1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-04 12:52:15 +00:00
Commit Graph

122135 Commits

Author SHA1 Message Date
Christian S.J. Peron
d57d58dac4 Hook audit into OpenSSH. Now that the necessary bits for OpenSSH support
have been added with the latest OpenBSM import, hook USE_BSM_AUDIT into
build conditionally.

For users which do not care for audit support and do not want to compile
it into their SSH servers, add the following to the /etc/make.conf:

	NO_AUDIT=true

Discussed with:	rwatson
Obtained from:	TrustedBSD Project
2006-02-12 07:19:45 +00:00
Scott Long
b5a531ae40 Give the asr softc list global a proper name. 2006-02-12 06:57:41 +00:00
Pawel Jakub Dawidek
49fa8b70c6 Add regression test which verifies that options -P and -i cannot be used
together.

MFC after:	3 days
2006-02-12 02:07:56 +00:00
Pawel Jakub Dawidek
67cae8aab8 Allow to set kern.geom.raid3.disconnect_on_failure from loader.conf.
MFC after:	3 days
2006-02-12 02:01:38 +00:00
Robert Watson
bad70a881b Add stub AUE_EACCESS entry.
Obtained from:	TrustedBSD Project
2006-02-11 23:55:08 +00:00
Robert Watson
ba7f6690f1 Initialize user process audit ID to AU_DEFAUDITID so that init and
its pre-authentication children are covered by naflags.

Obtained from:	TrustedBSD Project
2006-02-11 23:53:00 +00:00
Marcel Moolenaar
478ea42db6 Add a simple manpage. 2006-02-11 23:09:58 +00:00
Robert Watson
dd8dfa82e7 Sort sfbuf allocation counters with other sfbuf information.
MFC after:	3 days
2006-02-11 21:27:16 +00:00
Robert Watson
4a99d6f90a Instead of asserting the vnode lock before manipulating v_vflag, acquire
it and drop it afterwards.

Found by:	kris
MFC after:	1 week
2006-02-11 21:09:27 +00:00
Ruslan Ermilov
fc07e4027a Don't count output bytes twice (the byte accouting is done
in if.c).  Count output errors.

MFC after:	3 days
2006-02-11 20:25:00 +00:00
Marcel Moolenaar
e13946c127 Correct the spinlock nesting of the idle thread of the APs before we
save the MCA state of the AP. Saving the MCA state of the AP requires
us to allocate memory, which uses sleep locks.
Now that we correct the spinlock nesting of the AP without having
schedlock, avoid calling spinlock_exit(). Instead call critical_exit()
and manually clear the MD spinlock count.

MFC after: 3 days
2006-02-11 19:55:18 +00:00
Robert Watson
10b037c1d9 Update copyright for 2006.
MFC after:	3 days
2006-02-11 19:21:39 +00:00
Robert Watson
082dc776db Skip per-cpu caches associated with absent CPUs when generating a
memory statistics record stream via sysctl.

MFC after:	3 days
2006-02-11 19:20:56 +00:00
Robert Watson
1d90b80f28 The uma_zone data structure defines the size of its uz_cpu[] array as 1,
but then sizes the containing data structure at run-time to make room
for per-cpu cache data.  Modify libmemstat to separately allocate a
buffer to hold per-cpu cache data, sized based on the run-time mp_maxid
variable when using libkvm to access UMA data.  This avoids reading
invalid cache data from beyond the end of the uma_zone data structure
on the stack, which can result in invalid statistics and/or reads from
invalid kernel addresses.

Foot target practice by:	ps
MFC after:			3 days
2006-02-11 19:19:29 +00:00
Robert Watson
59e012a852 When reporting an error reading from UMA per-cpu cache pointers using KVM,
return a KVM error rather than an out of memory error, so that the caller
reports the KVM error state.  This replaces a misleading error message
with a more accurate although equally confusing one.

