CVS commit: src/sbin/devpubd
Module Name:src Committed By: jmcneill Date: Sun Dec 4 13:01:54 UTC 2011 Modified Files: src/sbin/devpubd: devpubd-run-hooks.in Log Message: exit 0 on success To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sbin/devpubd/devpubd-run-hooks.in Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/etc
Module Name:src Committed By: jmcneill Date: Sun Dec 4 13:09:07 UTC 2011 Modified Files: src/etc/etc.amd64: rc.conf.append src/etc/etc.i386: rc.conf.append Log Message: default powerd=YES if acpi is present To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/etc/etc.amd64/rc.conf.append cvs rdiff -u -r1.1 -r1.2 src/etc/etc.i386/rc.conf.append Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [jmcneill-usbmp] src/sys/dev
Module Name:src Committed By: jmcneill Date: Sun Dec 4 13:23:17 UTC 2011 Modified Files: src/sys/dev/ic [jmcneill-usbmp]: sl811hs.c src/sys/dev/pci [jmcneill-usbmp]: ehci_pci.c src/sys/dev/usb [jmcneill-usbmp]: ehci.c ehcivar.h ohci.c uhci.c usb.c usb_subr.c usbdi.c usbdivar.h Log Message: Make ehci mpsafe. To generate a diff of this commit: cvs rdiff -u -r1.31 -r1.31.2.1 src/sys/dev/ic/sl811hs.c cvs rdiff -u -r1.53 -r1.53.6.1 src/sys/dev/pci/ehci_pci.c cvs rdiff -u -r1.181 -r1.181.6.1 src/sys/dev/usb/ehci.c cvs rdiff -u -r1.38 -r1.38.10.1 src/sys/dev/usb/ehcivar.h cvs rdiff -u -r1.218 -r1.218.6.1 src/sys/dev/usb/ohci.c cvs rdiff -u -r1.240 -r1.240.6.1 src/sys/dev/usb/uhci.c cvs rdiff -u -r1.125 -r1.125.6.1 src/sys/dev/usb/usb.c cvs rdiff -u -r1.180 -r1.180.6.1 src/sys/dev/usb/usb_subr.c cvs rdiff -u -r1.134 -r1.134.2.1 src/sys/dev/usb/usbdi.c cvs rdiff -u -r1.93 -r1.93.8.1 src/sys/dev/usb/usbdivar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/kern
Module Name:src Committed By: dholland Date: Sun Dec 4 15:12:07 UTC 2011 Modified Files: src/sys/kern: kern_exec.c Log Message: Revert Christos's accidental changes. To generate a diff of this commit: cvs rdiff -u -r1.332 -r1.333 src/sys/kern/kern_exec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/xen/xen
Module Name:src Committed By: cherry Date: Sun Dec 4 15:15:41 UTC 2011 Modified Files: src/sys/arch/xen/xen: if_xennet_xenbus.c Log Message: [merging from cherry-xenmp] Make MP aware: use mutex(9) instead of spl(9) To generate a diff of this commit: cvs rdiff -u -r1.54 -r1.55 src/sys/arch/xen/xen/if_xennet_xenbus.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch
Module Name:src Committed By: chs Date: Sun Dec 4 16:24:13 UTC 2011 Modified Files: src/sys/arch/amd64/amd64: locore.S machdep.c src/sys/arch/amd64/include: types.h src/sys/arch/x86/include: pmap.h src/sys/arch/x86/x86: pmap.c Log Message: map all of physical memory using large pages. ported from openbsd years ago by Murray Armfield, updated for changes since then by me. To generate a diff of this commit: cvs rdiff -u -r1.65 -r1.66 src/sys/arch/amd64/amd64/locore.S cvs rdiff -u -r1.171 -r1.172 src/sys/arch/amd64/amd64/machdep.c cvs rdiff -u -r1.39 -r1.40 src/sys/arch/amd64/include/types.h cvs rdiff -u -r1.48 -r1.49 src/sys/arch/x86/include/pmap.h cvs rdiff -u -r1.142 -r1.143 src/sys/arch/x86/x86/pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/ld.elf_so/arch/hppa
Module Name:src Committed By: skrll Date: Sun Dec 4 16:53:08 UTC 2011 Modified Files: src/libexec/ld.elf_so/arch/hppa: hppa_reloc.c Log Message: Use the tlsoffset from the correct object. To generate a diff of this commit: cvs rdiff -u -r1.40 -r1.41 src/libexec/ld.elf_so/arch/hppa/hppa_reloc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: chs Date: Sun Dec 4 17:00:10 UTC 2011 Modified Files: src/sys/arch/x86/include: cacheinfo.h src/usr.sbin/cpuctl/arch: i386.c Log Message: add info on L2 TLBs and 1GB pages. To generate a diff of this commit: cvs rdiff -u -r1.12 -r1.13 src/sys/arch/x86/include/cacheinfo.h cvs rdiff -u -r1.25 -r1.26 src/usr.sbin/cpuctl/arch/i386.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 18:34:20 UTC 2011 Modified Files: src/share/man/man9: sysctl.9 Log Message: - add the bool type for IMMEDIATE flag. - minor tweak to the handler example: it leaks 't' (on stack) when passed to sysctl_lookup(9), as it copyout its content via sysctl_data. That would not be the case if CTLFLAG_IMMEDIATE flag was set for this node but the example does not preclude that. To generate a diff of this commit: cvs rdiff -u -r1.17 -r1.18 src/share/man/man9/sysctl.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [jmcneill-usbmp] src/sys/dev/usb
