svn commit: r261318 - head/share/misc
Author: maxim Date: Fri Jan 31 08:48:25 2014 New Revision: 261318 URL: http://svnweb.freebsd.org/changeset/base/261318 Log: o NetBSD 6.1.3 added. Modified: head/share/misc/bsd-family-tree Modified: head/share/misc/bsd-family-tree == --- head/share/misc/bsd-family-tree Fri Jan 31 07:56:04 2014 (r261317) +++ head/share/misc/bsd-family-tree Fri Jan 31 08:48:25 2014 (r261318) @@ -284,23 +284,17 @@ FreeBSD 5.2 | | | | 8.4 | |NetBSD 6.1.1 | | | | | | | | | | FreeBSD | |NetBSD 6.1.2 | | - |9.2 Mac OS X | | | - | 10.9|OpenBSD 5.4 | - || | | DragonFly 3.6.0 + |9.2 Mac OS X | | | | + | 10.9| |OpenBSD 5.4 | + || | | | DragonFly 3.6.0 + || | | | | + *--FreeBSD | |NetBSD 6.1.3 | | + | 10.0 | | | | || | | | || | | | +FreeBSD 11 -current | NetBSD -current OpenBSD -current | || | | | - || | | | - || NetBSD -current OpenBSD -current | - || | | | - |v v v v - | - *--FreeBSD - | 10.0 - | - | -FreeBSD 11 -current - v + vv v v v Time @@ -616,6 +610,7 @@ Mac OS X 10.9 2013-10-22 [APL] OpenBSD 5.42013-11-01 [OBD] DragonFly 3.6.02013-11-25 [DFB] FreeBSD 10.0 2014-01-20 [FBD] +NetBSD 6.1.3 2014-01-27 [NBD] Bibliography ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261319 - in head: contrib/groff/tmac gnu/usr.bin/groff/tmac
Author: uqs Date: Fri Jan 31 12:26:30 2014 New Revision: 261319 URL: http://svnweb.freebsd.org/changeset/base/261319 Log: Pull up vendor changes up to 2014-01-29 - move local overrides into mdoc.local - syncs us with git commit 819839b66c80e8dabe6cb24ea6319c26c9a2be14 Discussed with: ru MFC after: 2 weeks Modified: head/contrib/groff/tmac/doc-common head/contrib/groff/tmac/doc-syms head/contrib/groff/tmac/doc.tmac head/contrib/groff/tmac/groff_mdoc.man head/gnu/usr.bin/groff/tmac/mdoc.local Modified: head/contrib/groff/tmac/doc-common == --- head/contrib/groff/tmac/doc-common Fri Jan 31 08:48:25 2014 (r261318) +++ head/contrib/groff/tmac/doc-common Fri Jan 31 12:26:30 2014 (r261319) @@ -37,6 +37,7 @@ . .nr %A 1 .nr %B 1 +.nr %C 1 .nr %D 1 .nr %I 1 .nr %J 1 @@ -484,7 +485,15 @@ .ds doc-operating-system-NetBSD-5.0.1 5.0.1 .ds doc-operating-system-NetBSD-5.0.2 5.0.2 .ds doc-operating-system-NetBSD-5.1 5.1 +.ds doc-operating-system-NetBSD-5.1.2 5.1.2 +.ds doc-operating-system-NetBSD-5.1.3 5.1.3 +.ds doc-operating-system-NetBSD-5.2 5.2 +.ds doc-operating-system-NetBSD-5.2.1 5.2.1 .ds doc-operating-system-NetBSD-6.0 6.0 +.ds doc-operating-system-NetBSD-6.0.1 6.0.1 +.ds doc-operating-system-NetBSD-6.0.2 6.0.2 +.ds doc-operating-system-NetBSD-6.0.3 6.0.3 +.ds doc-operating-system-NetBSD-6.1 6.1 . .ds doc-operating-system-OpenBSD-2.0 2.0 .ds doc-operating-system-OpenBSD-2.1 2.1 @@ -517,6 +526,10 @@ .ds doc-operating-system-OpenBSD-4.8 4.8 .ds doc-operating-system-OpenBSD-4.9 4.9 .ds doc-operating-system-OpenBSD-5.0 5.0 +.ds doc-operating-system-OpenBSD-5.1 5.1 +.ds doc-operating-system-OpenBSD-5.2 5.2 +.ds doc-operating-system-OpenBSD-5.3 5.3 +.ds doc-operating-system-OpenBSD-5.4 5.4 . .ds doc-operating-system-FreeBSD-1.0 1.0 .ds doc-operating-system-FreeBSD-1.1 1.1 @@ -535,6 +548,7 @@ .ds doc-operating-system-FreeBSD-2.2.6 2.2.6 .ds doc-operating-system-FreeBSD-2.2.7 2.2.7 .ds doc-operating-system-FreeBSD-2.2.8 2.2.8 +.ds doc-operating-system-FreeBSD-2.2.9 2.2.9 .ds doc-operating-system-FreeBSD-3.0 3.0 .ds doc-operating-system-FreeBSD-3.1 3.1 .ds doc-operating-system-FreeBSD-3.2 3.2 @@ -575,6 +589,7 @@ .ds doc-operating-system-FreeBSD-8.1 8.1 .ds doc-operating-system-FreeBSD-8.2 8.2 .ds doc-operating-system-FreeBSD-9.0 9.0 +.ds doc-operating-system-FreeBSD-10.010.0 . .ds doc-operating-system-Darwin-8.0.0 8.0.0 .ds doc-operating-system-Darwin-8.1.0 8.1.0 @@ -613,21 +628,37 @@ .ds doc-operating-system-DragonFly-1.41.4 .ds doc-operating-system-DragonFly-1.51.5 .ds doc-operating-system-DragonFly-1.61.6 +.ds doc-operating-system-DragonFly-1.71.7 .ds doc-operating-system-DragonFly-1.81.8 .ds doc-operating-system-DragonFly-1.8.1 1.8.1 +.ds doc-operating-system-DragonFly-1.91.9 .ds doc-operating-system-DragonFly-1.10 1.10 +.ds doc-operating-system-DragonFly-1.11 1.11 .ds doc-operating-system-DragonFly-1.12 1.12 .ds doc-operating-system-DragonFly-1.12.2 1.12.2 +.ds doc-operating-system-DragonFly-1.13 1.13 .ds doc-operating-system-DragonFly-2.02.0 +.ds doc-operating-system-DragonFly-2.12.1 .ds doc-operating-system-DragonFly-2.22.2 +.ds doc-operating-system-DragonFly-2.32.3 .ds doc-operating-system-DragonFly-2.42.4 +.ds doc-operating-system-DragonFly-2.52.5 .ds doc-operating-system-DragonFly-2.62.6 +.ds doc-operating-system-DragonFly-2.72.7 .ds doc-operating-system-DragonFly-2.82.8 .ds doc-operating-system-DragonFly-2.92.9 .ds doc-operating-system-DragonFly-2.9.1 2.9.1 .ds doc-operating-system-DragonFly-2.10 2.10 .ds doc-operating-system-DragonFly-2.10.1 2.10.1 .ds doc-operating-system-DragonFly-2.11 2.11 +.ds doc-operating-system-DragonFly-3.03.0 +.ds doc-operating-system-DragonFly-3.13.1 +.ds doc-operating-system-DragonFly-3.23.2 +.ds doc-operating-system-DragonFly-3.33.3 +.ds doc-operating-system-DragonFly-3.43.4 +.ds doc-operating-system-DragonFly-3.53.5 +.ds doc-operating-system-DragonFly-3.63.6 +.ds doc-operating-system-DragonFly-3.73.7 . .de Os . ds doc-command-name Modified: head/contrib/groff/tmac/doc-syms == --- head/contrib/groff/tmac/doc-symsFri Jan 31 08:48:25 2014 (r261318) +++ head/contrib/groff/tmac/doc-symsFri Jan 31 12:26:30 2014 (r261319) @@ -812,7 +812,6 @@ .ds doc-str-Lb-librpcsec_gss RPC GSS-API Authentication Library (librpcsec_gss, \-lrpcsec_gss) .ds doc-str-Lb-librpcsvc RPC Service Library (librpcsvc, \-lrpcsvc) .ds doc-str-Lb-librt \*[Px] \*[doc-str-Lb]Real-time Library (librt, \-lrt) -.ds doc-str-Lb-libsbuf Safe String Composition Library (libsbuf, \-lsbuf) .ds doc-str-Lb-libsdp Bluetooth Service Discovery Protocol User Library (libs
Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Hi Jamie:
As these privileges basically allows root processes in jail to break out of
jail, I think this needs a much more clear signpost that this is a very unsafe
thing to turn on. I can imagine scenarios where this might be useful, but
can't really imagine any where it is 'safe' with respect to the jail model.