MFC after:	3 days
2006-02-11 18:55:03 +00:00
Robert Watson
3f374960e6 Read all_cpus variable out of kmem, and validate CPUs against the all_cpus
cpu mask before looking at the cache entries for the CPU.  For systems
with sparse CPU id arrays, this skips otherwise uninitialized cache
structures.

MFC after:	3 days
2006-02-11 18:44:37 +00:00
Pawel Jakub Dawidek
3aae74ec02 - Add kern.geom.raid3.disconnect_on_failure sysctl/tunnable (default to 1
to preserve currect behaviour). When set to 0, components are not
  disconnected - graid3 will try to still use them (only first error will
  be logged). This is helpful when we have two broken components, but in
  different places, so actually all data is available.
  Such buggy component will be visible in 'graid3 list' output with flag
  BROKEN.
- Never disconnect the last valid component. If we detect errors there we
  will just pass them up. This wasn't reasonable to deny access to the
  whole provider because of one broken sector.

Prodded by:	ru
MFC after:	3 days
2006-02-11 17:42:31 +00:00
Pawel Jakub Dawidek
d4b0268a24 - Add kern.geom.mirror.disconnect_on_failure sysctl/tunnable (default to 1
to preserve currect behaviour). When set to 0, components are not
  disconnected - gmirror will try to still use them (only first error will
  be logged). This is helpful when we have two broken components, but in
  different places, so actually all data is available.
  Such buggy component will be visible in 'gmirror list' output with flag
  BROKEN.
- Never disconnect the last valid component. If we detect errors there we
  will just pass them up. This wasn't reasonable to deny access to the
  whole provider because of one broken sector.

Prodded by:	ru
MFC after:	3 days
2006-02-11 17:39:29 +00:00
Pawel Jakub Dawidek
17fec17e77 Correct typo. 'fbp' is NULL here so this will result in a panic.
MFC after:	3 days
2006-02-11 17:29:06 +00:00
Robert Watson
e446b85087 Un-#if 0 the printing of allocation failure counts for mbufs, clusters,
and packets in netstat -m.

MFC after:	3 days
2006-02-11 17:18:36 +00:00
Robert Watson
ee4be9485c Correct a typo in the extraction of zone information from UMA using kmem:
bytes = allocated - freed, not bytes = allocated = freed.

MFC after:	3 days
2006-02-11 16:54:00 +00:00
Markus Brueffer
cda869c9db - Grammar fixes
- Reword one sentence

Approved by:	brueffer
MFC after:	3 days
2006-02-11 15:36:37 +00:00
Pawel Jakub Dawidek
0962f94295 Mark array as CLEAN when there are no write requests in
kern.geom.raid3.idletime seconds. Write, not any requests.
Mark array as clean immediatelly on last write close.

Prodded by:	ru
MFC after:	3 days
2006-02-11 14:42:58 +00:00
Pawel Jakub Dawidek
fe6f94ea84 Mark array as CLEAN when there are no write requests in
kern.geom.mirror.idletime seconds. Write, not any requests.
Mark array as clean immediatelly on last write close.

Prodded by:	ru
MFC after:	3 days
2006-02-11 14:42:23 +00:00
Pawel Jakub Dawidek
17f4ac945f Add an example how to use keyfiles for encrypted providers which should be
attached before the root file system is mounted.

MFC after:	3 days
2006-02-11 13:18:47 +00:00
Pawel Jakub Dawidek
9af2131b78 Teach geli how to load keyfiles before root file system is mounted.
An example entries for loader.conf to make it possible:

geli_da0_keyfile0_load="YES"
geli_da0_keyfile0_type="da0:geli_keyfile0"
geli_da0_keyfile0_name="/boot/keys/da0.key0"
geli_da0_keyfile1_load="YES"
geli_da0_keyfile1_type="da0:geli_keyfile1"
geli_da0_keyfile1_name="/boot/keys/da0.key1"
geli_da0_keyfile2_load="YES"
geli_da0_keyfile2_type="da0:geli_keyfile2"
geli_da0_keyfile2_name="/boot/keys/da0.key2"

geli_da1s3a_keyfile0_load="YES"
geli_da1s3a_keyfile0_type="da1s3a:geli_keyfile0"
geli_da1s3a_keyfile0_name="/boot/keys/da1s3a.key"

Thanks for jhb and kan who showed me the right direction.

