Bruce A. Mah [Mon, 7 Jan 2002 03:51:41 +0000 (03:51 +0000)]
Put URL references in footnotes (rather than in parentheses following
the link text), and put footnotes at the bottom of each page. This
change affects the release documentation only.
Alan Cox [Sun, 6 Jan 2002 21:03:39 +0000 (21:03 +0000)]
o Add missing synchronization (splnet()/splx()) in aio_free_entry().
o Move the definition of struct aiocblist from sys/aio.h to kern/vfs_aio.c.
o Make aio_swake_cb() static.
Warner Losh [Sun, 6 Jan 2002 18:03:55 +0000 (18:03 +0000)]
Update length more correctly when parsing a cis info field.
Before, we were using
while (*p++ && --len > 0);
to do this. However, len doesn't get decremented for the NUL byte, so when
we used len later to see if we still have CIS left for some optional fields,
we'd run off the end of an array and dump core.
Instead, replace it with
len -= strlen(p) + 1;
p += strlen(p) + 1;
which is more correct. It is a little bogus to assume that p points to
a valid C string, but only a little. The PC Card SPEC mandates that it
does, and we already depend on that with the use of strdup a few lines
earlier. Since much of the rest of the cis parsing code isn't hyper
retentive about error checking, I'll leave that level of checking for
another time and/or another committer :-).
Kelly Yancey [Sun, 6 Jan 2002 08:40:42 +0000 (08:40 +0000)]
Document sbuf_trim() and sbuf_vprintf(); add MLINKs.
Clarify that the contents of a caller-supplied buffer are undefined and
should not be examined directly.
Kelly Yancey [Sun, 6 Jan 2002 08:38:23 +0000 (08:38 +0000)]
* Implement SBUF_AUTOEXTEND flag; sbufs created with this flag are
automatically extended to prevent overflow.
* Added sbuf_vprintf(); sbuf_printf() is now just a wrapper around
sbuf_vprintf().
* Include <stdio.h> and <string.h> when building libsbuf to silence
WARNS=4 warnings.
Robert Watson [Sun, 6 Jan 2002 00:54:46 +0000 (00:54 +0000)]
- Teach SIGIO code to use cr_cansignal() instead of a custom CANSIGIO()
macro. As a result, mandatory signal delivery policies will be
applied consistently across the kernel.
- Note that this subtly changes the protection semantics, and we should
watch out for any resulting breakage. Previously, delivery of SIGIO
in this circumstance was limited to situations where the subject was
privileged, or where one of the subject's (ruid, euid) matched one
of the object's (ruid, euid). In the new scenario, subject (ruid, euid)
are matched against the object's (ruid, svuid), and the object uid's
must be a subset of the subject uid's. Likewise, jail now affects
delivery, and special handling for P_SUGID of the object is present.
This change can always be reversed or tweaked if it proves to disrupt
application behavior substantially.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Robert Watson [Sun, 6 Jan 2002 00:20:12 +0000 (00:20 +0000)]
- Push much of the logic for p_cansignal() behind cr_cansignal, which
authorized based on a subject credential rather than a subject process.
This will permit the same logic to be reused in situations where only
the credential generating the signal is available, such as in the
delivery of SIGIO.
- Because of two clauses, the automatic success against curproc,
and the session semantics for SIGCONT, not all logic can be pushed
into cr_cansignal(), but those cases should not apply for most other
consumers of cr_cansignal().
- This brings the base system inter-process authorization code more
into line with the MAC implementation.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
David Malone [Sat, 5 Jan 2002 21:47:58 +0000 (21:47 +0000)]
Release text vnode in exit() rather than wait(). Occasionally
fifesystem problems could prevent the release from completing and
this could result in init being blocked indefinitely.
Chris Costello [Sat, 5 Jan 2002 20:44:34 +0000 (20:44 +0000)]
Add a new `SECURITY CONSIDERATIONS' section. Sample code similar to
the first revision of strcpy(3)'s section is included, but should be
removed as the Security Architecture document is committed and
completed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Chris Costello [Sat, 5 Jan 2002 20:18:35 +0000 (20:18 +0000)]
As discussed with Bruce Evans and Kirk McKusick:
o Combine ufs.7 and ffs.7 into a single ffs.7 man page.
o Remove all references to `ufs' as a file system.
o Proper (lack of) capitalization for `ffs'.
Obtained from: TrustedBSD Project
Sposnored by: DARPA, NAI Labs
David Malone [Sat, 5 Jan 2002 20:13:01 +0000 (20:13 +0000)]
Be more careful about freeing memory after parsing commands.
Hiroyuki YAMAMORI gave a patch for the EPRT command in the
PR below. Problems with the rest of the patch are my fault.
Bill Fenner [Sat, 5 Jan 2002 18:23:53 +0000 (18:23 +0000)]
Pre-calculate the checksum for multicast packets sourced on a
multicast router. This is overkill; it should be possible to
delay to hardware interfaces and only pre-calculate when forwarding
to a tunnel.
John Baldwin [Sat, 5 Jan 2002 17:18:59 +0000 (17:18 +0000)]
Fix a bug where the mutex name wasn't always displayed for processes in
SMTX in utils such as ps and top. The KI_CTTY flag was assigned to
kinfo_proc->ki_kiflag rather than or'd into the flag, thus clobbering
any flags set earlier, including KI_MTXBLOCK.
