PERFORCE change 171374 for review
Ilias Marinos
marinosi at FreeBSD.org
Fri Dec 4 10:12:14 UTC 2009
http://p4web.freebsd.org/chv.cgi?CH=171374
Change 171374 by marinosi at revolver on 2009/12/04 10:11:14
Integrate and some debugging code.
Affected files ...
.. //depot/projects/soc2009/marinosi_appaudit/src/ObsoleteFiles.inc#5 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/Makefile#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/defaults/rc.conf#5 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.d/Makefile#5 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.d/ip6fw#3 delete
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.d/ipfw#3 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.firewall#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.firewall6#2 delete
.. //depot/projects/soc2009/marinosi_appaudit/src/lib/libutil/libutil.h#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/amd64/amd64/mca.c#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/amd64/include/mca.h#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/cam/scsi/scsi_cd.c#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/compat/freebsd32/syscalls.master#6 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/dev/if_ndis/if_ndis.c#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/i386/i386/mca.c#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/i386/include/mca.h#2 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/netinet/in.h#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/netinet/ip_carp.c#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/netinet/ipfw/ip_dummynet.c#3 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/netinet/ipfw/ip_fw2.c#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/netinet/raw_ip.c#4 integrate
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit.c#27 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/security/audit/audit_worker.c#14 edit
.. //depot/projects/soc2009/marinosi_appaudit/src/sys/sys/param.h#5 integrate
Differences ...
==== //depot/projects/soc2009/marinosi_appaudit/src/ObsoleteFiles.inc#5 (text+ko) ====
@@ -1,5 +1,5 @@
#
-# $FreeBSD: src/ObsoleteFiles.inc,v 1.213 2009/11/18 00:56:05 delphij Exp $
+# $FreeBSD: src/ObsoleteFiles.inc,v 1.214 2009/12/02 15:05:26 ume Exp $
#
# This file lists old files (OLD_FILES), libraries (OLD_LIBS) and
# directories (OLD_DIRS) which should get removed at an update. Recently
@@ -14,6 +14,9 @@
# The file is partitioned: OLD_FILES first, then OLD_LIBS and OLD_DIRS last.
#
+# 20091202: unify rc.firewall and rc.firewall6.
+OLD_FILES+=etc/rc.d/ip6fw
+OLD_FILES+=etc/rc.firewall6
# 20091117: removal of rc.early(8) link
OLD_FILES+=usr/share/man/man8/rc.early.8.gz
# 20091027: pselect.3 implemented as syscall
==== //depot/projects/soc2009/marinosi_appaudit/src/etc/Makefile#4 (text+ko) ====
@@ -1,5 +1,5 @@
# from: @(#)Makefile 5.11 (Berkeley) 5/21/91
-# $FreeBSD: src/etc/Makefile,v 1.377 2009/11/13 11:26:44 ed Exp $
+# $FreeBSD: src/etc/Makefile,v 1.378 2009/12/02 15:05:26 ume Exp $
.include <bsd.own.mk>
@@ -15,7 +15,7 @@
inetd.conf libalias.conf login.access login.conf mac.conf motd \
netconfig network.subr networks newsyslog.conf nsswitch.conf \
phones profile protocols \
- rc rc.bsdextended rc.firewall rc.firewall6 rc.initdiskless \
+ rc rc.bsdextended rc.firewall rc.initdiskless \
rc.sendmail rc.shutdown \
rc.subr remote rpc services shells \
sysctl.conf syslog.conf
==== //depot/projects/soc2009/marinosi_appaudit/src/etc/defaults/rc.conf#5 (text+ko) ====
@@ -15,7 +15,7 @@
# For a more detailed explanation of all the rc.conf variables, please
# refer to the rc.conf(5) manual page.
#
-# $FreeBSD: src/etc/defaults/rc.conf,v 1.363 2009/10/21 09:43:22 brueffer Exp $
+# $FreeBSD: src/etc/defaults/rc.conf,v 1.364 2009/12/02 15:05:26 ume Exp $
##############################################################
### Important initial Boot-time options ####################
@@ -118,7 +118,10 @@
firewall_quiet="NO" # Set to YES to suppress rule display
firewall_logging="NO" # Set to YES to enable events logging
firewall_flags="" # Flags passed to ipfw when type is a file
-firewall_client_net="192.0.2.0/24" # Network address for "client" firewall.