Can we put a very large and very clear warning in the jail(8) man page, as
well as a comment in the kernel source code about this?
Robert
On Wed, 29 Jan 2014, Jamie Gritton wrote:
Author: jamie
Date: Wed Jan 29 13:41:13 2014
New Revision: 261266
URL: http://svnweb.freebsd.org/changeset/base/261266
Log:
Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
This in conjunction with changing the drm driver's permission check from
PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
Submitted by: netchild
MFC after: 1 week
Modified:
head/sys/dev/drm/drmP.h
head/sys/kern/kern_jail.c
head/sys/sys/jail.h
head/usr.sbin/jail/jail.8
Modified: head/sys/dev/drm/drmP.h
==
--- head/sys/dev/drm/drmP.h Wed Jan 29 13:35:12 2014(r261265)
+++ head/sys/dev/drm/drmP.h Wed Jan 29 13:41:13 2014(r261266)
@@ -227,7 +227,9 @@ enum {
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
-#if __FreeBSD_version >= 70
+#if __FreeBSD_version >= 100
+#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0)
+#elif __FreeBSD_version >= 70
#define DRM_SUSER(p)(priv_check(p, PRIV_DRIVER) == 0)
#else
#define DRM_SUSER(p)(suser(p) == 0)
Modified: head/sys/kern/kern_jail.c
==
--- head/sys/kern/kern_jail.c Wed Jan 29 13:35:12 2014(r261265)
+++ head/sys/kern/kern_jail.c Wed Jan 29 13:41:13 2014(r261266)
@@ -208,6 +208,7 @@ static char *pr_allow_names[] = {
"allow.mount.zfs",
"allow.mount.procfs",
"allow.mount.tmpfs",
+ "allow.kmem",
};
const size_t pr_allow_names_size = sizeof(pr_allow_names);
@@ -224,6 +225,7 @@ static char *pr_allow_nonames[] = {
"allow.mount.nozfs",
"allow.mount.noprocfs",
"allow.mount.notmpfs",
+ "allow.nokmem",
};
const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
@@ -3951,6 +3953,27 @@ prison_priv_check(struct ucred *cred, in
return (0);
/*
+* Allow access to /dev/io in a jail if the non-jailed admin
+* requests this and if /dev/io exists in the jail. This
+* allows Xorg to probe a card.
+*/
+ case PRIV_IO:
+ if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
+ return (0);
+ else
+ return (EPERM);
+
+ /*
+* Allow low level access to KMEM-like devices (e.g. to
+* allow Xorg to use DRI).
+*/
+ case PRIV_KMEM_WRITE:
+ if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
+ return (0);
+ else
+ return (EPERM);
+
+ /*
* Allow jailed root to set loginclass.
*/
case PRIV_PROC_SETLOGINCLASS:
@@ -4384,6 +4407,8 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYP
"B", "Jail may set file quotas");
SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
"B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
+SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW,
+"B", "Jail may access kmem-like devices (io, dri) if they exist");
SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
Modified: head/sys/sys/jail.h
==
--- head/sys/sys/jail.h Wed Jan 29 13:35:12 2014(r261265)
+++ head/sys/sys/jail.h Wed Jan 29 13:41:13 2014(r261266)
@@ -228,7 +228,8 @@ struct prison_racct {
#define PR_ALLOW_MOUNT_ZFS 0x0200
#define PR_ALLOW_MOUNT_PROCFS 0x0400
#define PR_ALLOW_MOUNT_TMPFS0x0800
-#definePR_ALLOW_ALL0x0fff
+#definePR_ALLOW_KMEM 0x1000
+#definePR_ALLOW_ALL0x1fff
/*
* OSD methods
Modified: head/usr.sbin/jail/jail.8
==
--- head/usr.sbin/jail/jail.8 Wed Jan 29 13:35:12 2014(r261265)
+++ head/usr.sbin/jail/jail.8 Wed Jan 29 13:41:13 2014(r261266)
@@ -573,6 +573,17 @@ with non-jailed parts of the system.
Sockets within a jail are normally restricted to IPv4, IPv6, local
(UNIX), and ro
Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
On Wed, 29 Jan 2014, Alexander Leidinger wrote: It does. I included a warning in jail.8 that this will pretty much undo jail security. There are still reasons some may want to do this, but it's definitely not for everyone or even most people. It only "unjails" (= basically the same security level as the jail-host with the added benefit of the flexibility of a jail like easy moving from one system to another) the jail which has this flag set. All other jails without the flag can not "escape" to the host. I also have to add that just setting this flag does not give access to the host, you also have to configure a non-default devfs rule for this jail (to have the devices appear in the jail). This is not correct: devices do not need to be delegated in devfs for PRIV_IO to allow bypass of the Jail security model, due to sysarch() and the Linux-emulated equivalent, which turn out direct I/O access from a user process without use of a device node. Frankly, I'd like to see this backed out and not reintroduced. If it must be retained, then it needs a much more clear warning that enabling this feature disables Jail's security model. Don't use the word 'obviate', instead explicitly state that root within the jail can escape the jail. Robert ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261320 - in head: crypto/openssh crypto/openssh/contrib/caldera crypto/openssh/contrib/cygwin crypto/openssh/contrib/redhat crypto/openssh/contrib/suse crypto/openssh/openbsd-compat cr...
