Maxim Konovalov [Wed, 11 Oct 2006 11:52:34 +0000 (11:52 +0000)]
o Extend not very informative ipfw(4) message 'drop session, too many
entries' by src:port and dst:port pairs. IPv6 part is non-functional
as ``limit'' does not support IPv6 flows.
PR: kern/103967
Submitted by: based on Bruce Campbell patch
MFC after: 1 month
Bruce Evans [Tue, 10 Oct 2006 23:40:47 +0000 (23:40 +0000)]
Forced commit to note that the previous commit also did the following:
- document the (new MI, old MD) `halt' command
- document the (new MI, old MD) `reboot' alias
- remove documentation of the removed `registers' command. The `r' alias
for `reset' is now prevented better by the ambiguity between `reset' and
`reboot'.
John Baldwin [Tue, 10 Oct 2006 23:23:12 +0000 (23:23 +0000)]
Change the x86 interrupt code to suspend/resume interrupt controllers
(PICs) rather than interrupt sources. This allows interrupt controllers
with no interrupt pics (such as the 8259As when APIC is in use) to
participate in suspend/resume.
- Always register the 8259A PICs even if we don't use any of their pins.
- Explicitly reset the 8259As on resume on amd64 if 'device atpic' isn't
included.
- Add a "dummy" PIC for the local APIC on the BSP to reset the local APIC
on resume. This gets suspend/resume working with APIC on UP systems.
SMP still needs more work to bring the APs back to life.
The MFC after is tentative.
Tested by: anholt (i386)
Submitted by: Andrea Bittau <a.bittau at cs.ucl.ac.uk> (3)
MFC after: 1 week
Ruslan Ermilov [Tue, 10 Oct 2006 20:18:20 +0000 (20:18 +0000)]
Adhere to POSIX: the -m option only applies to the newly created
directories; it should not change the permission bits of already
existing directories.
Alan Cox [Tue, 10 Oct 2006 18:26:18 +0000 (18:26 +0000)]
Distinguish between two distinct kinds of errors from VOP_BMAP() in
vnode_pager_generic_getpages(): (1) that VOP_BMAP() is unsupported by the
underlying file system and (2) an error in performing the VOP_BMAP().
Previously, vnode_pager_generic_getpages() assumed that all errors were
of the first type. If, in fact, the error was of the second type, the
likely outcome was for the process to become permanently blocked on a busy
page.
Mark the audit system calls as being un-implemented in jails. Currently we do
not trust jails enough to execute audit related system calls. An example of
this is with su(1), or login(1) within prisons. So, if the syscall request
comes from a jail return ENOSYS. This will cause these utilities to operate
as if audit is not present in the kernel.
Looking forward, this problem will be remedied by allowing non privileged
users to maintain and their own audit streams, but the details on exactly how
this will be implemented needs to be worked out.
This change should fix situations when options AUDIT has been compiled into
the kernel, and utilities like su(1), or login(1) fail due to audit system
call failures within jails.
This is a RELENG_6 candidate.
Reported by: Christian Brueffer
Discussed with: rwatson
MFC after: 3 days
Maxim Konovalov [Tue, 10 Oct 2006 11:37:41 +0000 (11:37 +0000)]
o From kern_prot.c::p_cansignal():
UNIX signalling semantics require that processes in the same
session always be able to deliver SIGCONT to one another,
overriding the remaining protections.
Fix SIGCONT special case description similar to rev. 1.22 kill.2.
PR: docs/58710
Submitted by: Ryan Younce
MFC after: 2 weeks
Bruce Evans [Tue, 10 Oct 2006 11:07:37 +0000 (11:07 +0000)]
Sort some of the most inconsistently ordered descriptions of commands
(the group of watchpoint commands, and the `reset' command).
NetBSD has sorted everything alphabetically, but I think we would have
too many commands for that if all commands were actually documented
here, so this commit moves towards alphabetical order in several sections:
- section for pure ddb (non-"show") commands. Now contains the watchpoint
commands and is mostly in "logical" order.
- section for pure ddb "show" commands
- similarly for auxilary commands. Most of these are currently missing
here.
Do not translate the IN_ACCESS inode flag into the IN_MODIFIED while filesystem
is suspending/suspended. Doing so may result in deadlock. Instead, set the
(new) IN_LAZYACCESS flag, that becomes IN_MODIFIED when suspend is lifted.
