兊"223665 155 183 588 1627 613 205 219 1450 175 204 2327 730 466 834 336 336 276 667 667 225 236 131 208 213 166 155 466 99 349 135 415 278 151 235 135 173 1682 146 147 180 155 182 170 255 148 133 235 482 275 122 147 347 172 141 185 1167 121 592 493 358 282 369 261 313 186 285 278 147 254 150 150 513 208 159 171 185 107 340 675 1764 457 243 255 634 566 445 353 301 146 394 337 232 172 99 638 269 134 127 652 148 219 363 322 1317 127 215 556 220 259 343 819 301 567 207 171 135 172 141 204 183 183 814 372 528 183 279 213 280 331 123 203 292 338 410 229 377 209 151 203 130 124 162 343 416 416 184 184 132 803 132 139 803 390 178 324 807 K 10 svn:author V 5 kevlo K 8 svn:date V 27 2011-06-29T09:35:40.295101Z K 7 svn:log V 89 Typo Submitted by: Damjan Marion MFC after: 3 days END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-06-29T10:06:58.683651Z K 7 svn:log V 496 Add new rule actions "call" and "return" to ipfw. They make possible to organize subroutines with rules. The "call" action saves the current rule number in the internal stack and rules processing continues from the first rule with specified number (similar to skipto action). If later a rule with "return" action is encountered, the processing returns to the first rule with number of "call" rule saved in the stack plus one or higher. Submitted by: Vadim Goncharov Discussed by: ipfw@, luigi@ END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-06-29T13:01:10.072217Z K 7 svn:log V 1534 In case ntp cannot resolve a hostname on startup it will queue the entry for resolving by a child process that, upon success, will add the entry to the config of the running running parent process. Unfortunately there are a couple of bugs with this, fixed in various later versions of upstream in potentially different ways due to other code changes: 1) Upon server [-46] the [-46] are used as FQDN for later resolving which does not work. Make sure we always pass the name (or IP there). 2) The intermediate file to carry the information to the child process does not know about -4/-6 restrictions, so that a dual-stacked host could resolve to an IPv6 address but that might be unreachable (see r223626) leading to no working synchronization ignoring a IPv4 record. Thus alter the intermediate format to also pass the address family (AF_UNSPEC (default), AF_INET or AF_INET6) to the child process depending on -4 or -6. 3) Make the child process to parse the new intermediate file format and save the address family for getaddrinfo() hints flags. 4) Change child to always reload resolv.conf calling res_init() before trying to resolve names. This will pick up resolv.conf changes or new resolv.confs should they have not existed or been empty or unusable on ntp startup. This fix is more conditional in upstream versions but given FreeBSD has res_init there is no need for the configure logic as well. Approved by: roberto Sponsored by: Sandvine Incorporated MFC after: 9 days END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-06-29T13:03:05.104919Z K 7 svn:log V 515 We may split today's CAPABILITIES into CAPABILITY_MODE (which has to do with global namespaces) and CAPABILITIES (which has to do with constraining file descriptors). Just in case, and because it's a better name anyway, let's move CAPABILITIES out of the way. Also, change opt_capabilities.h to opt_capsicum.h; for now, this will only hold CAPABILITY_MODE, but it will probably also hold the new CAPABILITIES (implying constrained file descriptors) in the future. Approved by: rwatson Sponsored by: Google UK Ltd END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-06-29T13:06:42.485267Z K 7 svn:log V 113 Record the two ntp bugfixes that can be dropped when updating to later versions of ntp. Discussed with: roberto END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-06-29T13:12:15.932982Z K 7 svn:log V 127 Clarify that we broke pfsync(4) backward compat with the pf commit r223637. Suggested by: Anton Yuzhaninov (citrin citrin.ru) END K 10 svn:author V 6 adrian K 8 svn:date V 27 2011-06-29T13:21:52.447586Z K 7 svn:log V 1353 Fix a corner case in STA beacon processing when a CSA is received but the AP doesn't transmit beacons. If the AP requests a CSA (ie, a channel switch) and then enters CAC (channel availability check) for 60 seconds, it doesn't send beacons and it just listens for radar events (and other things which we don't do yet.) Now, ath_newstate() was not resetting the beacon timer config on a transition to the RUN state when in STA mode - it was setting sc_syncbeacon, which simply updates the beacon config from the contents of the next received beacon. This means the STA never generates beacon miss events. If the AP goes into CAC for 60 seconds and recovers, the STA will happily receive the first beacon and reconfigure timers. But if it gets a radar event after that, it'll change channel again, not notify the station that it's changed channel.. and since the station is happily waiting for the first beacon to configure the beacon timer details from, it won't ever generate a beacon miss interrupt and it'll sit there forever (or until the AP appears on that channel once again.) This change forces the last known beacon timer config to be written to hardware on a transition from CSA->RUN in STA mode. This forces bmiss events to occur and the STA will eventually (after a handful of beacon miss events) begin scanning for another access point. END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-06-29T14:47:20.805077Z K 7 svn:log V 78 Add support for a MosChip PCI express serial port adapter. MFC after: 1 week END K 10 svn:author V 4 gber K 8 svn:date V 27 2011-06-29T15:17:29.554125Z K 7 svn:log V 110 Set proper root device name when legacy NFS client is compiled into kernel. Approved by: cognet (mentor) END K 10 svn:author V 3 jhb K 8 svn:date V 27 2011-06-29T15:58:26.306446Z K 7 svn:log V 2233 MFC 221393,222930: Reimplement how PCI-PCI bridges manage their I/O windows. Previously the driver would verify that requests for child devices were confined to any existing I/O windows, but the driver relied on the firmware to initialize the windows and would never grow the windows for new requests. Now the driver actively manages the I/O windows. This is implemented by allocating a bus resource for each I/O window from the parent PCI bus and suballocating that resource to child devices. The suballocations are managed by creating an rman for each I/O window. The suballocated resources are mapped by passing the bus_activate_resource() call up to the parent PCI bus. Windows are grown when needed by using bus_adjust_resource() to adjust the resource allocated from the parent PCI bus. If the adjust request succeeds, the window is adjusted and the suballocation request for the child device is retried. When growing a