Author: des Date: Fri Jan 31 13:12:02 2014 New Revision: 261320 URL: http://svnweb.freebsd.org/changeset/base/261320 Log: Upgrade to OpenSSH 6.5p1. Added: head/crypto/openssh/PROTOCOL.chacha20poly1305 - copied unchanged from r261287, vendor-crypto/openssh/dist/PROTOCOL.chacha20poly1305 head/crypto/openssh/PROTOCOL.key - copied unchanged from r261287, vendor-crypto/openssh/dist/PROTOCOL.key head/crypto/openssh/blocks.c - copied unchanged from r261287, vendor-crypto/openssh/dist/blocks.c head/crypto/openssh/chacha.c - copied unchanged from r261287, vendor-crypto/openssh/dist/chacha.c head/crypto/openssh/chacha.h - copied unchanged from r261287, vendor-crypto/openssh/dist/chacha.h head/crypto/openssh/cipher-chachapoly.c - copied unchanged from r261287, vendor-crypto/openssh/dist/cipher-chachapoly.c head/crypto/openssh/cipher-chachapoly.h - copied unchanged from r261287, vendor-crypto/openssh/dist/cipher-chachapoly.h head/crypto/openssh/crypto_api.h - copied unchanged from r261287, vendor-crypto/openssh/dist/crypto_api.h head/crypto/openssh/digest.c - copied unchanged from r261287, vendor-crypto/openssh/dist/digest.c head/crypto/openssh/digest.h - copied unchanged from r261287, vendor-crypto/openssh/dist/digest.h head/crypto/openssh/ed25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/ed25519.c head/crypto/openssh/fe25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/fe25519.c head/crypto/openssh/fe25519.h - copied unchanged from r261287, vendor-crypto/openssh/dist/fe25519.h head/crypto/openssh/ge25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/ge25519.c head/crypto/openssh/ge25519.h - copied unchanged from r261287, vendor-crypto/openssh/dist/ge25519.h head/crypto/openssh/ge25519_base.data - copied unchanged from r261287, vendor-crypto/openssh/dist/ge25519_base.data head/crypto/openssh/hash.c - copied unchanged from r261287, vendor-crypto/openssh/dist/hash.c head/crypto/openssh/kexc25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/kexc25519.c head/crypto/openssh/kexc25519c.c - copied unchanged from r261287, vendor-crypto/openssh/dist/kexc25519c.c head/crypto/openssh/kexc25519s.c - copied unchanged from r261287, vendor-crypto/openssh/dist/kexc25519s.c head/crypto/openssh/openbsd-compat/arc4random.c - copied unchanged from r261287, vendor-crypto/openssh/dist/openbsd-compat/arc4random.c head/crypto/openssh/openbsd-compat/bcrypt_pbkdf.c - copied unchanged from r261287, vendor-crypto/openssh/dist/openbsd-compat/bcrypt_pbkdf.c head/crypto/openssh/openbsd-compat/blf.h - copied unchanged from r261287, vendor-crypto/openssh/dist/openbsd-compat/blf.h head/crypto/openssh/openbsd-compat/blowfish.c - copied, changed from r261287, vendor-crypto/openssh/dist/openbsd-compat/blowfish.c head/crypto/openssh/openbsd-compat/chacha_private.h - copied unchanged from r261287, vendor-crypto/openssh/dist/openbsd-compat/chacha_private.h head/crypto/openssh/poly1305.c - copied unchanged from r261287, vendor-crypto/openssh/dist/poly1305.c head/crypto/openssh/poly1305.h - copied unchanged from r261287, vendor-crypto/openssh/dist/poly1305.h head/crypto/openssh/regress/setuid-allowed.c - copied unchanged from r261287, vendor-crypto/openssh/dist/regress/setuid-allowed.c head/crypto/openssh/regress/sftp-perm.sh - copied unchanged from r261287, vendor-crypto/openssh/dist/regress/sftp-perm.sh head/crypto/openssh/sandbox-capsicum.c - copied unchanged from r261287, vendor-crypto/openssh/dist/sandbox-capsicum.c head/crypto/openssh/sc25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/sc25519.c head/crypto/openssh/sc25519.h - copied unchanged from r261287, vendor-crypto/openssh/dist/sc25519.h head/crypto/openssh/smult_curve25519_ref.c - copied unchanged from r261287, vendor-crypto/openssh/dist/smult_curve25519_ref.c head/crypto/openssh/ssh-ed25519.c - copied unchanged from r261287, vendor-crypto/openssh/dist/ssh-ed25519.c head/crypto/openssh/verify.c - copied unchanged from r261287, vendor-crypto/openssh/dist/verify.c Deleted: head/crypto/openssh/openbsd-compat/bsd-arc4random.c Modified: head/crypto/openssh/ChangeLog head/crypto/openssh/Makefile.in head/crypto/openssh/PROTOCOL head/crypto/openssh/README head/crypto/openssh/aclocal.m4 head/crypto/openssh/addrmatch.c head/crypto/openssh/atomicio.c head/crypto/openssh/auth-krb5.c head/crypto/openssh/auth-options.c head/crypto/openssh/auth-pam.c head/crypto/openssh/auth2-hostbased.c head/crypto/openssh/auth2-pubkey.c head/crypto/openssh/authfd.c head/crypto/openssh/authfile.c head/crypto/openssh/authfile.h head/crypto/openssh/bufaux.c head/crypto/openssh/bufbn.c head/crypto/openssh/buffer.c head/crypto/openssh/buffer.h h
svn commit: r261321 - head/sys/x86/include
Author: tijl Date: Fri Jan 31 14:29:34 2014 New Revision: 261321 URL: http://svnweb.freebsd.org/changeset/base/261321 Log: Rename the AMD MSR_PERFCTR[0-3] so the Pentium Pro MSR_PERFCTR[0-1] aren't redefined. Reported by: "Trivedi, Nishank" Discussed with: kib Modified: head/sys/x86/include/specialreg.h Modified: head/sys/x86/include/specialreg.h == --- head/sys/x86/include/specialreg.h Fri Jan 31 13:12:02 2014 (r261320) +++ head/sys/x86/include/specialreg.h Fri Jan 31 14:29:34 2014 (r261321) @@ -720,12 +720,10 @@ #defineMSR_PERFEVSEL1 0xc0010001 #defineMSR_PERFEVSEL2 0xc0010002 #defineMSR_PERFEVSEL3 0xc0010003 -#undef MSR_PERFCTR0 -#undef MSR_PERFCTR1 -#defineMSR_PERFCTR00xc0010004 -#defineMSR_PERFCTR10xc0010005 -#defineMSR_PERFCTR20xc0010006 -#defineMSR_PERFCTR30xc0010007 +#defineMSR_K7_PERFCTR0 0xc0010004 +#defineMSR_K7_PERFCTR1 0xc0010005 +#defineMSR_K7_PERFCTR2 0xc0010006 +#defineMSR_K7_PERFCTR3 0xc0010007 #defineMSR_SYSCFG 0xc0010010 #defineMSR_HWCR0xc0010015 #defineMSR_IORRBASE0 0xc0010016 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261322 - head/sys/arm/at91
Author: imp
Date: Fri Jan 31 15:38:05 2014
New Revision: 261322
URL: http://svnweb.freebsd.org/changeset/base/261322
Log:
Switch to using PAs rather than VAs for the addresses we map for
devices. This is a nop, except for what's reported by atmelbus for the
resources.
It would be nice if we could dymanically allocated these things, but
the pmap_mapdev panics if we don't keep the static mappings, so we
still need to play the carefully allocate VA space between all
supported SoC game.
User's with their own devices may need to make adjustments.
Modified:
head/sys/arm/at91/at91.c
head/sys/arm/at91/at91_machdep.c
head/sys/arm/at91/at91rm92reg.h
head/sys/arm/at91/at91sam9g20reg.h
head/sys/arm/at91/at91sam9g45reg.h
Modified: head/sys/arm/at91/at91.c
==
--- head/sys/arm/at91/at91.cFri Jan 31 14:29:34 2014(r261321)
+++ head/sys/arm/at91/at91.cFri Jan 31 15:38:05 2014(r261322)
@@ -260,7 +260,6 @@ static int
at91_attach(device_t dev)
{
struct at91_softc *sc = device_get_softc(dev);
- const struct arm_devmap_entry *pdevmap;
int i;
arm_post_filter = at91_eoi;
@@ -281,11 +280,15 @@ at91_attach(device_t dev)
sc->sc_mem_rman.rm_descr = "AT91 Memory";
if (rman_init(&sc->sc_mem_rman) != 0)
panic("at91_attach: failed to set up memory rman");
- for (pdevmap = at91_devmap; pdevmap->pd_va != 0; pdevmap++) {
- if (rman_manage_region(&sc->sc_mem_rman, pdevmap->pd_va,
- pdevmap->pd_va + pdevmap->pd_size - 1) != 0)
- panic("at91_attach: failed to set up memory rman");
- }
+ /*
+* Manage the physical space, defined as being everything that isn't
+* DRAM.
+*/
+ if (rman_manage_region(&sc->sc_mem_rman, 0, PHYSADDR - 1) != 0)
+ panic("at91_attach: failed to set up memory rman");
+ if (rman_manage_region(&sc->sc_mem_rman, PHYSADDR + (256 << 20),
+ 0xul) != 0)
+ panic("at91_attach: failed to set up memory rman");
/*
* Setup the interrupt table.