+firewall_client_net="192.0.2.0/24" # IPv4 Network address for "client"
+ # firewall.
+#firewall_client_net_ipv6="2001:db8:2:1::/64" # IPv6 network prefix for
+ # "client" firewall.
firewall_simple_iif="ed1" # Inside network interface for "simple"
# firewall.
firewall_simple_inet="192.0.2.16/28" # Inside network address for "simple"
@@ -127,12 +130,22 @@
# firewall.
firewall_simple_onet="192.0.2.0/28" # Outside network address for "simple"
# firewall.
+#firewall_simple_iif_ipv6="ed1" # Inside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_inet_ipv6="2001:db8:2:800::/56" # Inside IPv6 network prefix
+ # for "simple" firewall.
+#firewall_simple_oif_ipv6="ed0" # Outside IPv6 network interface for "simple"
+ # firewall.
+#firewall_simple_onet_ipv6="2001:db8:2:0::/56" # Outside IPv6 network prefix
+ # for "simple" firewall.
firewall_myservices="" # List of TCP ports on which this host
# offers services for "workstation" firewall.
firewall_allowservices="" # List of IPs which have access to
# $firewall_myservices for "workstation"
# firewall.
-firewall_trusted="" # List of IPs which have full access to this
+firewall_trusted="" # List of IPv4s which have full access to this
+ # host for "workstation" firewall.
+firewall_trusted_ipv6="" # List of IPv6s which have full access to this
# host for "workstation" firewall.
firewall_logdeny="NO" # Set to YES to log default denied incoming
# packets for "workstation" firewall.
@@ -472,13 +485,6 @@
# faithd(8) setup.
ipv6_ipv4mapping="NO" # Set to "YES" to enable IPv4 mapped IPv6 addr
# communication. (like ::ffff:a.b.c.d)
-ipv6_firewall_enable="NO" # Set to YES to enable IPv6 firewall
- # functionality
-ipv6_firewall_script="/etc/rc.firewall6" # Which script to run to set up the IPv6 firewall
-ipv6_firewall_type="UNKNOWN" # IPv6 Firewall type (see /etc/rc.firewall6)
-ipv6_firewall_quiet="NO" # Set to YES to suppress rule display
-ipv6_firewall_logging="NO" # Set to YES to enable events logging
-ipv6_firewall_flags="" # Flags passed to ip6fw when type is a file
ipv6_ipfilter_rules="/etc/ipf6.rules" # rules definition file for ipfilter,
# see /usr/src/contrib/ipfilter/rules
# for examples
==== //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.d/Makefile#5 (text+ko) ====
@@ -1,4 +1,4 @@
-# $FreeBSD: src/etc/rc.d/Makefile,v 1.101 2009/09/12 22:13:41 hrs Exp $
+# $FreeBSD: src/etc/rc.d/Makefile,v 1.102 2009/12/02 15:05:26 ume Exp $
.include <bsd.own.mk>
@@ -15,7 +15,7 @@
hcsecd \
hostapd hostid hostid_save hostname \
inetd initrandom \
- ip6addrctl ip6fw ipfilter ipfs ipfw ipmon \
+ ip6addrctl ipfilter ipfs ipfw ipmon \
ipnat ipsec ipxrouted \
jail \
kadmind kerberos keyserv kldxref kpasswdd \
==== //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.d/ipfw#3 (text+ko) ====
@@ -1,6 +1,6 @@
#!/bin/sh
#
-# $FreeBSD: src/etc/rc.d/ipfw,v 1.21 2009/06/26 01:04:50 dougb Exp $
+# $FreeBSD: src/etc/rc.d/ipfw,v 1.22 2009/12/02 15:05:26 ume Exp $
#
# PROVIDE: ipfw
@@ -17,6 +17,8 @@
stop_cmd="ipfw_stop"
required_modules="ipfw"
+set_rcvar_obsolete ipv6_firewall_enable
+
ipfw_prestart()
{
if checkyesno dummynet_enable; then
@@ -61,7 +63,13 @@
# Enable the firewall
#
if ! ${SYSCTL_W} net.inet.ip.fw.enable=1 1>/dev/null 2>&1; then
- warn "failed to enable firewall"
+ warn "failed to enable IPv4 firewall"
+ fi
+ if afexists inet6; then
+ if ! ${SYSCTL_W} net.inet6.ip6.fw.enable=1 1>/dev/null 2>&1
+ then
+ warn "failed to enable IPv6 firewall"
+ fi
fi
}
@@ -70,6 +78,9 @@
# Disable the firewall
#
${SYSCTL_W} net.inet.ip.fw.enable=0
+ if afexists inet6; then
+ ${SYSCTL_W} net.inet6.ip6.fw.enable=0
+ fi
if [ -f /etc/rc.d/natd ] ; then
/etc/rc.d/natd quietstop
fi
==== //depot/projects/soc2009/marinosi_appaudit/src/etc/rc.firewall#2 (text+ko) ====