window, the rman_first_free_region() and rman_last_free_region() routines are used to determine if the front or end of the existing I/O window is free. From using that, the smallest ranges that need to be added to either the front or back of the window are computed. The driver will first try to grow the window in whichever direction requires the smallest growth first followed by the other direction if that fails. Subtractive bridges will first attempt to satisfy requests for child resources from I/O windows (including attempts to grow the windows). If that fails, the request is passed up to the parent PCI bus directly however. The PCI-PCI bridge driver will try to use firmware-assigned ranges for child BARs first and only allocate a "fresh" range if that specific range cannot be accommodated in the I/O window. This allows systems where the firmware assigns resources during boot but later wipes the I/O windows (some ACPI BIOSen are known to do this) to "rediscover" the original I/O window ranges. The ACPI Host-PCI bridge driver has been adjusted to correctly honor hw.acpi.host_mem_start and the I/O port equivalent when a PCI-PCI bridge makes a wildcard request for an I/O window range. The new PCI-PCI bridge driver is only enabled if the NEW_PCIB kernel option is enabled. END K 10 svn:author V 3 jhb K 8 svn:date V 27 2011-06-29T16:16:59.501945Z K 7 svn:log V 637 MFC 223198: - Use a dedicated task to handle deferred transmits from the if_transmit method instead of reusing the existing per-queue interrupt task. Reusing the per-queue interrupt task could result in both an interrupt thread and the taskqueue thread trying to handle received packets on a single queue resulting in out-of-order packet processing. - Don't define igb_start() at all on 8.0 and where if_transmit is used. Replace last remaining call to igb_start() with a loop to kick off transmit on each queue instead. - Call ether_ifdetach() earlier in igb_detach(). - Drain tasks and free taskqueues during igb_detach(). END K 10 svn:author V 3 jhb K 8 svn:date V 27 2011-06-29T16:20:52.438940Z K 7 svn:log V 373 - Add read-only sysctls for all of the tunables supported by the igb and em drivers. - Make the per-instance 'enable_aim' sysctl truly per-instance by having it change a per-instance variable (which is used to control AIM) rather than having all of the per-instance sysctls operate on a single global variable. Reviewed by: jfv (earlier version) MFC after: 1 week END K 10 svn:author V 3 alc K 8 svn:date V 27 2011-06-29T16:40:41.140688Z K 7 svn:log V 741 Add a new option, OBJPR_NOTMAPPED, to vm_object_page_remove(). Passing this option to vm_object_page_remove() asserts that the specified range of pages is not mapped, or more precisely that none of these pages have any managed mappings. Thus, vm_object_page_remove() need not call pmap_remove_all() on the pages. This change not only saves time by eliminating pointless calls to pmap_remove_all(), but it also eliminates an inconsistency in the use of pmap_remove_all() versus related functions, like pmap_remove_write(). It eliminates harmless but pointless calls to pmap_remove_all() that were being performed on PG_UNMANAGED pages. Update all of the existing assertions on pmap_remove_all() to reflect this change. Reviewed by: kib END K 10 svn:author V 3 dim K 8 svn:date V 27 2011-06-29T16:43:44.864735Z K 7 svn:log V 243 MFC r223579: For some reason, contrib/traceroute/traceroute.c ensures MAXHOSTNAMELEN is defined, but then proceeds to use a hardcoded maximum hostname length of 64 anyway. Fix this by checking against MAXHOSTNAMELEN instead. PR: bin/157732 END K 10 svn:author V 3 dim K 8 svn:date V 27 2011-06-29T16:46:12.299731Z K 7 svn:log V 243 MFC r223579: For some reason, contrib/traceroute/traceroute.c ensures MAXHOSTNAMELEN is defined, but then proceeds to use a hardcoded maximum hostname length of 64 anyway. Fix this by checking against MAXHOSTNAMELEN instead. PR: bin/157732 END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-06-29T16:58:27.340312Z K 7 svn:log V 181 - Add new files to the build - Let the build system control whether symbols are exported as weak references and build libc with weak references and libregex with normal symbols END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-06-29T17:18:33.016065Z K 7 svn:log V 570 MFC r223405: Remove link state change callback handler. There is no need to register both status change and link state change callbacks. Implement checking valid link in state change callback and poll active link state in vr_tick(). This allows immediate detection of lost link as well as protecting driver from frequent link flips during link renegotiation. taskq implementation was removed because driver now needs to poll link state in vr_tick(). While I'm here do not report current link state if interface is not running. Tested by: n_hibma END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-06-29T17:20:10.795083Z K 7 svn:log V 570 MFC r223405: Remove link state change callback handler. There is no need to register both status change and link state change callbacks. Implement checking valid link in state change callback and poll active link state in vr_tick(). This allows immediate detection of lost link as well as protecting driver from frequent link flips during link renegotiation. taskq implementation was removed because driver now needs to poll link state in vr_tick(). While I'm here do not report current link state if interface is not running. Tested by: n_hibma END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-06-29T17:32:52.810352Z K 7 svn:log V 128 Document two known hardware errata which requires manual link configuration. Submitted by: Aries Lee (arieslee <> jmicron com) END K 10 svn:author V 7 linimon K 8 svn:date V 27 2011-06-29T18:19:40.638056Z K 7 svn:log V 139 clang error detection fixes: fix most false positives for "process failed"; add "assumes_gcc"; adds a few cases to clang and linker_error. END K 10 svn:author V 7 linimon K 8 svn:date V 27 2011-06-29T21:12:48.314179Z K 7 svn:log V 35 Add assumes_gcc error explanation. END K 10 svn:author V 6 obrien K 8 svn:date V 27 2011-06-29T21:32:52.745670Z K 7 svn:log V 112 Bump FILEMON_VERSION due to r212984 [log the argument to _exit(2)] -- turns out it makes a difference to bmake. END K 10 svn:author V 8 mckusick K 8 svn:date V 27 2011-06-29T22:12:43.402324Z K 7 svn:log V 115 Handle the FREEDEP case in softdep_sync_buf(). This fix failed to get added in -r223325. Submitted by: Peter Holm END K 10 svn:author V 3 imp K 8 svn:date V 27 2011-06-30T05:20:02.542845Z K 7 svn:log V 74 Add detection for the Marvel 88E1149R and treat it just like the 88E1149. END K 10 svn:author V 4 jeff K 8 svn:date V 27 2011-06-30T05:28:10.703518Z K 7 svn:log V 62 - Handle the JOP_SYNC case as appropriate. Reported