summaryrefslogtreecommitdiffstats
path: root/sys
Commit message (Collapse)AuthorAgeFilesLines
* MFp4 (114068):netchild2007-02-2326-43/+70
| | | | | | | | | | Use bus_get_dma_tag() to obtain the parent DMA tag to make the drivers a little bit more non-ia32/amd64 friendly. There is no man page for bus_get_dma_tag, so this is modelled after rev. 1.62 of src/sys/dev/sound/pci/es137x.c by marius. Inspired by: commit by marius
* o break newbus api: add a new argument of type driver_filter_t topiso2007-02-23255-575/+781
| | | | | | | | | | | | | bus_setup_intr() o add an int return code to all fast handlers o retire INTR_FAST/IH_FAST For more info: http://docs.freebsd.org/cgi/getmsg.cgi?fetch=465712+0+current/freebsd-current Reviewed by: many Approved by: re@
* Remove many unneeded includes, update copyright.rwatson2007-02-231-29/+2
|
* Remove empty entry point functions (init, destroy, syscall) fromrwatson2007-02-232-32/+0
| | | | policies that don't need them.
* mac_none sample policy has nothing to enforce, so remove sysctls.rwatson2007-02-231-9/+0
| | | | mac_stub acts as a template policy and holds sample sysctls.
* Use the new xpt_rescan function to truly now have dynamicmjacob2007-02-233-13/+76
| | | | | | | | | | attachment of new devices that arrive (and we notice them via async Fibre Channel events). We've always had the right thing (of sorts) happen when devices go away- this is the corollary function that makes multipath failover actually work. MFC after: 2 weeks
* Add an xpt_rescan function and a thread that will fieldmjacob2007-02-232-4/+50
| | | | | | | | | | | | | | rescan requests. The purpose of this is to allow a SIM (or other entities) to request a bus rescan and have it then fielded in a different (process) context from the caller. There are probably better ways to accomplish this, but it's a very small change that helps solve a number of problems. Reviewed by: Justin, Ken and Scott. MFC after: 2 weeks
* There is a problem in setting/getting 'options'- if we check thingsmjacob2007-02-231-111/+133
| | | | | | | | | | | early, we haven't set board type, so we can't correctly check for some options. Fix this by splitting option setting/getting into generic, pci and then later board specific, option setting/getting. This was noticed when setting 'iid' (or 'hard loop id') didn't work all of a sudden. Noticed by: Mike Drangula (thanks!) via Jung-uk Kim (thanks!)
* Be a bit more restrictive about printing out 'bad' pdb entriesmjacob2007-02-231-9/+11
| | | | | during loop rescans. They're not bad so much as unstable, so don't print this stuff out unless ISP_LOGSANCFG is set.
* Use LIST_EMPTY() instead of unrolled version (LIST_FIRST() [!=]= NULL)delphij2007-02-221-5/+5
|
* Use ETHER_BPF_MTAP() instead of BPF_MTAP() here. It's possiblecsjp2007-02-221-2/+3
| | | | | | | incoming packets have had their 802.1Q tags processed by the hardware, resulting in them being stripped from the packets, and placed on the mbuf. This fixes the processing of 802.1Q tags when hardware offload of 802.1Q tags is enabled.
* Add an additional MAC check to the UNIX domain socket connect path:rwatson2007-02-221-0/+5
| | | | | | | | | check that the subject has read/write access to the vnode using the vnode MAC check. MFC after: 3 weeks Submitted by: Spencer Minear <spencer_minear at securecomputing dot com> Obtained from: TrustedBSD Project
* Change the page's CLEANCHK flag from being a page queue mutex synchronizedalc2007-02-222-16/+16
| | | | flag to a vm object mutex synchronized flag.
* Improve readability of the version string.njl2007-02-221-1/+1
|
* Fix a bug in if_findmulti(), whereby it would not find (and thus delete)bms2007-02-221-3/+22
| | | | | | | | | | | | | | a link-layer multicast group membership. Such memberships are needed in order to support protocols such as IS-IS without putting the interface into PROMISC or ALLMULTI modes. sa_equal() is not OK for comparing sockaddr_dl as it has deeper structure than a simple byte array, so add sa_dl_equal() and use that instead. Reviewed by: rwatson Verified with: /usr/sbin/mtest Bug found by: Jouke Witteveen MFC after: 2 weeks
* Update copyright headers.sos2007-02-2119-19/+19
|
* Try again with supporting AHCI chipsets with partly implemented ports.sos2007-02-212-5/+16
|
* Restore support for the 5706C bce(4) phy that was broken during thejhb2007-02-212-2/+54
| | | | | | | | | | | | | addition of SerDes support. According to the docs, the 5706C and 5708C phys are supposed to use the same MII model that is separate from the SerDes parts, but the 5706C actually uses the MII model of the SerDes parts. To fix this, readd the old 5706C entry to miidevs and add a special check in brgphy_probe() for phys that match the 5706C ID. If the phy is supported by the gentbi(4) driver, then it's a SerDes phy, so we fail the probe and let gentbi(4) grab it. Otherwise, it's a 5706C phy, so we let brgphy(4) grab it. In coordination with: dwhite
* Work around a firmware bug where broadcast frames would be incorrectlygallatin2007-02-212-5/+27
| | | | | | | treated as multicast frames and filtered, but when only when "adopting" running firmware. By "adopting", I mean using pre-existing firmware loaded from eeprom at PCI reset, rather than firmware loaded by the driver.
