summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Allow MAC policy modules to control access to audit configuration systemrwatson2007-04-2111-8/+447
| | | | | | | | | | | | | | | | calls. Add MAC Framework entry points and MAC policy entry points for audit(), auditctl(), auditon(), setaudit(), aud setauid(). MAC Framework entry points are only added for audit system calls where additional argument context may be useful for policy decision-making; other audit system calls without arguments may be controlled via the priv(9) entry points. Update various policy modules to implement audit-related checks, and in some cases, other missing system-related checks. Obtained from: TrustedBSD Project Sponsored by: SPARTA, Inc.
* Teach netinet6 to use PRIV_NETINET_REUSEPORT.rwatson2007-04-211-4/+2
|
* Attempt to rationalize NFS privileges:rwatson2007-04-213-13/+12
| | | | | | | | | | | - Replace PRIV_NFSD with PRIV_NFS_DAEMON, add PRIV_NFS_LOCKD. - Use PRIV_NFS_DAEMON in the NFS server. - In the NFS client, move the privilege check from nfslockdans(), which occurs every time a write is performed on /dev/nfslock, and instead do it in nfslock_open() just once. This allows us to avoid checking the saved uid for root, and just use the effective on open. Use PRIV_NFS_LOCKD.
* Modify TLB invalidation handling.ups2007-04-212-60/+149
| | | | | Reviewed by: alc@, peter@ MFC after: 1 week
* Improve sharenfs option handling, so it is possible to give hosts list.pjd2007-04-212-16/+50
| | | | | | | | | | | | | | | | Before the change the command above: # zfs set sharenfs=freefall.freebsd.org,69.147.83.54 tank/foo was translated to: /tank/foo -freefall.freebsd.org -69.147.83.54 instead of: /tank/foo freefall.freebsd.org 69.147.83.54 This commit corrects this.
* Correct a sanity check.jkoshy2007-04-211-1/+1
|
* MFp4:pjd2007-04-2118-132/+112
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | @118370 Correct typo. @118371 Integrate changes from vendor. @118491 Show backtrace on unexpected code paths. @118494 Integrate changes from vendor. @118504 Fix sendfile(2). I had two ways of fixing it: 1. Fixing sendfile(2) itself to use VOP_GETPAGES() instead of hacking around with vn_rdwr(UIO_NOCOPY), which was suggested by ups. 2. Modify ZFS behaviour to handle this special case. Although 1 is more correct, I've choosen 2, because hack from 1 have a side-effect of beeing faster - it reads ahead MAXBSIZE bytes instead of reading page by page. This is not easy to implement with VOP_GETPAGES(), at least not for me in this very moment. Reported by: Andrey V. Elsukov <bu7cher@yandex.ru> @118525 Reorganize the code to reduce diff. @118526 This code path is expected. It is simply when file is opened with O_FSYNC flag. Reported by: kris Reported by: Michal Suszko <dry@dry.pl>
* Regression tests for recent changes to inet6_rth_* family of functionsmtm2007-04-214-0/+556
| | | | regarding RFC3542 compliance.
* Update release notes:hrs2007-04-211-2/+7
| | | | | | | - hw.pci.do_powerstate split into hw.pci.do_power_nodriver and hw.pci.do_power_resume. Pointed out by: pluknet at gmail.com
* Add a missing link: if_edsc.4 -> edsc.4 .yar2007-04-211-0/+1
| | | | Network interface manpages should have such links.