MFC after:	3 days
2006-02-11 13:08:24 +00:00
Pawel Jakub Dawidek
f2aa80d883 - Allow to use -b without passphrase or with keyfiles as it will be
supported for a moment.
- Don't allow to use -i when no passphrase is given. Now if iterations is
  equal to -1 (not set), we know that we should not ask for the passphrase
  on boot.
  It still doesn't handle situation when one key is protected with
  passphrase and the other is not. There is no quick fix for this.
  The complete solution will be to make number of iterations a per-key
  value. Because this need metadata format change and is only needed for
  devices attached on boot, I'll leave it as it is for now.

MFC after:	3 days
2006-02-11 13:04:10 +00:00
Pawel Jakub Dawidek
a80f82a4a3 Check rootvnode variable to see if we still want to ask for passphrase on
boot. Other methods just don't work properly.

MFC after:	3 days
2006-02-11 12:45:01 +00:00
Poul-Henning Kamp
e8444a7e6f CPU time accounting speedup (step 2)
Keep accounting time (in per-cpu) cputicks and the statistics counts
in the thread and summarize into struct proc when at context switch.

Don't reach across CPUs in calcru().

Add code to calibrate the top speed of cpu_tickrate() for variable
cpu_tick hardware (like TSC on power managed machines).

Don't enforce monotonicity (at least for now) in calcru.  While the
calibrated cpu_tickrate ramps up it may not be true.

Use 27MHz counter on i386/Geode.

Use TSC on amd64 & i386 if present.

Use tick counter on sparc64
2006-02-11 09:33:07 +00:00
Warner Losh
e1fa2d9556 Use the correct address for the ohci device. 2006-02-11 03:58:07 +00:00
Warner Losh
6600b2ce30 Use ETHER_ADDR_LEN rather than 6. 2006-02-11 03:50:03 +00:00
Warner Losh
0085aa8869 Improve the memory resoruce allocation and usage during the probe.
I've had these improvements in my tree for almost a year now...
2006-02-11 03:41:20 +00:00
Warner Losh
55303171a4 Use the release version as a floor, not an exact match. Add comment to that
effect and draw attention to the fact that the list has stronger ordering
requirements than before.
2006-02-11 03:30:17 +00:00
Warner Losh
5df2beab5b Give ohci_intr a proper return value. In FreeBSD, this is void. Remove
now-redundant cast on establishing the interrupt.
2006-02-11 03:29:02 +00:00
Warner Losh
da8341a31a Update the keyspan product list from NetBSD. 2006-02-11 03:27:57 +00:00
Matt Jacob
444dd2b669 Do initial cut of SAS HBA support. These controllers (106X) seem to support
automatically both SATA and SAS drives.  The async SAS event handling we catch
but ignore at present (so automagic attach/detach isn't hooked up yet).

Do 64 bit PCI support- we can now work on systems with > 4GB of memory.

Do large transfer support- we now can support up to reported chain depth, or
the length of our request area. We simply allocate additional request elements
when we would run out of room for chain lists.

Tested on Ultra320, FC and SAS controllers on AMD64 and i386 platforms.
There were no RAID cards available for me to regression test.

The error recovery for this driver still is pretty bad.
2006-02-11 01:35:29 +00:00
Robert Watson
4cdd6c8fe6 This commit was generated by cvs2svn to compensate for changes in r155518,
which included commits to RCS files with non-trunk default branches.
2006-02-11 00:39:23 +00:00
Robert Watson
f4e380b0ce CVS import OpenBSM 1.0 alpha 4:
- Remove "audit" user example from audit_user, as it's not present on most
  systems.
- Add cannot_audit() function non-Darwin systems that wraps auditon();
  required by OpenSSH BSM support.  Convert Darwin cannot_audit() into a
  function rather than a macro.
- Library build fixed on Darwin following include file tweaks.  The native
  Darwin sys/audit.h conflicts with bsm/audit.h due to duplicate types, so
  for now we force bsm_wrappers.c to not perform a nested include of
  sys/audit.h.