by: pho END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-06-30T09:20:26.820065Z K 7 svn:log V 369 Fix quota(1) output. - Fix calculation of 1024-byte sized blocks from disk blocks shown when -h option isn't specified. It was broken with quota64 integration. - In prthumanval(): limit the size of a buffer passed to humanize_number() to a width of 5 bytes but allow a shorter length if requested. That's what users expect. PR: bin/150151 Reviewed by: Kirk McKusick END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-06-30T10:19:43.627288Z K 7 svn:log V 4 MFC END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-06-30T10:56:02.242772Z K 7 svn:log V 251 Add some checks to ensure that Capsicum is behaving correctly, and add some more explicit comments about what's going on and what future maintainers need to do when e.g. adding a new operation to a sys_machdep.c. Approved by: mentor(rwatson), re(bz) END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-06-30T14:10:49.032133Z K 7 svn:log V 41 - Plug in the fixed string matching code END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-06-30T15:22:49.262069Z K 7 svn:log V 317 When Capsicum starts creating capabilities to wrap existing file descriptors, we will want to allocate a new descriptor without installing it in the FD array. Split falloc() into falloc_noinstall() and finstall(), and rewrite falloc() to call them with appropriate atomicity. Approved by: mentor (rwatson), re (bz) END K 10 svn:author V 3 dfr K 8 svn:date V 27 2011-06-30T16:08:56.468108Z K 7 svn:log V 185 Add a version of the FreeBSD bootloader which can run in userland, packaged as a shared library. This is intended to be used by BHyVe to load FreeBSD kernels into new virtual machines. END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-06-30T16:13:00.362358Z K 7 svn:log V 57 - When shortcut is possible, there are no subexpressions END K 10 svn:author V 6 tuexen K 8 svn:date V 27 2011-06-30T16:56:55.097005Z K 7 svn:log V 139 Add the missing sca_keylength field to the sctp_authkey structure, which is used the the SCTP_AUTH_KEY socket option. MFC after: 1 month. END K 10 svn:author V 6 grehan K 8 svn:date V 27 2011-06-30T17:37:42.227832Z K 7 svn:log V 40 IFC @ r223696 to pick up dfr's userboot END K 10 svn:author V 3 mav K 8 svn:date V 27 2011-06-30T19:23:17.558335Z K 7 svn:log V 81 Add ID for Marvell 88SE9125 SATA controller. PR: kern/157843 MFC after: 1 week END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-06-30T20:34:55.101736Z K 7 svn:log V 1585 Change the management of nested faults by switching to physical addressing while reading or writing the trap frame. It's not possible to guarantee that the one translation cache entry that we depend on is not going to get purged by the CPU. We already know that global shootdowns (ptc.g and/or ptc.ga) can (and will) cause multiple TC entries to get purged and we initialize tried to handle that by serializing kernel entry with these operations. However, we need to serialize kernel exit as well. But even if we can serialize, it appears that CPU threads within a core can affect each other's TC entries beyond the global shootdown. This would mean serializing any and all translatation cache updates with the threads in a core with the kernel entry and exit of any thread in that core. This is just too painful and complicated. Since we already properly coded for the 2 nested faults that we can get, all we need to do is use those to obtain the physical address of the trap frame, switch to physical mode and in that way eliminate any further faults. The trap frame is already aligned to 1KB boundaries to make sure we don't cross the page boundary, this is safe to do. We still need to serialize ptc.g or ptc.ga across CPUs because the platform can only have 1 such operation outstanding at the same time. We can now use a regular (spin) lock for this. Also, it has been observed that we can get a nested TLB faults for region 7 virtual addresses. This was unexpected. For now, we enhance the nested TLB fault handler to deal with those as well, but it needs to be understood. END K 10 svn:author V 5 trasz K 8 svn:date V 27 2011-06-30T20:55:16.539659Z K 7 svn:log V 52 Make Sendmail properly set login class and cpumask. END K 10 svn:author V 5 trasz K 8 svn:date V 27 2011-06-30T20:58:38.724483Z K 7 svn:log V 53 Make lukemftpd properly set login class and cpumask. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-01T01:41:22.698340Z K 7 svn:log V 85 Add a stub for IA64TargetLowering::LowerCall() -- used to emit code for a call site. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-01T01:51:28.683551Z K 7 svn:log V 60 ia64 uses the .global directive to declare a global symbol. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-01T03:29:49.621784Z K 7 svn:log V 87 We don't have libunwind (yet?), so use setjmp/longjmp to implement exceptions on ia64. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-01T08:27:03.490371Z K 7 svn:log V 74 Fix double free. Submitted by: Alexander V. Chernikov END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-01T10:25:48.315774Z K 7 svn:log V 158 MFC r223182: Return empty cmdline/environ string for processes with kernel address space. This is consistent with the behavior in linux. PR: kern/157871 END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-01T10:54:47.163036Z K 7 svn:log V 52 Update and sort the list of the available keywords. END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-01T10:57:10.564680Z K 7 svn:log V 37 Bump date after the previous commit. END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-01T12:13:48.426854Z K 7 svn:log V 137 Define cap_rights_t and DTYPE_CAPABILITY, which are required to implement Capsicum capabilities. Approved by: mentor (rwatson), re (bz) END K 10 svn:author V 6 jilles K 8 svn:date V 27 2011-07-01T12:30:34.395375Z K 7 svn:log V 386 MFC r223522: sh(1): Improve documentation of shell patterns: * Shell patterns are also for ${var#pat} and the like. * An '!' by itself will not trigger pathname generation so do not call it a meta-character, even though it has a special meaning directly after an '['. * Character ranges are locale-dependent. * A '^' will complement a character class like '!' but is non-standard. END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-01T18:31:59.336545Z K 7 svn:log V 179 Fix r223695 to compile on architectures which don't use the MBR scheme; wrap the MBR support in the common part of the loader in #ifdef's and enable it only for userboot for now. END K 10 svn:author V 3 sem K 8 svn:date V 27 2011-07-01T19:22:27.542442Z K 7 svn:log V 30 Fix a typo. Approved by: kib END K 10 svn:author V 7 linimon K 8 svn:date V 27 2011-07-01T19:23:25.484727Z K 7 svn:log V 51 Add some error checking for corrupted INDEX