1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-19 10:53:58 +00:00
Commit Graph

96724 Commits

Author SHA1 Message Date
Robert Watson
2e8c6b2654 Use UMA zone allocator for Biba and MLS labels rather than MALLOC(9).
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 04:11:52 +00:00
David E. O'Brien
d89c67bcba Catch up with the latest in device naming. 2003-11-18 02:33:27 +00:00
Robert Watson
2dd0f3209f Revert a NOOP change to Makefile that slipped into the last commit.
Pointed out by:	tjr
2003-11-18 00:52:30 +00:00
Robert Watson
a557af222b Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
Kirk McKusick
b17f40bbda Document that the live dump command (`dump -L') creates its snapshot
in the .snap directory in the root of the filesystem being dumped.
Document that if the .snap directory is missing that it must be
created manually and that it should be owned by user root and
group operator and set to mode 770 before a live dump can be run.
2003-11-18 00:36:40 +00:00
Robert Watson
97209ca3bf Clarify UPDATING language: do buildworld before buildkernel, and
do installkernel before installworld, rather than don't make world
before installkernel.

Pointed out by:	gad
2003-11-17 23:25:16 +00:00
Bruce Evans
f177e8630c Merged from sys/dev/sio/sio.c revisions 1.415 and 1.416.
Approved by:	nyan
(Blanket approval for simple changes in sio.)
2003-11-17 23:13:08 +00:00
Mark Murray
0887c8c110 Overhaul the entropy device:
o Each source gets its own queue, which is a FIFO, not a ring buffer.
  The FIFOs are implemented with the sys/queue.h macros. The separation
  is so that a low entropy/high rate source can't swamp the harvester
  with low-grade entropy and destroy the reseeds.

o Each FIFO is limited to 256 (set as a macro, so adjustable) events
  queueable. Full FIFOs are ignored by the harvester. This is to
  prevent memory wastage, and helps to keep the kernel thread CPU
  usage within reasonable limits.

o There is no need to break up the event harvesting into ${burst}
  sized chunks, so retire that feature.

o Break the device away from its roots with the memory device, and
  allow it to get its major number automagically.
2003-11-17 23:02:21 +00:00
Robert Watson
64d19c2ea7 Add a sysctl, security.bsd.see_other_gids, similar in semantics
to see_other_uids but with the logical conversion.  This is based
on (but not identical to) the patch submitted by Samy Al Bahra.

Submitted by:	Samy Al Bahra <samy@kerneled.com>
2003-11-17 20:20:53 +00:00
Robert Watson
a2f046e874 Staticize label_default_head to prevent it from leaking out of mac.c.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 19:48:35 +00:00
Olivier Houchard
8c8268cb4f In rip_abort(), unlock the inpcb if we didn't detach it, or we may
recurse on the lock before destroying the mutex.

Submitted by:	sam
2003-11-17 19:21:53 +00:00
Sam Leffler
68025aeb6a move rate control change messages under ath_debug 2003-11-17 19:15:09 +00:00
Ruslan Ermilov
cdea8b85bb Fixed two memory leaks.
Reviewed by:	harti
2003-11-17 19:13:44 +00:00
Ruslan Ermilov
d47c9466dd Check the correct set of interface flags and fix a memory leak.
Reviewed by:	harti
2003-11-17 19:13:01 +00:00
Sam Leffler
f6dbcc4910 o fix WEP use in hostap mode; need to reset the pointer to the
802.11 packet header after stripping the WEP header on input
2003-11-17 19:12:52 +00:00
Sam Leffler
e585d188b0 on a beacon miss try to reassociate before starting a scan
Submitted by:	Henry Qian
2003-11-17 19:02:18 +00:00
Robert Watson
0b92da272c Add a MAC check for VOP_LOOKUP() in the Linux getwcd() implementation.
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-17 18:57:20 +00:00
Alan Cox
0543fa5398 - Change the i386's sf_buf implementation so that it never allocates
more than one sf_buf for one vm_page.  To accomplish this, we add
   a global hash table mapping vm_pages to sf_bufs and a reference
   count to each sf_buf.  (This is similar to the patches for RELENG_4
   at http://www.cs.princeton.edu/~yruan/debox/.)

