1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-30 12:04:07 +00:00
Commit Graph

174749 Commits

Author SHA1 Message Date
Eitan Adler
8c039ae154 The getline function returns the number of characters read, not
written. Use clearer text for this.

PR:		docs/174023
Submitted by:	Paul Procacci <pprocacci@gmail.com>
Approved by:	bcr (mentor)
MFC after:	1 week
2012-12-01 15:25:41 +00:00
Robert Watson
16648b4fff Merge a number of changes required to hook up OpenBSM 1.2-alpha2's
auditdistd (distributed audit daemon) to the build:

- Manual cross references
- Makefile for auditdistd
- rc.d script, rc.conf entrie
- New group and user for auditdistd; associated aliases, etc.

The audit trail distribution daemon provides reliable,
cryptographically protected (and sandboxed) delivery of audit tails
from live clients to audit server hosts in order to both allow
centralised analysis, and improve resilience in the event of client
compromises: clients are not permitted to change trail contents
after submission.

Submitted by:	pjd
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 15:11:46 +00:00
Robert Watson
d0c2e5bd23 Merge OpenBSM 1.2-alpha2 changes from contrib/openbsm to
src/sys/{bsm,security/audit}.  There are a few tweaks to help with the
FreeBSD build environment that will be merged back to OpenBSM.  No
significant functional changes appear on the kernel side.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 13:46:37 +00:00
Robert Watson
aa77200569 Merge OpenBSM 1.2-alpha2 from vendor branch to FreeBSD 10-CURRENT; the
primary new feature is auditdistd.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 11:58:08 +00:00
Pawel Jakub Dawidek
8909f88d28 Fix one more compilation issue. 2012-12-01 08:59:36 +00:00
Pawel Jakub Dawidek
ceaea52f0c IFp4 @219811:
VFS is now fully MPSAFE, fix compilation.
2012-12-01 08:51:40 +00:00
Adrian Chadd
e5d63a99bc Add a new HAL capability - check and enforce whether the NIC supports
enforcing the TXOP and TBTT limits:

* Frames which will overlap with TBTT will not TX;
* Frames which will exceed TXOP will be filtered.

This is not enabled by default; it's intended to be enabled by the
TDMA code on 802.11n capable chipsets.
2012-12-01 03:48:11 +00:00
Jack F Vogel
39aa926bb3 Patch #12 OK, I said there was only 11 patches, but unfortunately
the revamped sysctl code did not work, and needed a change. This
makes the limit get set at the time that all sysctl stats are
created and is actually more elegant imho anyway.
2012-12-01 01:24:40 +00:00
Jung-uk Kim
7609e73ca0 Remove duplicate code. Reduce diff between amd64 and i386. 2012-12-01 00:56:19 +00:00
Jack F Vogel
5a5d90a268 Patch #11 - The final patch: this one greatly improves the
TX hot path by getting rid of index calculations and simply
managing pointers. Much of the creative code is due to my
coworker here at Intel, Alex Duyck, thanks Alex!

Also, this whole series of patches was given the critical
eye of Gleb Smirnoff and is all the better for it, thanks
Gleb!
2012-12-01 00:11:24 +00:00
Jack F Vogel
d777904f05 Patch #10 Performance - this changes the protocol offload
interface and code in the TX path,making it tighter and
hopefully more efficient.
2012-12-01 00:03:58 +00:00
Robert Watson
399d3f65db Merge a number of post-1.2-alpha2 changes to OpenBSM into the OpenBSM
vendor area; these sort out various post-release issues, largely to do
with integrating OpenBSM with the base FreeBSD build.  All of these
changes will appear in a future 1.2-alpha3:

Change 219846 on 2012/11/26 by rwatson@rwatson_cinnamon

        Update several instances of Apple Computer to Apple; a change made
        in the FreeBSD tree some years ago but not propagated to OpenBSM.

Change 219845 on 2012/11/26 by rwatson@rwatson_cinnamon

        Remove Apple acknowledgement clause from file with Christian
        Peron copyright (with permission from Christian).

Change 219836 on 2012/11/23 by rwatson@rwatson_cinnamon

        Replace further instances of <> with "" for local includes in
        auditdistd.

Change 219834 on 2012/11/23 by rwatson@rwatson_cinnamon

        For current-directory headers, use #include "" rather than #include
        <>.

Change 219832 on 2012/11/23 by rwatson@rwatson_cinnamon

        Be more consistent with the remainder of OpenBSM and include
        config/config.h rather than config.h.

        Don't include config.h from synch.h, which is included only from
        .c files that already include config.h.

Change 219831 on 2012/11/23 by pjd@pjd_anger

        Add Xref to auditdistd(8).