lines. END K 10 svn:author V 3 uqs K 8 svn:date V 27 2011-07-01T20:45:55.886149Z K 7 svn:log V 254 - Fix typo in check_for_nested_with_variably_modified present - Implement -Wvariable-decl. - Port -Wtrampolines support from gcc3. (all three also via OpenBSD) PR: gnu/127136, gnu/157019 Submitted by: Henning Petersen, Pedro Giffuni MFC after: 6 weeks END K 10 svn:author V 7 delphij K 8 svn:date V 27 2011-07-02T00:34:02.116204Z K 7 svn:log V 76 MFC r223214: The flags argument of mpool_get() is meaningful, document it. END K 10 svn:author V 7 delphij K 8 svn:date V 27 2011-07-02T00:38:10.908481Z K 7 svn:log V 45 MFC r223216: Sync with OpenBSD (zap rcsid). END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-02T10:17:26.279931Z K 7 svn:log V 90 Using .comm to declare intrnames and eintrnames causes binutils 2.17.50 to merge the two. END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-02T11:14:54.305411Z K 7 svn:log V 1070 - For Cheetah- and Zeus-class CPUs don't flush all unlocked entries from the TLBs in order to get rid of the user mappings but instead traverse them an flush only the latter like we also do for the Spitfire-class. Also flushing the unlocked kernel entries can cause instant faults which when called from within cpu_switch() are handled with the scheduler lock held which in turn can cause timeouts on the acquisition of the lock by other CPUs. This was easily seen with a 16-core V890 but occasionally also happened with 2-way machines. While at it, move the SPARC64-V support code entirely to zeus.c. This causes a little bit of duplication but is less confusing than partially using Cheetah-class bits for these. - For SPARC64-V ensure that 4-Mbyte page entries are stored in the 1024- entry, 2-way set associative TLB. - In {d,i}tlb_get_data_sun4u() turn off the interrupts in order to ensure that ASI_{D,I}TLB_DATA_ACCESS_REG actually are read twice back-to-back. Tested by: Peter Jeremy (16-core US-IV), Michael Moll (2-way SPARC64-V) END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-02T11:46:23.103751Z K 7 svn:log V 26 Don't waste a delay slot. END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-02T12:56:03.263790Z K 7 svn:log V 496 UltraSPARC-IV CPUs seem to be affected by a not publicly documented erratum causing them to trigger stray vector interrupts accompanied by a state in which they even fault on locked TLB entries. Just retrying the instruction in that case gets the CPU back on track though. OpenSolaris also just ignores a certain number of stray vector interrupts. While at it, implement the stray vector interrupt handling for SPARC64-VI which use these for indicating uncorrectable errors in interrupt packets. END K 10 svn:author V 2 ed K 8 svn:date V 27 2011-07-02T13:54:20.208166Z K 7 svn:log V 401 Reintroduce the cioctl() hook in the TTY layer for digi(4). The cioctl() hook can be used by drivers to add ioctls to the *.init and *.lock devices. This commit breaks the ttydevsw ABI, since this structure didn't provide any padding. To prevent ABI breakage in the future, add a tsw_spare. Submitted by: Peter Jeremy Obtained from: kern/152254 (slightly modified) END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-02T15:41:22.897289Z K 7 svn:log V 260 Define the CAPABILITIES kernel option. This option will enable Capsicum capabilities, which provide a fine-grained mask on operations that can be performed on file descriptors. Approved by: mentor (rwatson), re (Capsicum blanket ok) Sponsored by: Google Inc END K 10 svn:author V 3 uqs K 8 svn:date V 27 2011-07-02T16:20:58.125326Z K 7 svn:log V 189 MFH r218940: Teach tools/install.sh the -d directory mode. Sync up with flags understood by install(1) [1], and make install(1)'s usage output not hide the clearly documented -M flag. END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-07-02T18:43:35.721040Z K 7 svn:log V 277 Since head/ and stable/8 have different handling for geom control request parameters, r215941 should be modified to allow use -F option in the "gpart restore" command - "force" parameter should be ascii string. This is direct commit to stable/8. Reported by: Maxim Ignatenko END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-07-02T20:14:40.453956Z K 7 svn:log V 166 - Fix some bugs - Refactor to support single-byte, multi-byte and wide character strings; at the moment still not complete - Be more consistent to TRE coding style END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-07-02T20:26:37.819809Z K 7 svn:log V 215 Fix problem about USB MIDI TX data format, that some devices only accept a maximum of 4 bytes (one command) per short terminated USB transfer. Optimise the TX case by sending multiple USB frames. MFC after: 1 week END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-07-02T20:58:33.399516Z K 7 svn:log V 89 Fix for "nomatch" event for ums and ukbd drivers when uhid is loaded. MFC after: 3 days END K 10 svn:author V 3 alc K 8 svn:date V 27 2011-07-02T23:34:47.163512Z K 7 svn:log V 192 Initialize marker pages as held rather than fictitious/wired. Marking the page as held is more useful as a safety precaution in case someone forgets to check for PG_MARKER. Reviewed by: kib END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-02T23:39:20.819391Z K 7 svn:log V 182 Move register definitions to IA64RegisterInfo.td as per convention. Finalize branch registers (add DWARF information) and branch register class (implied RA order for register list). END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-02T23:41:11.762312Z K 7 svn:log V 52 Add missing dependencies on ${arch}RegisterInfo.td. END K 10 svn:author V 3 alc K 8 svn:date V 27 2011-07-02T23:42:04.988694Z K 7 svn:log V 161 When iterating over a paging queue, explicitly check for PG_MARKER, instead of relying on zeroed memory being interpreted as an empty PV list. Reviewed by: kib END K 10 svn:author V 2 jh K 8 svn:date V 27 2011-07-03T07:14:48.861242Z K 7 svn:log V 59 MFC r222825: Remove a gratuitous newline. PR: bin/153667 END K 10 svn:author V 2 jh K 8 svn:date V 27 2011-07-03T07:16:59.560083Z K 7 svn:log V 59 MFC r222825: Remove a gratuitous newline. PR: bin/153667 END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-07-03T12:22:02.007218Z K 7 svn:log V 421 Add infrastructure to allow all frames/packets received on an interface to be assigned to a non-default FIB instance. You may need to recompile world or ports due to the change of struct ifnet. Submitted by: cjsp Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) (original versions) Reviewed by: julian Reviewed by: Alexander V. Chernikov (melifaro ipfw.ru) MFC after: 2 weeks X-MFC: use spare in struct ifnet END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-07-03T13:27:23.239648Z K 7 svn:log V 110 Introduce a quirk for broken USB MIDI hardware instead