Ѓт100910
90
449
511
149
563
286
390
171
367
231
187
175
336
686
197
126
183
119
160
121
240
182
145
295
205
216
134
121
240
182
164
166
166
166
145
200
286
168
240
165
158
634
150
171
214
389
329
102
320
221
164
384
273
280
425
379
144
146
241
180
156
276
238
177
524
183
823
223
155
1129
1048
167
1044
115
1315
1405
1086
754
190
532
685
573
539
535
593
387
487
202
97
338
102

K 10
svn:author
V 4
jake
K 8
svn:date
V 27
2002-07-30T06:14:34.000000Z
K 7
svn:log
V 355
Add definitions for statistical and high-resolution profiling.  The calling
conventions for _mcount and __cyg_profile_func_enter are different, so
statistical profiling kernels build and link but don't actually work.
IWBNI one could tell gcc to only generate calls to the former.

Define uintfptr_t properly for userland, but not for the kernel (I hope).

END
K 10
svn:author
V 3
imp
K 8
svn:date
V 27
2002-07-30T06:22:40.000000Z
K 7
svn:log
V 418
MFC: Merge most of this file from -current to here.  All those values
that are the same or have been added have been merged.  All the silly
white space differences were merged.  All the __P removals were
merged.

I didn't merge the changes to the ethernet media types because they
had been renumbered in -current and I didn't want to break binary
compatibility within -stable.

Added: IBSS and IBSSMASTER media types.

END
K 10
svn:author
V 3
alc
K 8
svn:date
V 27
2002-07-30T06:45:39.000000Z
K 7
svn:log
V 57
 o Lock page queue accesses by pmap_release_free_page().

END
K 10
svn:author
V 8
tanimura
K 8
svn:date
V 27
2002-07-30T06:54:05.000000Z
K 7
svn:log
V 465
- Optimize wakeup() and its friends; if a thread waken up is being
  swapped in, we do not have to ask for the scheduler thread to do
  that.

- Assert that a process is not swapped out in runq functions and
  swapout().

- Introduce thread_safetoswapout() for readability.

- In swapout_procs(), perform a test that may block (check of a
  thread working on its vm map) first.  This lets us call swapout()
  with the sched_lock held, providing a better atomicity.

END
K 10
svn:author
V 3
imp
K 8
svn:date
V 27
2002-07-30T06:58:27.000000Z
K 7
svn:log
V 193
Add a bunch more cards that are known to work.
Add a warning about the Symbol LA-4100 series of cards.  You gotta
load special firmware, and the wi driver in the tree doesn't support
that yet.

END
K 10
svn:author
V 3
alc
K 8
svn:date
V 27
2002-07-30T07:23:04.000000Z
K 7
svn:log
V 297
 o In vm_object_madvise() and vm_object_page_remove() replace
   vm_page_sleep_busy() with vm_page_sleep_if_busy().  At the same time,
   increase the scope of the page queues lock.  (This should significantly
   reduce the locking overhead in vm_object_page_remove().)
 o Apply some style fixes.

END
K 10
svn:author
V 5
brian
K 8
svn:date
V 27
2002-07-30T08:09:26.000000Z
K 7
svn:log
V 77
Do a case insensitive comparison when comparing the ms-chap response
string.

END
K 10
svn:author
V 3
des
K 8
svn:date
V 27
2002-07-30T08:32:03.000000Z
K 7
svn:log
V 274
Since pam_get_authtok(3) doesn't know about our options structure, setting
the PAM_ECHO_PASS option on-the-fly is a NOP (though it wasn't with the
old pam_get_pass(3) code).  Instead, call pam_prompt(3) directly.  This
actually simplifies the code a bit.

MFC after:	3 days

END
K 10
svn:author
V 4
jeff
K 8
svn:date
V 27
2002-07-30T08:50:52.000000Z
K 7
svn:log
V 137
 - Acknowledge recursive vnode locks in the vop_unlock specification.  The
   vnode may not be unlocked even if the operation succeeded.

