Commit Graph

207316 Commits

Author SHA1 Message Date
jym
ae1d24749f do_sys_sync() is part of vfs, hence rumpvfs. Used by pmf(9) during
device suspend, so explicitly link against rumpvfs to resolve that
symbol when linking rumpdev.

Unbreaks "rumptest" target.
2011-12-05 23:04:39 +00:00
christos
062de7c5a1 close the comment, there is a draft. 2011-12-05 21:30:48 +00:00
christos
857226ee50 PR/45687: Mike Pumford: savecore: (null): _ksyms_hdr not in namelist
Make it non-static and add a comment so that they don't become static again.
2011-12-05 20:55:14 +00:00
christos
f5e469b78a make joy code consistent (avoid games with pointers), and fix the isa softc
declaration
2011-12-05 19:20:54 +00:00
skrll
7ff9dd0229 Fix mm_md_kernacc to report correct status for the direct mapped pages
between kernel start and end of physical memory.  Report everything else
as unhandled.
2011-12-05 15:04:27 +00:00
hannken
1ebfe67c9f The union file system is as stable as other layered file systems so
no longer print a warning to the console.

Gnats is waiting ...
2011-12-05 11:12:10 +00:00
tron
5939d9ebbc Remove ".gitignore" files which blacklist some files that actually are
in the NetBSD sources. This should fix build problems for people using
GIT to track current.

Problem reported by Evgeniy Ivanov on "current-users" mailing list.
2011-12-05 10:43:24 +00:00
wiz
a4d43dc119 Remove trailing whitespace and fix a typo. 2011-12-05 10:36:39 +00:00
wiz
6533efb150 Do not xref to itself. 2011-12-05 10:27:40 +00:00
skrll
df83e35987 Remove unused file. 2011-12-05 07:36:32 +00:00
skrll
fdb4331779 Whitespace. 2011-12-05 07:34:50 +00:00
jym
20cbd76bbd Set list fix... 2011-12-05 02:04:34 +00:00
rmind
f2701a6f1c - Add npf_tcpfl2case() and make TCP state table more compact.
- Adjust the state for FIN case on sim-SYN and SYN-RECEIVED.
2011-12-05 00:34:25 +00:00
jym
a2b939da56 secmodel_eval(9) may want to access securelevel before it is set
to the right value, so init it first before registering secmodel(9).
2011-12-05 00:13:30 +00:00
jym
0d4c568bb2 KAUTH_GENERIC_CANSEE is no more. 2011-12-04 23:59:25 +00:00
jym
47c04e7b5a Update secmodel_examples to better describe the secmodel(9) API. 2011-12-04 23:55:36 +00:00
jym
9795ba65d8 Hook secmodel_extensions(9) to modules build. 2011-12-04 23:13:54 +00:00
jym
bdb161bba3 GETPARAMS => GETPARAM
SETPARAMS => SETPARAM
2011-12-04 21:52:37 +00:00
jym
f3effc5ec2 Improvements in secmodel(9). Document secmodel_register(9), _deregister(9)
and _eval(9).

Add secmodel_extensions(9), and indicate the new sysctl(7) to let
ordinary users control the CPU affinity (user_set_cpu_affinity).
2011-12-04 21:08:37 +00:00
jym
bb108ddab3 When user_set_cpu_affinity is non-zero, only allow users to modify
the CPU affinity of the LWPs they own.
2011-12-04 21:04:51 +00:00
jakllsch
4d3893bd16 correct some typos in comments, whitespace adjustments 2011-12-04 19:48:36 +00:00
jmcneill
1d4bba4173 change printed indicator and battery charge strings from ON and OFF to TRUE
and FALSE, because messages like "battery present: ON" are difficult for my
brain to parse.
2011-12-04 19:34:22 +00:00
jym
926571dfa7 Implement the register/deregister/evaluation API for secmodel(9). It
allows registration of callbacks that can be used later for
cross-secmodel "safe" communication.