Obtained from:	TrustedBSD Project
2006-02-11 00:39:23 +00:00
Doug Ambrisko
37b1ce132c Add an OpenIPMI mostly compatible driver. This driver was developed
to work with ipmitools.  It works with other tools that have an OpenIPMI
driver interface.  The port will need to get updated to used this.
I have not implemented the IPMB mode yet so ioctl's for that don't
really do much otherwise it should work like the OpenIPMI version.
The ipmi.h definitions was derived from the ipmitool header file.
The bus attachments are done for smbios and pci/smbios.  Differences
in bus probe order for modules/static are delt with.  ACPI attachment
should be done.

This drivers registers with the watchdod(4) interface

Work to do:
     - BT interface
     - IPMB mode

This has been tested on Dell PE2850, PE2650 & PE850 with i386 & amd64
kernel.

I will link this into the build on next week.

Tom Rhodes, helped me with the man page.

Sponsored by:   IronPort Systems Inc.
Inspired from:  ipmitool & Linux
2006-02-10 20:51:35 +00:00
Markus Brueffer
595dedc1b0 - Fix attribute id of HIDBatteryPower
- Fix two typos in comments

Approved by:	emax
2006-02-10 19:54:17 +00:00
Sam Leffler
bd5a9920c2 Update for rev 0.9.16.16 hal:
o add dfs+radar hooks; DFS is presently disabled in the hal
o channel and mode handling changes
o various api changes
o be more aggressive about iq calibration settling so ap mode
  operation is better immediately after startup
o rfkill/rfsilent sysctl support
o tpc ack/cts sysctl support

MFC after:	2 weeks
2006-02-10 19:07:08 +00:00
Sam Leffler
1be92ea1ca resolve merge conflicts
MFC after:	2 weeks
2006-02-10 19:01:02 +00:00
Sam Leffler
07c5770b96 This commit was generated by cvs2svn to compensate for changes in r155511,
which included commits to RCS files with non-trunk default branches.
2006-02-10 18:57:38 +00:00
Sam Leffler
c6f3555125 Version 0.9.16.16:
o new chip support
o new platforms: powerpc-be-elf, sparc64-be-elf, and alpha-elf
  (alpha is untested, others are known to work)
o many fixes and improvements

MFC after:	2 weeks
2006-02-10 18:57:38 +00:00
Rink Springer
424d9b482d Cleaned the memory initialization up, moved some defines from the framebuffer
to an include file.

Reviewed by:		imp
Approved by:		imp (mentor)
2006-02-10 18:48:22 +00:00
Ed Maste
11edc47706 Bump the MODULE_VERSION for HEAD, as the vlan(4) API is different in
RELENG_6, and would require a lower version number.

Requested by:	glebius
Approved by:	rwatson (mentor)
2006-02-10 18:38:33 +00:00
John Baldwin
ccabcacb30 Correctly set MNTK_MPSAFE flag from the lower vnode's mount rather than
always turning it on along with any flags set in the lower mount.

Tested by:	kris
Reviewed by:	jeff
MFC after:	3 days
2006-02-10 18:06:49 +00:00
Hartmut Brandt
e6ef6163fd Vendor patch: Make the link traps more RFC-conform.
Submitted by:	glebius
2006-02-10 16:49:49 +00:00
Hartmut Brandt
141508eb20 This commit was generated by cvs2svn to compensate for changes in r155506,
which included commits to RCS files with non-trunk default branches.
2006-02-10 16:49:49 +00:00
Christian Brueffer
bd81a3a557 Correct references to ipnat(8).
MFC after:	3 days
2006-02-10 15:23:07 +00:00