@@ -330,6 +333,7 @@ at91_alloc_resource(device_t dev, device
struct resource_list_entry *rle;
struct at91_ivar *ivar = device_get_ivars(child);
struct resource_list *rl = &ivar->resources;
+ bus_space_handle_t bsh;
if (device_get_parent(child) != dev)
return (BUS_ALLOC_RESOURCE(device_get_parent(dev), child,
@@ -355,8 +359,10 @@ at91_alloc_resource(device_t dev, device
rle->res = rman_reserve_resource(&sc->sc_mem_rman,
start, end, count, flags, child);
if (rle->res != NULL) {
+ bus_space_map(&at91_bs_tag, start,
+ rman_get_size(rle->res), 0, &bsh);
rman_set_bustag(rle->res, &at91_bs_tag);
- rman_set_bushandle(rle->res, start);
+ rman_set_bushandle(rle->res, bsh);
}
break;
}
@@ -538,8 +544,14 @@ at91_add_child(device_t dev, int prio, c
bus_set_resource(kid, SYS_RES_IRQ, 1, irq1, 1);
if (irq2 != 0)
bus_set_resource(kid, SYS_RES_IRQ, 2, irq2, 1);
- if (addr != 0 && addr < AT91_BASE)
- addr += AT91_BASE;
+ /*
+* Special case for on-board devices. These have their address
+* defined relative to AT91_PA_BASE in all the register files we
+* have. We could change this, but that's a lot of effort which
+* will be obsoleted when FDT arrives.
+*/
+ if (addr != 0 && addr < 0x1000 && addr >= 0x0f00)
+ addr += AT91_PA_BASE;
if (addr != 0)
bus_set_resource(kid, SYS_RES_MEMORY, 0, addr, size);
}
Modified: head/sys/arm/at91/at91_machdep.c
==
--- head/sys/arm/at91/at91_machdep.cFri Jan 31 14:29:34 2014
(r261321)
+++ head/sys/arm/at91/at91_machdep.cFri Jan 31 15:38:05 2014
(r261322)
@@ -146,6 +146,7 @@ const struct arm_devmap_entry at91_devma
VM_PROT_READ|VM_PROT_WRITE,
PTE_NOCACHE,
},
+ /* There's a notion that we should do the rest of these lazily. */
/*
* We can't just map the OHCI registers VA == PA, because
* AT91xx_xxx_BASE belongs to the userland address space.
@@ -163,16 +164,16 @@ const struct arm_devmap_entry at91_devma
* on this chip select for a VA/PA mapping.
*/
/* Internal Memory 1MB */
+ AT91RM92_OHCI_VA_BASE,
AT91RM92_OHCI_BASE,
- AT91RM92_OHCI_PA_BASE,
0x0010,
VM_PROT_READ|VM_PROT_WRITE,
PTE_NOCACHE,
svn commit: r261323 - head/share/man/man4
Author: pluknet Date: Fri Jan 31 16:27:06 2014 New Revision: 261323 URL: http://svnweb.freebsd.org/changeset/base/261323 Log: [mdoc] Avoid a line break. Modified: head/share/man/man4/rights.4 Modified: head/share/man/man4/rights.4 == --- head/share/man/man4/rights.4Fri Jan 31 15:38:05 2014 (r261322) +++ head/share/man/man4/rights.4Fri Jan 31 16:27:06 2014 (r261323) @@ -665,6 +665,7 @@ Support for capabilities and capabilitie .Tn TrustedBSD Project. .Sh AUTHORS +.An -nosplit This manual page was created by .An Pawel Jakub Dawidek Aq pa...@dawidek.net under sponsorship from the FreeBSD Foundation based on the ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r261319 - in head: contrib/groff/tmac gnu/usr.bin/groff/tmac
On 31 January 2014 16:26, Ulrich Spoerlein wrote:
> Author: uqs
> Date: Fri Jan 31 12:26:30 2014
> New Revision: 261319
> URL: http://svnweb.freebsd.org/changeset/base/261319
>
> Log:
> Pull up vendor changes up to 2014-01-29
>
> - move local overrides into mdoc.local
> - syncs us with git commit 819839b66c80e8dabe6cb24ea6319c26c9a2be14
>
> Discussed with: ru
> MFC after: 2 weeks
On a related note.
We already reference .Nx 7.0 in numerous places.
I have not found in svn history that mdoc.local was used ever
to store .{Other}x macros there. Is it ok or is there a better way?
Otherwise I would like to commit this patch:
Index: gnu/usr.bin/groff/tmac/mdoc.local
===
--- gnu/usr.bin/groff/tmac/mdoc.local(revision 261323)
+++ gnu/usr.bin/groff/tmac/mdoc.local(working copy)
@@ -58,6 +58,7 @@
.ds doc-operating-system-FreeBSD-9.29.2
.ds doc-operating-system-FreeBSD-10.0 10.0
.ds doc-operating-system-FreeBSD-11.0 11.0
+.ds doc-operating-system-NetBSD-7.0 7.0
.
.\" Definitions not (yet) in doc-syms
.
Oh, or may be you could commit a corresponding change upstream yourself? :)
So we could rather pull it downstream as is.
--
wbr,
pluknet
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261324 - head/share/man/man4
Author: pluknet Date: Fri Jan 31 17:15:56 2014 New Revision: 261324 URL: http://svnweb.freebsd.org/changeset/base/261324 Log: Sort Xr's. Modified: head/share/man/man4/procdesc.4 Modified: head/share/man/man4/procdesc.4 == --- head/share/man/man4/procdesc.4 Fri Jan 31 16:27:06 2014 (r261323) +++ head/share/man/man4/procdesc.4 Fri Jan 31 17:15:56 2014 (r261324) @@ -62,11 +62,11 @@ Given a process descriptor, it is possib .Sh SEE ALSO .Xr fork 2 , .Xr kill 2 , -.Xr wait4 2 , .Xr pdfork 2 , .Xr pdgetpid 2 , .Xr pdkill 2 , .Xr pdwait4 2 , +.Xr wait4 2 , .Xr capsicum 4 .Sh HISTORY .Nm ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
On 1/31/2014 5:34 AM, Robert Watson wrote: On Wed, 29 Jan 2014, Alexander Leidinger wrote: It does. I included a warning in jail.8 that this will pretty much undo jail security. There are still reasons some may want to do this, but it's definitely not for everyone or even most people. It only "unjails" (= basically the same security level as the jail-host with the added benefit of the flexibility of a jail like easy moving from one system to another) the jail which has this flag set. All other jails without the flag can not "escape" to the host. I also have to add that just setting this flag does not give access to the host, you also have to configure a non-default devfs rule for this jail (to have the devices appear in the jail). This is not correct: devices do not need to be delegated in devfs for PRIV_IO to allow bypass of the Jail security model, due to sysarch() and the Linux-emulated equivalent, which turn out direct I/O access from a user process without use of a device node. Frankly, I'd like to see this backed out and not reintroduced. If it must be retained, then it needs a much more clear warning that enabling this feature disables Jail's security model. Don't use the word 'obviate', instead explicitly state that root within the jail can escape the jail. Robert I'll do at least the next-best thing: back it out and hope to re-introduce it. Clearly it could use some further discussion. - Jamie ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261326 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
Author: jamie
Date: Fri Jan 31 17:39:51 2014
New Revision: 261326
URL: http://svnweb.freebsd.org/changeset/base/261326
Log:
Back out r261266 pending security buy-in.
r261266:
Add a jail parameter, allow.kmem, which lets jailed processes access
/dev/kmem and related devices (i.e. grants PRIV_IO and PRIV_KMEM_WRITE).
This in conjunction with changing the drm driver's permission check from
PRIV_DRIVER to PRIV_KMEM_WRITE will allow a jailed Xorg server.
