‚ÞR161843 157 250 124 141 158 111 143 473 176 244 110 111 110 217 128 232 177 324 351 272 140 530 241 188 263 164 763 159 209 164 221 313 694 193 164 263 166 346 194 200 739 119 242 252 329 227 218 385 201 132 130 212 117 256 405 578 605 187 1050 269 128 466 265 157 116 215 129 512 124 110 144 110 171 162 144 139 544 120 437 161 416 1175 148 380 138 299 668 174 304 148 130 232 213 157 367 1356 495 470 270 851 125 192 138 124 193 193 220 191 108 215 326 144 175 389 257 259 671 203 108 292 459 420 131 285 443 149 130 427 139 161 221 358 116 489 589 249 255 173 397 205 222 334 335 248 239 265 210 183 185 734 157 338 165 252 396 309 149 374 K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-01T21:54:58.000000Z K 7 svn:log V 154 Replace the .Pq added in rev 1.2 with literal parenthesis as the former aren't required for plain text and the latter formats faster. Pointed out by: ru END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-01T22:15:57.000000Z K 7 svn:log V 29 Diff reduction: MFC -r1.204. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-01T22:19:57.000000Z K 7 svn:log V 46 MFC rev 1.5: Fixed FP_R*. Original fix: bde@ END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-01T22:26:28.000000Z K 7 svn:log V 63 MFC rev 1.18: Provide stub implementation for bus_space_map(). END K 10 svn:author V 7 davidch K 8 svn:date V 27 2006-09-01T22:30:56.000000Z K 7 svn:log V 15 /tmp/cvsleYf6y END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-01T22:32:33.000000Z K 7 svn:log V 48 MFC rev 1.112: properly set the thread pointer. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-01T22:34:49.000000Z K 7 svn:log V 377 - Improve the description of gem(4); the Sun chips it supports are termed ERI and GEM rather than GMAC. - Bring the description of le(4) in line with the current le(4); it was still refering to the old i386 ISA-only le(4) which was nuked along with ISA_COMPAT while HEAD was FreeBSD 5. - Add an entry for hme(4). - Remove the obsolete entry for lnc(4). MFC after: 1 day END K 10 svn:author V 7 davidch K 8 svn:date V 27 2006-09-01T22:45:11.000000Z K 7 svn:log V 80 Resolve "firmware handshake" error on 5752. Approved by: ps MFC after: 2 weeks END K 10 svn:author V 5 dougb K 8 svn:date V 27 2006-09-01T23:58:46.000000Z K 7 svn:log V 149 MFC revision 1.4 which silently ignores errors while sourcing rc.conf* files, simplifies the file rotation logic, and makes it slightly more secure. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T00:59:35.000000Z K 7 svn:log V 15 MFC TLS fixes. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T01:07:21.000000Z K 7 svn:log V 16 Whitespace fix. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T01:16:56.000000Z K 7 svn:log V 15 MFC TLS fixes. END K 10 svn:author V 7 davidxu K 8 svn:date V 27 2006-09-02T02:41:33.000000Z K 7 svn:log V 120 Make sure we get new m_owner value if we can not unlock it in uncontested case. Reorder statements in do_unlock_umutex. END K 10 svn:author V 6 jkoshy K 8 svn:date V 27 2006-09-02T04:35:40.000000Z K 7 svn:log V 33 MFC r1.15: "Manual page tweaks." END K 10 svn:author V 8 ssouhlal K 8 svn:date V 27 2006-09-02T05:42:16.000000Z K 7 svn:log V 134 MFC r1.217: The "taskqueue_fast" spinlocks were renamed to "fast_taskqueue" in subr_taskqueue.c:r1.32 Reported by: rdivacky END K 10 svn:author V 5 marck K 8 svn:date V 27 2006-09-02T06:41:55.000000Z K 7 svn:log V 83 MFC rev 1.23: Chase after phk@: remove reference to (now obsoleted) NMBCLUSTERS. END K 10 svn:author V 4 oleg K 8 svn:date V 27 2006-09-02T08:07:36.000000Z K 7 svn:log V 230 MFC rev. 1.141-1.142 - Do not leak memory while flushing rules. Noticed by: yar - Remove useless NULL pointer check: we are using M_WAITOK flag for memory allocation. Submitted by: Andrey Elsukov END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T08:18:22.000000Z K 7 svn:log V 254 Remove two hypothetical calls to suser() in ifdef'd (and uncompilable) svr4 code: this code would call centralized sysctl code that does these checks also. MFC after: 1 week Obtained from: TrustedBSD Project Sponsored by: nCircle Network Security, Inc. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T08:25:40.000000Z K 7 svn:log V 175 Enforce the compile-time threads limit at run-time, so that a high thread count argument doesn't cause a segfault or memory corruption when the compile-time array is overrun. END K 10 svn:author V 3 phk K 8 svn:date V 27 2006-09-02T09:11:58.000000Z K 7 svn:log V 48 Document that the default timeout is 16 seconds END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T09:37:14.000000Z K 7 svn:log V 433 Vendor import of OpenBSM 1.0 alpha 10, with the following changes: - auditd now generates complete audit records for its events, as required for application-submitted audit records in the the FreeBSD kernel audit implementation. This also restores contrib/openbsm/bsm/audit_record to the vendor version after the build fixes previously committed; however, this file is not used in the build. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T09:37:14.000000Z K 7 svn:log V 144 This commit was generated by cvs2svn to compensate for changes in r161863, which included commits to RCS files with non-trunk default branches. END K 10 svn:author V 7 cvs2svn K 8 svn:date V 27 2006-09-02T09:37:15.000000Z K 7 svn:log V 92 This commit was manufactured by cvs2svn to create tag 'openbsm-vendor-OPENBSM_1_0_ALPHA_10'. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T09:56:28.000000Z K 7 svn:log V 166 Note removal of certain contrib/openbsm/bsm include files from FreeBSD development branches, they exist only in the vendor branch. Obtained from: TrustedBSD Project END K 10 svn:author V 7 cvs2svn K 8 svn:date V 27 2006-09-02T09:56:29.000000Z K 7 svn:log V 68 This commit was manufactured by cvs2svn to create branch 'RELENG_6'. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T10:46:03.000000Z K 7 svn:log V 666 MFC OpenBSM 1.0 alpha 10 from HEAD to RELENG_6; OpenBSM is the user space portion of the TrustedBSD audit implementation, which has now been settling in 7-CURRENT for several months, and is intended to provide a Common Criteria/CAPP-compliant fine-grained security event log subsystem. OpenBSM includes libraries, documentation, configuration files, and audit audit trail printing and audit trail reduction tools. This code drop is based on Apple's BSM implementation, implemented by McAfee Research, and has been substantially enhanced by the TrustedBSD Project. Audit support will be considered "experimental" for 6.2-RELEASE. Obtained from: TrustedBSD Project END K 10 svn:author V 8 cperciva K 8 svn:date V 27 2006-09-02T10:47:01.000000Z K 7 svn:log V 62 Conform to wider English usage. Submitted by: Royce Williams END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T10:49:44.000000Z K 7 svn:log V 112 Merge OpenBSM 1.0 alpha 10 changes into src/sys/bsm; comment spelling fixes. Obtained from: TrustedBSD Project END K 10 svn:author V 7 cvs2svn K 8 svn:date V 27 2006-09-02T10:49:45.000000Z K 7 svn:log V 68 This commit was manufactured by cvs2svn to create branch 'RELENG_6'. END K 10 svn:author V 8 cperciva K 8 svn:date V 27 2006-09-02T11:05:24.000000Z K 7 svn:log V 123 MFC addition of FreeBSD 2.0 client code. Sponsored by: FreeBSD security development fundraiser Approved by: re (kensmith) END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T11:35:07.000000Z K 7 svn:log V 216 Merge audit.h:1.5, audit_kevents.h:1.7, audit_internal.h:1.4, and audit_record.h:1.5 from HEAD to RELENG_6. These correspond to the files of the same name in OpenBSM 1.0 alpha 10. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T11:50:51.000000Z K 7 svn:log V 597 Merge audit.c:1.18, audit.h:1.8, audit_arg.c:1.6, audit_bsm.c:1.10, audit_bsm_klib.c:1.4, audit_bsm_token.c:1.7, audit_ioctl.h:1.4, audit_pipe.c:1.9, audit_private.h:1.10, audit_syscalls.c:1.5, audit_trigger.c:1.3, audit_worker.c:1.9 from HEAD to RELENG_6. This is the MFC of the kernel audit implementation, including argument gathering functions, worker thread, active audit record queue, system calls, BSM trail generation code, trigger pseudo-device, and pipe pseudo-device. See audit(4) and auditpipe(4) for a detailed description of the audit subsystem. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T11:55:38.000000Z K 7 svn:log V 97 s/6.1/6.2/ as the introduction date for kernel audit support. Obtained from: TrustedBSD Project END K 10 svn:author V 7 cvs2svn K 8 svn:date V 27 2006-09-02T11:55:39.000000Z K 7 svn:log V 68 This commit was manufactured by cvs2svn to create branch 'RELENG_6'. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T11:59:31.000000Z K 7 svn:log V 166 Merge audit.4:1.8 and auditpipe.4:1.3 from HEAD to RELENG_6. These man pages describe the kernel audit and audit pipe facilities. Obtained from: TrustedBSD Project END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T12:12:16.000000Z K 7 svn:log V 71 Add the usual info about loading as module on startup to the SYNOPSIS. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2006-09-02T12:34:08.000000Z K 7 svn:log V 249 MFC ng_ether.c rev. 1.61: Turn off by default "feature" that overwrites MAC address on output frames. Many people were confused with not working CARP, ng_bridge(4) and other subsystems, because ng_ether(4) overwritten source MAC address. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T12:34:55.000000Z K 7 svn:log V 98 Back out prematurely MFC'd audit changes, accidentally MFC'd by jeff in vfs_syscalls.c:1.392.2.7. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2006-09-02T12:38:26.000000Z K 7 svn:log V 103 MFC: o Improve logging of ng_pppoe(4) o Fix after turning off the "autosrc feature" of ng_ether(4) END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T12:48:49.000000Z K 7 svn:log V 642 Merge proc.h:1.449 and kern_thread.:1.225 from HEAD to RELENG_6: Add new fields to process-related data structures: - td_ar to struct thread, which holds the in-progress audit record during a system call. - p_au to struct proc, which holds per-process audit state, such as the audit identifier, audit terminal, and process audit masks. In the earlier implementation, td_ar was added to the zero'd section of struct thread. In order to facilitate merging to RELENG_6, it has been moved to the end of the data structure, requiring explicit initalization in the thread constructor. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sos K 8 svn:date V 27 2006-09-02T12:55:42.000000Z K 7 svn:log V 27 Add support for VIA 8237A. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:12:08.000000Z K 7 svn:log V 145 Merge NOTES:1.1351, files:1.1092,1.1095, and options:1.528 from HEAD to RELENG_6: hook up audit to the build. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:15:58.000000Z K 7 svn:log V 155 Merge init_main.c:1.260 from HEAD to RELENG_6: Hook up audit to the initial process creation events (proc0, proc1). Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:24:19.000000Z K 7 svn:log V 232 Merge kern_exit.c:1.277, kern_fork.c:1.254 from HEAD to RELENG_6: Hook up audit to fork() and exit() events. These changes manage the audit state on processes, not auditing of these events. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:25:29.000000Z K 7 svn:log V 130 Merge rc.conf:1.273 from HEAD to RELENG_6: Add auditd_enable and auditd_flags rc.d scripts. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:27:08.000000Z K 7 svn:log V 121 Merge Makefile:1.64, auditd:1.1,1.2 from HEAD to RELENG_6: Add auditd rc.d script. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:28:52.000000Z K 7 svn:log V 288 Merge Makefile:1.351,1.352 from HEAD to RELENG_6: Install /etc/security configuration files from OpenBSM. Install audit_control and audit_user, both of which are likely to be modified by the administrator, as user-writable instead of read-only. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T13:31:17.000000Z K 7 svn:log V 104 Merge bsd.libnames.mk:1.96 from HEAD to RELENG_6: Define $LIBBSM. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T15:06:04.000000Z K 7 svn:log V 40 MFC 1.42: add per-sta ucast/mcast stats END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T15:16:12.000000Z K 7 svn:log V 38 MFC: minor fixups (mostly statistics) END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T15:28:09.000000Z K 7 svn:log V 119 MFC 1.37: start threads stopped before adjusting priority to avoid races, generate console msg if thread create fails END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T15:37:09.000000Z K 7 svn:log V 25 MFC: sync stats handling END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T16:21:26.000000Z K 7 svn:log V 159 Merge src/lib/Makefile:1.211 and src/lib/libbsm/Makefile:1.2-1.3 from HEAD to RELENG_6: Add libbsm to the library build. Obtained from: TrustedBSD Project END K 10 svn:author V 4 bmah K 8 svn:date V 27 2006-09-02T16:25:50.000000Z K 7 svn:log V 311 New release notes: audit(4) (somewhat belatedly, now that I marginally understand how this feature works), cp(1) -l (+MFC), pkill(1)/pgrep(1) to /bin, lukemftpd 20060831. Updated release notes: OpenBSM 1.0a10 (also do a minor markup fix, +MFC). MFCs noted: OpenBSM userland, freebsd-update(8), rc.d/auditd. END K 10 svn:author V 3 sos K 8 svn:date V 27 2006-09-02T17:01:32.000000Z K 7 svn:log V 485 MFC: Sync with -current. Dont poll for ATA_IDLE on a detached channel in suspend. Add support for the Serverworks HT1000 chip. Finally fix support for the newer MCP51/MCP55 nVidia chipsets. Add support for the ICH8 and ESB2 chips, also add a few other missing ICH7 partsUpdate JMicron support to also work with chips where the PATA and SATA parts are on individual PCI functions. Add support for VIA 8237A. Add support for AHCI on the VIA VT8251. Dont call free on non-alloc'd items. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:02:01.000000Z K 7 svn:log V 508 Merge audit/Makefile:1.1, auditd/Makefile:1.1, auditreduce/Makefile:1.1, praudit/Makefile:1.1, and usr.sbin/Makefile:1.342,1.343,1.345 from HEAD to RELENG_6: Enable building of OpenBSM command line tools: - audit(8) - audit subsystem management tool - auditd(8) - audit trail and subsystem management daemon - auditreduce(1) - audit trail reduction tool - praudit(1) - audit trail printing tool Build audit command line tools only if NO_AUDIT isn't defined. Obtained from: TrustedBSD Project END K 10 svn:author V 4 ceri K 8 svn:date V 27 2006-09-02T17:08:40.000000Z K 7 svn:log V 94 MFC revision 1.43: Note that the system only allows a maximum of kern.kq_calloutmax timers. END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:09:26.000000Z K 7 svn:log V 957 MFC: statistics fixups: o change rssi to be signed in ieee80211_nodestats o add noise floor in ieee80211_nodestats (use an implicit hole to preserve layout); return it as zero until we can update the api's so the driver can provide noise floor data o add a bandaid so IEEE80211_IOC_STA_STATS works for sta mode; when all nodes are in the station table this will no longer be needed o fix braino in IEEE80211_IOC_STA_INFO implementation; was supposed to take a mac address and return info for that sta or all stations if ff:ff:ff:ff:ff was supplied--but somehow this didn't get implemented; implement the intended semantics and leave a compat shim at the old ioctl number for the previous api Note this changes the api for IEEE80211_IOC_STA_INFO but old binaries will continue to work. FreeBSD_version bumped so apps can track the change (no such applications are known to exist but just in case). END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:12:46.000000Z K 7 svn:log V 172 Merge trap.c:1.288 from HEAD to RELENG_6: Hook up the audit system to system call entry and exit. System calls will now be audited. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:18:34.000000Z K 7 svn:log V 36 MFC: sync with head (major rewrite) END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:24:36.000000Z K 7 svn:log V 369 Merge vfs_lookup.c:187, namei.h:1.48 from HEAD to RELENG_6: Add AUDITVNODE[12] flags to namei(), which cause namei() to audit path and vnode attribute information for looked up vnodes during the lookup operation. This will allow consumers of namei() to specify that this information be added to the in-process audit record. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:29:57.000000Z K 7 svn:log V 168 Merge kern_thread.c:1.226,1.227, kern_exit.c:1.279: On process and thread exit, submit pending records and free thread audit state. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:31:08.000000Z K 7 svn:log V 65 MFC: sync with head for null ptr deref and static array overflow END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:32:25.000000Z K 7 svn:log V 24 MFC 1.12: add debug msg END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:37:01.000000Z K 7 svn:log V 118 Merge make.conf.5:1.130 from HEAD to RELENG_6: Document NO_AUDIT make variable. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:40:57.000000Z K 7 svn:log V 37 MFC 1.40: fixup list station support END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-02T17:41:00.000000Z K 7 svn:log V 415 Merge kern_descrip.c:1.291, kern_exit.c:1.280, kern_fork.c:1.255, kern_prot.c:1.202 from HEAD to RELENG_6: Add auditing of arguments to the close() and fstat() system calls. Audit the pid being requested in wait4(). Audit the args to rfork(), and the child PID for all fork system calls. Audit the arguments (user/group IDs) for the system calls that set these IDs. Obtained from: TrustedBSD Project END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:42:41.000000Z K 7 svn:log V 32 MFC 1.3: Fix an off-by-one bug. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T17:49:45.000000Z K 7 svn:log V 15 MFC TLS fixes. END K 10 svn:author V 3 sam K 8 svn:date V 27 2006-09-02T17:56:24.000000Z K 7 svn:log V 52 incorporate Rui Paulo's work Obtained from: netbsd END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T19:41:21.000000Z K 7 svn:log V 15 MFC TLS fixes. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:15:21.000000Z K 7 svn:log V 76 - s/UltraSparc/UltraSPARC/ - Add info about the requirement of OFW support. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:18:29.000000Z K 7 svn:log V 67 MFC: 1.2 Move two periods out of quotes and to where they belong. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:22:59.000000Z K 7 svn:log V 49 MFC: 1.6 Add missing '?' in "watchdog-enable?". END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:26:30.000000Z K 7 svn:log V 44 MFC: 1.7 Fix spelling in a status message. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:31:55.000000Z K 7 svn:log V 448 MFC: 1.5, 1.6 - s/gigabit/Gigabit/ - Talk about supported chips rather than supported cards as the majority of the hardware supported by gem(4) is on-board. - "the .Nm driver" - Sort the list of supported chips alphabetically. - Sun GEM aren't used on-board though, so don't claim they'd be. - Add a CAVEATS section informing that Sun GEM cards aren't supported so far. - Add the usual info about loading as module on startup to the SYNOPSIS. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T20:38:13.000000Z K 7 svn:log V 25 MFC TLS variant I fixes. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T20:41:46.000000Z K 7 svn:log V 341 MFC: 1.170 (partial) - Improve the description of gem(4); the Sun chips it supports are termed ERI and GEM rather than GMAC. - Bring the description of le(4) in line with the current le(4); it was still refering to the old i386 ISA-only le(4) which was nuked along with ISA_COMPAT while HEAD was FreeBSD 5. - Add an entry for hme(4). END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-02T20:58:37.000000Z K 7 svn:log V 66 Unbreak PowerPC build after addition of powermac_nvram(4powerpc). END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T21:07:50.000000Z K 7 svn:log V 320 MFC: 1.2, 1.3, 1.4 - Use full name of the Sun PGX64 cards and add the Sun part number in order to simplify matters for people who are looking for a video card supported by FreeBSD/sparc64. - Add Sun PGX to the list of known working cards. - s/UltraSparc/UltraSPARC/ - Add info about the requirement of OFW support. END K 10 svn:author V 4 csjp K 8 svn:date V 27 2006-09-02T21:54:08.000000Z K 7 svn:log V 1080 MFC revision 1.79 nfs.h MFC revision 1.161 nfs_serv.c MFC revision 1.96 nfs_srvsock.c MFC revision 1.105 nfs_syscalls.c date: 2006/01/28 19:24:39; author: csjp; state: Exp; lines: +1 -1 Manage the ucred for the NFS server using the crget/crfree API defined in kern_prot.c. This API handles reference counting among many other things. Notably, if MAC is compiled into the kernel, it will properly initialize the MAC labels when the ucred is allocated. This work is in preparation for a new MAC entry point which will be responsible for properly initializing policy specific labels for the NFS server credential. Utilization of the crfree/crget APIs reduce the complexity associated with this label's management. Submitted by: green (with changes) [1] Obtained from: TrustedBSD Project Discussed with: rwatson, alfred [1] I moved the ucred allocation outside the scope of the NFS server lock to prevent M_WAIKOK allocations from occurring with non-sleep-able locks held. Additionally, to reduce complexity, the ucred persist as long as the NFS server descriptor. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-02T22:17:15.000000Z K 7 svn:log V 53 Add a belated entry regarding the removal of lnc(4). END K 10 svn:author V 4 csjp K 8 svn:date V 27 2006-09-02T23:58:21.000000Z K 7 svn:log V 286 MFC revision 1.99 nfs_srvsock.c MFC revision 1.111 mac_vfs.c MFC revision 1.70 mac.h MFC revision 1.71 mac_policy.h MFC the mac_associate_nfsd_label entry point, only replace one of the mac_policy_ops stub elements to ensure that we dont break compatability with existing MAC modules. END K 10 svn:author V 7 davidxu K 8 svn:date V 27 2006-09-03T00:07:37.000000Z K 7 svn:log V 42 Check if it is root user in do_unlock_pp. END K 10 svn:author V 3 jmg K 8 svn:date V 27 2006-09-03T00:26:17.000000Z K 7 svn:log V 206 Break out typedefs from bus_dma.h to _bus_dma.h so that we can get the typedef for bus_dma_tag_t in sys/bus.h w/o poluting the namespace... This is in preperation for adding bus_get_dma_tag to sys/bus.h... END K 10 svn:author V 3 jmg K 8 svn:date V 27 2006-09-03T00:27:42.000000Z K 7 svn:log V 575 add a newbus method for obtaining the bus's bus_dma_tag_t... This is required by arches like sparc64 (not yet implemented) and sun4v where there are seperate IOMMU's for each PCI bus... For all other arches, it will end up returning NULL, which makes it a no-op... Convert a few drivers (the ones we've been working w/ on sun4v) to the new convection... Eventually all drivers will need to replace the parent tag of NULL, w/ bus_get_dma_tag(dev), though dev is usually different for each driver, and will require hand inspection... Reviewed by: scottl (earlier version) END K 10 svn:author V 3 jmg K 8 svn:date V 27 2006-09-03T00:31:21.000000Z K 7 svn:log V 82 now that we have bus_get_dma_tag, document it's requirement in bus_dma_tag_create END K 10 svn:author V 3 jmg K 8 svn:date V 27 2006-09-03T00:33:19.000000Z K 7 svn:log V 211 up the default msgbuf limit to 64k.. a verbose boot on i386 on modern hardware returns almost 48k of data... to change the default per platform, it should be done in DEFAULTS, not here... Discussed on: -arch END K 10 svn:author V 6 mjacob K 8 svn:date V 27 2006-09-03T01:12:34.000000Z K 7 svn:log V 53 Bump __FreeBSD_version by one due to newbus changes. END K 10 svn:author V 6 mjacob K 8 svn:date V 27 2006-09-03T01:26:55.000000Z K 7 svn:log V 35 Restore multi-version cleanliness. END K 10 svn:author V 4 csjp K 8 svn:date V 27 2006-09-03T02:24:47.000000Z K 7 svn:log V 138 MFC revision 1.92 This should take care of kernel panics that are a result on non initialized labels associated with the NFC credential. END K 10 svn:author V 4 csjp K 8 svn:date V 27 2006-09-03T02:26:48.000000Z K 7 svn:log V 119 MFC revision 1.76 Axe kernel panic associated with un-initialized NFS credentials while the MLS mac policy is loaded. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2006-09-03T05:15:00.000000Z K 7 svn:log V 62 Define TLS_TCB_SIZE, needed by allocate_tls() and free_tls(). END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T07:34:00.000000Z K 7 svn:log V 270 In kern_fhstatfs(), drop Giant if the prison visibility check fails. This corrects the same bug found by Todd Miller and corrected as part of a larger set of Giant changes in vfs_syscalls.c:1.412 in HEAD by jeff. Pointed out by: Alex Lyashkov END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T07:53:40.000000Z K 7 svn:log V 1258 Merge vfs_syscalls.c:1.408, 1.415, 1.416: Add pathname and/or vnode argument auditing for the following system calls: quotactl, statfs, fstatfs, fchdir, chdir, chroot, open, mknod, mkfifo, link, symlink, undelete, unlink, access, eaccess, stat, lstat, pathconf, readlink, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown, lchown, fchown, utimes, lutimes, futimes, truncate, ftruncate, fsync, rename, mkdir, rmdir, getdirentries, revoke, lgetfh, getfh, extattrctl, extattr_set_file, extattr_set_link, extattr_get_file, extattr_get_link, extattr_delete_file, extattr_delete_link, extattr_list_file, extattr_list_link. In many cases the pathname and vnode auditing is done within namei lookup instead of directly in the system call. Audit the remaining arguments to these system calls: fstatfs, fchdir, open, mknod, chflags, lchflags, fchflags, chmod, lchmod, fchmod, chown, lchown, fchown, futimes, ftruncate, fsync, mkdir, getdirentries. Audit the remaining parameters to the extattr system calls. Generate the audit records for those calls. Audit command, uid arguments for quotactl(). Audit the mode argument to mkfifo(). Audit the target path passed to symlink(). Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T08:06:59.000000Z K 7 svn:log V 398 Merge kern_sig.c:1.322, sys_process.c:1.136, vfs_vnops.c:1.238 from HEAD to RELENG_6: Audit the arguments to the kill(2) and killpg(2) system calls. Audit the arguments to the ptrace(2) system call. Make sure that we are adding a path token to the audit record in open(2). Do this by making sure we are using the AUDITVNODE1 mask in the namei flags. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T08:09:58.000000Z K 7 svn:log V 373 Merge BSD.include.dist:1.106, include/Makefile:1.258 from HEAD to RELENG_6: Do install sys/security/audit include files. It would be nice just to install audit_ioctl.h, but we seem only to support installing directories, so we get them all. The two not intended for extra- kernel use have !