When a secmodel wishes to know a property maintained by another
secmodel, it has to submit a request to it so the other secmodel can
proceed to evaluating the request. This is done through the
secmodel_eval(9) call; example:

    bool isroot;
    error = secmodel_eval("org.netbsd.secmodel.suser", "is-root",
        cred, &isroot);
    if (error == 0 && !isroot)
            result = KAUTH_RESULT_DENY;

This one asks the suser module if the credentials are assumed to be root
when evaluated by suser module. If the module is present, it will
respond. If absent, the call will return an error.

Args and command are arbitrarily defined; it's up to the secmodel(9) to
document what it expects.

Typical example is securelevel testing: when someone wants to know
whether securelevel is raised above a certain level or not, the caller
has to request this property to the secmodel_securelevel(9) module.
Given that securelevel module may be absent from system's context (thus
making access to the global "securelevel" variable impossible or
unsafe), this API can cope with this absence and return an error.

We are using secmodel_eval(9) to implement a secmodel_extensions(9)
module, which plugs with the bsd44, suser and securelevel secmodels
to provide the logic behind curtain, usermount and user_set_cpu_affinity
modes, without adding hooks to traditional secmodels. This solves a
real issue with the current secmodel(9) code, as usermount or
user_set_cpu_affinity are not really tied to secmodel_suser(9).

The secmodel_eval(9) is also used to restrict security.models settings
when securelevel is above 0, through the "is-securelevel-above"
evaluation:
- curtain can be enabled any time, but cannot be disabled if
securelevel is above 0.
- usermount/user_set_cpu_affinity can be disabled any time, but cannot
be enabled if securelevel is above 0.

Regarding sysctl(7) entries:
curtain and usermount are now found under security.models.extensions
tree. The security.curtain and vfs.generic.usermount are still
accessible for backwards compat.

Documentation is incoming, I am proof-reading my writings.

Written by elad@, reviewed and tested (anita test + interact for rights
tests) by me. ok elad@.

See also
http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html

XXX might consider va0 mapping too.

XXX Having a secmodel(9) specific printf (like aprint_*) for reporting
secmodel(9) errors might be a good idea, but I am not sure on how
to design such a function right now.
2011-12-04 19:24:58 +00:00
jym
d96481c6de - add the bool type for IMMEDIATE flag.
- minor tweak to the handler example: it leaks 't' (on stack)
  when passed to sysctl_lookup(9), as it copyout its content via
  sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag
  was set for this node but the example does not preclude that.
2011-12-04 18:34:20 +00:00
chs
b364697460 add info on L2 TLBs and 1GB pages. 2011-12-04 17:00:10 +00:00
skrll
248fe9e5bd Use the tlsoffset from the correct object. 2011-12-04 16:53:08 +00:00
chs
2f7da0b2e9 map all of physical memory using large pages.
ported from openbsd years ago by Murray Armfield,
updated for changes since then by me.
2011-12-04 16:24:13 +00:00
cherry
848746d6bc [merging from cherry-xenmp]
Make MP aware: use mutex(9) instead of spl(9)
2011-12-04 15:15:41 +00:00
dholland
02a36e4e59 Revert Christos's accidental changes. 2011-12-04 15:12:07 +00:00
jmcneill
0ce410dc8d default powerd=YES if acpi is present 2011-12-04 13:09:07 +00:00
jmcneill
104b886e37 exit 0 on success 2011-12-04 13:01:54 +00:00
cherry
81fab8b87b Split out the cross-CPU tlb flushing code between XEN and non-XEN.
x86 tlb flushing is asynchronous and uses x86_ipi()
XEN tlb flushing uses synchronous hypercalls.
2011-12-04 04:28:41 +00:00
rkujawa
617d114527 Extend the mppb(4) man page. 2011-12-03 23:09:42 +00:00
bouyer
ad7affb170 hypervisor_unmask_event(): don't check/update evtchn_pending_sel for the
current CPU, but for any CPU which may accept this event.
xen/xenevt.c: more use of atomic ops and locks where appropriate, and some
  other SMP fixes. Handle all events on the primary CPU (may be revisited
  later). Set/clear ci_evtmask[] for watched events.

