mlaier [Mon, 8 Mar 2004 22:03:29 +0000 (22:03 +0000)]
Link pf to the build and install:
This adds the former ports registered groups: proxy and authpf as well as
the proxy user. Make sure to run mergemaster -p in oder to complete make
installworld without errors.
This also provides the passive OS fingerprints from OpenBSD (pf.os) and an
example pf.conf.
For those who want to go without pf; it provides a NO_PF knob to make.conf.
__FreeBSD_version will be bumped soon to reflect this and to be able to
change ports accordingly.
pjd [Mon, 8 Mar 2004 20:37:25 +0000 (20:37 +0000)]
Add two new sysctls:
- security.bsd.hardlink_check_uid, when set, means, that unprivileged
users are not permitted to create hard links to files not
owned by them,
- security.bsd.hardlink_check_gid, when set, means, that unprivileged
users are not permitted to create hard links to files owned
by group they don't belong to.
kensmith [Mon, 8 Mar 2004 20:31:37 +0000 (20:31 +0000)]
Shift file locking to source file instead of temp file. This fixes
data buffering issue that corrupts files if two pw(8)'s run at the
same time as well as changing pw(8) so it uses the same locking
mechanism as PAM, vipw(8), pwd_mkdb(8), etc.
gad [Mon, 8 Mar 2004 20:02:23 +0000 (20:02 +0000)]
Add a check for wtmp records which have invalid values for ut_time. Wtmp
records with time==0 get "the time of the last valid record", while records
where time goes backwards (compared to the previous record) are skipped.
Also prints a message saying how many records were changed or skipped due
to these checks. Check was inspired by a simpler check in OpenBSD's version.
This is all meant to sidestep problems that Tillman Hodgson noticed with 'ac'
when running sparc64 with 64-bit time_t's. The real problem is whatever is
creating wtmp records with ut_time==0, of course, but I have not yet figured
out what is doing that.
Reviewed by: no screams from freebsd-sparc64 or bde
MFC after: 2 weeks
gad [Mon, 8 Mar 2004 19:20:06 +0000 (19:20 +0000)]
Add a debug-statement from NetBSD, and then rework all debug-statements
so the program compiles without errors or warnings when DEBUG is defined on
sparc64 with 64-bit time_t's. Also have debug statements include the year
when printing records from a different year than 'now'. Also print out a
special timestamp in debug statements when ut_time==0.
benno [Mon, 8 Mar 2004 10:54:35 +0000 (10:54 +0000)]
Add a netgraph node to handle ATM LLC encapsulation. This currently handles
ethernet (tested) and FDDI (not tested). The main use for this is on ADSL (or
other ATM) connections where bridged ethernet is used, PPPoE being a prime
example.
There is no manual page as yet, I will write one shortly.
hsu [Mon, 8 Mar 2004 07:47:27 +0000 (07:47 +0000)]
To comply with the spec, do not copy the TOS from the outer IP
header to the inner IP header of the PIM Register if this is a PIM
Null-Register message.
peter [Mon, 8 Mar 2004 00:32:34 +0000 (00:32 +0000)]
Move a vref call outside of proc locks and Giant. By virtue of the fact
that we (p1) are currently running, we hold a reference on p_textvp which
means the vnode cannot go away. p2 cannot run yet (and hence cannot exit)
so this should be safe to do at this point. As a bonus, it removes a
block of under-Giant code that was there to support the vref.
peter [Mon, 8 Mar 2004 00:27:33 +0000 (00:27 +0000)]
Other parts of the tree do not protect calls to kmem_free() with Giant,
so remove it from here. The most notable examples include vm_mmap().
This removes one more Giant event from exit(2).
alc [Sun, 7 Mar 2004 21:06:48 +0000 (21:06 +0000)]
Retire pmap_pinit2(). Alpha was the last platform that used it. However,
ever since alpha/alpha/pmap.c revision 1.81 introduced the list allpmaps,
there has been no reason for having this function on Alpha. Briefly,
when pmap_growkernel() relied upon the list of all processes to find and
update the various pmaps to reflect a growth in the kernel's valid
address space, pmap_init2() served to avoid a race between pmap
initialization and pmap_growkernel(). Specifically, pmap_pinit2() was
responsible for initializing the kernel portions of the pmap and
pmap_pinit2() was called after the process structure contained a pointer
to the new pmap for use by pmap_growkernel(). Thus, an update to the
kernel's address space might be applied to the new pmap unnecessarily,
but an update would never be lost.
cognet [Sun, 7 Mar 2004 17:23:39 +0000 (17:23 +0000)]
Use one bus_dma_tag_t for all pSRB instead of creating one for each.
Free what is allocated for pSRBs at unload time or if something bad happens,
thanks to scottl for spotting this out.
dougb [Sun, 7 Mar 2004 10:10:19 +0000 (10:10 +0000)]
In the case where /etc/rc.d/ is empty, do not bogusly ask the user if
they want to delete '*'. It turns out that there is one valid case where
this might happen, installing to an empty DESTDIR.
wpaul [Sun, 7 Mar 2004 02:49:06 +0000 (02:49 +0000)]
Add preliminary support for PCMCIA devices in addition to PCI/cardbus.
if_ndis.c has been split into if_ndis_pci.c and if_ndis_pccard.c.