END
K 10
svn:author
V 4
jeff
K 8
svn:date
V 27
2002-07-30T08:52:00.000000Z
K 7
svn:log
V 94
 - Add automatic post vop debug checks.  These work in both the success and
   failure cases.

END
K 10
svn:author
V 4
jeff
K 8
svn:date
V 27
2002-07-30T09:57:37.000000Z
K 7
svn:log
V 82
 - Add vfs_badlock_{print,panic} support to the remaining VOP_ASSERT_*
   macros.

END
K 10
svn:author
V 8
tanimura
K 8
svn:date
V 27
2002-07-30T10:12:11.000000Z
K 7
svn:log
V 238
In endtsleep() and cv_timedwait_end(), a thread marked TDF_TIMEOUT may
be swapped out.  Do not put such the thread directly back to the run
queue.

Spotted by:	David Xu <davidx@viasoft.com.cn>

While I am here, s/PS_TIMEOUT/TDF_TIMEOUT/.

END
K 10
svn:author
V 7
sobomax
K 8
svn:date
V 27
2002-07-30T10:54:19.000000Z
K 7
svn:log
V 589
Add a quick check that device actually has sound capabilities. The problem
is that some cards built around fm801 chip have the same device ID, only
have radio tuner onboard, but no sound capabilities. Therefore, with such
card inserted and `device pcm' in kernel the user has a big problem, as
the fm801 driver effectively hangs the machine when trying to initialise
nonexistent ac97 codecs (it does 500 retries with 1 second interval!).
It would be better if MediaForte's engeneers were smart enough to put
different device ID into such cards, but it isn't an option.

MFC after:	2 weeks

END
K 10
svn:author
V 7
sobomax
K 8
svn:date
V 27
2002-07-30T11:02:35.000000Z
K 7
svn:log
V 100
Add ID for Luwen EasyDisk USB flash memory drive.

PR:		41081
Submitted by:	demon
MFC after:	5 days

END
K 10
svn:author
V 7
sobomax
K 8
svn:date
V 27
2002-07-30T11:03:50.000000Z
K 7
svn:log
V 30
Regen after usbdevs rev.1.95.

END
K 10
svn:author
V 3
phk
K 8
svn:date
V 27
2002-07-30T11:54:48.000000Z
K 7
svn:log
V 91
Move ffs_isfreeblock() to ffs_alloc.c and make it static.

Sponsored by: DARPA & NAI Labs.

END
K 10
svn:author
V 3
phk
K 8
svn:date
V 27
2002-07-30T12:02:41.000000Z
K 7
svn:log
V 27
Fix braino in last commit.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:38:41.000000Z
K 7
svn:log
V 65
Update list of files to remove prior to import of OpenSSL 0.9.6d

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:44:15.000000Z
K 7
svn:log
V 26
Import of OpenSSL 0.9.6d.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:44:15.000000Z
K 7
svn:log
V 144
This commit was generated by cvs2svn to compensate for changes in r100928,
which included commits to RCS files with non-trunk default branches.

END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T12:44:16.000000Z
K 7
svn:log
V 86
This commit was manufactured by cvs2svn to create tag
'openssl-vendor-crypto-v0_9_6d'.
END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:46:49.000000Z
K 7
svn:log
V 50
Resolve conflicts after import of OpenSSL 0.9.6d.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:51:09.000000Z
K 7
svn:log
V 199
Remove many obsolete files.  The majority of these are simply no
longer included as part of the OpenSSL distribution.  However, a few
we just don't need and are explicitly excluded in FREEBSD-Xlist.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:53:15.000000Z
K 7
svn:log
V 109
Update to match reality (i.e. reference libcrypto headers and
libraries, not the no-longer-existent libdes).