of limiting performance in general. MFC after: 1 week END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-07-03T15:27:20.396238Z K 7 svn:log V 65 - Finish single-byte, multi-byte and wide character support bits END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-07-03T15:28:32.326069Z K 7 svn:log V 77 - Increase hash table size to reduce collisions and thus the lookup overhead END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-07-03T15:34:09.131751Z K 7 svn:log V 94 Remove extra white space to comply with style for the rest of the struct. MFC after: 2 weeks END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-07-03T15:40:47.166801Z K 7 svn:log V 13 - style nits END K 10 svn:author V 2 bz K 8 svn:date V 27 2011-07-03T16:08:38.165950Z K 7 svn:log V 248 Tag mbufs of all incoming frames or packets with the interface's FIB setting (either default or if supported as set by SIOCSIFFIB, e.g. from ifconfig). Submitted by: Alexander V. Chernikov (melifaro ipfw.ru) Reviewed by: julian MFC after: 2 weeks END K 10 svn:author V 6 jilles K 8 svn:date V 27 2011-07-03T16:32:03.064402Z K 7 svn:log V 579 MFC r223227: rc.subr: Eliminate about 100 forks from the boot sequence. With the current sh, placing eval in a command substitution always results in a fork(), even if it is the only command and only executes a single simple command. Therefore, avoid it where it can be avoided easily. Side effect: values starting with a hyphen and all whitespace are preserved. The values are defaults and names for rc.conf variables and messages to be given about obsolete ones. The change in the _echoonce function is not included in this MFC because stable/8 does not have this function. END K 10 svn:author V 7 trociny K 8 svn:date V 27 2011-07-03T16:54:27.490835Z K 7 svn:log V 1666 MFC r219847, r221898, r221899, r222224, r223584, r223585: r219847 (pjd): When dropping privileges prefer capsicum over chroot+setgid+setuid. We can use capsicum for secondary worker processes and hastctl. When working as primary we drop privileges using chroot+setgid+setuid still as we need to send ioctl(2)s to ggate device, for which capsicum doesn't allow (yet). r221898 (pjd): When using capsicum to sanbox, still use other methods first, just in case one of them have some problems. r221899 (pjd): Currently we are unable to use capsicum for the primary worker process, because we need to do ioctl(2)s, which are not permitted in the capability mode. What we do now is to chroot(2) to /var/empty, which restricts access to file system name space and we drop privileges to hast user and hast group. This still allows to access to other name spaces, like list of processes, network and sysvipc. To address that, use jail(2) instead of chroot(2). Using jail(2) will restrict access to process table, network (we use ip-less jails) and sysvipc (if security.jail.sysvipc_allowed is turned off). This provides much better separation. r222224 (pjd): To handle BIO_FLUSH and BIO_DELETE requests in secondary worker we need to use ioctl(2). This is why we can't use capsicum for now to sandbox secondary. Capsicum is still used to sandbox hastctl. r223584 (pjd): Log a warning if we cannot sandbox using capsicum, but only under debug level 1. It would be too noisy to log it as a proper warning as CAPABILITIES are not compiled into GENERIC by default. r223585 (pjd): Compile capsicum support only if HAVE_CAPSICUM is defined. Approved by: pjd (mentor) END K 10 svn:author V 2 ed K 8 svn:date V 27 2011-07-03T20:59:57.249282Z K 7 svn:log V 365 Improve portability of config(8). - Use strlen(dp->d_name) instead of the unportable dp->d_namlen. Rename i to len to make it slightly more descriptive and prevent negative indexing of the array. - Replace index() by strchr(). This supposedly fixes compilation on GNU systems. Submitted by: Robert Millan (original patch) MFC after: 3 weeks END K 10 svn:author V 5 gavin K 8 svn:date V 27 2011-07-03T21:05:10.732008Z K 7 svn:log V 148 Merge r223446 from head: Use USB_VENDOR_OVISLINK define rather than the vendor ID. PR: usb/158142 Submitted by: Robert Millan END K 10 svn:author V 5 gavin K 8 svn:date V 27 2011-07-03T21:07:21.392812Z K 7 svn:log V 160 Merge r222778 from head: Rework parts of this man page to improve grammar. PR: docs/157467 (partially) Submitted by: Ben Kaduk (partially) END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-03T21:44:26.477977Z K 7 svn:log V 536 Modify the new NFSv4 client so that it appends a file handle to the lock_owner4 string that goes on the wire. Also, add code to do a ReleaseLockOwner Op on the lock_owner4 string before a Close. Apparently not all NFSv4 servers handle multiple instances of the same lock_owner4 string, at least not in a compatible way. This patch avoids having multiple instances, except for one unusual case, which will be fixed by a future commit. Found at the recent NFSv4 interoperability Bakeathon. Tested by: tdh at excfb.com MFC after: 2 weeks END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-04T00:24:59.510801Z K 7 svn:log V 468 MFC: r223309 Fix the kgssapi so that it can be loaded as a module. Currently the NFS subsystems use five of the rpcsec_gss/kgssapi entry points, but since it was not obvious which others might be useful, all nineteen were included. Basically the nineteen entry points are set in a structure called rpc_gss_entries and inline functions defined in sys/rpc/rpcsec_gss.h check for the entry points being non-NULL and then call them. A default value is returned otherwise. END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-04T00:45:21.342184Z K 7 svn:log V 347 MFC: r223312 Fix a number of places where the new NFS server did not lock the mutex when manipulating rc_flag in the DRC cache. This is believed to fix a hung server that was reported to the freebsd-fs@ list on June 9 under the subject heading "New NFS server stress test hang", where all the threads were waiting for the RC_LOCKED flag to clear. END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-04T01:06:19.407433Z K 7 svn:log V 255 MFC: r223348 Fix the new NFSv4 server so that it allows Access and Readlink operations while traversing non-exported file systems. This is required for some non-FreeBSD clients to do NFSv4 mounts. Found during the recent NFSv4 interoperability Bakeathon. END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-04T01:27:41.723634Z K 7 svn:log V 203 MFC: r223349 Fix the new NFSv4 server so that it only allows Lookup of directories and symbolic links when traversing non-exported file systems. Found during the recent NFSv4 interoperability Bakeathon. END K 10 svn:author V 3 hrs K 8 svn:date V 27 2011-07-04T03:19:06.378706Z K 7 svn:log V 54 Add sanity check for ifm_version in struct if_msghdr. END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-07-04T05:47:48.238551Z