@@ -23,7 +23,7 @@
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
# SUCH DAMAGE.
#
-# $FreeBSD: src/etc/rc.firewall,v 1.60 2008/08/15 19:20:59 jhb Exp $
+# $FreeBSD: src/etc/rc.firewall,v 1.61 2009/12/02 15:05:26 ume Exp $
#
#
@@ -85,12 +85,42 @@
${fwcmd} add 100 pass all from any to any via lo0
${fwcmd} add 200 deny all from any to 127.0.0.0/8
${fwcmd} add 300 deny ip from 127.0.0.0/8 to any
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add 400 deny all from any to ::1
+ ${fwcmd} add 500 deny all from ::1 to any
+ fi
+}
+
+setup_ipv6_mandatory () {
+ [ $ipv6_available -eq 0 ] || return 0
+
+ ############
+ # Only in rare cases do you want to change these rules
+ #
+ # ND
+ #
+ # DAD
+ ${fwcmd} add pass ipv6-icmp from :: to ff02::/16
+ # RS, RA, NS, NA, redirect...
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to fe80::/10
+ ${fwcmd} add pass ipv6-icmp from fe80::/10 to ff02::/16
+
+ # Allow ICMPv6 destination unreach
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 1
+
+ # Allow NS/NA/toobig (don't filter it out)
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6types 2,135,136
}
if [ -n "${1}" ]; then
firewall_type="${1}"
fi
+. /etc/rc.subr
+. /etc/network.subr
+afexists inet6
+ipv6_available=$?
+
############
# Set quiet mode if requested
#
@@ -109,6 +139,7 @@
${fwcmd} -f flush
setup_loopback
+setup_ipv6_mandatory
############
# Network Address Translation. All packets are passed to natd(8)
@@ -166,11 +197,13 @@
# against people from outside your own network.
#
# Configuration:
- # firewall_client_net: Network address of local network.
+ # firewall_client_net: Network address of local IPv4 network.
+ # firewall_client_net_ipv6: Network address of local IPv6 network.
############
# set this to your local network
net="$firewall_client_net"
+ net6="$firewall_client_net_ipv6"
# Allow limited broadcast traffic from my own net.
${fwcmd} add pass all from ${net} to 255.255.255.255
@@ -178,6 +211,16 @@
# Allow any traffic to or from my own net.
${fwcmd} add pass all from me to ${net}
${fwcmd} add pass all from ${net} to me
+ if [ -n "$net6" ]; then
+ ${fwcmd} add pass all from me6 to ${net6}
+ ${fwcmd} add pass all from ${net6} to me6
+ fi
+
+ if [ -n "$net6" ]; then
+ # Allow any link-local multicast traffic
+ ${fwcmd} add pass all from fe80::/10 to ff02::/16
+ ${fwcmd} add pass all from ${net6} to ff02::/16
+ fi
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
@@ -212,23 +255,38 @@
# on the inside at this machine for those services.
#
# Configuration:
- # firewall_simple_iif: Inside network interface.
- # firewall_simple_inet: Inside network address.
- # firewall_simple_oif: Outside network interface.
- # firewall_simple_onet: Outside network address.
+ # firewall_simple_iif: Inside IPv4 network interface.
+ # firewall_simple_inet: Inside IPv4 network address.
+ # firewall_simple_oif: Outside IPv4 network interface.
+ # firewall_simple_onet: Outside IPv4 network address.
+ # firewall_simple_iif_ipv6: Inside IPv6 network interface.
+ # firewall_simple_inet_ipv6: Inside IPv6 network prefix.