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T12:54:03.000000Z
K 7
svn:log
V 120
This man page has not been referenced by anything for a while,
and is not part of the OpenSSL distribution.  Remove it.

END
K 10
svn:author
V 3
phk
K 8
svn:date
V 27
2002-07-30T13:01:25.000000Z
K 7
svn:log
V 42
Warning cleanup.

Format changes by peter

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T13:38:06.000000Z
K 7
svn:log
V 26
Import of OpenSSL 0.9.6e.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T13:38:06.000000Z
K 7
svn:log
V 144
This commit was generated by cvs2svn to compensate for changes in r100936,
which included commits to RCS files with non-trunk default branches.

END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T13:38:07.000000Z
K 7
svn:log
V 86
This commit was manufactured by cvs2svn to create tag
'openssl-vendor-crypto-v0_9_6e'.
END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T13:38:08.000000Z
K 7
svn:log
V 68
This commit was manufactured by cvs2svn to create branch 'RELENG_4'.
END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T13:38:09.000000Z
K 7
svn:log
V 70
This commit was manufactured by cvs2svn to create branch 'RELENG_4_4'.
END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T13:38:10.000000Z
K 7
svn:log
V 70
This commit was manufactured by cvs2svn to create branch 'RELENG_4_5'.
END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T13:38:11.000000Z
K 7
svn:log
V 70
This commit was manufactured by cvs2svn to create branch 'RELENG_4_6'.
END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T13:58:53.000000Z
K 7
svn:log
V 50
Resolve conflicts after import of OpenSSL 0.9.6e.

END
K 10
svn:author
V 3
tjr
K 8
svn:date
V 27
2002-07-30T14:07:30.000000Z
K 7
svn:log
V 107
Ignore leading semicolons on commands; required by SUSv3.

Obtained from:	NetBSD (kleink, Aymeric Vincent)

END
K 10
svn:author
V 8
blackend
K 8
svn:date
V 27
2002-07-30T14:08:16.000000Z
K 7
svn:log
V 188
Correct links to Handbook's pages:
http://www.freebsd.org/handbook/mirrors.html is not working anymore,
http://www.freebsd.org/doc/handbook/mirrors.html is the new link

MFC after:	1 week

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T14:34:51.000000Z
K 7
svn:log
V 73
Import the regenerated OpenSSL man pages after import of OpenSSL 0.9.6e.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T14:34:51.000000Z
K 7
svn:log
V 144
This commit was generated by cvs2svn to compensate for changes in r100946,
which included commits to RCS files with non-trunk default branches.

END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T14:34:52.000000Z
K 7
svn:log
V 69
This commit was manufactured by cvs2svn to create tag 'v_2002_07_30'.
END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T14:47:24.000000Z
K 7
svn:log
V 63
Update list of installed manual pages after regenerating them.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T15:38:29.000000Z
K 7
svn:log
V 538
For processes which are set-user-ID or set-group-ID, the kernel performs a few
special actions for safety.  One of these is to make sure that file descriptors
0..2 are in use, by opening /dev/null for those that are not already open.
Another is to close any file descriptors 0..2 that reference procfs.  However,
these checks were made out of order, so that it was still possible for a
set-user-ID or set-group-ID process to be started with some of the file
descriptors 0..2 unused.

Submitted by:	Georgi Guninski <guninski@guninski.com>

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T15:40:46.000000Z
K 7
svn:log
V 55
MFC 1.178: Fix ordering of set-(user|group)-ID checks.

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T15:43:17.000000Z
K 7
svn:log
V 76
MFC sys/kern/kern_exec.c 1.178: Fix ordering of set-(user|group)-ID checks.

END
K 10
svn:author
V 7
sobomax
K 8
svn:date
V 27
2002-07-30T16:24:00.000000Z
K 7
svn:log
V 117
Add support for controlling line1 mixer device, which on some cards represents
onboard FM tuner.