Modified:
head/sys/dev/drm/drmP.h
head/sys/kern/kern_jail.c
head/sys/sys/jail.h
head/usr.sbin/jail/jail.8
Modified: head/sys/dev/drm/drmP.h
==
--- head/sys/dev/drm/drmP.h Fri Jan 31 17:26:15 2014(r261325)
+++ head/sys/dev/drm/drmP.h Fri Jan 31 17:39:51 2014(r261326)
@@ -227,9 +227,7 @@ enum {
#define PAGE_ALIGN(addr) round_page(addr)
/* DRM_SUSER returns true if the user is superuser */
-#if __FreeBSD_version >= 100
-#define DRM_SUSER(p) (priv_check(p, PRIV_KMEM_WRITE) == 0)
-#elif __FreeBSD_version >= 70
+#if __FreeBSD_version >= 70
#define DRM_SUSER(p) (priv_check(p, PRIV_DRIVER) == 0)
#else
#define DRM_SUSER(p) (suser(p) == 0)
Modified: head/sys/kern/kern_jail.c
==
--- head/sys/kern/kern_jail.c Fri Jan 31 17:26:15 2014(r261325)
+++ head/sys/kern/kern_jail.c Fri Jan 31 17:39:51 2014(r261326)
@@ -208,7 +208,6 @@ static char *pr_allow_names[] = {
"allow.mount.zfs",
"allow.mount.procfs",
"allow.mount.tmpfs",
- "allow.kmem",
};
const size_t pr_allow_names_size = sizeof(pr_allow_names);
@@ -225,7 +224,6 @@ static char *pr_allow_nonames[] = {
"allow.mount.nozfs",
"allow.mount.noprocfs",
"allow.mount.notmpfs",
- "allow.nokmem",
};
const size_t pr_allow_nonames_size = sizeof(pr_allow_nonames);
@@ -3953,27 +3951,6 @@ prison_priv_check(struct ucred *cred, in
return (0);
/*
-* Allow access to /dev/io in a jail if the non-jailed admin
-* requests this and if /dev/io exists in the jail. This
-* allows Xorg to probe a card.
-*/
- case PRIV_IO:
- if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
- return (0);
- else
- return (EPERM);
-
- /*
-* Allow low level access to KMEM-like devices (e.g. to
-* allow Xorg to use DRI).
-*/
- case PRIV_KMEM_WRITE:
- if (cred->cr_prison->pr_allow & PR_ALLOW_KMEM)
- return (0);
- else
- return (EPERM);
-
- /*
* Allow jailed root to set loginclass.
*/
case PRIV_PROC_SETLOGINCLASS:
@@ -4407,8 +4384,6 @@ SYSCTL_JAIL_PARAM(_allow, quotas, CTLTYP
"B", "Jail may set file quotas");
SYSCTL_JAIL_PARAM(_allow, socket_af, CTLTYPE_INT | CTLFLAG_RW,
"B", "Jail may create sockets other than just UNIX/IPv4/IPv6/route");
-SYSCTL_JAIL_PARAM(_allow, kmem, CTLTYPE_INT | CTLFLAG_RW,
-"B", "Jail may access kmem-like devices (io, dri) if they exist");
SYSCTL_JAIL_PARAM_SUBNODE(allow, mount, "Jail mount/unmount permission flags");
SYSCTL_JAIL_PARAM(_allow_mount, , CTLTYPE_INT | CTLFLAG_RW,
Modified: head/sys/sys/jail.h
==
--- head/sys/sys/jail.h Fri Jan 31 17:26:15 2014(r261325)
+++ head/sys/sys/jail.h Fri Jan 31 17:39:51 2014(r261326)
@@ -228,8 +228,7 @@ struct prison_racct {
#definePR_ALLOW_MOUNT_ZFS 0x0200
#definePR_ALLOW_MOUNT_PROCFS 0x0400
#definePR_ALLOW_MOUNT_TMPFS0x0800
-#definePR_ALLOW_KMEM 0x1000
-#definePR_ALLOW_ALL0x1fff
+#definePR_ALLOW_ALL0x0fff
/*
* OSD methods
Modified: head/usr.sbin/jail/jail.8
==
--- head/usr.sbin/jail/jail.8 Fri Jan 31 17:26:15 2014(r261325)
+++ head/usr.sbin/jail/jail.8 Fri Jan 31 17:39:51 2014(r261326)
@@ -573,17 +573,6 @@ with non-jailed parts of the system.
Sockets within a jail are normally restricted to IPv4, IPv6, local
(UNIX), and route. This allows access to other protocol stacks that
have not had jail functionality added to them.
-.It Va allow.kmem
-Jailed processes may access
-.Pa /dev/kmem
-and similar devices (e.g. io, dri) if they have sufficient permission
-(via the usual file permissions).
-Note that the device files must exist within the jail for this parameter
-to be of any use;
-the default devfs ruleset for jails does not include any such devices.
Re: svn commit: r261319 - in head: contrib/groff/tmac gnu/usr.bin/groff/tmac
I'd prefer to upstream these things in batches. So go ahead and add NetBSD 7.0 to our mdoc.local and I'll catch it the next time round. Cheers Uli ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
On Fri, 31 Jan 2014 12:34:48 + (GMT) Robert Watson wrote: > On Wed, 29 Jan 2014, Alexander Leidinger wrote: > > >> It does. I included a warning in jail.8 that this will pretty > >> much undo jail security. There are still reasons some may want to > >> do this, but it's definitely not for everyone or even most people. > > > > It only "unjails" (= basically the same security level as the > > jail-host with the added benefit of the flexibility of a jail like > > easy moving from one system to another) the jail which has this > > flag set. All other jails without the flag can not "escape" to the > > host. > > > > I also have to add that just setting this flag does not give access > > to the host, you also have to configure a non-default devfs rule > > for this jail (to have the devices appear in the jail). > > This is not correct: devices do not need to be delegated in devfs for > PRIV_IO to allow bypass of the Jail security model, due to sysarch() > and the Linux-emulated equivalent, which turn out direct I/O access > from a user process without use of a device node. Ok, then it is just the non-default flag, not the additional devfs part. I agree with your other post that we are better of to document better what it means if an admin allows kmem access for a specific jail. Bye, Alexander. -- http://www.Leidinger.netAlexander @ Leidinger.net: PGP ID = B0063FE7 http://www.FreeBSD.org netchild @ FreeBSD.org : PGP ID = 72077137 ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r260888 - in head/sys: amd64/conf i386/conf
On 19 Jan 2014, at 10:46, Ed Maste wrote: > Author: emaste > Date: Sun Jan 19 18:46:38 2014 > New Revision: 260888 > URL: http://svnweb.freebsd.org/changeset/base/260888 > > Log: > Add VT kernel configuration to ease testing of vt(9), aka Newcons I thought there was consensus that adding these amd64/i386 configuration files to the repository was not good idea. Is this something that helps a lot of people? Are you thinking of removing it later? Can't they co-exist based on a tunable? -- Rui Paulo ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r260927 - head/release/doc/en_US.ISO8859-1/relnotes
On 20 Jan 2014, at 13:49, Glen Barber wrote: > Author: gjb > Date: Mon Jan 20 21:49:59 2014 > New Revision: 260927 > URL: http://svnweb.freebsd.org/changeset/base/260927 > > Log: > Trim copyright years. > Add missing punctuation. > Use in place of literal quotes. > > Sponsored by:The FreeBSD Foundation > > Modified: > head/release/doc/en_US.ISO8859-1/relnotes/article.xml > > Modified: head/release/doc/en_US.ISO8859-1/relnotes/article.xml > == > --- head/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jan 20 > 20:56:09 2014(r260926) > +++ head/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jan 20 > 21:49:59 2014(r260927) > @@ -12,20 +12,6 @@ > $FreeBSD$ > > > -2000 > -2001 > -2002 > -2003 > -2004 > -2005 > -2006 > -2007 > -2008 > -2009 > -2010 > -2011 > -2012 > -2013 > 2014 Is this a good idea? I've heard arguments that keeping all these years is the right approach, but at least we should have 2000-2014, no? -- Rui Paulo ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r260888 - in head/sys: amd64/conf i386/conf