+ # firewall_simple_oif_ipv6: Outside IPv6 network interface.
+ # firewall_simple_onet_ipv6: Outside IPv6 network prefix.
############
# set these to your outside interface network
oif="$firewall_simple_oif"
onet="$firewall_simple_onet"
+ oif6="${firewall_simple_oif_ipv6:-$firewall_simple_oif}"
+ onet6="$firewall_simple_onet_ipv6"
# set these to your inside interface network
iif="$firewall_simple_iif"
inet="$firewall_simple_inet"
+ iif6="${firewall_simple_iif_ipv6:-$firewall_simple_iif}"
+ inet6="$firewall_simple_inet_ipv6"
# Stop spoofing
${fwcmd} add deny all from ${inet} to any in via ${oif}
${fwcmd} add deny all from ${onet} to any in via ${iif}
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny all from ${inet6} to any in via ${oif6}
+ if [ -n "$onet6" ]; then
+ ${fwcmd} add deny all from ${onet6} to any in \
+ via ${iif6}
+ fi
+ fi
# Stop RFC1918 nets on the outside interface
${fwcmd} add deny all from any to 10.0.0.0/8 via ${oif}
@@ -254,7 +312,7 @@
case ${natd_enable} in
[Yy][Ee][Ss])
if [ -n "${natd_interface}" ]; then
- ${fwcmd} add divert natd all from any to any via ${natd_interface}
+ ${fwcmd} add divert natd ip4 from any to any via ${natd_interface}
fi
;;
esac
@@ -273,6 +331,55 @@
${fwcmd} add deny all from 224.0.0.0/4 to any via ${oif}
${fwcmd} add deny all from 240.0.0.0/4 to any via ${oif}
+ if [ -n "$inet6" ]; then
+ # Stop unique local unicast address on the outside interface
+ ${fwcmd} add deny all from fc00::/7 to any via ${oif6}
+ ${fwcmd} add deny all from any to fc00::/7 via ${oif6}
+
+ # Stop site-local on the outside interface
+ ${fwcmd} add deny all from fec0::/10 to any via ${oif6}
+ ${fwcmd} add deny all from any to fec0::/10 via ${oif6}
+
+ # Disallow "internal" addresses to appear on the wire.
+ ${fwcmd} add deny all from ::ffff:0.0.0.0/96 to any \
+ via ${oif6}
+ ${fwcmd} add deny all from any to ::ffff:0.0.0.0/96 \
+ via ${oif6}
+
+ # Disallow packets to malicious IPv4 compatible prefix.
+ ${fwcmd} add deny all from ::224.0.0.0/100 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::224.0.0.0/100 via ${oif6}
+ ${fwcmd} add deny all from ::127.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::127.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::0.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/104 via ${oif6}
+ ${fwcmd} add deny all from ::255.0.0.0/104 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::255.0.0.0/104 via ${oif6}
+
+ ${fwcmd} add deny all from ::0.0.0.0/96 to any via ${oif6}
+ ${fwcmd} add deny all from any to ::0.0.0.0/96 via ${oif6}
+
+ # Disallow packets to malicious 6to4 prefix.
+ ${fwcmd} add deny all from 2002:e000::/20 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:e000::/20 via ${oif6}
+ ${fwcmd} add deny all from 2002:7f00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:7f00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:0000::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0000::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ff00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ff00::/24 via ${oif6}
+
+ ${fwcmd} add deny all from 2002:0a00::/24 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:0a00::/24 via ${oif6}
+ ${fwcmd} add deny all from 2002:ac10::/28 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:ac10::/28 via ${oif6}