        Suggested by:   rwatson

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-12-01 00:02:31 +00:00
Jack F Vogel
df51baf38f Patch #9 Performance - improve the tx dma failure
path, similar to a change done in igb long ago.
2012-11-30 23:54:57 +00:00
Jilles Tjoelker
5ba651f004 libc: Allow setting close-on-exec in fopen/freopen/fdopen.
This commit adds a new mode option 'e' that must follow any 'b', '+' and/or
'x' options. C11 is clear about the 'x' needing to follow 'b' and/or '+' and
that is what we implement; therefore, require a strict position for 'e' as
well.

For freopen() with a non-NULL path argument and fopen(), the close-on-exec
flag is set iff the 'e' mode option is specified. For freopen() with a NULL
path argument and fdopen(), the close-on-exec flag is turned on if the 'e'
mode option is specified and remains unchanged otherwise.

Although the same behaviour for fopen() can be obtained by open(O_CLOEXEC)
and fdopen(), this needlessly complicates the calling code.

Apart from the ordering requirement, the new option matches glibc.

PR:		kern/169320
2012-11-30 23:51:33 +00:00
Robert Watson
c5119f5dec Import OpenBSM 1.2-alpha2:
OpenBSM 1.2 alpha 2

- auditdistd, a distributed audit trail management daemon, has now been
  merged.  This allows trail files to be securely and reliably synced from
  audited hosts to an audit server, and employs TLS encryption.  Where
  available, it uses Capsicum to sandbox the service.  This work was
  contributed by Pawel Jakub Dawidek under sponsorship from the FreeBSD
  Foundation.

OpenBSM 1.2 alpha 1

- Add Capsicum-related error numbers for FreeBSD: ENOTCAPABLE, ECAPMODE.
- Add Capsicum, process descriptor audit events for FreeBSD.
- Allow 0% minspace.
- Fixes from the clang static analyser.
- Fix expiration of trail files when the host parameter is used.
- Various typo fixes.
- Support for Solaris privilege and privilege set tokens.
- Documentation for getachost(), improvements for getacfilesz().
- Fix a directory descriptor leak that happened when audit trail partitions
  filled.
- Support for more Linux distributions with a partial contemporary endian.h.
- Improved escaping of XML-encapsulated BSM.
- A variety of minor documentation, style, and functional.

Obtained from:	TrustedBSD Project
Sponsored by:	The FreeBSD Foundation (auditdistd)
2012-11-30 23:50:07 +00:00
Jack F Vogel
47dd71a877 Patch #8 Performance changes - this one improves locality,
moving some counters and data to the ring struct from
the adapter struct, also compressing some data in the
move.
2012-11-30 23:45:55 +00:00
Jack F Vogel
27329b1a91 Patch #7 This is primarily about processing limit control.
- add a limit for both RX and TX, change the default to 256
- change the sysctl usage to be common, and now to be called
during init for each ring.
- the TX limit is not yet used, but the changes in the last
patch in this series uses the value.
- the motivation behind these changes is to improve data
locality in the final code.
- rxeof interface changes since it now gets limit from the
ring struct
2012-11-30 23:28:01 +00:00
Pawel Jakub Dawidek
80a044ea46 IFp4 @208452:
Audit handling for missing events:
- AUE_READLINKAT
- AUE_FACCESSAT
- AUE_MKDIRAT
- AUE_MKFIFOAT
- AUE_MKNODAT
- AUE_SYMLINKAT

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 23:21:55 +00:00
Pawel Jakub Dawidek
499f0f4d55 IFp4 @208451:
Fix path handling for *at() syscalls.

Before the change directory descriptor was totally ignored,
so the relative path argument was appended to current working
directory path and not to the path provided by descriptor, thus
wrong paths were stored in audit logs.

Now that we use directory descriptor in vfs_lookup, move
AUDIT_ARG_UPATH1() and AUDIT_ARG_UPATH2() calls to the place where
we hold file descriptors table lock, so we are sure paths will
be resolved according to the same directory in audit record and
in actual operation.

Sponsored by:	FreeBSD Foundation (auditdistd)
Reviewed by:	rwatson
MFC after:	2 weeks
2012-11-30 23:18:49 +00:00
Jack F Vogel
01816c875d Patch #6 Whitespace cleanup, and removal of some very old
defines (at Gleb's request). Also, change the defines around
the old transmit code to IXGBE_LEGACY_TX, I do this to make
it possible to define this regardless of the OS level (it is
not defined by default). There are also a couple changed
comments for clarity.
2012-11-30 23:13:56 +00:00
Jack F Vogel
0c2f38e43b Patch #5 Cleanup unused IEEE1588 code fragments, the day may
come when this feature gets implemented, but its not here yet
and I see no reason to leave this laying around.
2012-11-30 23:06:27 +00:00
Pawel Jakub Dawidek
1d8cd15cf8 IFp4 @208383:
Currently when we discover that trail file is greater than configured
limit we send AUDIT_TRIGGER_ROTATE_KERNEL trigger to the auditd daemon
once. If for some reason auditd didn't rotate trail file it will never
be rotated.