Module Name:src Committed By: jmcneill Date: Sun Dec 4 19:22:57 UTC 2011 Modified Files: src/sys/dev/usb [jmcneill-usbmp]: ehci.c Log Message: change callout_stop + usbd_delay_ms to callout_halt + callout_destroy in ehci_detach To generate a diff of this commit: cvs rdiff -u -r1.181.6.1 -r1.181.6.2 src/sys/dev/usb/ehci.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys
Module Name:src
Committed By: jym
Date: Sun Dec 4 19:25:01 UTC 2011
Modified Files:
src/sys/kern: init_main.c kern_auth.c kern_module.c
src/sys/rump/librump/rumpkern: Makefile.rumpkern rump.c
src/sys/secmodel: files.secmodel
src/sys/secmodel/bsd44: bsd44.h files.bsd44 secmodel_bsd44.c
src/sys/secmodel/keylock: secmodel_keylock.c
src/sys/secmodel/overlay: overlay.h secmodel_overlay.c
src/sys/secmodel/securelevel: secmodel_securelevel.c securelevel.h
src/sys/secmodel/suser: secmodel_suser.c suser.h
src/sys/sys: kauth.h
Added Files:
src/sys/secmodel: secmodel.c secmodel.h
src/sys/secmodel/extensions: extensions.h files.extensions
secmodel_extensions.c
Log Message:
Implement the register/deregister/evaluation API for secmodel(9). It
allows registration of callbacks that can be used later for
cross-secmodel "safe" communication.
When a secmodel wishes to know a property maintained by another
secmodel, it has to submit a request to it so the other secmodel can
proceed to evaluating the request. This is done through the
secmodel_eval(9) call; example:
bool isroot;
error = secmodel_eval("org.netbsd.secmodel.suser", "is-root",
cred, &isroot);
if (error == 0 && !isroot)
result = KAUTH_RESULT_DENY;
This one asks the suser module if the credentials are assumed to be root
when evaluated by suser module. If the module is present, it will
respond. If absent, the call will return an error.
Args and command are arbitrarily defined; it's up to the secmodel(9) to
document what it expects.
Typical example is securelevel testing: when someone wants to know
whether securelevel is raised above a certain level or not, the caller
has to request this property to the secmodel_securelevel(9) module.
Given that securelevel module may be absent from system's context (thus
making access to the global "securelevel" variable impossible or
unsafe), this API can cope with this absence and return an error.
We are using secmodel_eval(9) to implement a secmodel_extensions(9)
module, which plugs with the bsd44, suser and securelevel secmodels
to provide the logic behind curtain, usermount and user_set_cpu_affinity
modes, without adding hooks to traditional secmodels. This solves a
real issue with the current secmodel(9) code, as usermount or
user_set_cpu_affinity are not really tied to secmodel_suser(9).
The secmodel_eval(9) is also used to restrict security.models settings
when securelevel is above 0, through the "is-securelevel-above"
evaluation:
- curtain can be enabled any time, but cannot be disabled if
securelevel is above 0.
- usermount/user_set_cpu_affinity can be disabled any time, but cannot
be enabled if securelevel is above 0.
Regarding sysctl(7) entries:
curtain and usermount are now found under security.models.extensions
tree. The security.curtain and vfs.generic.usermount are still
accessible for backwards compat.
Documentation is incoming, I am proof-reading my writings.
Written by elad@, reviewed and tested (anita test + interact for rights
tests) by me. ok elad@.
See also
http://mail-index.netbsd.org/tech-security/2011/11/29/msg000422.html
XXX might consider va0 mapping too.
