Age | Commit message (Collapse) | Author |
|
|
|
with privilege elevation no suid or sgid binaries are necessary any
longer. Applications can be executed completely
unprivileged. Systrace raises the privileges for a single system call
depending on the configured policy.
Idea from discussions with Perry Metzger, Dug Song and Marcus Watts.
from provos
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
FreeBSD commit messages say:
Some BIOSs are using MTRR values that are only documented under NDA
to control the mapping of things like the ACPI and APM into memory.
The problem is that starting X changes these values, so if something
was using the bits of BIOS mapped into memory (say ACPI or APM),
then next time they access this memory the machine would hang.
This patch refuse to change MTRR values it doesn't understand,
unless a new "force" option is given. This means X doesn't change
them by accident but someone can override that if they really want
to.
PR: 28418
Tested by: Christopher Masto <chris at netmonger dot net>,
David Bushong <david at bushong dot net>,
Santos <casd at myrealbox dot com>
Make the MTRR code a bit more defensive - this should help people
trying to run X on some Athlon systems where the BIOS does odd things
(mines an ASUS A7A266, but it seems to also help on other systems).
Here's a description of the problem and my fix:
The problem with the old MTRR code is that it only expects
to find documented values in the bytes of MTRR registers.
To convert the MTRR byte into a FreeBSD "Memory Range Type"
(mrt) it uses the byte value and looks it up in an array.
If the value is not in range then the mrt value ends up
containing random junk.
This isn't an immediate problem. The mrt value is only used
later when rewriting the MTRR registers. When we finally
go to write a value back again, the function i686_mtrrtype()
searches for the junk value and returns -1 when it fails
to find it. This is converted to a byte (0xff) and written
back to the register, causing a GPF as 0xff is an illegal
value for a MTRR byte.
To work around this problem I've added a new mrt flag
MDF_UNKNOWN. We set this when we read a MTRR byte which
we do not understand. If we try to convert a MDF_UNKNOWN
back into a MTRR value, then the new function, i686_mrt2mtrr,
just returns the old value of the MTRR byte. This leaves
the memory range type unchanged.
I have seen one side effect of the fix, which is that ACPI calls
after X has been run seem to hang my machine. As running X would
previously panic the machine, this is still an improvement ;-)
PR: 28418, 25958
Tested by: jkh, Christopher Masto <chris at netmonger dot net>
|
|
<miod> well, my comments are "looks sane, works for me, ok to commit"
|
|
gcc has the nice feature of optimizing various common constructs into
more optimal ones, inlining various calls, etc. The problem with that
is that it assumes that we have a proper libc backing us. We really
don't want to loose all those features by defining -ffreestanding and
right now there is no way to just disable some of them, so we have to
make the kernel more libc-like in some aspects to make it work with
newer gcc.
rename putchar to kputchar because it was nothing like libc putchar (and
only internal to this function). Implement dummy putchar and puts (not
prototyped outside this file).
|
|
give us pages. PR_NOWAIT most likely means "hey, we're coming from an
interrupt, don't mess with stuff that doesn't have proper protection".
- pool_allocator_free is called in too many places so I don't feel
comfortable without that added protection from splvm (and besides,
pool_allocator_free is rarely called anyway, so the extra spl will be
unnoticeable). It shouldn't matter when fiddling with those flags, but
you never know.
- Remove a wakeup without a matching tsleep. It's a left-over from
some other code path that I've been investigating when reworking the
pool a while ago and it should have been removed before that commit.
deraadt@ ok
|
|
binat on fxp0 from 192.168.0.32/27 to any -> 10.0.7.128/27
Both the network mask on the source and redirect addresses MUST be the
same, and it works by essentially combining the network section of the
redirect address with the host section of the source address.
from ryan
ok dhartmei@
|
|
|
|
Boca Turbo Serial 654 (4 port serial)
Boca Turbo Serial 658 (8 port)
from Andrey Smagin with a little help by me
ok deraadt@
|
|
|
|
|
|
transmit cmds and properly align the rings
|
|
|
|
|
|
Last bits of diff generated by Chris Kuethe.
|
|
Diff generated by Chris Kuethe.
|
|
by millert@
|
|
evaluate the same thing for each loop iteration in wi_get_id().
[ previous commit contained unrelated changes and has been removed ]
|
|
since gcc doesn't seem to evaluate htole16() of a constant at
compile time after all. Noticed by deraadt@
|
|
for now, implemnet a tentative transition mechanism to allow the old API
and the new API to coexit.
the old API will go away when pfctl(8) becomes ready.
|
|
|
|
make the table itself a #define so we can reuse it in wicontrol.
Also add a bunch of chip IDs from NetBSD/FreeBSD.
mickey@ OK
|
|
|
|
|
|
|
|
panic: m_copym0: m == 0 and not COPYALL
and/or
panic: m_copydata: null muf
on bridges running pf with scrubbing enabled.
Bug report, test vector and confirmation by Jon Morby.
ok jason@, jasoni@
|
|
|
|
|
|
|
|
the order doesn't matter at this moment but could be problematic
if 2 tags of the same type are ever added.
ok jason@, dhartmei@, angelos@
|
|
Started by a commit to siop from provos@netbsd.org.
ok miod@ millert@
|
|
|
|
|
|
|
|
|
|
|
|
from provos
|
|
this commit is to allow further development in both userland and kernel.
the goal is to replace altq's classifier by pf(4).
- make pf tag a queue id to mbuf and make altq read the queue id
- merge altq config into pf.conf(5)
ok dhartmei@, henning@
|
|
It triggers on ppc and while the check itself is correct, it's better to
fix the bug before breaking peoples systems.
|
|
pages into the queue already containing allocated pages.
breaks i386:setup_buffers() because of this.
|
|
|
|
|
|
|