K 7 svn:log V 302 ARP code reuses mbuf from ARP request to make a reply, but it does not reset rcvif to NULL. Since rcvif is not NULL, ipfw(4) supposes that ARP replies were received on specified interface. Reset rcvif to NULL for ARP replies to fix this issue. PR: kern/131817 Reviewed by: glebius MFC after: 1 month END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-04T07:03:44.597105Z K 7 svn:log V 240 - Use refcount(9) API to manage node and hook refcounting. - Make ng_unref_node() void, since caller shouldn't be interested in whether node is valid after call or not, since it can't be guaranteed to be valid. [1] Ok from: julian [1] END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-07-04T07:37:28.036049Z K 7 svn:log V 134 Make the USB keyboard driver more HID compliant. Try to auto-detect keyboards which should use the BOOT protocol. MFC after: 2 weeks END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-07-04T10:45:54.778600Z K 7 svn:log V 76 Completely remove now unused pc_other_cpus, pc_cpumask. Tested by: pluknet END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-07-04T11:13:00.731268Z K 7 svn:log V 4 MFC END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-07-04T12:04:52.168657Z K 7 svn:log V 541 With retirement of cpumask_t and usage of cpuset_t for representing a mask of CPUs, pc_other_cpus and pc_cpumask become highly inefficient. Remove them and replace their usage with custom pc_cpuid magic (as, atm, pc_cpumask can be easilly represented by (1 << pc_cpuid) and pc_other_cpus by (all_cpus & ~(1 << pc_cpuid))). This change is not targeted for MFC because of struct pcpu members removal and dependency by cpumask_t retirement. MD review by: marcel, marius, alc Tested by: pluknet MD testing by: marcel, marius, gonzo, andreast END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-07-04T12:18:12.659933Z K 7 svn:log V 172 - Remove the now unused CPU_NAND_ATOMIC() - Add a comment explaining that CPU_OR_ATOMIC() and CPU_COPY_STORE_REL() are special wrappers used to cater particular cases. END K 10 svn:author V 7 attilio K 8 svn:date V 27 2011-07-04T12:19:09.073507Z K 7 svn:log V 38 Delete the now unused project branch. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-04T13:55:55.971262Z K 7 svn:log V 31 Fix build with NETGRAPH_DEBUG. END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-04T14:40:32.597222Z K 7 svn:log V 554 Add kernel functions to unwrap capabilities. cap_funwrap() and cap_funwrap_mmap() unwrap capabilities, exposing the underlying object. Attempting to unwrap a capability with an inadequate rights mask (e.g. calling cap_funwrap(fp, CAP_WRITE | CAP_MMAP, &result) on a capability whose rights mask is CAP_READ | CAP_MMAP) will result in ENOTCAPABLE. Unwrapping a non-capability is effectively a no-op. These functions will be used by Capsicum-aware versions of _fget(), etc. Approved by: mentor (rwatson), re (Capsicum blanket) Sponsored by: Google Inc END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-04T16:59:26.937418Z K 7 svn:log V 53 Disable PREEMPTION for now. See also PR ia64/147501. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-04T17:03:19.301793Z K 7 svn:log V 123 Add a trivial script for creating memstick images. These are not bootable yet, but proven to be useful without it already. END K 10 svn:author V 3 eri K 8 svn:date V 27 2011-07-04T17:43:04.476271Z K 7 svn:log V 270 pf(4) tags now store the state key but tcp_respond tries to reuse a mbuf as an optimization. This makes pf find the wrong state and cause errors reported with state mismatches. Clear the cached state link on the pf(4) tag to avoid the state mismatches. Approved by: bz END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-04T19:33:04.459223Z K 7 svn:log V 226 Simplify dependency of generated headers on .td files. Since all headers get generated from ${ARCH}.td, any and all .td files can influence the outcome. As such, have all headers depend on all .td files. This is more correct. END K 10 svn:author V 6 marcel K 8 svn:date V 27 2011-07-04T19:51:26.167129Z K 7 svn:log V 1220 o Implement LowerFormalArguments() LowerReturn() using CallingConv and for general registers only. o Implement IA64InstrInfo::copyPhysReg() for general registers. This is needed during lowering and before copy elimination. o Move IA instruction definitions from IA64.td to IA64InstrFormat.td and IA64InstrInfo.td. Add the register form of the add instruction and add the branch return instruction. o Rename register classes to something a lot shorter: BR instead of Branch, etc. o Define branch registers properly. THis includes their DWARF register numbers. Flesh out the general registers in a similar manner. o Add the target-specific RET_FLAG SDNode type, that's used to represent function returns. o Implement IA64MCInstLower::Lower() for general registers, so that we can lower add instructions to machine code. Given that the assemblerwriter is based on machine code, this means that we can properly compile: long add(long x, long y) { return (x + y); } into: .file "add.c" .text .global add .align 32 .type add,@function add: add r8=r33,r32 br.ret.sptk rp .tmp0: .size add, .tmp0-add END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-04T20:50:09.930044Z K 7 svn:log V 31 Fix build with NETGRAPH_DEBUG. END K 10 svn:author V 4 jeff K 8 svn:date V 27 2011-07-04T20:52:23.787081Z K 7 svn:log V 121 - Fix an inode quota leak. We need to decrement the quota once and only once. Tested by: pho Reviewed by: mckusick END K 10 svn:author V 4 jeff K 8 svn:date V 27 2011-07-04T20:53:55.149389Z K 7 svn:log V 462 - It is impossible to run request_cleanup() while doing a copyonwrite. This will most likely cause new block allocations which can recurse into request cleanup. - While here optimize the ufs locking slightly. We need only acquire and drop once. - process_removes() and process_truncates() also is only needed once. - Attempt to flush each item on the worklist once but do not loop forever if some can not be completed. Discussed with: mckusick END K 10 svn:author V 4 jeff K 8 svn:date V 27 2011-07-04T21:04:25.705959Z K 7 svn:log V 126 - Handle D_JSEGDEP in the softdep_sync_buf() switch. These can now find themselves on snapshot vnodes. Reported by: pho END K 10 svn:author V 4 jeff K 8 svn:date V 27 2011-07-04T22:08:04.607029Z K 7 svn:log V 165 - Speed up pendingblock processing again. Having too much delay between ffs_blkfree() and the pending adjustment causes all kinds of space related problems. END K 10 svn:author V 3 gjb K 8 svn:date V 27 2011-07-04T23:00:26.870194Z K 7 svn:log V 250 - General grammar and mdoc(7) fixes. [1] [2] - While here, remove a paragraph about userspace operation that has been outdated for some time. [2] PR: 158623 Submitted by: Ben Kudak (kaduk % mit!edu) [1] Reviewed