XXX Having a secmodel(9) specific printf (like aprint_*) for reporting
secmodel(9) errors might be a good idea, but I am not sure on how
to design such a function right now.
To generate a diff of this commit:
cvs rdiff -u -r1.437 -r1.438 src/sys/kern/init_main.c
cvs rdiff -u -r1.65 -r1.66 src/sys/kern/kern_auth.c
cvs rdiff -u -r1.85 -r1.86 src/sys/kern/kern_module.c
cvs rdiff -u -r1.113 -r1.114 src/sys/rump/librump/rumpkern/Makefile.rumpkern
cvs rdiff -u -r1.237 -r1.238 src/sys/rump/librump/rumpkern/rump.c
cvs rdiff -u -r1.4 -r1.5 src/sys/secmodel/files.secmodel
cvs rdiff -u -r0 -r1.1 src/sys/secmodel/secmodel.c
cvs rdiff -u -r0 -r1.4 src/sys/secmodel/secmodel.h
cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/bsd44/bsd44.h
cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/bsd44/files.bsd44
cvs rdiff -u -r1.14 -r1.15 src/sys/secmodel/bsd44/secmodel_bsd44.c
cvs rdiff -u -r0 -r1.1 src/sys/secmodel/extensions/extensions.h \
src/sys/secmodel/extensions/files.extensions \
src/sys/secmodel/extensions/secmodel_extensions.c
cvs rdiff -u -r1.5 -r1.6 src/sys/secmodel/keylock/secmodel_keylock.c
cvs rdiff -u -r1.4 -r1.5 src/sys/secmodel/overlay/overlay.h
cvs rdiff -u -r1.11 -r1.12 src/sys/secmodel/overlay/secmodel_overlay.c
cvs rdiff -u -r1.22 -r1.23 \
src/sys/secmodel/securelevel/secmodel_securelevel.c
cvs rdiff -u -r1.3 -r1.4 src/sys/secmodel/securelevel/securelevel.h
cvs rdiff -u -r1.35 -r1.36 src/sys/secmodel/suser/secmodel_suser.c
cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/suser/suser.h
cvs rdiff -u -r1.65 -r1.66 src/sys/sys/kauth.h
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
CVS commit: src/usr.sbin/envstat
Module Name:src Committed By: jmcneill Date: Sun Dec 4 19:34:22 UTC 2011 Modified Files: src/usr.sbin/envstat: envstat.c Log Message: change printed indicator and battery charge strings from ON and OFF to TRUE and FALSE, because messages like "battery present: ON" are difficult for my brain to parse. To generate a diff of this commit: cvs rdiff -u -r1.88 -r1.89 src/usr.sbin/envstat/envstat.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/dev/ic
Module Name:src Committed By: jakllsch Date: Sun Dec 4 19:48:36 UTC 2011 Modified Files: src/sys/dev/ic: wdc.c Log Message: correct some typos in comments, whitespace adjustments To generate a diff of this commit: cvs rdiff -u -r1.265 -r1.266 src/sys/dev/ic/wdc.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: [jmcneill-usbmp] src/sys/dev/usb
Module Name:src Committed By: jmcneill Date: Sun Dec 4 21:02:27 UTC 2011 Modified Files: src/sys/dev/usb [jmcneill-usbmp]: ohci.c ohcivar.h Log Message: adapt ohci, from mrg with some changes by me To generate a diff of this commit: cvs rdiff -u -r1.218.6.1 -r1.218.6.2 src/sys/dev/usb/ohci.c cvs rdiff -u -r1.51 -r1.51.8.1 src/sys/dev/usb/ohcivar.h Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel/extensions
Module Name:src Committed By: jym Date: Sun Dec 4 21:04:51 UTC 2011 Modified Files: src/sys/secmodel/extensions: secmodel_extensions.c Log Message: When user_set_cpu_affinity is non-zero, only allow users to modify the CPU affinity of the LWPs they own. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/secmodel/extensions/secmodel_extensions.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src
Module Name:src Committed By: jym Date: Sun Dec 4 21:08:46 UTC 2011 Modified Files: src/distrib/sets/lists/comp: mi src/lib/libpthread: affinity.3 src/lib/librt: sched.3 src/share/man/man9: Makefile secmodel.9 secmodel_bsd44.9 secmodel_securelevel.9 secmodel_suser.9 Added Files: src/share/man/man9: secmodel_extensions.9 Log Message: Improvements in secmodel(9). Document secmodel_register(9), _deregister(9) and _eval(9). Add secmodel_extensions(9), and indicate the new sysctl(7) to let ordinary users control the CPU affinity (user_set_cpu_affinity). To generate a diff of this commit: cvs rdiff -u -r1.1715 -r1.1716 src/distrib/sets/lists/comp/mi cvs rdiff -u -r1.6 -r1.7 src/lib/libpthread/affinity.3 cvs rdiff -u -r1.10 -r1.11 src/lib/librt/sched.3 cvs rdiff -u -r1.361 -r1.362 src/share/man/man9/Makefile cvs rdiff -u -r1.17 -r1.18 src/share/man/man9/secmodel.9 cvs rdiff -u -r1.13 -r1.14 src/share/man/man9/secmodel_bsd44.9 cvs rdiff -u -r0 -r1.1 src/share/man/man9/secmodel_extensions.9 cvs rdiff -u -r1.10 -r1.11 src/share/man/man9/secmodel_securelevel.9 cvs rdiff -u -r1.4 -r1.5 src/share/man/man9/secmodel_suser.