MFC after:	2 weeks

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T16:50:25.000000Z
K 7
svn:log
V 292
Introduce a mac_policy() system call that will provide MAC policies
with a general purpose front end entry point for user applications
to invoke.  The MAC framework will route the system call to the
appropriate policy by name.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 4
bmah
K 8
svn:date
V 27
2002-07-30T16:50:49.000000Z
K 7
svn:log
V 235
For the /usr/share/examples workaround, add the "path" of menu items
in sysinstall(8) to install the sshare distribution.

While I'm here, mention that this problem is fixed in 4-STABLE.

Submitted by:	Ross Lippert <ripper@eskimo.com>

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T16:52:22.000000Z
K 7
svn:log
V 7
Regen.

END
K 10
svn:author
V 3
jhb
K 8
svn:date
V 27
2002-07-30T17:31:42.000000Z
K 7
svn:log
V 227
If we get 0xffff back when reading the status register, assume the card
has gone away instead of spinning in the interrupt handler.  This stops
my machine from hanging when I eject a rl(4)-based cardbus card.

Reviewed by:	imp

END
K 10
svn:author
V 3
joe
K 8
svn:date
V 27
2002-07-30T17:44:28.000000Z
K 7
svn:log
V 128
Commit a version of the uvisor driver for connecting Handspring
Visors via USB.

Submitted by:	Chia-liang Kao <clkao@clkao.org>

END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T17:44:29.000000Z
K 7
svn:log
V 68
This commit was manufactured by cvs2svn to create branch 'RELENG_4'.
END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T18:28:58.000000Z
K 7
svn:log
V 287
Make M_COPY_PKTHDR() macro into a wrapper for a m_copy_pkthdr()
function.  This permits conditionally compiled extensions to the
packet header copying semantic, such as extensions to copy MAC
labels.

Reviewed by:	bmilekic
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T18:48:25.000000Z
K 7
svn:log
V 176
When referencing nd_cnp after namei(), always pass SAVENAME into
NDINIT() operation flags.

Submitted by:	green
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 3
alc
K 8
svn:date
V 27
2002-07-30T18:51:07.000000Z
K 7
svn:log
V 187
 o In do_sendfile(), replace vm_page_sleep_busy() by vm_page_sleep_if_busy()
   and extend the scope of the page queues lock to cover all accesses
   to the page's flags and busy fields.

END
K 10
svn:author
V 5
silby
K 8
svn:date
V 27
2002-07-30T19:04:25.000000Z
K 7
svn:log
V 330
MFC:
  Update docs to reflect change in count of procs reserved for root
  from 1 to 10.

  PR:             kern/40515
  Submitted by:   David Schultz <dschultz@uclink.Berkeley.EDU>
  MFC after:      1 day

  Revision  Changes    Path
  1.16      +1 -1      src/lib/libc/sys/fork.2
  1.24      +1 -1      src/lib/libc/sys/rfork.2

END
K 10
svn:author
V 5
silby
K 8
svn:date
V 27
2002-07-30T19:05:00.000000Z
K 7
svn:log
V 284
MFC:

  Update docs to reflect change in count of procs reserved for root
  from 1 to 10.

  PR:             kern/40515
  Submitted by:   David Schultz <dschultz@uclink.Berkeley.EDU>
  MFC after:      1 day

  Revision  Changes    Path
  1.156     +1 -1      src/sys/kern/kern_fork.c

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T19:17:27.000000Z
K 7
svn:log
V 49
MFC 1.20: Use fchmod() to restore the tty modes.

END
K 10
svn:author
V 7
iwasaki
K 8
svn:date
V 27
2002-07-30T19:33:39.000000Z
K 7
svn:log
V 50
Vendor import of the Intel ACPI CA 20020725 drop.

END
K 10
svn:author
V 7
iwasaki
K 8
svn:date
V 27
2002-07-30T19:33:39.000000Z
K 7
svn:log
V 144
This commit was generated by cvs2svn to compensate for changes in r100966,
which included commits to RCS files with non-trunk default branches.