Change it by sending the trigger when trail file size grows by the
configured limit. For example if the limit is 1MB, we will send trigger
on 1MB, 2MB, 3MB, etc.

This is also needed for the auditd change that will be committed soon
where auditd may ignore the trigger - it might be ignored if kernel
requests the trail file to be rotated too quickly (often than once a second)
which would result in overwriting previous trail file.

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 23:03:51 +00:00
Pawel Jakub Dawidek
6293140411 IFp4 @208382:
Currently on each record write we call VFS_STATFS() to get available space
on the file system as well as VOP_GETATTR() to get trail file size.

We can assume that trail file is only updated by the audit worker, so instead
of asking for file size on every write, get file size on trail switch only
(it should be zero, but it's not expensive) and use global variable audit_size
protected by the audit worker lock to keep track of trail file's size.

This eliminates VOP_GETATTR() call for every write. VFS_STATFS() is satisfied
from in-memory data (mount->mnt_stat), so shouldn't be expensive.

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 22:59:20 +00:00
Jack F Vogel
6d3e416bc4 Patch #4 - this does two things, it removes a number of statistics,
these are FCOE stats (fiber channel over ethernet), something that
FreeBSD does not yet have, they were mistaken for flow control by
the implementor I believe. Secondly, the real flow control stats
are oddly named with a 'link' tag on the front, it was requested
by my validation engineer to make these stats have the same name as
the igb driver for clarity and that seemed reasonable to me.
2012-11-30 22:54:14 +00:00
Pawel Jakub Dawidek
9658c0582e IFp4 @208381:
For VOP_GETATTR() we just need vnode to be shared-locked.

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 22:52:35 +00:00
Pawel Jakub Dawidek
e1216d1335 IFp4 @208450:
Remove redundant call to AUDIT_ARG_UPATH1().
Path will be remembered by the following NDINIT(AUDITVNODE1) call.

Sponsored by:	FreeBSD Foundation (auditdistd)
MFC after:	2 weeks
2012-11-30 22:49:28 +00:00
Jack F Vogel
6a59dfbb86 Patch #3 - Add a new ioctl to access SFP+ module diagnostic
data via the I2C routines in shared code.
2012-11-30 22:41:32 +00:00
Jack F Vogel
35bbbdaa3b Patch #2 - remove OACTIVE and DEPLETED notions from the
multiqueue code, this functionality has proven to be more
trouble than it was worth. Thanks to Gleb for a second
critical look over my code and help in the patches!
2012-11-30 22:33:21 +00:00
Pawel Jakub Dawidek
c71baf2689 Allow OpenSSL to use arc4random(3) on FreeBSD. arc4random(3) was modified
some time ago to use sysctl instead of /dev/random to get random data,
so is now much better choice, especially for sandboxed processes that have
no direct access to /dev/random.

Approved by:	benl
MFC after:	2 weeks
2012-11-30 22:23:23 +00:00
Jack F Vogel
7d1157eec8 First of a series of 11 patches leading to new ixgbe version 2.5.0
This removes the header split and supporting code from the driver.
2012-11-30 22:19:18 +00:00
Simon J. Gerraty
ddcc951f59 The build-tools step during build32 also needs the -legacy magic.
Approved by:	marcel (mentor)
2012-11-30 20:50:34 +00:00
Jung-uk Kim
8c2b353ead Use volatile keywords properly. 2012-11-30 20:15:01 +00:00
Alexander V. Chernikov
c187c1fbf8 Use common macros for working with rule/dynamic counters.
This is done as preparation to introduce per-cpu ipfw counters.

MFC after:	3 weeks
2012-11-30 19:36:55 +00:00
Alexander V. Chernikov
2e089d5c04 Make ipfw dynamic states operations SMP-ready.
* Global IPFW_DYN_LOCK() is changed to per-bucket mutex.
* State expiration is done in ipfw_tick every second.
* No expiration is done on forwarding path.
* hash table resize is done automatically and does not flush all states.
* Dynamic UMA zone is now allocated per each VNET
* State limiting is now done via UMA(9) api.

