reinserted by a userland process, will lose a number of packet
attributes, including their source interface. This may affect
the behavior of later rules, and while not strictly a BUG, may
cause unexpected behavior if not clearly documented. A similar
note for natd(8) might be desirable.
ipfirewall(4) to the IMPLEMENTATION NOTES section because it
considers kernel internals and may confuse newbies if placed
at the very beginning of the manpage (where it used to be previously.)
Not objected by: luigi
This will be trimmed as the FreeBSD Security Architecture document
is fleshed out and committed.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, NAI Labs
a) Convert all the remaining older Perl system() calls to the new,
more secure LIST format so they are robust to whitespace and
shell metacharacters in their arguments.
b) Add a new option: -force, which allows adding usernames containing
characters that are otherwise illegal.
PR: bin/22860 bin/31049
substantial fraction of the number of entries of tte's in the tsb
would need to be looked up, traverse the tsb instead. This is crucial
in some places, e.g. when swapping out a process, where a certain
pmap_remove() call would take very long time to complete without this.
2. Implement pmap_qenter_flags(), which will become used later
3. Reactivate the instruction cache flush done when mapping as executable.
This is required e.g. when executing files via NFS, but is known to
cause problems on UltraSPARC-IIe CPU's. If you have such a CPU, you
will need to comment this call out for now.
Submitted by: jake (3)
date: 2000/02/29 21:37:01; author: augustss; state: Exp;
Distinguish between device and interface classes.
(I finally found a document that said that they were different.)
struct ofw_nexus_reg. Implement UPA device memory management in the
nexus driver.
Adapt the psycho driver to these changes, and do some minor cleanup work
while being there.
form L0IFPI2UNIT. This could result in a panic if the user tried to
trace using isdntrace(8). I fixed this locally but forgot to commit it.
Reminded by: "Wittig, Christoph" <wc@medianet-world.de>
allows this tool to compile again. Albeit, now to test a new malloc
implementation one has to install the new libc which may have bad
consequences (i.e. if the new malloc implementation were buggy).
Add logic to workaround malloc's current behaviour of returning an
invalid non-NULL pointer for 0 byte allocation requests; this prevents the
tool from coring during the NOPS loop.
Add $FreeBSD$ tags.
down, even if there are hung processes and the mount is non-
interruptible.
This works by having nfs_unmount call a new function nfs_nmcancelreqs()
in the FORCECLOSE case. It scans the list of outstanding requests
and marks as interrupted any requests belonging to the specified
mount. Then it waits up to 30 seconds for all requests to terminate.
A few other changes are necessary to support this:
- Unconditionally set a socket timeout so that even hard mounts
are guaranteed to occasionally check the R_SOFTTERM flag on
requests. For hard mounts this flag can only be set by
nfs_nmcancelreqs().
- Reject requests on a mount that is currently being unmounted.
- Never grant the receive lock to a request that has been cancelled.
This should also avoid an old problem where a forced NFS unmount
could cause a crash; it occurred when a VOP on an unlocked vnode
(usually VOP_GETATTR) was in progress at the time of the forced
unmount.
Add support for handling floating point disabled traps mostly in userland
for the simple single threaded case. Not yet enabled by default.
Implement __sparc_utrap_install as specified by the sparc abi.
This gives a bit of a sluggish console, but it prevents the console from
getting stuck if we poll too fast, as well as other badness on certain
machines.
2. Fix a test for != 0 that should have been > 0.
Noticed by: Jamey Wood <Jamey.Wood@Sun.COM> and myself
Submitted by: tmm (2)
for certain user pages, stores to kernel pages would not update the
affected cache lines, which would sometimes cause the wrong data to be
returned for loads from kernel pages. This was especially fatal when
the addresses affected held the kernel stack pointer, and a random
value was loaded into it.
Fix a harmless off by one error in a dcache_inval_phys call.