END
K 10
svn:author
V 7
cvs2svn
K 8
svn:date
V 27
2002-07-30T19:33:40.000000Z
K 7
svn:log
V 84
This commit was manufactured by cvs2svn to create tag
'acpica-vendor-sys-r20020725'.
END
K 10
svn:author
V 7
iwasaki
K 8
svn:date
V 27
2002-07-30T19:35:32.000000Z
K 7
svn:log
V 60
Resolve conflicts arising from the ACPI CA 20020725 import.

END
K 10
svn:author
V 4
fanf
K 8
svn:date
V 27
2002-07-30T19:42:18.000000Z
K 7
svn:log
V 182
Fix some bugs in in-place editing:
(1) errors from freopen were not reported correctly
(2) large files were not handled correctly
(3) read-only files broke things

MFC after:	1 week

END
K 10
svn:author
V 6
julian
K 8
svn:date
V 27
2002-07-30T20:34:30.000000Z
K 7
svn:log
V 142
Remove code that removes thread from sleep queue before
adding it to a condvar wait.
We do not have asleep() any more so this can not happen.

END
K 10
svn:author
V 3
alc
K 8
svn:date
V 27
2002-07-30T20:41:10.000000Z
K 7
svn:log
V 85
 o Replace vm_page_sleep_busy() with vm_page_sleep_if_busy()
   in vfs_busy_pages().

END
K 10
svn:author
V 3
phk
K 8
svn:date
V 27
2002-07-30T20:49:29.000000Z
K 7
svn:log
V 431
Remove some additional paranoia which Kirk forgot to remove from his
UFS2 commit.

These bits in essence made any instance of "softupdates expected
corrution", (ie blocks marked allocated but not referenced by an
inode etc) result in a exit value for fsck_ffs of 2.

2 is part of the magic and appearantly undocumented protocol between
fsck_FOO and fsck and means "dump into single user mode ASAP.

Sponsored by:	DARPA & NAI Labs.

END
K 10
svn:author
V 8
blackend
K 8
svn:date
V 27
2002-07-30T21:04:26.000000Z
K 7
svn:log
V 86
Correct links to Handbook's pages, old URLs does not work anymore.

MFC after:	1 week

END
K 10
svn:author
V 8
bmilekic
K 8
svn:date
V 27
2002-07-30T21:06:27.000000Z
K 7
svn:log
V 725
Make reference counting for mbuf clusters [only] work like in RELENG_4.
While I don't think this is the best solution, it certainly is the
fastest and in trying to find bottlenecks in network related code
I want this out of the way, so that I don't have to think about it.
What this means, for mbuf clusters anyway is:
- one less malloc() to do for every cluster allocation (replaced with
  a relatively quick calculation + assignment)
- no more free() in the cluster free case (replaced with empty space) :-)

This can offer a substantial throughput improvement, but it may not for
all cases.  Particularly noticable for larger buffer sends/recvs.
See http://people.freebsd.org/~bmilekic/code/measure2.txt for a rough
idea.

END
K 10
svn:author
V 6
julian
K 8
svn:date
V 27
2002-07-30T21:13:48.000000Z
K 7
svn:log
V 127
Don't need to hold schedlock specifically for stop() ans it calls wakeup()
that locks it anyhow.

