summaryrefslogtreecommitdiffstats
path: root/sys
Commit message (Collapse)AuthorAgeFilesLines
* Hide 'struct ucred' behind '#ifdef _KERNEL', this should stop userlandalfred2002-08-161-0/+2
| | | | | | | from attempting to use it for good. There is a catch, kvm_proc.c needs to '#define _KERNEL' to get at the ucred. Requested by: rwatson
* When a cluster entry for ``.'' is set to 0, msdosfs fails to handle ittrhodes2002-08-161-0/+11
| | | | | | | | | correctly. PR: 24393 Submitted by: semenu Approved by: rwatson (mentor) MFC after: 1 week
* Rewrote the space check algorithm in sbreserve() so that the extremelydg2002-08-162-2/+2
| | | | | | | | | | | | | | expensive (!) 64bit multiply, divide, and comparison aren't necessary (this came in originally from rev 1.19 to fix an overflow with large sb_max or MCLBYTES). The 64bit math in this function was measured in some kernel profiles as being as much as 5-8% of the total overhead of the TCP/IP stack and is eliminated with this commit. There is a harmless rounding error (of about .4% with the standard values) introduced with this change, however this is in the conservative direction (downward toward a slightly smaller maximum socket buffer size). MFC after: 3 days
* Use symbolic constants instead of magic address constants.jake2002-08-161-1/+1
|
* Minor style. Removed unused declaration.jake2002-08-161-2/+1
|
* Removed unneeded pmap_initialized flag.jake2002-08-161-4/+0
|
* Demark sections of code that need special fault handling with labels.jake2002-08-165-148/+169
| | | | | | | | Check if the trapped pc is inside of the demarked sections to implement fault recovery for copyin etc, instead of pcb_onfault. Handle recovery from data access exceptions as well as page faults. Inspired by: bde's sys.dif
* UHCI_DEBUG -> USB_DEBUG.joe2002-08-152-2/+2
|
* For some reason, the flags and td arguments in the fo_read prototyperwatson2002-08-151-1/+1
| | | | were reversed. Correct this with no functional change.
* Code formatting sync to trustedbsd_mac: don't perform an assignmentrwatson2002-08-151-2/+2
| | | | | | | | | | | in an if clause. PR: Submitted by: Reviewed by: Approved by: Obtained from: MFC after:
* Remove a case of exposing 'struct ucred' to userspace. Use a struct xucredalfred2002-08-152-2/+2
| | | | | | for LOCKD_MSG instead. Requested by: rwatson
* Remove cam_extend.c from sources to unbreak modules.alfred2002-08-151-1/+1
| | | | Missed by: kern/39809,njl
* Correct a minor whitespace nit that sneaked in with my previous commit.rwatson2002-08-151-1/+1
|
* Remove cam_extend.[ch] after all references to them were removed.njl2002-08-152-145/+0
| | | | | PR: kern/39809 Approved by: gibbs
* In order to better support flexible and extensible access control,rwatson2002-08-1531-106/+145
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | make a series of modifications to the credential arguments relating to file read and write operations to cliarfy which credential is used for what: - Change fo_read() and fo_write() to accept "active_cred" instead of "cred", and change the semantics of consumers of fo_read() and fo_write() to pass the active credential of the thread requesting an operation rather than the cached file cred. The cached file cred is still available in fo_read() and fo_write() consumers via fp->f_cred. These changes largely in sys_generic.c. For each implementation of fo_read() and fo_write(), update cred usage to reflect this change and maintain current semantics: - badfo_readwrite() unchanged - kqueue_read/write() unchanged pipe_read/write() now authorize MAC using active_cred rather than td->td_ucred - soo_read/write() unchanged - vn_read/write() now authorize MAC using active_cred but VOP_READ/WRITE() with fp->f_cred Modify vn_rdwr() to accept two credential arguments instead of a single credential: active_cred and file_cred. Use active_cred for MAC authorization, and select a credential for use in VOP_READ/WRITE() based on whether file_cred is NULL or not. If file_cred is provided, authorize the VOP using that cred, otherwise the active credential, matching current semantics. Modify current vn_rdwr() consumers to pass a file_cred if used in the context of a struct file, and to always pass active_cred. When vn_rdwr() is used without a file_cred, pass NOCRED. These changes should maintain current semantics for read/write, but avoid a redundant passing of fp->f_cred, as well as making it more clear what the origin of each credential is in file descriptor read/write operations. Follow-up commits will make similar changes to other file descriptor operations, and modify the MAC framework to pass both credentials to MAC policy modules so they can implement either semantic for revocation. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Remove usage of cam_extend.c, replace with dev->si_drv1njl2002-08-1510-244/+74
| | | | | PR: kern/39809 Approved by: gibbs
* Move mac.h include to match the MAC tree location. Both locationsrwatson2002-08-151-1/+1
| | | | | | | are about equally as alphabetized. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Introduce experimental support for MAC in the AppleTalk/EtherTalk stack.rwatson2002-08-153-0/+28
| | | | | | | | | Label link layer mbufs as they are created for transmission, check mbufs before delivering them to sockets, label mbufs as they are created from sockets, and preserve mbuf labels if mbufs are copied. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Rename mac_check_socket_receive() to mac_check_socket_deliver() so thatrwatson2002-08-1514-43/+43
| | | | | | | | we can use the names _receive() and _send() for the receive() and send() checks. Rename related constants, policy implementations, etc. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Rename mac_check_socket_receive() to mac_check_socket_deliver() so thatrwatson2002-08-159-90/+90