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 21:52:37 UTC 2011 Modified Files: src/share/man/man9: kauth.9 Log Message: GETPARAMS => GETPARAM SETPARAMS => SETPARAM To generate a diff of this commit: cvs rdiff -u -r1.93 -r1.94 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/modules
Module Name:src Committed By: jym Date: Sun Dec 4 23:13:54 UTC 2011 Modified Files: src/sys/modules: Makefile Added Files: src/sys/modules/secmodel_extensions: Makefile Log Message: Hook secmodel_extensions(9) to modules build. To generate a diff of this commit: cvs rdiff -u -r1.99 -r1.100 src/sys/modules/Makefile cvs rdiff -u -r0 -r1.1 src/sys/modules/secmodel_extensions/Makefile Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/examples/secmodel
Module Name:src Committed By: jym Date: Sun Dec 4 23:55:36 UTC 2011 Modified Files: src/share/examples/secmodel: example.h secmodel_example.c Log Message: Update secmodel_examples to better describe the secmodel(9) API. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/share/examples/secmodel/example.h cvs rdiff -u -r1.25 -r1.26 src/share/examples/secmodel/secmodel_example.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/share/man/man9
Module Name:src Committed By: jym Date: Sun Dec 4 23:59:25 UTC 2011 Modified Files: src/share/man/man9: kauth.9 Log Message: KAUTH_GENERIC_CANSEE is no more. To generate a diff of this commit: cvs rdiff -u -r1.94 -r1.95 src/share/man/man9/kauth.9 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/secmodel/securelevel
Module Name:src Committed By: jym Date: Mon Dec 5 00:13:31 UTC 2011 Modified Files: src/sys/secmodel/securelevel: secmodel_securelevel.c Log Message: secmodel_eval(9) may want to access securelevel before it is set to the right value, so init it first before registering secmodel(9). To generate a diff of this commit: cvs rdiff -u -r1.23 -r1.24 \ src/sys/secmodel/securelevel/secmodel_securelevel.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/net/npf
Module Name:src Committed By: rmind Date: Mon Dec 5 00:34:25 UTC 2011 Modified Files: src/sys/net/npf: npf_state_tcp.c Log Message: - Add npf_tcpfl2case() and make TCP state table more compact. - Adjust the state for FIN case on sim-SYN and SYN-RECEIVED. To generate a diff of this commit: cvs rdiff -u -r1.1 -r1.2 src/sys/net/npf/npf_state_tcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/distrib/sets/lists/modules
Module Name:src Committed By: jym Date: Mon Dec 5 02:04:34 UTC 2011 Modified Files: src/distrib/sets/lists/modules: mi Log Message: Set list fix... To generate a diff of this commit: cvs rdiff -u -r1.38 -r1.39 src/distrib/sets/lists/modules/mi Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/sys/arch/hppa/hppa
Module Name:src Committed By: skrll Date: Mon Dec 5 07:34:51 UTC 2011 Modified Files: src/sys/arch/hppa/hppa: pmap.c Log Message: Whitespace. To generate a diff of this commit: cvs rdiff -u -r1.81 -r1.82 src/sys/arch/hppa/hppa/pmap.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
CVS commit: src/libexec/ld.elf_so/arch/hppa
Module Name:src Committed By: skrll Date: Mon Dec 5 07:36:32 UTC 2011 Removed Files: src/libexec/ld.elf_so/arch/hppa: mdtls.c Log Message: Remove unused file. To generate a diff of this commit: cvs rdiff -u -r1.1 -r0 src/libexec/ld.elf_so/arch/hppa/mdtls.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
