1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
Commit Graph

124609 Commits

Author SHA1 Message Date
Robert Watson
62bb2e9199 Assert audit mtx in audit_worker_drain().
Break out logic to call audit_record_write() and handle error
conditions into audit_worker_process_record().  This will be the
future home of some logic now present in audit_record_write()
also.

Obtained from:	TrustedBSD Project
2006-06-05 13:46:55 +00:00
Robert Watson
b3ae6323f0 Use struct kaudit_queue instead of a hand-crafted queue type for
audit records in the audit_worker thread.

Obtained from:	TrustedBSD Project
2006-06-05 13:45:05 +00:00
Robert Watson
40c96d7279 Rename audit_cv to audit_worker_cv, as it wakes up the audit
worker.

Rename audit_commit_cv to audit_watermark_cv, since it is there to
wake up threads waiting on hitting the low watermark.  Describe
properly in comment.

Obtained from:	TrustedBSD Project
2006-06-05 13:43:57 +00:00
Robert Watson
6e79e6f805 Audit command, uid arguments for quotactl().
Audit the mode argument to mkfifo().
Audit the target path passed to symlink().

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 13:34:23 +00:00
Robert Watson
4b6d6bcffd Merge OpenBSM 1.0 alpha 6 changes for BSM token creation to
src/sys/security/audit:

- Clarify and clean up AUR_ types to match Solaris.
- Clean up use of host vs. network byte order for IP addresses.
- Remove combined user/kernel implementations of some token creation
  calls, such as au_to_file(), header calls, etc.

Obtained from:	TrustedBSD Project
2006-06-05 13:13:02 +00:00
Robert Watson
d3778141bf Audit path passed to the acct() system call.
Obtained from:	TrustedBSD Project
2006-06-05 13:02:34 +00:00
Robert Watson
0f0075fb90 Merge OpenBSM 1.0 alpha 6 version of audit_record.h to src/sys:
- Cleanup of AUR_ data types.
- Comment fixes.
- au_close_token() definition.
- Break out of kernel vs. user space token interfaces for headers.

Note: this may briefly break the kernel build until other kernel files are
updated to match.

Obtained from:	TrustedBSD Project
2006-06-05 13:00:52 +00:00
Robert Watson
f6059f4510 Merge OpenBSM 1.0 alpha 6 changes to bsm/audit.h into src/sys: respell
statistics variables.

Submitted by:	Martin Fong <martin dot fong at sri dot com>
Obtained from:	TrustedBSD Project
2006-06-05 12:55:45 +00:00
Robert Watson
e3901dc97d Add audit_submit.3 to the set of man pages built and installed with
libbsm.  This interface is new as of OpenBSM 1.0 alpha 6.

Submitted by:	csjp
Obtained from:	TrustedBSD Project
2006-06-05 12:53:44 +00:00
Yoshihiro Takahashi
14ecccda0e Add Fn+F7 hotkey (suspend) support.
Tested by:	nork
2006-06-05 11:55:20 +00:00
Yoshihiro Takahashi
261fe6f6c9 MFi386: revisions 1.627, 1.628 and 1.629. 2006-06-05 11:53:36 +00:00
Robert Watson
0163f8cb67 Regenerate config.h from OpenBSM 1.0 alpha 6 import.
Obtained from:	TrustedBSD Project
2006-06-05 11:06:32 +00:00
Robert Watson
0127a4bb1b This commit was generated by cvs2svn to compensate for changes in r159248,
which included commits to RCS files with non-trunk default branches.
2006-06-05 10:52:12 +00:00
Robert Watson
506764c6f6 Vendor branch import of TrustedBSD OpenBSM 1.0 alpha 6:
- Use AU_TO_WRITE and AU_NO_TO_WRITE for the 'keep' argument to au_close();
  previously we used hard-coded 0 and 1 values.
- Add man page for au_open(), au_write(), au_close(), and
  au_close_buffer().
- Support a more complete range of data types for the arbitrary data token:
  add AUR_CHAR (alias to AUR_BYTE), remove AUR_LONG, add AUR_INT32 (alias
  to AUR_INT), add AUR_INT64.
- Add au_close_token(), which allows writing a single token_t to a memory
  buffer.  Not likely to be used much by applications, but useful for
  writing test tools.
- Modify au_to_file() so that it accepts a timeval in user space, not just
  kernel -- this is not a Solaris BSM API so can be modified without
  causing compatibility issues.
- Define a new API, au_to_header32_tm(), which adds a struct timeval
  argument to the ordinary au_to_header32(), which is now implemented by
  wrapping au_to_header32_tm() and calling gettimeofday().  #ifndef KERNEL
  the APIs that invoke gettimeofday(), rather than having a variable
  definition.  Don't try to retrieve time zone information using
  gettimeofday(), as it's not needed, and introduces possible failure
  modes.
- Don't perform byte order transformations on the addr/machine fields of
  the terminal ID that appears in the process32/subject32 tokens.  These
  are assumed to be IP addresses, and as such, to be in network byte
  order.
- Universally, APIs now assume that IP addresses and ports are provided
  in network byte order.  APIs now generally provide these types in
  network byte order when decoding.
- Beginnings of an OpenBSM test framework can now be found in openbsm/test.
  This code is not built or installed by default.
- auditd now assigns more appropriate syslog levels to its debugging and
  error information.
- Support for audit filters introduced: audit filters are dynamically
  loaded shared objects that run in the context of a new daemon,
  auditfilterd.  The daemon reads from an audit pipe and feeds both BSM and
  parsed versions of records to shared objects using a module API.  This
  will provide a framework for the writing of intrusion detection services.
- New utility API, audit_submit(), added to capture common elements of audit
  record submission for many applications.