* Be a little less stringent in getting progress report data.sos2007-02-211-1/+2
|
* Temporarily disable the support for some incarnations of the ICH8 chip that hassos2007-02-211-17/+7
| | | | | | | non consecutively numbered ports. This should fix current SATA problems. Support AHCI chips where the ports are not consecutively numbered as in some incarnations of the ICH8 chip.
* Optimize set_origin() use in some screensavers to stop them eatingphilip2007-02-214-12/+40
| | | | | | | | cpu power when the origin hasn't changed. PR: kern/100683 Submitted by: Gareth McCaughan <gareth -dot- mccaughan -at- pobox.com> MFC after: 3 days
* Complete the support for altq(4).brueffer2007-02-211-1/+3
| | | | | | | Tested by: J.R. Oldroyd Reviewed by: mlaier Approved by: rwatson (mentor) MFC after: 1 week
* The functions that set and delete external attributes must checkmckusick2007-02-211-0/+9
| | | | | | | that the filesystem is not mounted read-only before proceeding. Reported by: Ryan Beasley <ryanb@FreeBSD.org> MFC after: 1 week
* Initialise {transport,protocol}{,_version} fields during a PATH_INQ to avoid an_hibma2007-02-211-1/+5
| | | | warning message.
* Reduce the noise when plugging in (USB) mass storage devices, like a 4 portn_hibma2007-02-212-3/+7
| | | | | | | | | flash card reader. Also remove an 'Opened da0 -> <random number>' which is not needed on a daily basis (available through bootverbose). Reviewed by: phk, ken MFC after: 1 week
* Change pmap_protect() so that execute access can be removed withoutalc2007-02-211-1/+2
| | | | simultaneously removing write access.
* Check that the error returned by vfs_getopts() is not ENOENT before assumingcognet2007-02-211-2/+2
| | | | | | there's actually an error. This is just in order to unbreak ntfs on current, before a proper solution is committed.
* Remove unnecessary privilege and privilege check for WITNESS sysctl.rwatson2007-02-202-16/+9
| | | | Head nod: jhb
* Rename IWI_LOCK_ASSERT to IWI_LOCK_CHECK per Sam's suggestion,luigi2007-02-202-25/+21
| | | | | | | | | | | | | | | | | | | | | | | | and make it print under debug.iwi control same as other debugging stuff. Remove the device_printf() in iwi_ioctl() and replace with this: /* * wait until pending iwi_cmd() are completed, to avoid races * that could cause problems. */ while (sc->flags & IWI_FLAG_BUSY) msleep(sc, &sc->sc_mtx, 0, "iwiioctl", hz); This at least prevents what has become an almost systematic failure for my system, presumably due to a previous iwi_cmd() not complete yet by the time iwi_ioctl() is called. It has been pointed to my attention that the real problem could be calling ieee80211_ioctl() with the lock held. If that is true, there might still be a possibility for a race condition e.g. an interrupt coming while the ioctl is sleeping. Need to investigate further on what changes are required to release the lock before calling ieee80211_ioctl
* Address a few issues with the iwi driver, namely:luigi2007-02-202-78/+147
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | + do not release the dma-ble region used for downloading firmware. This should fix the problems that some people were seeing, due to memory becoming too fragmented which prevented subsequent allocations of a suitable contiguous region of memory; + document the firmware format and usage in if_iwivar.h + use a loop to allocate the four tx rings, instead of replicating the body of the loop. + add debugging code IWI_LOCK_ASSERT() to detect missing locks. These only do a printf, and should go away once we figure out why the driver sometimes freezes the system due to a (yet unidentified) race condition. + add a device_printf() in iwi_ioctl() in certain conditions (see comment in the code). This helps preventing the race condition mentioned above, and makes the system survive. This printf will also go away once fixing this bug is completed. + change iwi_getfw() to return 0 on success, 1 on error, consistently with other functions. + fix the argument of a sizeof() in iwi_get_firmware() + use le32toh() to access little-endian fields + simplify error handling in iwi_load_firmware() and iwi_init_locked() The bugs fixed by this commit (the freezing one especially) are serious enough to call for a quick MFC MFC after: 3 days
* Replace a suser() check with an explicit check for PRIV_NET_SETIFMTU.rwatson2007-02-201-1/+2
|
* Document the endiannes of firmware headersluigi2007-02-201-1/+9
| | | | (in preparation for changes in the C code).