This should fix the problems on dom0 kernels reported by jym@
2011-12-03 22:41:40 +00:00
bouyer
4d61ee8d61 xbdback_disconnect() can be called twice, from XenbusStateClosing then from
xbdback_xenbus_destroy(). The second call will wait forever as the first
already caused the xbd thread to exit.
Have xbdback_disconnect() check if we're already disconnected and if so,
do nothing.
2011-12-03 22:36:28 +00:00
christos
b799360e83 If we are DIAGNOSTIC don't try to go further if we failed to take the
lock, because we are going to trigger a KASSERT. Also hold the lock
longer and take the proc lock for kpsignal(). Maybe we should add
mutex_steal() and mutex_return() for the debugger? Lock correction
suggestion from jmcneill.
2011-12-03 16:25:49 +00:00
hannken
158a8fa9a3 Don't try to set ld->sc_maxxfer below MAXPHYS.
At least genfs_io assumes 'ld->sc_maxxfer == MAXPHYS'.
2011-12-03 10:53:09 +00:00
ryo
42ccf5c3b3 the argument of esa_get_locks() is struct esa_voice *, not struct esa_softc *.
ok by mrg@ jmcneill@
2011-12-03 08:20:12 +00:00
christos
d5b7cb3520 deal with the proc_lock mutex. 2011-12-02 23:57:58 +00:00
macallan
4aeefed6a9 actually pass $COPTS to the compiler
ok mrg@
2011-12-02 22:28:47 +00:00
shattered
9063841b5d PR/32394 -- Don't define 'panic' label unconditionally, or "minimal
mobilepro 780 kernel configuration will not build".

OK by wiz@
2011-12-02 18:07:26 +00:00
yamt
521fc45322 yamt-pagecache: update 2011-12-02 16:37:43 +00:00
tsutsui
4d3e688195 Define NO_MANUAL_XFER on luna68k as temporary workaround for hangup problem
during probing old drives like DK312C in OMRON LUNA machines.

I'll check this MSGIN xfer problem later.
(NO_MANUAL_XFER also caused hang on heavy load on hp300 with multiple drives)
2011-12-02 16:17:04 +00:00
tsutsui
fd9f1e835b - create scsibus1 for external SCSI bus on LUNA-II
- also create sd1 sd2 sd3 cd0 cd1 st1 devices on all_md
2011-12-02 16:01:50 +00:00
christos
765bd39696 Also ignore out of space conditions for -I so we can create overlapping
partitions on a full disk. Document and add it to the options.
2011-12-02 15:21:15 +00:00
wiz
a0f75bc721 Wording improvements. 2011-12-02 14:38:51 +00:00
mbalmer
7139c7a626 auich(4) tested on port-i386. 2011-12-02 13:50:55 +00:00
reinoud
9d298be56b Update status on auixp on i386 2011-12-02 13:36:17 +00:00
yamt
b9c83c9d4b - move disk cache flushing code into a separate function.
- more verbose output if vfs.wapbl.verbose_commit >= 2.
  namely, time taken for each DIOCCACHESYNC calls.
	wapbl_flush: 1322826000.785245900 this transaction = 546304 bytes
	wapbl_cache_sync: 1: dev 0x0 0.017572724
	wapbl_cache_sync: 2: dev 0x0 0.007199825
	wapbl_flush: 1322826011.860771302 this transaction = 431104 bytes
	wapbl_cache_sync: 1: dev 0x0 0.019469753
	wapbl_cache_sync: 2: dev 0x0 0.009473410
	wapbl_flush: 1322829266.489154342 this transaction = 187904 bytes
	wapbl_cache_sync: 1: dev 0x4 0.022270180
	wapbl_cache_sync: 2: dev 0x4 0.030749402
- fix a comment.
2011-12-02 12:38:59 +00:00
yamt
5df059b48a assertion 2011-12-02 12:33:12 +00:00