Reviewed by: jhb@freebsd.org

END
K 10
svn:author
V 8
blackend
K 8
svn:date
V 27
2002-07-30T21:14:15.000000Z
K 7
svn:log
V 58
Correct URLs to Handbook & FAQ's pages

MFC after:	1 week

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T21:32:34.000000Z
K 7
svn:log
V 1031
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Include files to declare MAC userland interface (mac.h), MAC subsystem
entry points (mac.h), and MAC policy entry points (mac_policy.h).  These
files define the interface between the kernel and the MAC framework,
and between the MAC framework and each registered policy module.  These
APIs and ABIs may not be assumed to be stable until following FreeBSD
5.1-RELEASE.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T21:36:05.000000Z
K 7
svn:log
V 951
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

kern_mac.c contains the body of the MAC framework.  Kernel and
user APIs defined in mac.h are implemented here, providing a front end
to loaded security modules.  This code implements a module registration
service, state (label) management, security configuration and policy
composition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 6
fenner
K 8
svn:date
V 27
2002-07-30T21:47:14.000000Z
K 7
svn:log
V 72
Call bpf_mtap() on output, to catch outgoing packets for e.g. tcpdump .

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:03:57.000000Z
K 7
svn:log
V 947
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label mbuf's with packet header data, permitting in-flight datagrams
to be labeled in the TrustedBSD MAC implementation.  Add a questionable
recursive #include of sys/mac.h to maintain the current API for
applications and kernel code including mbuf.h to get 'struct mbuf'
definition.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 6
nectar
K 8
svn:date
V 27
2002-07-30T22:06:11.000000Z
K 7
svn:log
V 20
MFC: OpenSSL 0.9.6e

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:08:12.000000Z
K 7
svn:log
V 1217
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label vnodes, permitting security information to maintained at the
granularity of the individual file, directory (et al).  This data is
protected by the vnode lock and may be read only when holding a shared
lock, or modified only when holding an exclusive lock.  Label
information may be considered either the primary copy, or a cached
copy.  Individual file systems or kernel services may use the
VCACHEDLABEL flag for accounting purposes to determine which it is.
New VOPs will be introduced to refresh this label on demand, or to
set the label value.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:15:09.000000Z
K 7
svn:log
V 1307
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the operating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Introduce two node vnode operations required to support MAC.  First,
VOP_REFRESHLABEL(), which will be invoked by callers requiring that
vp->v_label be sufficiently "fresh" for access control purposes.
Second, VOP_SETLABEL(), which be invoked by callers requiring that
the passed label contents be updated.  The file system is responsible
for updating v_label if appropriate in coordination with the MAC
framework, as well as committing to disk.  File systems that are
not MAC-aware need not implement these VOPs, as the MAC framework
will default to maintaining a single label for all vnodes based
on the label on the file system mount point.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:22:35.000000Z
K 7
svn:log
V 989
Begin committing support for Mandatory Access Control and extensible
kernel access control.  The MAC framework permits loadable kernel
modules to link to the kernel at compile-time, boot-time, or run-time,
and augment the system security policy.  This commit includes the
initial kernel implementation, although the interface with the userland
components of the oeprating system is still under work, and not all
kernel subsystems are supported.  Later in this commit sequence,
documentation of which kernel subsystems will not work correctly with
a kernel compiled with MAC support will be added.

Label file system mount points, permitting security information to be
maintained at the granularity of the file system.  Two labels are
currently maintained: a security label for the mount itself, and
a default label for objects in the file system (in particular, for
file systems not supporting per-vnode labeling directly).

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:28:28.000000Z
K 7
svn:log
V 657
Introduce support for Mandatory Access Control and extensible kernel
access control.

Label process credentials, permitting security information to be
maintained at the granularity of processes and cached credential
objects.  cr_label follows the semantics of other entries in struct
ucred: when a credential is exclusively referenced, it may be
modified.  Otherwise, it must be treated as immutable.  As with
other interesting entries in struct ucred, failing to use the
documented credential management APIs (such as crcopy, crdup, ...)
can result in data corruption or incorrect behavior.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 3
imp
K 8
svn:date
V 27
2002-07-30T22:28:43.000000Z
K 7
svn:log
V 98
Fix path to other files.<arch> files.
Fix disordering of libkern/crc32.c entry.

MFC after: 1 day

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:33:28.000000Z
K 7
svn:log
V 435
Introduce support for Mandatory Access Control and extensible
kernel access control.