by: glebius [2] MFC after: 1 week END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-04T23:32:09.872954Z K 7 svn:log V 721 The algorithm used by nfscl_getopen() could have resulted in multiple instances of the same lock_owner when a process both inherited an open file descriptor plus opened the same file itself. Since some NFSv4 servers cannot handle multiple instances of the same lock_owner string, this patch changes the algorithm used by nfscl_getopen() in the new NFSv4 client to keep that from happening. The new algorithm is simpler, since there is no longer any need to ascend the process's parentage tree because all NFSv4 Closes for a file are done at VOP_INACTIVE()/VOP_RECLAIM(), making the Opens indistinct w.r.t. use with Lock Ops. This problem was discovered at the recent NFSv4 interoperability Bakeathon. MFC after: 2 weeks END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-05T01:58:09.163346Z K 7 svn:log V 203 MFC: r223373 Fix the new NFSv4 server so that it checks for VREAD_ACL when a client does a Getattr for an ACL and not VREAD_ATTRIBUTES. This was found during the recent NFSv4 interoperability Bakeathon. END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-05T02:15:42.560671Z K 7 svn:log V 469 MFC: r223382 Change the NFSv4 nfsuserd daemon so that it doesn't preload the uid<->username mapping cache with an entry when another entry for that uid is already loaded. This fixes a case where the mapping of "toor" would replace "root" when the daemon was started, resulting in no mapping for "root" until the cache entry for "toor" timed out. The algorithm is inefficient, but since it is only done once when the daemon is started up, I don't think that's an issue. END K 10 svn:author V 7 delphij K 8 svn:date V 27 2011-07-05T02:49:29.955576Z K 7 svn:log V 110 MFC r217140: Use ether_ntoa instead of home-grown version. Noticed by: Boris Kochergin END K 10 svn:author V 7 delphij K 8 svn:date V 27 2011-07-05T02:50:27.960491Z K 7 svn:log V 75 MFC r223374: Staticify cleanup() which is not referenced in other places. END K 10 svn:author V 7 delphij K 8 svn:date V 27 2011-07-05T02:51:27.095032Z K 7 svn:log V 39 MFC r223375: Remove unneeded headers. END K 10 svn:author V 7 trociny K 8 svn:date V 27 2011-07-05T06:12:28.501081Z K 7 svn:log V 76 Remove useless initialization. Approved by: pjd (mentor) MFC after: 3 days END K 10 svn:author V 8 hselasky K 8 svn:date V 27 2011-07-05T07:05:18.353373Z K 7 svn:log V 44 MFC r223728. Fix for missing nomatch event. END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-05T10:03:21.482910Z K 7 svn:log V 107 MFC r223625: Update ifc_len field of struct ifconf passed for the ioctl SIOCGIFCONF32. PR: kern/158369 END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-05T10:21:06.532620Z K 7 svn:log V 87 MFC r223644: Run load_rc_config early to fix quota knobs expansion. PR: conf/157687 END K 10 svn:author V 7 pluknet K 8 svn:date V 27 2011-07-05T10:37:17.521738Z K 7 svn:log V 87 MFC r223644: Run load_rc_config early to fix quota knobs expansion. PR: conf/157687 END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-05T13:45:10.136751Z K 7 svn:log V 716 Rework _fget to accept capability parameters. This new version of _fget() requires new parameters: - cap_rights_t needrights the rights that we expect the capability's rights mask to include (e.g. CAP_READ if we are going to read from the file) - cap_rights_t *haverights used to return the capability's rights mask (ignored if NULL) - u_char *maxprotp the maximum mmap() rights (e.g. VM_PROT_READ) that can be permitted (only used if we are going to mmap the file; ignored if NULL) - int fget_flags FGET_GETCAP if we want to return the capability itself, rather than the underlying object which it wraps Approved by: mentor (rwatson), re (Capsicum blanket) Sponsored by: Google Inc END K 10 svn:author V 2 ed K 8 svn:date V 27 2011-07-05T14:12:48.054971Z K 7 svn:log V 280 Only print entries for which ut_host points to a character device. Now that we use utmpx, we more often have entries for which the ut_line is left blank. To prevent us from returning struct stat for "/dev/", check that the resulting stat structure belongs to a character device. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-05T14:48:39.760979Z K 7 svn:log V 431 o Eliminate flow6_hash_entry in favor of flow_hash_entry. We don't need a separate struct to start a slist of semi-opaque structs. This makes some code more compact. o Rewrite ng_netflow_flow_show() and its API/ABI: - Support for IPv6 is added. - Request and response now use same struct. Structure specifies version (6 or 4), index of last retrieved hash, and also index of last retrieved entry in the hash entry. END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-05T14:50:06.769592Z K 7 svn:log V 87 Rewrite the flowctl utility to add it support for displaying both IPv4 and IPv4 flows. END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-05T14:54:33.434768Z K 7 svn:log V 181 Merge r223505 from HEAD to stable/8: -- Tidy up a capabilities-related comment. This commit refers to an #ifdef that hasn't been merged [yet?]; remove it. Approved by: rwatson -- END K 10 svn:author V 7 glebius K 8 svn:date V 27 2011-07-05T14:55:17.932034Z K 7 svn:log V 116 Update manual page. Mention IPv6 support, and notice that main argument isn't actually a node, but a netgraph path. END K 10 svn:author V 8 jonathan K 8 svn:date V 27 2011-07-05T14:58:10.715211Z K 7 svn:log V 182 Merge r223505 from HEAD to stable/7: -- Tidy up a capabilities-related comment. This commit refers to an #ifdef that hasn't been merged [yet?]; remove it. Approved by: rwatson -- END K 10 svn:author V 10 nwhitehorn K 8 svn:date V 27 2011-07-05T15:00:55.178923Z K 7 svn:log V 230 Follow Linux by unconditionally stripping the RX vlan tag from incoming packets. It turns out that all firmware versions insert it, whether or not they support VLAN tagging. Submitted by: glevand END K 10 svn:author V 5 gabor K 8 svn:date V 27 2011-07-05T18:29:32.575659Z K 7 svn:log V 29 - Fix buggy macro definition END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-05T18:40:19.342235Z K 7 svn:log V 105 Delete files made obsolete by the change in default NFS client and the move of nfs_kdtrace.h to sys/nfs. END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-05T18:40:37.538344Z K 7 svn:log V 196 Call pmap_qremove() before freeing or unwiring the pages, otherwise there's a window during which a page can be re-used before its previous mapping is removed. Reviewed by: alc MFC after: 1 week END K 10 svn:author V 4 jkim K 8 svn:date V 27 2011-07-05T18:42:10.028949Z K 7 svn:log V 244 Correct cpu_monitor() and cpu_mwait() for amd64. These instructions take %rcx as "extensions" in long mode. If any unused bit is set in %rcx, these instructions cause