'s examples section about
what might be done with the output of auditreduce.
- Add audit_warn(5) closefile event so that administrators can hook
termination of an audit trail file. For example, this might be used to
compress the trail file after it is closed.
- auditreduce(1) now uses regular expressions for pathname matching. Users can
now supply one or more (comma delimited) regular expressions for searching
the pathnames. If one of the regular expressions is prefixed with a tilde
(~), and a path matches, it will be excluded from the search results.
OpenBSM 1.0 alpha 11
- Reclassify certain read/write operations as having no class rather than the
fr/fw class; our default classes audit intent (open) not operations (read,
write).
- Introduce AUE_SYSCTL_WRITE event so that BSD/Darwin systems can audit reads
and writes of sysctls as separate events. Add additional kernel
environment and jail events for FreeBSD.
- Break AUDIT_TRIGGER_OPEN_NEW into two events, AUDIT_TRIGGER_ROTATE_USER
(issued by the user audit(8) tool) and AUDIT_TRIGGER_ROTATE_KERNEL (issued
by the kernel audit implementation) so that they can be distinguished.
- Disable rate limiting of rotate requests; as the kernel doesn't retransmit
a dropped request, the log file will otherwise grow indefinitely if the
trigger is dropped.
- Improve auditd debugging output.
- Fix a number of threading related bugs in audit_control file reading
routines.
- Add APIs au_poltostr() and au_strtopol() to convert between text
representations of audit_control policy flags and the flags passed to
auditon(A_SETPOLICY) and retrieved from auditon(A_GETPOLICY).
- Add API getacpol() to return the 'policy:' entry from audit_control, an
extension to the Solaris file format to allow specification of policy
persistent flags.
- Update audump to print the audit_control policy field.
- Update auditd to read the audit_control policy field and set the kernel
policy to match it when configuring/reconfiguring. Remove the -s and -h
arguments as these policies are now set via the configuration file. If a
policy line is not found in the configuration file, continue with the
current default of setting AUDIT_CNT.
- Fix bugs in the parsing of large execve(2) arguments and environmental
variable tokens; increase maximum parsed argument and variable count.
- configure now detects strlcat(), used by policy-related functions.
- Reference token and record sample files added to test tree.
On alpha and sparc64, install shared libc_r into /lib because
it's aliased to libpthread and some /sbin tools need it.
This is pseudo-MFC because in HEAD libthr is aliased to
libpthread on sparc64 (and was on alpha).
Add some Giant locks to protect against races between tty and sessrele(),
doenterpgrp(), leavepgrp(), pgdelete() and enterpgrp(). The tty code is
still under giant lock, but the session/pgrp release code just used
proctree_locks. P_CONTROLT isn't really fully locked too in enterpgrp().
If /dev/tty gets opened after your controlling terminal has been revoked
you can't call tty_clone afterwords. This can be done in ctty_clone by
returning with *dev = ctty.
MFC 1.90-1.91: Don't treat failure to find the operator GID as a fatal
error; this made it impossible to use newfs (and mdmfs) when /etc/group
is missing and /etc is read-only.
When the VM needs to allocated physical memory pages (for non interrupt use)
and it has not plenty of free pages it tries to free pages in the cache queue.
Unfortunately freeing a cached page requires the locking of the object that
owns the page. However in the context of allocating pages we may not be able
to lock the object and thus can only TRY to lock the object. If the locking try
fails the cache page can not be freed and is activated to move it out of the way
so that we may try to free other cache pages.
If all pages in the cache belong to objects that are currently locked the
cache queue can be emptied without freeing a single page. This scenario caused
two problems:
1) vm_page_alloc always failed allocation when it tried freeing pages from
the cache queue and failed to do so. However if there are more than
cnt.v_interrupt_free_min pages on the free list it should return pages
when requested with priority VM_ALLOC_SYSTEM. Failure to do so can cause
resource exhaustion deadlocks.
2) Threads than need to allocate pages spend a lot of time cleaning up the
page queue without really getting anything done while the pagedaemon
needs to work overtime to refill the cache.
MFC revision 1.358:
Lock the vm_object while checking its type to see if it is a vnode-backed
object that requires Giant in vm_object_deallocate(). This is somewhat
hairy in that if we can't obtain Giant directly, we have to drop the
object lock, then lock Giant, then relock the object lock and verify that
we still need Giant. If we don't (because the object changed to OBJT_DEAD
for example), then we drop Giant before continuing.
MFC: cp.1 1.34,1.35
MFC: utils.c 1.47,1.48,1.49
MFC: extern.h 1.21
MFC: cp.c 1.54
Add an option to allow copying of a hierarchy while linking the regular files.
Bikeshedded to death on: hackers
Submitted by:andersonatcenttech.com
Approved by: re (ken)
It is possible for bpf to return a length such that:
length != BPF_WORDALIGN(length)
This meeans that it is possible for this to be true:
interface->rbuf_offset > interface->rbuf_len
Handle this case in the test for running out of packets. While
OpenBSD's solution of setting interface->rbuf_len to
BPF_WORDALIGN(length) is safe due to the size of the buffer, I think
this solution results in less hidden assumptions.
This should fix the problem of dhclient running away and consuming 100%
CPU.
PR: bin/102226
Submitted by: Joost Bekkers <joost at jodocus.org>
Approved by: re (ken)