On Fri, Jan 31, 2014 at 02:01:52PM -0800, Rui Paulo wrote: > On 19 Jan 2014, at 10:46, Ed Maste wrote: > > > Author: emaste > > Date: Sun Jan 19 18:46:38 2014 > > New Revision: 260888 > > URL: http://svnweb.freebsd.org/changeset/base/260888 > > > > Log: > > Add VT kernel configuration to ease testing of vt(9), aka Newcons > > I thought there was consensus that adding these amd64/i386 configuration > files to the repository was not good idea. > > Is this something that helps a lot of people? Are you thinking of removing > it later? Can't they co-exist based on a tunable? > It is easier to build images with non-GENERIC default kernels this way. The installer does not currently allow selecting a kernel to install, even if multiple exist on the medium. For example, see: http://ftp.freebsd.org/pub/FreeBSD/snapshots/amd64/amd64/ISO-IMAGES/11.0/ Glen pgpGoDX8tqJgD.pgp Description: PGP signature
Re: svn commit: r260927 - head/release/doc/en_US.ISO8859-1/relnotes
On Fri, Jan 31, 2014 at 02:04:02PM -0800, Rui Paulo wrote: > On 20 Jan 2014, at 13:49, Glen Barber wrote: > > > Author: gjb > > Date: Mon Jan 20 21:49:59 2014 > > New Revision: 260927 > > URL: http://svnweb.freebsd.org/changeset/base/260927 > > > > Log: > > Trim copyright years. > > Add missing punctuation. > > Use in place of literal quotes. > > > > Sponsored by: The FreeBSD Foundation > > > > Modified: > > head/release/doc/en_US.ISO8859-1/relnotes/article.xml > > > > Modified: head/release/doc/en_US.ISO8859-1/relnotes/article.xml > > == > > --- head/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jan 20 > > 20:56:09 2014(r260926) > > +++ head/release/doc/en_US.ISO8859-1/relnotes/article.xml Mon Jan 20 > > 21:49:59 2014(r260927) > > @@ -12,20 +12,6 @@ > > $FreeBSD$ > > > > > > -2000 > > -2001 > > -2002 > > -2003 > > -2004 > > -2005 > > -2006 > > -2007 > > -2008 > > -2009 > > -2010 > > -2011 > > -2012 > > -2013 > > 2014 > > Is this a good idea? I've heard arguments that keeping all these > years is the right approach, but at least we should have 2000-2014, > no? > There are a number of problems with these documents at this point. To be honest, the copyright years in the document really are the least of my concerns with them right now. But, are the release notes for a specific version of FreeBSD copyrighted for the entirety of the Project as a whole, or the year(s) the release in question was in the release cycle? I do not know the answer. Similar was done for 9.2-RELEASE, and I think 8.4-RELEASE, fwiw. Glen pgpLNDoYctKDp.pgp Description: PGP signature
svn commit: r261330 - head/sys/dev/usb/wlan
Author: hselasky
Date: Fri Jan 31 22:42:26 2014
New Revision: 261330
URL: http://svnweb.freebsd.org/changeset/base/261330
Log:
Fix a range check for maximum transmit length. The existing code was
off by 4 bytes in one case.
Approved by: kevlo @
MFC after:2 weeks
Modified:
head/sys/dev/usb/wlan/if_run.c
Modified: head/sys/dev/usb/wlan/if_run.c
==
--- head/sys/dev/usb/wlan/if_run.c Fri Jan 31 20:52:08 2014
(r261329)
+++ head/sys/dev/usb/wlan/if_run.c Fri Jan 31 22:42:26 2014
(r261330)
@@ -3070,10 +3070,10 @@ tr_setup:
STAILQ_REMOVE_HEAD(&pq->tx_qh, next);
m = data->m;
- size = (sc->mac_ver == 0x5592) ?
- RUN_MAX_TXSZ + sizeof(uint32_t) : RUN_MAX_TXSZ;
+ size = (sc->mac_ver == 0x5592) ?
+ sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
if ((m->m_pkthdr.len +
- sizeof(data->desc) + 3 + 8) > size) {
+ size + 3 + 8) > RUN_MAX_TXSZ) {
DPRINTF("data overflow, %u bytes\n",
m->m_pkthdr.len);
@@ -3085,8 +3085,6 @@ tr_setup:
}
pc = usbd_xfer_get_frame(xfer, 0);
- size = (sc->mac_ver == 0x5592) ?
- sizeof(data->desc) + sizeof(uint32_t) : sizeof(data->desc);
usbd_copy_in(pc, 0, &data->desc, size);
usbd_m_copy_in(pc, size, m, 0, m->m_pkthdr.len);
size += m->m_pkthdr.len;
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261336 - head/sys/arm/arm
Author: imp Date: Fri Jan 31 23:18:30 2014 New Revision: 261336 URL: http://svnweb.freebsd.org/changeset/base/261336 Log: Fix silly typo... Modified: head/sys/arm/arm/locore.S Modified: head/sys/arm/arm/locore.S == --- head/sys/arm/arm/locore.S Fri Jan 31 23:14:08 2014(r261335) +++ head/sys/arm/arm/locore.S Fri Jan 31 23:18:30 2014(r261336) @@ -265,9 +265,9 @@ mmu_init_table: MMU_INIT(PHYSADDR, PHYSADDR, 64, L1_TYPE_S|L1_S_C|L1_S_AP(AP_KRW)) /* map VA 0xc000..0xc3ff to PA */ MMU_INIT(KERNBASE, PHYSADDR, 64, L1_TYPE_S|L1_S_C|L1_S_AP(AP_KRW)) -#if defined(SOCDEV_PA) && defined(SOCKDEV_VA) +#if defined(SOCDEV_PA) && defined(SOCDEV_VA) /* Map in 0x0400 worth of the SoC's devices for bootstrap debugging */ - MMU_INIT(SOCKDEV_VA, SOCDEV_PA, 64, L1_TYPE_S|L1_S_C|L1_S_AP(AP_KRW)) + MMU_INIT(SOCDEV_VA, SOCDEV_PA, 64, L1_TYPE_S|L1_S_C|L1_S_AP(AP_KRW)) #endif #else MMU_INIT(PHYSADDR, PHYSADDR , 64, L1_TYPE_S|L1_SHARED|L1_S_C|L1_S_AP(AP_KRW)) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261337 - head/sys/arm/at91
Author: imp
Date: Fri Jan 31 23:28:18 2014
New Revision: 261337
URL: http://svnweb.freebsd.org/changeset/base/261337
Log:
Minor cleanup of comments.
Modified:
head/sys/arm/at91/at91_machdep.c
Modified: head/sys/arm/at91/at91_machdep.c
==
--- head/sys/arm/at91/at91_machdep.cFri Jan 31 23:18:30 2014
(r261336)
+++ head/sys/arm/at91/at91_machdep.cFri Jan 31 23:28:18 2014
(r261337)
@@ -131,15 +131,12 @@ struct pv_addr kernelstack;
/* Static device mappings. */
const struct arm_devmap_entry at91_devmap[] = {
/*
-* Map the on-board devices VA == PA so that we can access them
-* with the MMU on or off.
+* Map the critical on-board devices. The interrupt vector at
+* 0x makes it impossible to map them PA == VA, so we map all
+* 0xfffx addresses to 0xdffx. This covers all critical devices
+* on all members of the AT91SAM9 and AT91RM9200 families.
*/
{
- /*
-* This at least maps the interrupt controller, the UART
-* and the timer. Other devices should use newbus to
-* map their memory anyway.
-*/
0xdff0,
0xfff0,
0x0010,
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261338 - head/sys/arm/at91
Author: imp
Date: Fri Jan 31 23:38:05 2014
New Revision: 261338
URL: http://svnweb.freebsd.org/changeset/base/261338
Log:
Move these for diff reduction against FDT work.