* Don't forget to bump document date after changing the content.yar2007-04-211-1/+1
|
* Change the semantics of -i (in-place editing) so that it treatsyar2007-04-215-12/+118
| | | | | | | | | | | | | | | | | each file independently from other files. The new semantics are desired in the most of practical cases, e.g.: delete lines 5-9 from each file. Keep the previous semantics of -i under a new option, -I, which uses a single continuous address space covering all files to edit in-place -- they are too cool to just drop them. Add regression tests for -i and -I. Approved by: dds Compared with: GNU sed Discussed on: -hackers MFC after: 2 weeks
* Add support for specifying a minimal size for vm.kmem_size in the loader viasepotvin2007-04-216-5/+22
| | | | | | | | vm.kmem_size_min. Useful when using ZFS to make sure that vm.kmem size will be at least 256mb (for example) without forcing a particular value via vm.kmem_size. Approved by: njl (mentor) Reviewed by: alc
* Bah, sorting alphabetically is hard.brueffer2007-04-211-1/+1
|
* Add markus.brueffer2007-04-212-0/+5
|
* Remove useless FILES section.brueffer2007-04-211-7/+0
| | | | MFC after: 3 days
* Spring cleaning: Remove worm(4) manpage, the driver was removed pre-3.0.brueffer2007-04-203-111/+2
|
* Don't reinvent vm_page_grab().pjd2007-04-201-23/+3
| | | | Reviewed by: ups
* Test sending 0 bytes.pjd2007-04-201-0/+6
|
* Fix length calculation.pjd2007-04-201-1/+1
|
* New release notes:brueffer2007-04-201-10/+31
| | | | | | | | | | | | | | | - IPLware 3.33 support for pc98 - CAM MPSAFE - ahc(4) and ahd(4) MPSAFE - pseudofs(9) and consumers MPSAFE - OpenBSM 1.0 alpha 14 - lastcomm -X flag - ftpd(8) RFC2389 and RFC2640 support Modified release notes: - ncurses was updated from version 5.2-20020615 While here, moved the lagg(4) and XFS entries to the correct places.
* Xref linsysfs(5).brueffer2007-04-201-1/+2
| | | | MFC after: 3 days
* Fix a memory leak in the uname/gname lookup cache.kientzle2007-04-201-11/+11
| | | | Thanks to: VMiklos
* o Remove unncessary TOF_SIGLEN flag from struct tcpoptandre2007-04-203-8/+9
| | | | | o Correctly set to->to_signature in tcp_dooptions() o Update comments
* Add more KASSERT's.andre2007-04-202-0/+8
|
* o Remove unused and redundant TCP option definitionsandre2007-04-203-15/+6
| | | | | o Replace usage of MAX_TCPOPTLEN with the correctly constructed and derived MAX_TCPOPTLEN
* Remove bogus check for accept queue length and associated failure handlingandre2007-04-204-35/+23
| | | | | | | | | | | | | | from the incoming SYN handling section of tcp_input(). Enforcement of the accept queue limits is done by sonewconn() after the 3WHS is completed. It is not necessary to have an earlier check before a connection request enters the SYN cache awaiting the full handshake. It rather limits the effectiveness of the syncache by preventing legit and illegit connections from entering it and having them shaken out before we hit the real limit which may have vanished by then. Change return value of syncache_add() to void. No status communication is required.
* Simplifly syncache_expand() and clarify its semantics. Zero is returnedandre2007-04-203-33/+20
| | | | | | | | | | | | | | | when the ACK is invalid and doesn't belong to any registered connection, either in syncache or through SYN cookies. True but a NULL struct socket is returned when the 3WHS completed but the socket could not be created due to insufficient resources or limits reached. For both cases an RST is sent back in tcp_input(). A logic error leading to a panic is fixed where syncache_expand() would free the mbuf on socket allocation failure but tcp_input() later supplies it to tcp_dropwithreset() to issue a RST to the peer. Reported by: kris (the panic)
* Only update TCP timestamp on SYN duplication if it is present onandre2007-04-201-1/+3
| | | | current SYN in syncache_add(). Otherwise disable timestamps.
* o Plug memory leak in syncache_add() on MAC label allocation failure.andre2007-04-201-18/+12
| | | | | | o Simplify code flow with 'done' goto label. o Remove mbuf argument from syncache_respond(). It doesn't make use of it.
