Buffers run through copy-on-write are marked B_COWDONE. This condition
is valid until the buffer has run through bwrite() and gets cleared from
biodone().
Welcome to 4.99.39.
Reviewed by: YAMAMOTO Takashi <yamt@netbsd.org>
to remove the frobbing that drivers must do in the hci_unit structure.
- driver provides a static const interface descriptor
- hci_unit is allocated by hci_attach() rather than part of softc
- statistics are compiled by driver and provided on request
- driver provides output methods and is responsible for output queue
- stack provides input methods and is responsible for input queue
- mutex is used to arbitrate device queue access
active development and its ABI (and possibly API) may change between
NetBSD versions.
This is critical to, for example, LKMs, where there might be a case of them
being built using one version of the ABI and used on system with another.
The main concern for "ABI" here is the set of KAUTH_* actions and requests
that is (for now) an enum. This note is likely to be removed as kauth(9)
is stablized -- hopefully before NetBSD 5.0.
okay christos@
While it's true that it's part of the traditional 4.4BSD security model,
there may come a time where a different "primary" security model used for
fine-grained privileges (ie., splitting root's responsibilities to various
privileges that can be assigned) may want to still have a securelevel
setting.
Idea from Daniel Carosone:
http://mail-index.netbsd.org/tech-security/2006/08/25/0001.html
The location of the removed files, for reference, was:
src/secmodel/bsd44/secmodel_bsd44_securelevel.c
src/secmodel/bsd44/securelevel.h
http://mail-index.netbsd.org/tech-kern/2007/11/09/0001.html
sysmon_envsys_create() and sysmon_envsys_destroy() were added to
create/destroy sysmon_envsys objects (and its TAILQ/LIST for sensors/events).
sysmon_envsys_sensor_attach() and sysmon_envsys_sensor_detach() were
added to attach/detach sensors to a specified sysmon_envsys device.
The events framework is now per device and configurable via the
ENVSYS_SETDICTIONARY ioctl or /etc/envsys.conf and envstat(8).
Update all users and documentation to reflect these changes.
http://mail-index.netbsd.org/current-users/2007/07/16/0012.html
- Introduce sme_class into the sysmon_envsys struct to specify a
class; currently there are two classes: SME_CLASS_ACADAPTER and
SME_CLASS_BATTERY.
- Add a new envsys event: PENVSYS_EVENT_LOW_POWER that is reached when
all SME_CLASS_BATTERY devices are in CRITICAL/LOW state and there's not
any SME_CLASS_ACADAPTER connected.
- Add the 'low-power' event into the sensor_battery script that will
shutdown the system gracefully via 'shutdown -p'. If powerd(8) is
not running, cpu_reboot(9) with RB_POWERDOWN is used.
- Make acpiacad(4) a SME_CLASS_ACADAPTER device and acpibat(4) a
SME_CLASS_BATTERY device.
Update the documentation accordingly to these changes.
- Instead of hooking the handler on the specdev of a mounted file system
hook directly on the `struct mount'.
- Rename from `vn_cow_*' to `fscow_*' and move to `kern/vfs_trans.c'. Use
`mount_*specific' instead of clobbering `struct mount' or `struct specinfo'.
- Replace the hand-made reader/writer lock with a krwlock.
- Keep `vn_cow_*' functions and mark as obsolete.
- Welcome to NetBSD 4.99.32 - `struct specinfo' changed size.
Reviewed by: Jason Thorpe <thorpej@netbsd.org>
- remove the `submatch' argument of config_found_ia()
- precise that config_found_ia() callis config_found_sm_loc() with both
`locs' and `submatch' set to NULL
- uio->uio_offset must be set to the offset of the next directory entry.
- each cookie entry points to the next directory entry's offset, not the
current entry's offset.
- cookies must be callee allocated with malloc type M_TEMP.
(Part 4: documentation and configuration files)
* Support for detachable sensors.
* Cleaned up the API for simplicity and efficiency.
* Ability to send capacity/critical/warning events to powerd(8).
* Adapted all the code to the new locking order.
* Compatibility with the old envsys API: the ENVSYS_GTREINFO
and ENVSYS_GTREDATA ioctl(2)s are supported.
* Added support for a 'dictionary based communication channel' between
sysmon_power(9) and powerd(8), that means there is no 32 bytes event
size restriction anymore.