Obtained from:	TrustedBSD Project
2006-06-05 10:52:12 +00:00
Robert Watson
b5fc62e2f7 Add audit.h to mkioctls inclusion list: audit pipe ioctls need access
to the audit types.

Submitted by:	wsalamon
Obtained from:	TrustedBSD Project
2006-06-05 10:06:51 +00:00
Xin LI
60555db2e2 Include strings.h for bzero() 2006-06-05 08:51:14 +00:00
Alan Cox
62b5e735a6 MFamd64
Eliminate unnecessary, recursive acquisitions and releases of the page
 queues lock by free_pv_entry() and pmap_remove_pages().

 Reduce the scope of the page queues lock in pmap_remove_pages().
2006-06-05 06:08:21 +00:00
David E. O'Brien
991d907d3e Use an option form better matching the manual. 2006-06-05 03:47:14 +00:00
Pawel Jakub Dawidek
f34a967b01 Use newly added functions to simplify the code. 2006-06-04 22:17:25 +00:00
Pawel Jakub Dawidek
11d2e1e8ff - Replace COPYDATA() and COPYBACK() macros with crypto_copydata() and
crypto_copyback() functions.
- Add crypto_apply() function.

This will allow for more code simplification.
2006-06-04 22:15:13 +00:00
Pawel Jakub Dawidek
694e011306 Prefer hardware crypto over software crypto.
Before the change if a hardware crypto driver was loaded after
the software crypto driver, calling crypto_newsession() with
hard=0, will always choose software crypto.
2006-06-04 22:12:08 +00:00
Pawel Jakub Dawidek
cb852b474a Add regression tests for IPsec. 2006-06-04 22:06:17 +00:00
Marcel Moolenaar
ae04949bff Fix unaligned memory accesses on Alpha and possible other platforms.
By using a pointer to struct dos_partition, we implicitly tell the
compiler that the pointer is 4-bytes aligned, even though we know
that's not the case. The fact that we only dereference the pointer
to access a byte-wide field (field dp_ptyp) is not a guarantee that
the compiler will in fact use a byte-wide load. On some platforms
it's more efficient to use long word or quad word loads and use
bit-shifting and bit-masking to get the intended byte. On those
platforms an misaligned load will be the result.
The fix is to use byte-wide pointer arithmetic based on sizeof() and
offsetof() to avoid invalid casts which avoids that the compiler
makes invalid assumptions.

Backtrace provided by: wilko@
MFC after: 1 week
2006-06-04 20:26:13 +00:00
Pawel Jakub Dawidek
49ddabdfce Change '#if INET' and '#if INET6' to '#ifdef INET' and '#ifdef INET6'.
This unbreaks compiling a kernel with FAST_IPSEC and no INET6.
2006-06-04 19:32:32 +00:00
Pav Lucistnik
1572020a71 - Fix markup
PR:		docs/98471
Submitted by:	Tsurutani Naoki <turutani@scphys.kyoto-u.ac.jp>
MFC after:	1 day
2006-06-04 15:39:19 +00:00
Pawel Jakub Dawidek
f8e422e5f8 Use newly added defines instead of magic values. 2006-06-04 15:11:59 +00:00
Pawel Jakub Dawidek
d905998c95 Move COPYDATA() and COPYBACK() macros to cryptodev.h, they will be used
in padlock(4) as well.
2006-06-04 15:10:12 +00:00
Pawel Jakub Dawidek
1dc8d404ae Use defines from cryptodev.h. 2006-06-04 15:00:52 +00:00
Pawel Jakub Dawidek
082a4bab02 - Remove HMAC_BLOCK_LEN, it serves no purpose.
- Use defines of used algorithm instead of HMAC_BLOCK_LEN.
2006-06-04 14:49:34 +00:00
Ian Dowse
a48ddf5b85 Add a sleep lock that protects access to sequences of blocking
axe_cmd() calls. Without this the device can get confused if multiple
threads attempt these operations concurrently. The problem was
easily reproducible by running "ifconfig axe0" in a loop because
eventually it would conflict with axe_tick_task().