Change the locking protocol in order to set the IN_ACCESS and timestamps
without upgrading shared vnode lock to exclusive (see comments in the
inode.h). Before that, inode was modified while holding only shared
lock.
Bruce Evans [Tue, 10 Oct 2006 07:26:54 +0000 (07:26 +0000)]
The powerpc and sparc64 MD `reboot' commands should never have existed
since they just duplicated the MI `reset' command. Instead of removing
them, make `reboot' an MI alias for `reboot' since this gives a better
way of killing the `r' alias for `reset'. Remove the `registers' command
that was used to kill the alias.
Turn the powerpc and sparc64 MD `halt' command into an MI command.
A copy of sparc64/db_interface.c grew in sun4v just after I found the
extra reboot commands. It has not been changed, and is now not
identical. Duplicated commands come out duplicated in ddb's online
help, but cause large problems when used (e.g., on i386's with 2 halt's
and an hwatch, typing h doesn' give the expected message about an
ambiguous command, but hangs like the halt command or a looping parseri
would).
Bruce Evans [Tue, 10 Oct 2006 06:36:01 +0000 (06:36 +0000)]
Fixed loss of whitespace suppression at ends of lines. Whitespace
suppression is only needed at ends of lines, but rev.1.32 forced it
off precisely there.
The --More-- prompt is now cleared by explicitly forcing out the
whitespace in "\r \r". It might be better to use the line
editor's clearing functions, but these are currently static and not
much different.
Tom Rhodes [Mon, 9 Oct 2006 22:12:08 +0000 (22:12 +0000)]
Add a note about rule syntax compared to the shell used so users do not get
frustraited when:
ipfw add 201 deny ip from any to table(2) in via xl1
returns "Badly placed ( )'s"
Tom Rhodes [Mon, 9 Oct 2006 19:53:00 +0000 (19:53 +0000)]
Patch in previous commit should have bumped doc date.
Fix spelling of ioctl.
Note that previous commit was actually submitted by bz. I'm not yet used
to the code boxes yet.
Maxim Konovalov [Mon, 9 Oct 2006 05:31:37 +0000 (05:31 +0000)]
o Enable test-sparceaout test since alc@ has fixed the panic in rev. 1.229
sys/vm/vnode_pager.c.
cVS: ----------------------------------------------------------------------
Bruce Evans [Sun, 8 Oct 2006 18:37:00 +0000 (18:37 +0000)]
Added some aliases:
- `b' is now an official alias for `break'. It used to be an unofficial
alias, but this was broken by adding the `bt' alias for `trace'.
- `t' is now an official alias for `trace'. It used to be an unofficial
alias, but this was broken by adding the `thread' command.
- `registers' is now an alias for `show registers'. This is a hack to
break the unofficial `r' alias for `reset'. `r' really means
`registers' in some debuggers, so I sometimes type it accidentally and
am annoyed when it resets the system. A short command shouldn't have
such a large effect. Now at least `res' must be typed to disambiguate
`reset'.
Bruce Evans [Sun, 8 Oct 2006 18:15:08 +0000 (18:15 +0000)]
Fixed formatting of printing of command tables. WIth the default max
output width of 79, only 6 columns of width 12 each fit, but 7 columns
were printed.
The fix is to pass the width of the next output to db_end_line() and
not assume there that this width is always 1.
Related unfixed bugs:
- 1 character is wasted for a space after the last column
- suppression of trailing spaces used to limit the misformatting, but
seems to have been lost
- in db_examine(), the width of the next output is not know and is
still assumed to be 1.
Tom Rhodes [Sat, 7 Oct 2006 22:14:43 +0000 (22:14 +0000)]
Make -r a synonym for -R, similar to behavior on Linux while being backwards
compatible with old -r behavior with regards to -L. You can now copy fifos
and other special files with -r.
flesh out the devd.conf man page... Mostly from the PR, but did a couple
gramatical tweaks along w/ sorting the list, and adding that serial is
available for USB....
PR: 85097
Submitted by: Fredrik Lindberg
MFC after: 1 week
Ruslan Ermilov [Sat, 7 Oct 2006 18:34:08 +0000 (18:34 +0000)]
- Prebuild libgssapi only if building with Kerberos support.
- Remove libnetgraph from the list of prebuilt libraries as
no other library depends on it (snmp_netgraph.so does not
count as we don't build it in the "libraries" target).
- Restore libssh dependencies when compiling with Kerberos
support.