   For the uninitiated, an sf_buf is nothing more than a kernel virtual
   address that is used for temporary virtual-to-physical mappings by
   sendfile(2) and zero-copy sockets.  As such, there is no reason for
   one vm_page to have several sf_bufs mapping it.  In fact, using more
   than one sf_buf for a single vm_page increases the likelihood that
   sendfile(2) blocks, hurting throughput.
   (See http://www.cs.princeton.edu/~yruan/debox/.)
2003-11-17 18:22:24 +00:00
Gordon Tetlow
eb5ed42cfe Update hier(7) to reflect the world with respect to /lib and /libexec. 2003-11-17 17:29:04 +00:00
Robert Watson
2fa430f2ab Add an entry to the BUGS section indicating that Vinum cannot currently
be used on devices with a block size other than DEV_BSIZE (512),
which specifically includes being unable to run on a swap-backed
md device.  Swap-backed md devices use a 4k block size.
2003-11-17 16:04:52 +00:00
Robert Watson
f315f7629f Don't attempt to make devices if we're using devfs. This
substantially cleans up the output when running the vinum
management tool, and also makes it work better.

Long sustained silence from:	grog
2003-11-17 15:56:00 +00:00
Mark Murray
2e472f2df6 No need for two copies of this file; there is already a distribution
copy in src/crypto/heimdal/...

Reported by:	ru
2003-11-17 14:59:06 +00:00
Eivind Eklund
f76c341dd4 * Auto-detect what device to use if none is specified
* Replace references to mcd0 with acd0 (doc only)
* Remove references to the "c" partition (doc only - code was already fixed)
2003-11-17 14:02:04 +00:00
Dag-Erling Smørgrav
b2183f9769 __FBSDID; remove duplicate <ctype.h>; try to reduce style inconsistencies. 2003-11-17 11:26:51 +00:00
Dag-Erling Smørgrav
038ec830e2 Sort includes, and remove superfluous <sys/types.h> 2003-11-17 11:14:34 +00:00
Dag-Erling Smørgrav
3bdc98d712 Instead of blindly loading the ums module and bailing out if that fails,
check if it's already loaded or compiled into the kernel, and only try to
load it if it isn't.

PR:		bin/59368
Submitted by:	Jens Rehsack <rehsack@liwing.de>
2003-11-17 11:08:28 +00:00
Peter Wemm
ef3c5c9015 Add SMP changes as should have been committed as rev 1.28 2003-11-17 09:19:12 +00:00
Peter Wemm
07cda73444 Restore file accidently killed in the crossfire from the smp commit. 2003-11-17 09:11:04 +00:00
Peter Wemm
0d2a298904 Initial landing of SMP support for FreeBSD/amd64.
- This is heavily derived from John Baldwin's apic/pci cleanup on i386.
- I have completely rewritten or drastically cleaned up some other parts.
  (in particular, bootstrap)
- This is still a WIP.  It seems that there are some highly bogus bioses
  on nVidia nForce3-150 boards.  I can't stress how broken these boards
  are.  I have a workaround in mind, but right now the Asus SK8N is broken.
  The Gigabyte K8NPro (nVidia based) is also mind-numbingly hosed.
- Most of my testing has been with SCHED_ULE.  SCHED_4BSD works.
- the apic and acpi components are 'standard'.
- If you have an nVidia nForce3-150 board, you are stuck with 'device
  atpic' in addition, because they somehow managed to forget to connect the
  8254 timer to the apic, even though its in the same silicon!  ARGH!
  This directly violates the ACPI spec.
2003-11-17 08:58:16 +00:00
Jeff Roberson
fa9c971710 - Mark ksq_assigned as volatile so that when this code is used without
sched_lock we can be sure that we'll pick up the new value.
2003-11-17 08:27:11 +00:00
Jeff Roberson
093c05e39d - Remove long dead code. rslices hasn't been used in some time and neither
has sched_pickcpu().
2003-11-17 08:24:14 +00:00
Hajimu UMEMOTO
e5f467a2e7 correct to look right interface. 2003-11-17 07:53:32 +00:00
Peter Wemm
0469a9ecfd Oh, how embarresing. I broke my own platform. :-) 2003-11-17 07:50:59 +00:00
Bruce Evans
c0952034c3 Tweaked the siointr1() so that it works better at 921600 bps, especially
with multiple ports on a shared interrupt demultiplexed by the puc_intr()
handler.

siointr1() first read as much input as possible and then checked all
possibly-relevant status registers, partly for robustness and partly
for historical reasons.  This is very bad if it is called for every
port sharing an interrupt like puc_intr() does.  It can spend too long
reading all the input for some ports when the interrupt is for a more
urgent event on another, or just too long checking all the status
registers when there are lots of ports.  The inter-character time is
too long for reading all the input even when the interrupt is for a
transmitter interrupt on the same port, and at 921600 bps the inter-char
time is 10.85 usec and was often exceeded with just 2 ports, leaving
the transmitters idle for about 6% of the time.