A similar approach is probably required in all USB ethernet drivers.
2006-06-04 14:42:38 +00:00
Pawel Jakub Dawidek
eec31f224d - Use define of an algorithm with the biggest block length to describe
EALG_MAX_BLOCK_LEN instead of hardcoded value.
- Kill an unused define.
2006-06-04 14:36:42 +00:00
Pawel Jakub Dawidek
bc58b0ec67 Rename HMAC_BLOCK_MAXLEN to HMAC_MAX_BLOCK_LEN to be consistent with
EALG_MAX_BLOCK_LEN.
2006-06-04 14:29:42 +00:00
Pawel Jakub Dawidek
0bbc4bf97d Rename AALG_MAX_RESULT_LEN to HASH_MAX_LEN to look more constent with
other defines.
2006-06-04 14:25:16 +00:00
Pawel Jakub Dawidek
9ea7e4210f - Add defines with hash length for each hash algorithm.
- Add defines with block length for each HMAC algorithm.
- Add AES_BLOCK_LEN define which is an alias for RIJNDAEL128_BLOCK_LEN.
- Add NULL_BLOCK_LEN define.
2006-06-04 14:20:47 +00:00
Pawel Jakub Dawidek
9a2f606177 Add support for the CRD_F_KEY_EXPLICIT flag for both encryption and
authentication operations.

Unfortunately I've no hardware, so I only compiled-tested it.
2006-06-04 14:14:35 +00:00
Pawel Jakub Dawidek
7028164944 Add support for the CRD_F_KEY_EXPLICIT flag for both encryption and
authentication operations.
2006-06-04 14:13:17 +00:00
Pawel Jakub Dawidek
3a5e30eaaf Don't forget to destroy the sc_freeqlock mutex on detach. 2006-06-04 13:45:04 +00:00
Pawel Jakub Dawidek
38d2f8d63c Kill an unused argument. 2006-06-04 12:15:59 +00:00
Robert Watson
f2de87fec4 Push acquisition of pcbinfo lock out of tcp_usr_attach() into
tcp_attach() after the call to soreserve(), as it doesn't require
the global lock.  Rearrange inpcb locking here also.

MFC after:	1 month
2006-06-04 09:31:34 +00:00
Nate Lawson
c73930f3d6 Clean up many of the debugging messages and move them under bootverbose.
Move the code for printing timer statistics into a test function instead of
an ifdef (accessible via the debug.acpi.hpet_test tunable).  Also use defines
for register offsets instead of magic values.

Courtesy of:	slow flight to HK
2006-06-04 08:04:19 +00:00
George V. Neville-Neil
79bc655b50 Extend the notdef #ifdef to cover the packet copy as there is no point in doing that if we're not doing the rest of the work.
Submitted by:	thompsa
MFC after: 1 week
2006-06-04 03:11:09 +00:00
Pawel Jakub Dawidek
3b72821f02 Document more bits.
Reviewed by:	brd
2006-06-03 23:39:13 +00:00
Kris Kennaway
a7bebf901d Note that KTR_ENTRIES must be a power of two.
MFC after:	1 week
2006-06-03 23:30:16 +00:00
Kris Kennaway
f2baa2113b Strengthen wording; the KTR_ENTRIES value *must* be a power of two since
the code depends on this.

MFC after:	1 week
2006-06-03 23:20:45 +00:00
Craig Rodrigues
71ac2d7c7c Check the sectorsize of the underlying disk before trying to
bread() the UFS superblock.  Should eliminate crashes when trying
to do: mount -t ufs on an audio CD.

PR:		kern/85893
Reported by:	Russell Francis <rfrancis at ev dot net>
MFC after:	1 week
2006-06-03 21:20:37 +00:00
John Baldwin
49b94bfc54 Bah, fix fat finger in last. Invert the ~ on MTX_FLAGMASK as it's
non-intuitive for the ~ to be built into the mask.  All the users now
explicitly ~ the mask.  In addition, add MTX_UNOWNED to the mask even
though it technically isn't a flag.  This should unbreak mtx_owner().

Quickly spotted by:	kris
2006-06-03 21:11:33 +00:00
Warner Losh
f99cc4ad59 We don't have a ISA specific shutdown routine at this time, so remove
it.  We just moved it to be pci specific, so this was causing compile
problems (linking problems, so I didn't notice since I unwisely just
built the module).
2006-06-03 21:10:50 +00:00
Warner Losh
5a535f681f Since we turn off the interrupts, we don't need to disestablish
our ISR.
2006-06-03 21:05:36 +00:00
John Baldwin
3ce3f44293 In the case of reentering the debugger due to an attempt to perform a
context switch while in the debugger, reenter the debugger sooner before
performing any statistics updates.
2006-06-03 20:49:44 +00:00
John Baldwin
315ce35f7b Simplify mtx_owner() so it only reads m->mtx_lock once. 2006-06-03 20:45:00 +00:00