general protection fault. Fix style nits and synchronize i386 with amd64. END K 10 svn:author V 8 cperciva K 8 svn:date V 27 2011-07-05T18:43:54.596614Z K 7 svn:log V 312 Don't allow lro->len to exceed 65535, as this will result in overflow when len is inserted back into the synthetic IP packet and cause a multiple of 2^16 bytes of TCP "packet loss". This improves Linux->FreeBSD netperf bandwidth by a factor of 300 in testing on Amazon EC2. Reviewed by: jfv MFC after: 2 weeks END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-05T18:46:19.271451Z K 7 svn:log V 133 In pmap_remove_all() assert that the page is neither fictitious nor unmanaged as also done on other architectures. Reviewed by: alc END K 10 svn:author V 8 cperciva K 8 svn:date V 27 2011-07-05T18:49:55.171584Z K 7 svn:log V 279 Remove #ifdef notyet code dating back to 4.3BSD Net/2 (and possibly earlier). I think the benefit of making the code cleaner and easier to understand outweighs the humour of leaving this intact (or possibly changing it to #ifdef not_yet_and_probably_never). MFC after: 2 weeks END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-05T18:50:40.804819Z K 7 svn:log V 113 - pmap_cache_remove() and pmap_protect_tte() are only used within pmap.c so static'ize them. - Correct a typo. END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-05T18:55:56.764937Z K 7 svn:log V 56 It can be useful to know which page still has mappings. END K 10 svn:author V 8 rmacklem K 8 svn:date V 27 2011-07-05T19:26:58.727853Z K 7 svn:log V 105 Delete files made obsolete because they were moved to sys/nfs in order to be shared by both NFS clients. END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-05T19:37:48.306997Z K 7 svn:log V 36 Vendor import of BIND 9.6-ESV-R4-P3 END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-05T19:38:41.270529Z K 7 svn:log V 30 Tag the 9.6-ESV-R4-P3 release END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-05T19:48:57.551115Z K 7 svn:log V 68 Document the need to remove doxygen-related stuff from configure.in END K 10 svn:author V 6 marius K 8 svn:date V 27 2011-07-05T20:05:06.631900Z K 7 svn:log V 247 Remove the IDR_CHEETAH_MAX_BN_PAIRS limit from cheetah_ipi_selected(). This is just a simple approach. For reasons unknown OpenSolaris uses a more sophisticated one involving IPIing the remaining CPUs in reverse order after the first batch of 32. END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-07-05T23:17:27.402361Z K 7 svn:log V 319 MFC r223608: Disable microcode loading for 82550 and 82550C controllers. Loading the microcode caused SCB timeouts. Linux driver does not allow microcode loading for these controllers and jfv also confirmed that there is no need to do and it shouldn't. PR: kern/103332 Additional confirmation from: jfv END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-07-05T23:18:28.318251Z K 7 svn:log V 319 MFC r223608: Disable microcode loading for 82550 and 82550C controllers. Loading the microcode caused SCB timeouts. Linux driver does not allow microcode loading for these controllers and jfv also confirmed that there is no need to do and it shouldn't. PR: kern/103332 Additional confirmation from: jfv END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-07-05T23:30:14.203611Z K 7 svn:log V 88 MFC r223610: Enable CPUSaver D102 E-step microcode loading for 82551 revision 0x10. END K 10 svn:author V 7 yongari K 8 svn:date V 27 2011-07-05T23:31:40.044729Z K 7 svn:log V 88 MFC r223610: Enable CPUSaver D102 E-step microcode loading for 82551 revision 0x10. END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-06T00:47:27.447454Z K 7 svn:log V 38 Apply bug fixes Submitted by: marius END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-06T00:48:31.385248Z K 7 svn:log V 708 Update to version 9.6-ESV-R4-P3 ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY This update addresses the following vulnerability: CVE-2011-2464 ============= Severity: High Exploitable: Remotely Description: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 https://www.isc.org/software/bind/advisories/cve-2011-2464 END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-06T00:49:35.580796Z K 7 svn:log V 38 Apply bug fixes Submitted by: marius END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-06T00:50:27.807186Z K 7 svn:log V 45 Update relevant to the 9.6-ESV-R4-P3 release END K 10 svn:author V 5 dougb K 8 svn:date V 27 2011-07-06T00:50:54.946824Z K 7 svn:log V 708 Update to version 9.6-ESV-R4-P3 ALL BIND USERS ARE ENCOURAGED TO UPGRADE IMMEDIATELY This update addresses the following vulnerability: CVE-2011-2464 ============= Severity: High Exploitable: Remotely Description: A defect in the affected BIND 9 versions allows an attacker to remotely cause the "named" process to exit using a specially crafted packet. This defect affects both recursive and authoritative servers. The code location of the defect makes it impossible to protect BIND using ACLs configured within named.conf or by disabling any features at compile-time or run-time. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2464 https://www.isc.org/software/bind/advisories/cve-2011-2464 END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-07-06T05:40:22.778590Z K 7 svn:log V 298 MFC r223660: Initialize elements of state array when creating the GPT table. This fixes the problem, when the secondary GPT header is not erased when partition table destroyed. Move equal operations from g_part_gpt_create and g_part_gpt_recover to the separate function g_gpt_set_defaults. END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-07-06T05:42:52.719369Z K 7 svn:log V 87 MFC r223358: Do not use SET_HOST_IPLEN() macro for IPv6 packets. PR: kern/157239 END K 10 svn:author V 6 gordon K 8 svn:date V 27 2011-07-06T06:34:08.205537Z K 7 svn:log V 228 Only increment the ypcnt once per data record. The old implementation was incrementing it twice making it impossible to iterate the table since the records were 1, 3, 5, 7 (or 2, 4, 6, 8 for the v3 records). MFC after: 10 days END K 10 svn:author V 2 ae K 8 svn:date V 27 2011-07-06T06:56:31.367697Z K 7 svn:log V 715 MFC r222582: O_FORWARD_IP is only action which depends from the result of lookup of dynamic rules. We are doing forwarding in the following cases: o For the simple ipfw fwd rule, e.g. fwd 10.0.0.1 ip from any to any out xmit em0 fwd 127.0.0.1,3128 tcp from any to any 80 in recv em1 o For the dynamic fwd rule, e.g. fwd 192.168.0.1 tcp from any to 10.0.0.3 3333 setup keep-state When this rule triggers it creates a dynamic rule, but this dynamic rule should forward packets only in forward direction. o And the last case that does not work before - simple fwd rule which triggers when some dynamic rule is already executed. PR: kern/136695, kern/147720, kern/150798 END