* Remove references to S/Key and list OPIE.trhodes2007-04-201-8/+7
|
* Added m_tag_copy_chain() call to copy original outgoing packet tags to all ofmav2007-04-201-0/+1
| | | | | | | it's fragments. Reviewed by: archie Approved by: glebius (mentor)
* Optimized packet distribution plan for the equal links case. Do notmav2007-04-201-13/+20
| | | | | | | | split packet on fragments smaller then MP_MIN_FRAG_LEN to reduce total overhead. Reviewed by: archie Approved by: glebius (mentor)
* - Changed sequence numbers processing to avoid incorrect timeout waitingmav2007-04-201-66/+65
| | | | | | | | | | | | when one of links is inactive and have stale sequence number. To avoid this sequence numbers of all links are getting updated on every successful packet reassembling. - ng_ppp_bump_mseq function created to simplify code. - ng_ppp_frag_drop function separated from ng_ppp_frag_process to simplify code. Reviewed by: archie Approved by: glebius (mentor)
* - Fixed mistakes in latency and xmitBytes calculation mathmav2007-04-201-6/+22
| | | | | | | | | | | | which lead to ineffective multilink packet distribution plans. - Changed bytesInQueue calculation math to have more precise information about links utilization. - Taken rough account of the link overhead. Better way to do it could be to get exact overhead from user-level, but I have not done it to keep binary compatibility. Reviewed by: archie Approved by: glebius (mentor)
* NanoBSD modifications:adrian2007-04-202-1/+21
| | | | | | | | | | | | * Break out the boot0 loader selection into a variable - NANO_BOOTLOADER - so people like me with VGA consoles can override the default (which is to use boot0sio) * Put the boot0 configuration options in NANO_BOOT0CFG in case you want to override the defaults. * Modify nanobsd.8 to reflect the changes and hint the console default is serial. MFC after: 2 weeks
* Improve logging when -dm is specified: if the node is consideredfjoe2007-04-203-8/+7
| | | | | out-of-date print not only "modified before source" message but also the path of youngest source.
* When remaking makefiles check that mtime has actually changed.fjoe2007-04-201-3/+14
| | | | | | | | | | | | | | | | | This fixes infinite restart in the following case: Makefile: foo foo: bar do-something Unlike GNU make, BSD make considers "Makefile" node as remade even if "foo" is up-to-date and was not actually rebuilt. GNU make does not consider nodes without commands as remade if child nodes were not actually rebuilt. Most probably, more proper fix would be to bring BSD make behaviour in-line with GNU make but this would be more intrusive change.
* Schedule the ithread on the same cpu as the interruptkmacy2007-04-201-2/+1
| | | | | Tested by: kmacy Submitted by: jeffr
* Free cluster if we fail to create the dmamap.kmacy2007-04-201-3/+1
| | | | | Fixes CID 1829 Found by: Coverity
* Include a note in the sendmail 8.14.1 release note regarding the libmiltergshapiro2007-04-201-1/+3
| | | | | | update. Requested by: re (bmah)
* Eliminate CID 1842 by comparing against (type != EXT_MBUF) => refcnt != NULLkmacy2007-04-201-1/+2
|
* Fix memory leak in m_collapse (CID 1843)kmacy2007-04-201-4/+7
| | | | | Found by: Coverity Submitted by: jhb
* Add ofw bus methods to the ppc nexus driver. This will be used in futuregrehan2007-04-202-0/+112
| | | | | | | EFIKA platform support. PR: 111522 Submitted by: Andrew Turner, andrew at fubar geek nz
* In some cases, like whenever devfs file times are zero, the fix(aa) will nottrhodes2007-04-201-1/+1
| | | | | | | | | | | | be applied to dev entries. This leaves us with file times like "Jan 1 1970." Work around this problem by replacing the tv_sec == 0 check with a <= 3600 check. It's doubtful anyone will be booting within an hour of the Epoch, let alone care about a few seconds worth of nonzero timestamps. It's a hackish work around, but it does work and I have not experienced any negatives in my testing. Discussed with: bde "Ok with me: phk
* Unbreak module / driver attach breakage. Both snd_envy24 and snd_envy24htariff2007-04-202-2/+2
| | | | mistakenly rely on wrong snd_spicds version.
* Retire the spl() markers. Add in some minor missed locking as a result.scottl2007-04-192-193/+31
|
* Inline cam_periph_lock|unlock to make debugging easier. Use morescottl2007-04-193-30/+21
| | | | CAM_SIM_LOCK() more uniformly.
* Fix a leaked lock in dashutdown.scottl2007-04-191-1/+3
|
* Up until now, the free SCB pool received only a small initial allocation,scottl2007-04-195-18/+24
| | | | | | | | | | | | and new SCBs were allocated on demand later if needed. This has two problems. First, allocating SCBs involves allocating contiguous memory, and if memory is exhausted then the VM will try to page out to satisfy the request, leading to recursion and deadlock. The second problem is that it can cause lock order reversals due to parts of the VM still being under Giant. Fix the problem be allocating the full pool at driver attach, when it is safe to do so.
OpenPOWER on IntegriCloud