Label pipe IPC objects, permitting security information to be
maintained at the granularity of the pipe object.  The label is
shared between the two pipe endpoints in the style of the
pipe mutex, and is maintained using similar conventions.  The
label is protected by the pipe mutex.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:39:28.000000Z
K 7
svn:log
V 588
Introduce support for Mandatory Access Control and extensible kernel
access control.

Label socket IPC objects, permitting security features to be maintained
at the granularity of the socket.  Two labels are stored for each
socket: the label of the socket itself, and a cached peer label
permitting interogation of the remote endpoint.  Since socket locking
is not yet present in the base tree, these objects are not locked,
but are assumed to follow the same semantics as other modifiable
entries in the socket structure.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T22:43:20.000000Z
K 7
svn:log
V 476
Introduce support for Mandatory Access Control and extensible
kernel access control.

Replace 'void *' with 'struct mac *' now that mac.h is in the base
tree.  The current POSIX.1e-derived userland MAC interface is
schedule for replacement, but will act as a functional placeholder
until the replacement is done.  These system calls allow userland
processes to get and set labels on both the current process, as well
as file system objects and file descriptor backed objects.

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T23:03:29.000000Z
K 7
svn:log
V 442
Introduce support for Mandatory Access Control and extensible
kernel access control.

Label BPF descriptor objects, permitting security features to be
maintained on those objects.  bd_label will be used to authorize
data flow from network interfaces to user processes.  BPF
labels are protected using the same synchronization model as other
mutable data in the BPF descriptor.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T23:06:07.000000Z
K 7
svn:log
V 438
Introduce support for Mandatory Access Control and extensible
kernel access control.

Label network interface structures, permitting security features to
be maintained on those objects.  if_label will be used to authorize
data flow using the network interface.  if_label will be protected
using the same synchronization primitives as other mutable entries
in struct ifnet.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T23:09:20.000000Z
K 7
svn:log
V 496
Introduce support for Mandatory Access Control and extensible
kernel access control.

Label IP fragment reassembly queues, permitting security features to
be maintained on those objects.  ipq_label will be used to manage
the reassembly of fragments into IP datagrams using security
properties.  This permits policies to deny the reassembly of fragments,
as well as influence the resulting label of a datagram following
reassembly.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-30T23:12:37.000000Z
K 7
svn:log
V 290
Introduce support for Mandatory Access Control and extensible
kernel access control.

Label devfs directory entries, permitting labels to be maintained
on device nodes in devfs instances persistently despite vnode
recycling.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
iedowse
K 8
svn:date
V 27
2002-07-30T23:26:22.000000Z
K 7
svn:log
V 390
Remove some strange code that allocates memory and then immediately
frees it again. The idea was to perform M_WAITOK allocations in a
process context to reduce the risk of later interrupt-context
M_NOWAIT allocations failing, but in fact this code can be called
from contexts where it is not desirable to sleep (e.g. if_start
routines), so it causes lots of witness "could sleep" warnings.

END
K 10
svn:author
V 3
joe
K 8
svn:date
V 27
2002-07-30T23:30:15.000000Z
K 7
svn:log
V 109
Add support for a couple of network adapters; the 3Com 3C460B and
the Belkin USB2LAN.

Obtained from:	NetBSD

END
K 10
svn:author
V 3
joe
K 8
svn:date
V 27
2002-07-30T23:30:56.000000Z
K 7
svn:log
V 6
Regen

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-31T00:03:26.000000Z
K 7
svn:log
V 241
Reduce the memory footprint of MAC in the base system by halving
the number of policy slots to 4.

(Having run a quick errand, time to start on phase 2 of the MAC
integration)

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

END
K 10
svn:author
V 7
rwatson
K 8
svn:date
V 27
2002-07-31T00:16:58.000000Z
K 7
svn:log
V 7
Regen.

END