+ ${fwcmd} add deny all from 2002:c0a8::/32 to any via ${oif6}
+ ${fwcmd} add deny all from any to 2002:c0a8::/32 via ${oif6}
+
+ ${fwcmd} add deny all from ff05::/16 to any via ${oif6}
+ ${fwcmd} add deny all from any to ff05::/16 via ${oif6}
+ fi
+
# Allow TCP through if setup succeeded
${fwcmd} add pass tcp from any to any established
@@ -291,7 +398,11 @@
${fwcmd} add pass tcp from any to me 80 setup
# Reject&Log all setup of incoming connections from the outside
- ${fwcmd} add deny log tcp from any to any in via ${oif} setup
+ ${fwcmd} add deny log ip4 from any to any in via ${oif} setup proto tcp
+ if [ -n "$inet6" ]; then
+ ${fwcmd} add deny log ip6 from any to any in via ${oif6} \
+ setup proto tcp
+ fi
# Allow setup of any other TCP connection
${fwcmd} add pass tcp from any to any setup
@@ -313,7 +424,7 @@
# offers services.
# firewall_allowservices: List of IPs which has access to
# $firewall_myservices.
- # firewall_trusted: List of IPs which has full access
+ # firewall_trusted: List of IPv4s which has full access
# to this host. Be very carefull
# when setting this. This option can
# seriously degrade the level of
@@ -324,25 +435,44 @@
# firewall_nologports: List of TCP/UDP ports for which
# denied incomming packets are not
# logged.
-
+ # firewall_trusted_ipv6: List of IPv6s which has full access
+ # to this host. Be very carefull
+ # when setting this. This option can
+ # seriously degrade the level of
+ # protection provided by the firewall.
+
# Allow packets for which a state has been built.
${fwcmd} add check-state
# For services permitted below.
${fwcmd} add pass tcp from me to any established
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from me6 to any established
+ fi
# Allow any connection out, adding state for each.
${fwcmd} add pass tcp from me to any setup keep-state
${fwcmd} add pass udp from me to any keep-state
${fwcmd} add pass icmp from me to any keep-state
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from me6 to any setup keep-state
+ ${fwcmd} add pass udp from me6 to any keep-state
+ ${fwcmd} add pass ipv6-icmp from me6 to any keep-state
+ fi
# Allow DHCP.
${fwcmd} add pass udp from 0.0.0.0 68 to 255.255.255.255 67 out
${fwcmd} add pass udp from any 67 to me 68 in
${fwcmd} add pass udp from any 67 to 255.255.255.255 68 in
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass udp from fe80::/10 to me6 546 in
+ fi
# Some servers will ping the IP while trying to decide if it's
# still in use.
${fwcmd} add pass icmp from any to any icmptype 8
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass ipv6-icmp from any to any icmp6type 128,129
+ fi
# Allow "mandatory" ICMP in.
${fwcmd} add pass icmp from any to any icmptype 3,4,11
@@ -361,6 +491,9 @@
for i in ${firewall_allowservices} ; do
for j in ${firewall_myservices} ; do
${fwcmd} add pass tcp from $i to me $j
+ if [ $ipv6_available -eq 0 ]; then
+ ${fwcmd} add pass tcp from $i to me6 $j
+ fi
done
done
@@ -370,7 +503,10 @@
for i in ${firewall_trusted} ; do
${fwcmd} add pass ip from $i to me
done
-
+ for i in ${firewall_trusted_ipv6} ; do
+ ${fwcmd} add pass all from $i to me6
+ done
+
${fwcmd} add 65000 count ip from any to any
# Drop packets to ports where we don't want logging
==== //depot/projects/soc2009/marinosi_appaudit/src/lib/libutil/libutil.h#2 (text+ko) ====