* Update auditing of socket information for the inpcb new world order:rwatson2007-02-201-6/+4
| | | | | so_pcb will always be non-NULL, and lock the inpcb while non-atomically accessing address data.
* Break introductory comment into two paragraphs to separate material on therwatson2007-02-201-12/+9
| | | | | | | | | | garbage collection complications from general discussion of UNIX domain sockets. Staticize unp_addsockcred(). Remove XXX comment regarding Giant and v_socket -- v_socket is protected by the global UNIX domain socket lock.
* Move mapping of MBI_APPEND to MBI_WRITE from inside the rule loop inrwatson2007-02-201-9/+8
| | | | | | | mac_bsdextended_check() to before the loop, as it needs to happen only once. MFC after: 1 week
* Rename two identically named log_in_vain variables: tcp_input.c's staticrwatson2007-02-205-13/+13
| | | | | | | log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to udp_log_in_vain. MFC after: 1 week
* Gratuitous UDP restyling toward style(9) in 7.x.rwatson2007-02-203-175/+168
|
* Remove discontinuity in network privilege number space.rwatson2007-02-201-70/+70
| | | | Spotted by: emaste (ages ago)
* Remove unused PRIV_IPC_EXEC. Renumbers System V IPC privilege.rwatson2007-02-202-4/+2
|
* Sync up PRIV_IPC_{ADMIN,READ,WRITE} priv checks in ipcperm() withrwatson2007-02-201-3/+6
| | | | | kern_jail.c: allow jailed root these privileges. This only has an effect if System V IPC is administratively enabled for the jail.
* Restore sysv_ipc.c:1.30, which was backed out due to interactions withrwatson2007-02-191-38/+66
| | | | | | | | | | | | | | | | | | | | | System V shared memory, now believed fixed in sysv_shm.c:1.109: date: 2006/11/06 13:42:01; author: rwatson; state: Exp; lines: +65 -37 Sweep kernel replacing suser(9) calls with priv(9) calls, assigning specific privilege names to a broad range of privileges. These may require some future tweaking. Sponsored by: nCircle Network Security, Inc. Obtained from: TrustedBSD Project Discussed on: arch@ Reviewed (at least in part) by: mlaier, jmg, pjd, bde, ceri, Alex Lyashkov <umka at sevcity dot net>, Skip Ford <skip dot ford at verizon dot net>, Antoine Brodin <antoine dot brodin at laposte dot net> This restores fine-grained privilege support to System V IPC. PR: 106078
* Remove call to ipcperm() in shmget_existing(). The flags argument isrwatson2007-02-191-3/+0
| | | | | | | | | | | ignored on other systems I investigated when accessing an existing memory segment rather than creating a new one. This call to ipcperm() is the only one to pass in a complete mode flag to the permission checks rather than a simple access request mask, and caused problems for the revised ipcperm() based on the priv(9) interface, which can now be restored. PR: 106078
* Use privilege PRIV_NET_ADDIFADDR rather than suser() to authorizerwatson2007-02-191-1/+2
| | | | adding a netatalk address to an interface.
* Rename three quota privileges from the UFS privilege namespace to therwatson2007-02-193-34/+34
| | | | | | | | | | VFS privilege namespace: exceedquota, getquota, and setquota. Leave UFS-specific quota configuration privileges in the UFS name space. This renumbers VFS and UFS privileges, so requires rebuilding modules if you are using security policies aware of privilege identifiers. This is likely no one at this point since none of the committed MAC policies use the privilege checks.
* Limit quota privileges in jail to PRIV_UFS_GETQUOTA andrwatson2007-02-192-17/+5
| | | | PRIV_UFS_SETQUOTA.
* Do allow bypass of mac_seeotheruids in jail in order to be consistentrwatson2007-02-191-1/+2
| | | | | with other uses of PRIV_SEEOTHERUIDS. This will automatically be scoped to the jail by the jail policy.
* Do allow privilege to create over-sized messages on System V IPCrwatson2007-02-191-1/+2
| | | | message queues in jail.
* Use priv_check(9) instead of suser(9) for checking the privilege torwatson2007-02-191-1/+1
| | | | | | set real-time priority on a thread. It looks like this suser(9) call was introduced after my first pass through replacing superuser checks with named privilege checks.
* For now, reflect practical reality that Audit system calls aren'trwatson2007-02-191-0/+2
| | | | allowed in Jail: return a privilege error.
OpenPOWER on IntegriCloud