Modified:
head/sys/arm/at91/at91_machdep.c
Modified: head/sys/arm/at91/at91_machdep.c
==
--- head/sys/arm/at91/at91_machdep.cFri Jan 31 23:28:18 2014
(r261337)
+++ head/sys/arm/at91/at91_machdep.cFri Jan 31 23:38:05 2014
(r261338)
@@ -116,18 +116,6 @@ extern u_int undefined_handler_address;
struct pv_addr kernel_pt_table[NUM_KERNEL_PTS];
-/* Physical and virtual addresses for some global pages */
-
-vm_paddr_t phys_avail[10];
-vm_paddr_t dump_avail[4];
-
-struct pv_addr systempage;
-struct pv_addr msgbufpv;
-struct pv_addr irqstack;
-struct pv_addr undstack;
-struct pv_addr abtstack;
-struct pv_addr kernelstack;
-
/* Static device mappings. */
const struct arm_devmap_entry at91_devmap[] = {
/*
@@ -209,6 +197,18 @@ const struct arm_devmap_entry at91_devma
{ 0, 0, 0, 0, 0, }
};
+/* Physical and virtual addresses for some global pages */
+
+vm_paddr_t phys_avail[10];
+vm_paddr_t dump_avail[4];
+
+struct pv_addr systempage;
+struct pv_addr msgbufpv;
+struct pv_addr irqstack;
+struct pv_addr undstack;
+struct pv_addr abtstack;
+struct pv_addr kernelstack;
+
#ifdef LINUX_BOOT_ABI
extern int membanks;
extern int memstart[];
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261339 - head/share/man/man4
Author: brueffer
Date: Fri Jan 31 23:44:54 2014
New Revision: 261339
URL: http://svnweb.freebsd.org/changeset/base/261339
Log:
MLINK ixgbe.4 to {if_ix.4, ix.4}. An update for ixgbe.4
which deals with the "ix prefix being shared by two drivers"
situation is forthcoming.
Thanks to dwhite for the ixgbe history lesson.
MFC after:1 week
Modified:
head/share/man/man4/Makefile
Modified: head/share/man/man4/Makefile
==
--- head/share/man/man4/MakefileFri Jan 31 23:38:05 2014
(r261338)
+++ head/share/man/man4/MakefileFri Jan 31 23:44:54 2014
(r261339)
@@ -642,6 +642,8 @@ MLINKS+=ipw.4 if_ipw.4
MLINKS+=iwi.4 if_iwi.4
MLINKS+=iwn.4 if_iwn.4
MLINKS+=ixgb.4 if_ixgb.4
+MLINKS+=ixgbe.4 ix.4
+MLINKS+=ixgbe.4 if_ix.4
MLINKS+=ixgbe.4 if_ixgbe.4
MLINKS+=jme.4 if_jme.4
MLINKS+=kue.4 if_kue.4
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261340 - head/crypto/openssh
Author: des
Date: Sat Feb 1 00:07:16 2014
New Revision: 261340
URL: http://svnweb.freebsd.org/changeset/base/261340
Log:
Turn sandboxing on by default.
Modified:
head/crypto/openssh/servconf.c
head/crypto/openssh/sshd_config
head/crypto/openssh/sshd_config.5
Modified: head/crypto/openssh/servconf.c
==
--- head/crypto/openssh/servconf.c Fri Jan 31 23:44:54 2014
(r261339)
+++ head/crypto/openssh/servconf.c Sat Feb 1 00:07:16 2014
(r261340)
@@ -314,7 +314,7 @@ fill_default_server_options(ServerOption
options->version_addendum = xstrdup(SSH_VERSION_FREEBSD);
/* Turn privilege separation on by default */
if (use_privsep == -1)
- use_privsep = PRIVSEP_NOSANDBOX;
+ use_privsep = PRIVSEP_ON;
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
Modified: head/crypto/openssh/sshd_config
==
--- head/crypto/openssh/sshd_config Fri Jan 31 23:44:54 2014
(r261339)
+++ head/crypto/openssh/sshd_config Sat Feb 1 00:07:16 2014
(r261340)
@@ -110,7 +110,7 @@
#PrintLastLog yes
#TCPKeepAlive yes
#UseLogin no
-#UsePrivilegeSeparation yes
+#UsePrivilegeSeparation sandbox
#PermitUserEnvironment no
#Compression delayed
#ClientAliveInterval 0
Modified: head/crypto/openssh/sshd_config.5
==
--- head/crypto/openssh/sshd_config.5 Fri Jan 31 23:44:54 2014
(r261339)
+++ head/crypto/openssh/sshd_config.5 Sat Feb 1 00:07:16 2014
(r261340)
@@ -1227,7 +1227,7 @@ the privilege of the authenticated user.
The goal of privilege separation is to prevent privilege
escalation by containing any corruption within the unprivileged processes.
The default is
-.Dq yes .
+.Dq sandbox .
If
.Cm UsePrivilegeSeparation
is set to
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
Re: svn commit: r261266 - in head: sys/dev/drm sys/kern sys/sys usr.sbin/jail
On 1/31/2014 2:30 PM, Alexander Leidinger wrote: > On Fri, 31 Jan 2014 12:34:48 + (GMT) > Robert Watson wrote: >> On Wed, 29 Jan 2014, Alexander Leidinger wrote: It does. I included a warning in jail.8 that this will pretty much undo jail security. There are still reasons some may want to do this, but it's definitely not for everyone or even most people. >>> >>> It only "unjails" (= basically the same security level as the >>> jail-host with the added benefit of the flexibility of a jail like >>> easy moving from one system to another) the jail which has this >>> flag set. All other jails without the flag can not "escape" to the >>> host. >>> >>> I also have to add that just setting this flag does not give access >>> to the host, you also have to configure a non-default devfs rule >>> for this jail (to have the devices appear in the jail). >> >> This is not correct: devices do not need to be delegated in devfs for >> PRIV_IO to allow bypass of the Jail security model, due to sysarch() >> and the Linux-emulated equivalent, which turn out direct I/O access >> from a user process without use of a device node. > > Ok, then it is just the non-default flag, not the additional devfs part. > > I agree with your other post that we are better of to document better > what it means if an admin allows kmem access for a specific jail. I second the documentation route. Yes, it's true that this option makes a totally insecure jail - at least one lacking the expected jail security additions. But I think that while security is one of the primary purposes of jails, it's not the only purpose. It should be possible to have a trusted "master jail" that still takes advantage of the encapsulation while allowing otherwise unsupported features such as a desktop. The distinction of whether certain devices are required to break out of a jail with allow.kmem is something of a red herring - the fact is that anyone who wants this level of access is going to have the devices in place anyway. I suppose "obviate" wasn't the best word for the situation. Maybe something that starts with "WARNING: ..." is in order. I'd like to re-submit the patch with only the documentation changed (unless someone knows of something that would accomplish the same goals with different code). But I'll run it by secteam@ first, and abide by the consensus there. - Jamie ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
svn commit: r261342 - in head: lib/libpmc sys/conf sys/dev/hwpmc sys/powerpc/include sys/sys
Author: jhibbits
Date: Sat Feb 1 02:03:50 2014
New Revision: 261342
URL: http://svnweb.freebsd.org/changeset/base/261342
Log:
Add hwpmc(4) support for the PowerPC 970 class processors, direct events.
This also fixes asserts on removal of the module for the mpc74xx.
The PowerPC 970 processors have two different types of events: direct events
and indirect events. Thus far only direct events are supported. I included
some documentation in the driver on how indirect events work, but support is
for the future.