The tweak is to break out of the read loop after reading 1 char if
output can be done.  This avoids most of the idle transmitter time for
2 active ports at 921600 bps bidirectional on the test system.  It
also reduces overhead by about 20%.  More complete fixes use the
programmable tx low watermark on 16950's and reduce overhead by another
65%.
2003-11-17 07:21:19 +00:00
David Schultz
170f850343 Remove the BUGS section introduced in rev 1.11 now that the problem
has been addressed.
2003-11-17 06:39:54 +00:00
David Schultz
71ff2d08cd Reimplement nologin(8) as a C program. This allows us to statically
link it at low cost and avoid environment poisoning attacks associated
with LD_LIBRARY_PATH.

Suggested by:	rwatson
2003-11-17 06:39:38 +00:00
Peter Wemm
0bfbe7b935 Widen the enable/disable helper function's argument in line with the
ithread_create() changes etc.  This should be mostly a NOP.
2003-11-17 06:10:15 +00:00
Peter Wemm
90e3387e54 Expand the argument to the ithread enable/disable helper hooks from an
int to something big enough to hold a pointer.  amd64 needs this.
2003-11-17 06:08:10 +00:00
Marcel Moolenaar
c316572024 Declare crc32 static. There's a copy in libz that conflicts for the
crunched binary.

Found by: make release
2003-11-17 05:47:42 +00:00
Bruce A. Mah
da60ceef2e Start turning on a few devices in the amd64 hardware notes, based on
things that I've observed to work.

Obtained from:	sledge, various dmesg(1) output messages from peter
2003-11-17 05:45:21 +00:00
Warner Losh
62d768efe6 Ignore errors on ln. This is a quick fix for the make depend twice in
a row being broken.  A better filx will come as soon as I have time to
analyse things more deeply.
2003-11-17 05:21:18 +00:00
David E. O'Brien
144ca80367 /rescue/b{,un}zip exists, so build this dynamically now. 2003-11-17 05:19:37 +00:00
David E. O'Brien
13e85b308a /rescue/g{{,un}zip,zcat} exist, so build this dynamically now. 2003-11-17 05:18:36 +00:00
David E. O'Brien
270a7d5792 /rescue/tar exists, so build this dynamic now. 2003-11-17 05:16:26 +00:00
Bruce Evans
6a0d1abc5d Fixed pedantic warnings for statement-expressions using __extension__
and by not using a statement-expression for the non-expression
__PCPU_SET().
2003-11-17 04:40:58 +00:00
Warner Losh
c33df8b251 Copy ukbdmap.h rules from .i386.
# maybe this should be in files.

# This may fix sparc64 tinderbox.  I'll kinow in a few hours.
2003-11-17 04:38:14 +00:00
Jacques Vidrine
8d870a43f9 Baby steps. Set WARNS=1 for libc. 2003-11-17 04:20:02 +00:00
Jacques Vidrine
c91e947dbd Detect range errors when using the %s specifier. Previously, LONG_MAX
was rejected as a range error, while any values less than LONG_MIN
were silently substituted with LONG_MIN.  Furthermore, on some
platforms `time_t' has less range than `long' (e.g. alpha), which may
give incorrect results when parsing some strings.
2003-11-17 04:19:15 +00:00
Bruce Evans
81bbee5996 Fixed a pedantic syntax error (a stray semicolon at the end of
PCPU_MD_FIELDS).
2003-11-17 03:40:41 +00:00
Brian Feldman
633461295a Fix a few cases where MT_TAG-type "fake mbufs" are created on the stack, but
do not have mh_nextpkt initialized.  Somtimes what's there is "1", and the
ip_input() code pukes trying to m_free() it, rendering divert sockets and
such broken.
This really underscores the need to get rid of MT_TAG.

Reviewed by:	rwatson
2003-11-17 03:17:49 +00:00