The ndiscvt(8) utility should be able to parse device info for PCMCIA
devices now. The ndis_alloc_amem() has moved from kern_ndis.c to
if_ndis_pccard.c so that kern_ndis.c no longer depends on pccard.
NOTE: this stuff is not guaranteed to work 100% correctly yet. So
far I have been able to load/init my PCMCIA Cisco Aironet 340 card,
but it crashes in the interrupt handler. The existing support for
PCI/cardbus devices should still work as before.
kientzle [Sun, 7 Mar 2004 00:57:43 +0000 (00:57 +0000)]
Recognize hardlinks when reading cpio files.
This doesn't yet address the issue of selective restore
of hardlinked files. With cpio format, it's possible to correctly
restore any linked file; the API doesn't yet fully support this.
(There's no way for the library to inform a client whether or not
there's a file body associated with this entry. The assumption
right now is that "hardlink" entries have no file body.)
kientzle [Sat, 6 Mar 2004 05:44:13 +0000 (05:44 +0000)]
Minor API tweak: The format-specific write_header function now sets
the size in the archive_entry object to zero if that format doesn't
store a body for that file type. This allows the client to determine
whether or not it should feed the file body to the archive. In
particular, cpio stores the file body for hardlinks, tar and shar
don't. With this change, bsdtar now correctly archives hardlinks in all
supported formats.
While I'm here, make shar output be more aggressive about creating directories.
Before this, commands such as:
bsdtar -cv -F shar some/explicit/path/to/a/file
wouldn't create the directory. Some simple logic to remember the last
directory creation helps reduce unnecessary mkdirs here.
At this point, I think the only flaw in libarchive's cpio support is
the failure to recognize hardlinks when reading.
kan [Sat, 6 Mar 2004 04:09:54 +0000 (04:09 +0000)]
Always call vn_finished_write after vn_start_write was called. All
occurences of 'goto done' after vn_start_write invocation were cleaning
up incompletely.
kientzle [Sat, 6 Mar 2004 00:59:08 +0000 (00:59 +0000)]
Correctly read symlinks from cpio files.
While I'm here, fix a bug in reading filenames from
cpio files. (Copy should count the length of the name,
not the number of bytes available for input.)
peter [Sat, 6 Mar 2004 00:44:59 +0000 (00:44 +0000)]
Add a missing part of jhb's previous commit. It looks like he had a
patch chunk rejected that he missed. This would manifest as a lock
assertion panic at boot (Giant not locked in kern_fork.c).
gad [Fri, 5 Mar 2004 23:10:49 +0000 (23:10 +0000)]
Have these instructions tell users to 'sh installworld_newk' instead
of './installworld_newk', because the scripts might not show up with
the +x bit set.
jhb [Fri, 5 Mar 2004 22:39:53 +0000 (22:39 +0000)]
- Push down Giant in exit() and wait().
- Push Giant down a bit in coredump() and call coredump() with the proc
lock already held rather than unlocking it only to turn around and
relock it.
jhb [Fri, 5 Mar 2004 22:37:32 +0000 (22:37 +0000)]
- Grab a share lock of the proctree lock while looking for a pid due to the
process group and session dereferences. Also, check that p_pgrp and
p_sesssion are NULL before dereferencing them.
- Push down Giant in fork1().
truckman [Fri, 5 Mar 2004 22:03:11 +0000 (22:03 +0000)]
Undo the merger of mlock()/vslock and munlock()/vsunlock() and the
introduction of kern_mlock() and kern_munlock() in
src/sys/kern/kern_sysctl.c 1.150
src/sys/vm/vm_extern.h 1.69
src/sys/vm/vm_glue.c 1.190
src/sys/vm/vm_mmap.c 1.179
because different resource limits are appropriate for transient and
"permanent" page wiring requests.
Retain the kern_mlock() and kern_munlock() API in the revived
vslock() and vsunlock() functions.
Combine the best parts of each of the original sets of implementations
with further code cleanup. Make the mclock() and vslock()
implementations as similar as possible.
Retain the RLIMIT_MEMLOCK check in mlock(). Move the most strigent
test, which can return EAGAIN, last so that requests that have no
hope of ever being satisfied will not be retried unnecessarily.
Disable the test that can return EAGAIN in the vslock() implementation
because it will cause the sysctl code to wedge.
Tested by: Cy Schubert <Cy.Schubert AT komquats.com>
njl [Fri, 5 Mar 2004 18:06:31 +0000 (18:06 +0000)]
A user can set tz_requested via the hw.acpi.thermal.tzX.active sysctl.
The previous logic meant that if a user sets it to a minimal cooling value
acpi_thermal will not use higher cooling levels. Reverse the logic so that
the user requesting a level (say, 2) also gets 0 - 1 also.
PR: kern/61592
Submitted by: Andrew Thompson <andy@fud.org.nz>
rwatson [Fri, 5 Mar 2004 17:35:28 +0000 (17:35 +0000)]
Put "failed to set signal flags properly for ast()" check under
DIAGNOSTIC instead of INVARIANTS. INVARIANTS is intended for tests
that don't substantially change code flow or behavior (passive), but
this test required locking both the proc lock and scheduler lock
in order to execute. It also appears to be a very advisory diagnostic
as opposed to an invariant violation.