@@ -33,12 +33,40 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/lib/libutil/libutil.h,v 1.49 2008/12/02 06:50:26 peter Exp $
+ * $FreeBSD: src/lib/libutil/libutil.h,v 1.50 2009/12/02 15:56:18 ed Exp $
*/
#ifndef _LIBUTIL_H_
#define _LIBUTIL_H_
+#include <sys/cdefs.h>
+#include <sys/_types.h>
+
+#ifndef _GID_T_DECLARED
+typedef __gid_t gid_t;
+#define _GID_T_DECLARED
+#endif
+
+#ifndef _INT64_T_DECLARED
+typedef __int64_t int64_t;
+#define _INT64_T_DECLARED
+#endif
+
+#ifndef _PID_T_DECLARED
+typedef __pid_t pid_t;
+#define _PID_T_DECLARED
+#endif
+
+#ifndef _SIZE_T_DECLARED
+typedef __size_t size_t;
+#define _SIZE_T_DECLARED
+#endif
+
+#ifndef _UID_T_DECLARED
+typedef __uid_t uid_t;
+#define _UID_T_DECLARED
+#endif
+
#define PROPERTY_MAX_NAME 64
#define PROPERTY_MAX_VALUE 512
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/amd64/amd64/mca.c#2 (text+ko) ====
@@ -30,7 +30,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/amd64/amd64/mca.c,v 1.3 2009/05/20 16:11:22 jhb Exp $");
+__FBSDID("$FreeBSD: src/sys/amd64/amd64/mca.c,v 1.4 2009/12/02 15:45:55 avg Exp $");
#include <sys/param.h>
#include <sys/kernel.h>
@@ -117,48 +117,6 @@
return (SYSCTL_OUT(req, &record, sizeof(record)));
}
-static struct mca_record *
-mca_record_entry(int bank)
-{
- struct mca_internal *rec;
- uint64_t status;
- u_int p[4];
-
- status = rdmsr(MSR_MC_STATUS(bank));
- if (!(status & MC_STATUS_VAL))
- return (NULL);
-
- rec = malloc(sizeof(*rec), M_MCA, M_NOWAIT | M_ZERO);
- if (rec == NULL) {
- printf("MCA: Unable to allocate space for an event.\n");
- return (NULL);
- }
-
- /* Save exception information. */
- rec->rec.mr_status = status;
- if (status & MC_STATUS_ADDRV)
- rec->rec.mr_addr = rdmsr(MSR_MC_ADDR(bank));
- if (status & MC_STATUS_MISCV)
- rec->rec.mr_misc = rdmsr(MSR_MC_MISC(bank));
- rec->rec.mr_tsc = rdtsc();
- rec->rec.mr_apic_id = PCPU_GET(apic_id);
-
- /*
- * Clear machine check. Don't do this for uncorrectable
- * errors so that the BIOS can see them.
- */
- if (!(rec->rec.mr_status & (MC_STATUS_PCC | MC_STATUS_UC))) {
- wrmsr(MSR_MC_STATUS(bank), 0);
- do_cpuid(0, p);
- }
-
- mtx_lock_spin(&mca_lock);
- STAILQ_INSERT_TAIL(&mca_records, rec, link);
- mca_count++;
- mtx_unlock_spin(&mca_lock);
- return (&rec->rec);
-}
-
static const char *
mca_error_ttype(uint16_t mca_error)
{
@@ -219,11 +177,13 @@
}
/* Dump details about a single machine check. */
-static void
-mca_log(struct mca_record *rec)
+static void __nonnull(1)
+mca_log(const struct mca_record *rec)
{
uint16_t mca_error;
+ printf("MCA: bank %d, status 0x%016llx\n", rec->mr_bank,
+ (long long)rec->mr_status);
printf("MCA: CPU %d ", rec->mr_apic_id);
if (rec->mr_status & MC_STATUS_UC)
printf("UNCOR ");
@@ -329,6 +289,59 @@
printf("MCA: Address 0x%llx\n", (long long)rec->mr_addr);
}
+static int __nonnull(2)
+mca_check_status(int bank, struct mca_record *rec)
+{
+ uint64_t status;
+ u_int p[4];
+
+ status = rdmsr(MSR_MC_STATUS(bank));
+ if (!(status & MC_STATUS_VAL))
+ return (0);
+
+ /* Save exception information. */
+ rec->mr_status = status;
+ rec->mr_bank = bank;
+ rec->mr_addr = 0;
+ if (status & MC_STATUS_ADDRV)
+ rec->mr_addr = rdmsr(MSR_MC_ADDR(bank));
+ rec->mr_misc = 0;
+ if (status & MC_STATUS_MISCV)
+ rec->mr_misc = rdmsr(MSR_MC_MISC(bank));
+ rec->mr_tsc = rdtsc();
+ rec->mr_apic_id = PCPU_GET(apic_id);
+
+ /*
+ * Clear machine check. Don't do this for uncorrectable
+ * errors so that the BIOS can see them.