MFC after:1 month
Added:
head/sys/dev/hwpmc/hwpmc_ppc970.c (contents, props changed)
Modified:
head/lib/libpmc/libpmc.c
head/sys/conf/files.powerpc
head/sys/dev/hwpmc/hwpmc_mpc7xxx.c
head/sys/dev/hwpmc/hwpmc_powerpc.c
head/sys/dev/hwpmc/hwpmc_powerpc.h
head/sys/dev/hwpmc/pmc_events.h
head/sys/powerpc/include/pmc_mdep.h
head/sys/powerpc/include/spr.h
head/sys/sys/pmc.h
Modified: head/lib/libpmc/libpmc.c
==
--- head/lib/libpmc/libpmc.cSat Feb 1 01:30:46 2014(r261341)
+++ head/lib/libpmc/libpmc.cSat Feb 1 02:03:50 2014(r261342)
@@ -28,6 +28,7 @@
__FBSDID("$FreeBSD$");
#include
+#include
#include
#include
#include
@@ -85,7 +86,7 @@ static int soft_allocate_pmc(enum pmc_ev
struct pmc_op_pmcallocate *_pmc_config);
#if defined(__powerpc__)
-static int ppc7450_allocate_pmc(enum pmc_event _pe, char* ctrspec,
+static int powerpc_allocate_pmc(enum pmc_event _pe, char* ctrspec,
struct pmc_op_pmcallocate *_pmc_config);
#endif /* __powerpc__ */
@@ -156,6 +157,7 @@ PMC_CLASSDEP_TABLE(mips24k, MIPS24K);
PMC_CLASSDEP_TABLE(octeon, OCTEON);
PMC_CLASSDEP_TABLE(ucf, UCF);
PMC_CLASSDEP_TABLE(ppc7450, PPC7450);
+PMC_CLASSDEP_TABLE(ppc970, PPC970);
static struct pmc_event_descr soft_event_table[PMC_EV_DYN_COUNT];
@@ -262,6 +264,7 @@ PMC_MDEP_TABLE(xscale, XSCALE, PMC_CLASS
PMC_MDEP_TABLE(mips24k, MIPS24K, PMC_CLASS_SOFT, PMC_CLASS_MIPS24K);
PMC_MDEP_TABLE(octeon, OCTEON, PMC_CLASS_SOFT, PMC_CLASS_OCTEON);
PMC_MDEP_TABLE(ppc7450, PPC7450, PMC_CLASS_SOFT, PMC_CLASS_PPC7450);
+PMC_MDEP_TABLE(ppc970, PPC970, PMC_CLASS_SOFT, PMC_CLASS_PPC970);
PMC_MDEP_TABLE(generic, SOFT, PMC_CLASS_SOFT);
static const struct pmc_event_descr tsc_event_table[] =
@@ -322,7 +325,8 @@ PMC_CLASS_TABLE_DESC(mips24k, MIPS24K, m
PMC_CLASS_TABLE_DESC(octeon, OCTEON, octeon, mips);
#endif /* __mips__ */
#if defined(__powerpc__)
-PMC_CLASS_TABLE_DESC(ppc7450, PPC7450, ppc7450, ppc7450);
+PMC_CLASS_TABLE_DESC(ppc7450, PPC7450, ppc7450, powerpc);
+PMC_CLASS_TABLE_DESC(ppc970, PPC970, ppc970, powerpc);
#endif
static struct pmc_class_descr soft_class_table_descr =
@@ -2404,13 +2408,19 @@ static struct pmc_event_alias ppc7450_al
EV_ALIAS(NULL, NULL)
};
-#definePPC7450_KW_OS "os"
-#definePPC7450_KW_USR "usr"
-#definePPC7450_KW_ANYTHREAD"anythread"
+static struct pmc_event_alias ppc970_aliases[] = {
+ EV_ALIAS("instructions", "INSTR_COMPLETED"),
+ EV_ALIAS("cycles", "CYCLES"),
+ EV_ALIAS(NULL, NULL)
+};
+
+#definePOWERPC_KW_OS "os"
+#definePOWERPC_KW_USR "usr"
+#definePOWERPC_KW_ANYTHREAD"anythread"
static int
-ppc7450_allocate_pmc(enum pmc_event pe, char *ctrspec __unused,
- struct pmc_op_pmcallocate *pmc_config __unused)
+powerpc_allocate_pmc(enum pmc_event pe, char *ctrspec __unused,
+struct pmc_op_pmcallocate *pmc_config __unused)
{
char *p;
@@ -2419,11 +2429,11 @@ ppc7450_allocate_pmc(enum pmc_event pe,
pmc_config->pm_caps |= (PMC_CAP_READ | PMC_CAP_WRITE);
while ((p = strsep(&ctrspec, ",")) != NULL) {
- if (KWMATCH(p, PPC7450_KW_OS))
+ if (KWMATCH(p, POWERPC_KW_OS))
pmc_config->pm_caps |= PMC_CAP_SYSTEM;
- else if (KWMATCH(p, PPC7450_KW_USR))
+ else if (KWMATCH(p, POWERPC_KW_USR))
pmc_config->pm_caps |= PMC_CAP_USER;
- else if (KWMATCH(p, PPC7450_KW_ANYTHREAD))
+ else if (KWMATCH(p, POWERPC_KW_ANYTHREAD))
pmc_config->pm_caps |= (PMC_CAP_USER | PMC_CAP_SYSTEM);
else
return (-1);
@@ -2431,6 +2441,7 @@ ppc7450_allocate_pmc(enum pmc_event pe,
return (0);
}
+
#endif /* __powerpc__ */
@@ -2830,6 +2841,10 @@ pmc_event_names_of_class(enum pmc_class
ev = ppc7450_event_table;
count = PMC_EVENT_TABLE_SIZE(ppc7450);
break;
+ case PMC_CLASS_PPC970:
+ ev = ppc970_event_table;
+ count = PMC_EVENT_TABLE_SIZE(ppc970);
+ break;
case PMC_CLASS_SOFT:
ev = soft_event_table;
count = soft_event_info.pm_nevent;
@@ -3
svn commit: r261343 - head/sys/dev/usb/input
Author: hselasky
Date: Sat Feb 1 06:58:16 2014
New Revision: 261343
URL: http://svnweb.freebsd.org/changeset/base/261343
Log:
Add a comment about the origin of some structures, defines and so on.
MFC after:1 week
Modified:
head/sys/dev/usb/input/wsp.c
Modified: head/sys/dev/usb/input/wsp.c
==
--- head/sys/dev/usb/input/wsp.cSat Feb 1 02:03:50 2014
(r261342)
+++ head/sys/dev/usb/input/wsp.cSat Feb 1 06:58:16 2014
(r261343)
@@ -123,6 +123,25 @@ SYSCTL_INT(_hw_usb_wsp, OID_AUTO, scr_ho
#defineWSP_IFACE_INDEX 1
+/*
+ * Some tables, structures, definitions and initialisation values for
+ * the touchpad protocol has been copied from Linux's
+ * "drivers/input/mouse/bcm5974.c" which has the following copyright
+ * holders under GPLv2. All device specific code in this driver has
+ * been written from scratch. The decoding algorithm is based on
+ * output from usbdump.
+ *
+ * Copyright (C) 2008 Henrik Rydberg (rydb...@euromail.se)
+ * Copyright (C) 2008 Scott Shawcroft (scott.shawcr...@gmail.com)
+ * Copyright (C) 2001-2004 Greg Kroah-Hartman (g...@kroah.com)
+ * Copyright (C) 2005 Johannes Berg (johan...@sipsolutions.net)
+ * Copyright (C) 2005 Stelian Pop (stel...@popies.net)
+ * Copyright (C) 2005 Frank Arnold (fr...@scirocco-5v-turbo.de)
+ * Copyright (C) 2005 Peter Osterlund (pete...@telia.com)
+ * Copyright (C) 2005 Michael Hanselmann (linux-ker...@hansmi.ch)
+ * Copyright (C) 2006 Nicolas Boichat (nico...@boichat.ch)
+ */
+
/* button data structure */
struct bt_data {
uint8_t unknown1; /* constant */
___
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