* Binary compatibility with old envstat(8) and powerd(8) via COMPAT_40.
* All drivers with the n^2 gtredata bug were fixed, PR kern/36226.
Tested by:
blymn: smsc(4).
bouyer: ipmi(4), mfi(4).
kefren: ug(4).
njoly: viaenv(4), adt7463.c.
riz: owtemp(4).
xtraeme: acpiacad(4), acpibat(4), acpitz(4), aiboost(4), it(4), lm(4).
- remove cpu_exit.9.
- remove ctxsw.9 from makefile because it's too stale.
XXX maybe it will revive as mi_switch.9 later.
- add cpu_switchto.9 to makefile.
Bug fixes:
- Fix crash reported by Scott Ellis on current-users@.
- Fix race conditions in enforcing the Veriexec rename and remove
policies. These are NOT security issues.
- Fix memory leak in rename handling when overwriting a monitored
file.
- Fix table deletion logic.
- Don't prevent query requests if not in learning mode.
KPI updates:
- fileassoc_table_run() now takes a cookie to pass to the callback.
- veriexec_table_add() was removed, it is now done internally. As a
result, there's no longer a need for VERIEXEC_TABLESIZE.
- veriexec_report() was removed, it is now internal.
- Perform sanity checks on the entry type, and enforce default type
in veriexec_file_add() rather than in veriexecctl.
- Add veriexec_flush(), used to delete all Veriexec tables, and
veriexec_dump(), used to fill an array with all Veriexec entries.
New features:
- Add a '-k' flag to veriexecctl, to keep the filenames in the kernel
database. This allows Veriexec to produce slightly more accurate
logs under certain circumstances. In the future, this can be either
replaced by vnode->pathname translation, or combined with it.
- Add a VERIEXEC_DUMP ioctl, to dump the entire Veriexec database.
This can be used to recover a database if the file was lost.
Example usage:
# veriexecctl dump > /etc/signatures
Note that only entries with the filename kept (that is, were loaded
with the '-k' flag) will be dumped.
Idea from Brett Lymn.
- Add a VERIEXEC_FLUSH ioctl, to delete all Veriexec entries. Sample
usage:
# veriexecctl flush
- Add a 'veriexec_flags' rc(8) variable, and make its default have
the '-k' flag. On systems using the default signatures file
(generaetd from running 'veriexecgen' with no arguments), this will
use additional 32kb of kernel memory on average.
- Add a '-e' flag to veriexecctl, to evaluate the fingerprint during
load. This is done automatically for files marked as 'untrusted'.
Misc. stuff:
- The code for veriexecctl was massively simplified as a result of
eliminating the need for VERIEXEC_TABLESIZE, and now uses a single
pass of the signatures file, making the loading somewhat faster.
- Lots of minor fixes found using the (still under development)
Veriexec regression testsuite.
- Some of the messages Veriexec prints were improved.
- Various documentation fixes.
All relevant man-pages were updated to reflect the above changes.
Binary compatibility with existing veriexecctl binaries is maintained.
the Linux (BlueZ) API.
- L2CAP or RFCOMM connections can require the baseband radio link
mode be any of:
authenticated (devices are paired)
encrypted (implies authentication)
secured (encryption, plus generate new link key)
- for sockets, the mode is set using setsockopt(2) and the socket
connection will be aborted if the mode change fails.
- mode settings will be applied during connection establishment, and
for safety, we enter a wait state and will only proceed when the mode
settings are successfuly set.
- It is possible to change the mode on already open connections, but
not possible to guarantee that data already queued (from either end)
will not be delivered. (this is a feature, not a bug)
- bthidev(4) and rfcomm_sppd(1) support "auth", "encrypt" and
"secure" options
- btdevctl(8) by default enables "auth" for HIDs, and "encrypt" for
keyboards (which are required to support it)
* file handles are not only for nfs
* these functions are not allowed to be null
* update description of vptofh to contain the size parameter
(*bump date)
Leffler, and others:
IEEE80211_RADIOTAP_RX_FLAGS = 14,
IEEE80211_RADIOTAP_TX_FLAGS = 15,
IEEE80211_RADIOTAP_RTS_RETRIES = 16,
IEEE80211_RADIOTAP_DATA_RETRIES = 17,
I describe the fields in the manual page and in comments in the
header file (cross-referenced by the manual page).