_KERNEL #error's, which should help. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T08:29:20.000000Z K 7 svn:log V 173 Merge mkioctls:1.38 from HEAD to RELENG_6: Add audit.h to mkioctls inclusion list: audit pipe ioctls need access to the audit types. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T09:21:59.000000Z K 7 svn:log V 754 Merge kern_exec.c:1.293,1.295, kern_acct.c:1.82, vfs_mount.c:1.227 from HEAD to RELENG_6: In execve(), audit the path name being executed. In the future, it would also be good to audit the interpreter pathname, if any. Audit the argv and env vectors passed in on exec: Add the argument auditing functions for argv and env. Add kernel-specific versions of the tokenizer functions for the arg and env represented as a char array. Implement the AUDIT_ARGV and AUDIT_ARGE audit policy commands to enable/disable argv/env auditing. Call the argument auditing from the exec system calls. Audit path passed to the acct() system call. Audit some arguments to nmount(), mount(), umount(). Obtained from: TrustedBSD Project END K 10 svn:author V 8 brueffer K 8 svn:date V 27 2006-09-03T11:33:52.000000Z K 7 svn:log V 28 Document VIA 8237A support. END K 10 svn:author V 8 brueffer K 8 svn:date V 27 2006-09-03T11:39:10.000000Z K 7 svn:log V 95 MFC: rev. 1.65 - 1.67 Document ServerWorks HT1000, Intel ICH8 and ESB2 and VIA 8237A support. END K 10 svn:author V 8 brueffer K 8 svn:date V 27 2006-09-03T11:42:55.000000Z K 7 svn:log V 41 MFC: rev. 1.27 Add Epson Stylus CX3650. END K 10 svn:author V 2 ru K 8 svn:date V 27 2006-09-03T11:53:38.000000Z K 7 svn:log V 33 MFC: 1.53: Add entry for libbsm. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T13:44:21.000000Z K 7 svn:log V 97 Use AUE_NTP_ADJTIME for ntp_adjtime() instead of AUE_ADJTIME. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T13:47:24.000000Z K 7 svn:log V 97 Use AUE_NTP_ADJTIME instead of AUE_ADJTIME for ntp_adjtime(). Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T13:47:52.000000Z K 7 svn:log V 123 Regenerate. Looks like someone missed doing this previously as more than just the audit event change appears in the diff. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T13:48:26.000000Z K 7 svn:log V 95 Assign audit event identifiers to many common system calls. Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T13:48:48.000000Z K 7 svn:log V 12 Regenerate. END K 10 svn:author V 3 ume K 8 svn:date V 27 2006-09-03T15:10:04.000000Z K 7 svn:log V 122 Support Celsius (nn.nC), Fahrenheit (nn.nF) and Kelvin (nnnn) to specify temperature. Reviewed by: njl MFC after: 3 days END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T15:10:40.000000Z K 7 svn:log V 229 Assign proper audit event identifiers to a number of system calls not covered in previous passes: - sysarch, rtprio - clock_settime - preadv/pwritev - __getcwd - kqueue - fhstatfs - kldunloadf Obtained from: TrustedBSD Project END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T15:11:13.000000Z K 7 svn:log V 48 Regenerate for updated audit event identifiers. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-03T16:02:37.000000Z K 7 svn:log V 83 MFC: tools/tools/crypto/ubsecstats.c 1.4 Add missing stats.hst_nodesc statistics. END K 10 svn:author V 7 delphij K 8 svn:date V 27 2006-09-03T16:10:31.000000Z K 7 svn:log V 292 MFC 1.3: In rev. 1.2 we have introduced a fallback handler for files with unknown extensions. This seems to be unnecessary and prevents less(1) from being able to detect file changes, so remove the part. Submitted by: Eric Huss PR: bin/102624 Discussed with: des END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-03T16:13:04.000000Z K 7 svn:log V 164 MFC: sys/sys/sx.h 1.24 Add a sx_xlocked() macro which returns true if the current thread holds an exclusive lock on the specified sx lock. Commit to HEAD by: jhb END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-03T16:15:57.000000Z K 7 svn:log V 166 MFC: sys/geom/geom.h 1.95 Only check if we're freeing a valid object if we hold the topology lock. This prevents panic under heavy load with DIAGNOSTIC compiled in. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T16:17:49.000000Z K 7 svn:log V 574 Set freebsd32 system call event identifiers for: - old truncate, ftruncate - old getpeername, gethostid, sethostid, getrlimit, setrlimit, killpg. - old quota, getsockname, getdirentries. - lgetfh - old getdomainname, setdomainname - sysarch, rtprio, __getcwd, jail, sigtimedwait - extattrctl, extattr_{get,set,delete,list}_{file,fd,link} - getresgid, getresuid, kqueue, eaccess, nmount, sendfile - fhstatfs, kldunloadf Right identifiers for: - nfssvc Remove incorrect identifier for: - __acl_get_file Compile tested with help of: sam Obtained from: TrustedBSD Project END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-03T16:21:25.000000Z K 7 svn:log V 110 MFC: share/man/man9/Makefile 1.276 share/man/man9/sx.9 1.34 Document sx_xlocked(9). Submitted by: ssouhlal END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-03T16:24:36.000000Z K 7 svn:log V 12 Regenerate. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-03T16:28:40.000000Z K 7 svn:log V 199 MFC: sys/geom/geom.h 1.94 sys/geom/geom_io.c 1.70 Add g_duplicate_bio() function which does the same thing what g_clone_bio() is doing, but g_duplicate_bio() allocates new bio with M_WAITOK flag. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-03T17:11:27.000000Z K 7 svn:log V 363 - Add a deprecation note since this driver was replaced by le(4) in HEAD. [1] - Remove Digital DEPCA from the list of supported hardware; DEPCA cards use shared memory for the buffers and descriptors but the current ISA front-end of lnc(4) only knows about adapters that use DMA instead (lnc(4) did support DEPCA in the past though). Reviewed by: ru [1] END K 10 svn:author V 6 brooks K 8 svn:date V 27 2006-09-03T17:32:32.000000Z K 7 svn:log V 324 MFC: 1.23 /etc/crontab is similar enough to parse as correct if you run "crontab /etc/crontab", but not the same format due to the who field. Add some limited anti-foot-shooting support and refuse to load /etc/crontab as someone's crontab. Users wishing shoot their foot in this manner may copy /etc/crontab elsewhere. :) END K 10 svn:author V 2 ru K 8 svn:date V 27 2006-09-03T17:52:19.000000Z K 7 svn:log V 40 Use a #define to refer to /etc/crontab. END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-03T18:16:45.000000Z K 7 svn:log V 189 Restore the expected and documented pre rev. 1.36 behavior of giving preference to pcn(4). Take precedence over le(4) though, as le(4) isn't meant to supersede lnc(4) in this branch (yet). END K 10 svn:author V 6 marius K 8 svn:date V 27 2006-09-03T21:20:21.000000Z K 7 svn:log V 347 Do as the USII CPU manual suggests and leave interrupts enabled for a bit before retrying to resend an IPI in order to avoid deadlocks if the other CPU is also trying to send one. OpenSolaris uses a delay of 1 microsecond here but waiting 2 microseconds with interrupts enabled like Linux does shouldn't hurt but is a bit safer. MFC after: 1 day END K 10 svn:author V 7 trhodes K 8 svn:date V 27 2006-09-03T21:31:20.000000Z K 7 svn:log V 53 Belated update for login.conf checks. Bump doc date. END K 10 svn:author V 3 alc K 8 svn:date V 27 2006-09-03T22:24:08.000000Z K 7 svn:log V 38 Make vm_page_release_contig() static. END K 10 svn:author V 6 dwhite K 8 svn:date V 27 2006-09-04T00:19:31.000000Z K 7 svn:log V 331 Avoid an infinite loop in empty_both_buffers() by adding a timeout. This helps systems that don't actually have atkbd controllers, such as the Intel SBX82 blade, boot without device.hints hacks. Hardware for this fix provided by iXsystems. PR: 94822 Submitted by: Devon H. O'Dell MFC After: 3 days END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-04T06:06:23.000000Z K 7 svn:log V 43 White space cleanup, no functional change. END K 10 svn:author V 7 rwatson K 8 svn:date V 27 2006-09-04T06:07:51.000000Z K 7 svn:log V 65 Merge audit.h:1.9 from HEAD to RELENG_6: White space cleanup. END K 10 svn:author V 8 brueffer K 8 svn:date V 27 2006-09-04T06:14:57.000000Z K 7 svn:log V 123 MFC: rev. 1.508 Don't build iwi(4) on amd64, there are problems with the firmware modules. Approved by: rwatson (mentor) END K 10 svn:author V 2 ru K 8 svn:date V 27 2006-09-04T07:40:53.000000Z K 7 svn:log V 266 If building the module as part of the kernel build, determine the "device isa" presence out of the opt_isa.h in the kernel build directory, rather than always assuming its presence. sparc64 is still special cased and is not affected by this change. Noticed by: bde END K 10 svn:author V 6 thomas K 8 svn:date V 27 2006-09-04T08:32:17.000000Z K 7 svn:log V 21 Fix typo in comment. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T09:53:28.000000Z K 7 svn:log V 396 MFC: sys/kern/kern_event.c 1.100-1.102 - Use SLIST_FOREACH_SAFE() macro, because knote_drop() can free an element which can be then used to find next element in the list. - Remove confusing done_noglobal label. The KQ_GLOBAL_UNLOCK() macro know how to handle both situations - when kq_global lock is and is not held. - Don't forget to unlock kq lock in low memory situations. OK'ed by: jmg END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T09:58:25.000000Z K 7 svn:log V 496 MFC: sys/kern/vfs_subr.c 1.680,1.681 Add a bandaid to avoid a deadlock in a situation, when we are trying to suspend a file system, but need to obtain a vnode. We may not be able to do it, because all vnodes could be already in use and other processes cannot release them, because they are waiting in "suspfs" state. In such situation, we allow to allocate a vnode anyway. This is a temporary fix - there is no backpressure to free vnodes allocated in those circumstances. Reviewed by: tegge END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:01:35.000000Z K 7 svn:log V 156 MFC: sys/kern/vfs_vnops.c 1.242 vn_start_write() is called only when v_type != VCHR, so corresponding vn_finished_write() should also be called only then. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:05:25.000000Z K 7 svn:log V 162 MFC: sys/ufs/ffs/ffs_snapshot.c 1.121 - Set bio_done directly to NULL to indicate that we want to wait for the bio. - Use biowait() instead of copying the code. END K 10 svn:author V 7 trhodes K 8 svn:date V 27 2006-09-04T10:20:53.000000Z K 7 svn:log V 77 Reword previous commit, now supporting better English. Discussed with: ceri END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:26:17.000000Z K 7 svn:log V 304 MFC: sys/kern/kern_fork.c 1.259 - Use suser_cred(9) instead of checking cr_ruid directly. - For privileged processes safe two mutex operations. We may want to consider if this is good idea to use SUSER_ALLOWJAIL here, but for now I didn't wanted to change the original behaviour. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:28:26.000000Z K 7 svn:log V 112 MFC: sys/kern/kern_ktrace.c 1.109 Use suser_cred(9) instead of checking cr_uid directly. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:30:09.000000Z K 7 svn:log V 129 MFC: sys/kern/kern_descrip.c 1.295 Compress direct cr_ruid comparsion and jailed() call to suser_cred(9). Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:31:53.000000Z K 7 svn:log V 241 MFC: sys/netinet/in_pcb.c 1.178 - Use suser_cred(9) instead of directly checking cr_uid. - Change the order of conditions to first verify that we actually need to check for privileges and then eventually check them. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:33:44.000000Z K 7 svn:log V 242 MFC: sys/netinet6/in6_pcb.c 1.71 - Use suser_cred(9) instead of directly checking cr_uid. - Change the order of conditions to first verify that we actually need to check for privileges and then eventually check them. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:35:07.000000Z K 7 svn:log V 155 MFC: sys/netinet6/ipsec.c 1.45 - Use suser_cred(9) instead of directly comparing cr_uid. - Compare pointer with NULL, instead of 0. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:36:47.000000Z K 7 svn:log V 146 MFC: sys/netipsec/ipsec_osdep.h 1.3 - Use suser_cred(9) instead of directly comparing cr_uid. - Compare pointer with NULL. Reviewed by: rwatson END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:39:47.000000Z K 7 svn:log V 172 MFC: sys/netinet/ip_input.c 1.317,1.318 Set 'fp' variable to NULL after freeing it, so it won't be dereferenced later. Found by: Coverity Prevent analysis tool CID: 993 END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:43:40.000000Z K 7 svn:log V 117 MFC: sys/conf/files 1.1138 sys/libkern/strstr.c 1.1 sys/sys/libkern.h 1.54 Add strstr() function to the libkern. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T10:44:40.000000Z K 7 svn:log V 91 MFC: sys/contrib/dev/acpica/acfreebsd.h 1.31 The strstr() function is in the libkern now. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T12:47:19.000000Z K 7 svn:log V 93 MFC: sys/geom/label/g_label.c 1.21 Verify if a label doesn't point to the parent directory. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T12:55:43.000000Z K 7 svn:log V 641 MFC: sys/geom/mirror/g_mirror.c 1.86-1.88 sys/geom/raid3/g_raid3.c 1.70-1.72 - Don't use f-word in comments. We are gentlemans. Pointed out by: Maciej Sobczak - Commit the results of the typo hunt by Darren Pilgrim. This change affects documentation and comments only, no real code involved. PR: misc/101245 Submitted by: Darren Pilgrim Tested by: md5(1) Commit to HEAD by: yar - Not only a request from us can be passed to g_{mirror,raid3}_worker() function, but also a request to us, in which case checking bio_cflags is wrong, because the class above us is controling it, not we. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T12:59:35.000000Z K 7 svn:log V 65 MFC: sys/ufs/ffs/ffs_vfsops.c 1.318 Declare UFS module version. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T13:01:51.000000Z K 7 svn:log V 245 MFC: sys/modules/geom/geom_bde/Makefile 1.2 Don't expect that 'device random' will compile in those files into the kernel for us. If random is compiled as kernel module, geom_bde.ko cannot be loaded. Reported by: Michal Suszko END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T13:07:59.000000Z K 7 svn:log V 73 MFC: tools/regression/ipsec/ipsec.t 1.1 Add regression tests for IPsec. END K 10 svn:author V 2 mr K 8 svn:date V 27 2006-09-04T13:14:44.000000Z K 7 svn:log V 160 Add locking to vge_ifmedia_upd(). With this WD-timeouts for vge(4) got reduced signifficantly. Testet on -stable. Submitted by: Oleg Bulyzhin MFC after: 1 day END K 10 svn:author V 3 kib K 8 svn:date V 27 2006-09-04T13:55:32.000000Z K 7 svn:log V 303 While checking for update of snapshot file in the ffs_copyonwrite, first filter out metadata update. Otherwise, devfs vnode could be erronously interpreted as ufs one, causing further check of i_flags to use random memory. PR: kern/100365 Debugged and fix described by: tegge Approved by: pjd (mentor) END K 10 svn:author V 6 thomas K 8 svn:date V 27 2006-09-04T15:09:21.000000Z K 7 svn:log V 213 (pw_copy): Handle the case of a malformed line in master.passwd (copy it silently, do not dereference NULL pointer). PR: bin/102848 Reviewed by: security-officer (cperciva) MFC after: 1 week END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T15:16:14.000000Z K 7 svn:log V 57 MFC: Synchronize opencrypto framework with HEAD version. END K 10 svn:author V 3 pjd K 8 svn:date V 27 2006-09-04T15:17:50.000000Z K 7 svn:log V 281 MFC: sys/netipsec/key.c sys/netipsec/xform_ah.c sys/netipsec/xform_esp.c sys/netipsec/xform_ipcomp.c - Allow to use fast_ipsec(4) on debug.mpsafenet=0 and INVARIANTS-enabled systems. Without the change it will panic on assertions. - Update the code after opencrypto changes. END