Discussed with:	ipfw
MFC after:	3 weeks
Sponsored by:	Yandex LLC
2012-11-30 16:33:22 +00:00
Oleksandr Tymoshenko
0f9eb6b09c - Enable syscons/framebuffer by default
- Enable NFS client by default. Might be useful for building ports
2012-11-30 04:56:39 +00:00
Neel Natu
8e2c4dfdb2 Teach userboot to boot from ISO image files.
Reviewed by:	ae@, dfr@
Obtained from:	NetApp
2012-11-30 04:44:32 +00:00
Oleksandr Tymoshenko
4f6c4eb93a Add vchiq node 2012-11-30 03:16:45 +00:00
Oleksandr Tymoshenko
ee9b837148 - Implement "fdt mres" sub-command that prints reserved memory regions
- Add "fdt addr" subcommand that lets you specify preloaded blob address
- Do not pre-initialize blob for "fdt addr"
- Do not try to load dtb every time fdt subcommand is issued,
    do it only once
- Change the way DTB is passed to kernel. With introduction of "fdt addr"
    actual blob address can be not virtual but physical or reside in
    area higher then 64Mb. ubldr should create copy of it in kernel area
    and pass pointer to this newly allocated buffer which is guaranteed to work
    in kernel after switching on MMU.
- Convert memreserv FDT info to "memreserv" property of root node
    FDT uses /memreserve/ data to notify OS about reserved memory areas.
    Technically it's not real property, it's just data blob, sequence
    of <start, size> pairs where both start and size are 64-bit integers.
    It doesn't fit nicely with OF API we use in kernel, so in order to unify
    thing ubldr converts this data to "memreserve" property using the same
    format for addresses and sizes as /memory node.
2012-11-30 03:15:50 +00:00
Adrian Chadd
6ef131b446 Include opt_wlan.h so the net80211 RX debug API compiles correctly. 2012-11-30 03:14:11 +00:00
Oleksandr Tymoshenko
c5a5698ccd Get reserved memory regions and exclude them from available memory map 2012-11-30 03:11:03 +00:00
Oleksandr Tymoshenko
1d1ffd9efb Add fdt_get_reserved_regions function. API is simmilar to fdt_get_mem_regions
It returns memory regions restricted from being used by kernel. These
regions are dfined in "memreserve" property of root node in the same
format as "reg" property of /memory node
2012-11-30 03:08:49 +00:00
Oleksandr Tymoshenko
33aad34de6 - Get proper maximum clock frequency for SDHCI v3.0 and higher 2012-11-30 02:35:13 +00:00
Oleksandr Tymoshenko
3b37b3c221 Get frequency from "clock-frequency" property of "/axi/sdhci" FDT node 2012-11-30 02:32:37 +00:00
Oleksandr Tymoshenko
41dd52751d Fix RGB565 case 2012-11-30 02:31:08 +00:00
Pyun YongHyeon
fe26ad88e3 Add preliminary support for BCM57766 ASIC.
While I'm here add BCM57762 device id which is found on Apple
Thunderbolt ethernet.

Tested by:	Richard Kuhns < rjk <> wintek dot com >
2012-11-30 01:38:00 +00:00
Jung-uk Kim
231ac244f8 Tidy up inline assembly. No functional change. 2012-11-30 00:59:37 +00:00
Navdeep Parhar
d588c1f9ba cxgbe/tom: Handle the case where the chip falls out of DDP mode by
itself.  The hole in the receive sequence space corresponds to the
number of bytes placed directly up to that point.

MFC after:	1 week
2012-11-29 19:39:27 +00:00
Navdeep Parhar
000da5202e cxgbe/tom: Add a flag to indicate that the L2 table entry for an
embryonic connection has been setup and never attempt to abort a tid
before this is done.  This fixes a bad race where a listening socket is
closed when the driver is in the middle of step (b) here.  The symptom
of this were "ARP miss" errors from the driver followed by tid leaks.

A hardware-offloaded passive open works this way:

a) A SYN "hits" the TCAM entry for a server tid and the chip delivers it
to the queue associated with the server tid (say, queue A).  It waits
for a response from the driver telling it what to do.

b) The driver decides it is ok to proceed.  It adds the new tid to the
list of embryonic connections associated with the server tid and then
hands off the SYN to the kernel's syncache to make sure that the kernel
okays it too.  If it does then the driver provides an L2 table entry,
queue id (say, queue B), etc. and instructs the chip to send the SYN/ACK
response.

c) The chip delivers a status to queue B depending on how the third step
of the 3-way handshake goes.  The driver removes the tid from its list
of embryonic connections and either expands the syncache entry or
destroys the tid.  In any case all subsequent messages for the new tid
will be delivered to queue B, not queue A.  Anything running in queue B
knows that the L2 entry has long been setup and the new flag is of no
interest from here on.  If the listener is closed it will deal with
so_comp as normal.

MFC after:	1 week
2012-11-29 19:10:04 +00:00
David Chisnall
fb6c5de628 Merge new libc++ into head. 2012-11-29 13:35:44 +00:00
David Chisnall
fbd326037f Import new libc++. This contains some fixes for code compiled in c++98 / c++03
mode.
2012-11-29 13:28:56 +00:00