Peter Wemm [Sat, 5 Jan 2002 09:38:47 +0000 (09:38 +0000)]
Fix forward_roundrobin(). It was mistakenly using the cpu number as
though it was a mask. As a result, we sent AST IPI's to the wrong
cpu and/or left out some.
John Baldwin [Sat, 5 Jan 2002 08:47:13 +0000 (08:47 +0000)]
Change the preemption code for software interrupt thread schedules and
mutex releases to not require flags for the cases when preemption is
not allowed:
The purpose of the MTX_NOSWITCH and SWI_NOSWITCH flags is to prevent
switching to a higher priority thread on mutex releease and swi schedule,
respectively when that switch is not safe. Now that the critical section
API maintains a per-thread nesting count, the kernel can easily check
whether or not it should switch without relying on flags from the
programmer. This fixes a few bugs in that all current callers of
swi_sched() used SWI_NOSWITCH, when in fact, only the ones called from
fast interrupt handlers and the swi_sched of softclock needed this flag.
Note that to ensure that swi_sched()'s in clock and fast interrupt
handlers do not switch, these handlers have to be explicitly wrapped
in critical_enter/exit pairs. Presently, just wrapping the handlers is
sufficient, but in the future with the fully preemptive kernel, the
interrupt must be EOI'd before critical_exit() is called. (critical_exit()
can switch due to a deferred preemption in a fully preemptive kernel.)
I've tested the changes to the interrupt code on i386 and alpha. I have
not tested ia64, but the interrupt code is almost identical to the alpha
code, so I expect it will work fine. PowerPC and ARM do not yet have
interrupt code in the tree so they shouldn't be broken. Sparc64 is
broken, but that's been ok'd by jake and tmm who will be fixing the
interrupt code for sparc64 shortly.
John Baldwin [Sat, 5 Jan 2002 08:29:54 +0000 (08:29 +0000)]
Remove brain damaged code in witness_lock(). We could have easily
just used PCPU_GET(spinlocks) w/o needing the w_mtx held. It is more
correct to just check td_critnest now though.
Yaroslav Tykhiy [Fri, 4 Jan 2002 18:12:38 +0000 (18:12 +0000)]
State clearly that one should call listen(2) on a socket
at first and try to set an accept_filter(9) on it only after that.
Also document errno value that will be set if installing the
filter on a non-listening socket.
Matt Jacob [Thu, 3 Jan 2002 20:43:22 +0000 (20:43 +0000)]
Implement REDUCED INTERRUPT OPERATION usage form FC cards- this allows the
firmware to delay completion of commands so that it can attempt to batch
a bunch of completions at once- either returning 16 bit handles in mailbox
registers, or in a resposne queue entry that has a whole wad of 16 bit handles.
Distinguish between 2300 and 2312 chipsets- if only because the revisions
on the chips have different meanings.
Add more instrumentation plus ISP_GET_STATS and ISP_CLR_STATS ioctls.
Run up the maximum number of response queue entities we'll look at
per interrupt.
If we haven't set HBA role yet, always return success from isp_fc_runstate.
Stefan Eßer [Thu, 3 Jan 2002 09:54:24 +0000 (09:54 +0000)]
Return EBADF in case some vnode field has been reset to a NULL pointer.
(There has been some discussion, whether ENOENT or EBADF is more
appropriate. I choose the latter, since the operation is not supported
on the file descriptor at that time, even if it was, immediately before.)
PR: 32681
Reviewed by: dillon, iedowse, ...
Approved by: nectar
MFC after: 3 days
(pending RE approval)
Robert Watson [Thu, 3 Jan 2002 01:00:23 +0000 (01:00 +0000)]
o Note that packets diverted using a 'divert' socket, and then
reinserted by a userland process, will lose a number of packet
attributes, including their source interface. This may affect
the behavior of later rules, and while not strictly a BUG, may
cause unexpected behavior if not clearly documented. A similar
note for natd(8) might be desirable.
Peter Wemm [Thu, 3 Jan 2002 00:26:04 +0000 (00:26 +0000)]
Allow a specific setting for pv entries. This avoids the need to guess
(or calculate by hand) the effect of interactions between shpgperproc,
physical ram size, maxproc, maxdsiz, etc.
Yaroslav Tykhiy [Wed, 2 Jan 2002 20:48:21 +0000 (20:48 +0000)]
Move the discussion of how many times a packet will pass through
ipfirewall(4) to the IMPLEMENTATION NOTES section because it
considers kernel internals and may confuse newbies if placed
at the very beginning of the manpage (where it used to be previously.)
Sync usb.h with NetBSD, apart from usb_device_info.speed, which
requires logic changes. For now leave it as usb_device_info.lowspeed.
It will get addressed when the usb.c code is sync'd.
Chris Costello [Wed, 2 Jan 2002 19:56:57 +0000 (19:56 +0000)]
Copy the sample `SECURITY CONSIDERATIONS' section from sec-doc.7.
This will be trimmed as the FreeBSD Security Architecture document
is fleshed out and committed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
Yaroslav Tykhiy [Wed, 2 Jan 2002 18:54:40 +0000 (18:54 +0000)]
Allow weird characters in usernames if an admin persists on that:
a) Convert all the remaining older Perl system() calls to the new,
more secure LIST format so they are robust to whitespace and
shell metacharacters in their arguments.
b) Add a new option: -force, which allows adding usernames containing
characters that are otherwise illegal.