| | | | | | | | | | | | | we can use the names _receive() and _send() for the receive() and send() checks. Rename related constants, policy implementations, etc. PR: Submitted by: Reviewed by: Approved by: Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs MFC after:
* Fix return case for negative namelen by jumping to normal exit processingrwatson2002-08-151-2/+4
| | | | | | rather than immediately returning, or we may not unlock necessary locks. Noticed by: Mike Heffner <mheffner@acm.vt.edu>
* Reset dupack count in header prediction.hsu2002-08-152-0/+2
| | | | | | Follow-on to rev 1.39. Reviewed by: jayanth, Thomas R Henderson <thomas.r.henderson@boeing.com>, silby, dillon
* Kernel support for a dummynet option:luigi2002-08-152-1/+2
| | | | | | | | | | | | | | | | When a pipe or queue has the "noerror" attribute, do not report drops to the caller (ip_output() and friends). (2 lines to implement it, 2 lines to document it.) This will let you simulate losses on the sender side as if they happened in the middle of the network, i.e. with no explicit feedback to the sender. manpage and ipfw2.c changes to follow shortly, together with other ipfw2 changes. Requested by: silby MFC after: 3 days
* On MAC check failure for readdir, use 'goto out' to use the common exitrwatson2002-08-151-1/+1
| | | | | | | | handling, rather than returning directly to prevent leaking of vnode reference/lock. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* It's now sufficient to rely on a nested include of _label.h to make surerwatson2002-08-151-1/+0
| | | | | | | all structures in ip_var.h are defined, so remove include of mac.h. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Perform a nested include of _label.h if #ifdef _KERNEL. This willrwatson2002-08-151-0/+4
| | | | | | | | satisfy consumers of ip_var.h that need a complete definition of struct ipq and don't include mac.h. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Add mac.h -- raw_ip.c was depending on nested inclusion of mac.h whichrwatson2002-08-151-0/+1
| | | | | | | | is no longer present. Pointed out by: bmilekic Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* Make m_flags an int instead of a short, this is consistent with thebmilekic2002-08-152-3/+3
| | | | | | | | | type of the 'flags' argument m_getcl() was using anyway; m_extadd() needed to be changed to accept an int instead of a short for 'flags.' This makes things more consistent and also gives us more bits to use for m_flags in the future (we have almost run out). Requested by: sam (Sam Leffler)
* pccbb->cbbimp2002-08-153-4/+4
|
* No longer neededimp2002-08-151-243/+0
|
* pccbb -> cbbimp2002-08-152-2/+3
|
* Rename the pccbb device to cbb.imp2002-08-152-311/+318
|
* Move the symbol firmware loading routines into if_wi.imp2002-08-154-148/+161
| | | | Define some basic firmware downloading commands.
* Fixed 64bit big endian bugs relating to abuse of ioctl argument passing.jake2002-08-151-4/+4
| | | | This makes truss work on sparc64.
* Fix some confusion regarding traps that use mmu globals but don't reallyjake2002-08-151-2/+4
| | | | have any reason to; force alternat globals instead, which is what we want.
* Store the number of itlb and dtlb entries separately; they may be different.jake2002-08-156-20/+29
| | | | | Find the prom node for the boot cpu earlier and store it in the per-cpu area, so that cache_init can be called earlier.
* Improve handling of TX errors. Early reports indicate that thissilby2002-08-154-26/+56
| | | | | | | | | | elimiates the driver lockup problem reported by many. Concepts used were taken from Via's if_fet driver. Verification and implementation were done by Thomas Nystrom. Submitted by: Thomas Nystrom <thn@saeab.se> MFC after: 3 days
* Clean up comments that are no longer relevant.scottl2002-08-151-12/+9
|
* Sync to trustedbsd_mac tree: default to sigsegv rather than copy-on-writerwatson2002-08-159-9/+9
| | | | | | | | | during a label change resulting in an mmap removal. This is "fail stop" behavior, which is preferred, although it offers slightly less transparency. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs
* return foo -> return (foo)alfred2002-08-151-22/+22
|
* Factor out some ugle code that's shared by udf_readdir and udf_lookup.scottl2002-08-153-246/+239
| | | | | | Significantly de-obfuscate udf_lookup Inspired By: tes@sgi.com
* Document why the has_f00f_bug variable is initialised rather than placed intojmallett2002-08-142-2/+2
| | | | | | the BSS (so that it can be binary-patched). Inspired by: bde
* When talking about c_db_sym_t, mention that it is not just like db_sym_t:jmallett2002-08-141-1/+1
| | | | | | it's const. Inspired by: bde
* Spell kenrel as 'kernel' for consistency with the rest of the universe.jmallett2002-08-142-2/+2
| | | | Inspired by: bde
* Set kernel_vm_end. Panic if we try to grow the kernel.jake2002-08-141-0/+3
|
* Implement the DIOCGSECTORSIZE and DIOCGMEDIASIZE ioctls, and renamejoerg2002-08-141-1/+9
| | | | | | | the DIOCGDINFO ioctl into DIOCGDVIRGIN. This allows the newfs(8) to work on vinum volumes without the now removed -v option. Approved by: grog
* Move to nested include of _label.h instead of mac.h, reducing namespacerwatson2002-08-142-2/+2
| | | | | | | | pollution. Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Suggested by: bde
* Move to a nested include of _label.h instead of mac.h in sys/sys/*.hrwatson2002-08-146-14/+8
| | | | | | | | | (Most of the places where mac.h was recursively included from another kernel header file. net/netinet to follow.) Obtained from: TrustedBSD Project Sponsored by: DARPA, NAI Labs Suggested by: bde
* - Add the missing td argument to vn_lock that I missed in my last commit.jeff2002-08-131-1/+1
|
* remove spurious printfphk2002-08-131-1/+1
|
OpenPOWER on IntegriCloud