+ */
+ if (!(rec->mr_status & (MC_STATUS_PCC | MC_STATUS_UC))) {
+ wrmsr(MSR_MC_STATUS(bank), 0);
+ do_cpuid(0, p);
+ }
+ return (1);
+}
+
+static void __nonnull(1)
+mca_record_entry(const struct mca_record *record)
+{
+ struct mca_internal *rec;
+
+ rec = malloc(sizeof(*rec), M_MCA, M_NOWAIT);
+ if (rec == NULL) {
+ printf("MCA: Unable to allocate space for an event.\n");
+ mca_log(record);
+ return;
+ }
+
+ rec->rec = *record;
+ rec->logged = 0;
+ mtx_lock_spin(&mca_lock);
+ STAILQ_INSERT_TAIL(&mca_records, rec, link);
+ mca_count++;
+ mtx_unlock_spin(&mca_lock);
+}
+
/*
* This scans all the machine check banks of the current CPU to see if
* there are any machine checks. Any non-recoverable errors are
@@ -341,7 +354,7 @@
static int
mca_scan(int mcip)
{
- struct mca_record *rec;
+ struct mca_record rec;
uint64_t mcg_cap, ucmask;
int count, i, recoverable;
@@ -354,13 +367,13 @@
ucmask |= MC_STATUS_OVER;
mcg_cap = rdmsr(MSR_MCG_CAP);
for (i = 0; i < (mcg_cap & MCG_CAP_COUNT); i++) {
- rec = mca_record_entry(i);
- if (rec != NULL) {
+ if (mca_check_status(i, &rec)) {
count++;
- if (rec->mr_status & ucmask) {
+ if (rec.mr_status & ucmask) {
recoverable = 0;
- mca_log(rec);
+ mca_log(&rec);
}
+ mca_record_entry(&rec);
}
}
return (mcip ? recoverable : count);
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/amd64/include/mca.h#2 (text+ko) ====
@@ -24,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
- * $FreeBSD: src/sys/amd64/include/mca.h,v 1.1 2009/05/13 17:53:04 jhb Exp $
+ * $FreeBSD: src/sys/amd64/include/mca.h,v 1.2 2009/12/02 15:45:55 avg Exp $
*/
#ifndef __MACHINE_MCA_H__
@@ -36,6 +36,7 @@
uint64_t mr_misc;
uint64_t mr_tsc;
int mr_apic_id;
+ int mr_bank;
};
#ifdef _KERNEL
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/cam/scsi/scsi_cd.c#4 (text+ko) ====
@@ -46,7 +46,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/cam/scsi/scsi_cd.c,v 1.112 2009/11/14 20:13:38 mav Exp $");
+__FBSDID("$FreeBSD: src/sys/cam/scsi/scsi_cd.c,v 1.113 2009/12/02 16:08:33 scottl Exp $");
#include "opt_cd.h"
@@ -2673,12 +2673,10 @@
authinfo = (struct dvd_authinfo *)addr;
- cam_periph_lock(periph);
if (cmd == DVDIOCREPORTKEY)
error = cdreportkey(periph, authinfo);
else
error = cdsendkey(periph, authinfo);
- cam_periph_unlock(periph);
break;
}
case DVDIOCREADSTRUCTURE: {
@@ -2686,9 +2684,7 @@
dvdstruct = (struct dvd_struct *)addr;
- cam_periph_lock(periph);
error = cdreaddvdstructure(periph, dvdstruct);
- cam_periph_unlock(periph);
break;
}
@@ -3732,8 +3728,6 @@
databuf = NULL;
lba = 0;
- ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
-
switch (authinfo->format) {
case DVD_REPORT_AGID:
length = sizeof(struct scsi_report_key_data_agid);
@@ -3759,9 +3753,7 @@
length = 0;
break;
default:
- error = EINVAL;
- goto bailout;
- break; /* NOTREACHED */
+ return (EINVAL);
}
if (length != 0) {
@@ -3769,6 +3761,8 @@
} else
databuf = NULL;
+ cam_periph_lock(periph);
+ ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
scsi_report_key(&ccb->csio,
/* retries */ 1,
@@ -3869,12 +3863,14 @@
goto bailout;
break; /* NOTREACHED */
}
+
bailout:
+ xpt_release_ccb(ccb);
+ cam_periph_unlock(periph);
+
if (databuf != NULL)
free(databuf, M_DEVBUF);
- xpt_release_ccb(ccb);
-
return(error);
}
@@ -3889,8 +3885,6 @@
error = 0;
databuf = NULL;
- ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
-
switch(authinfo->format) {
case DVD_SEND_CHALLENGE: {
struct scsi_report_key_data_challenge *challenge_data;
@@ -3942,11 +3936,12 @@
break;
}
default:
- error = EINVAL;
- goto bailout;
- break; /* NOTREACHED */
+ return (EINVAL);
}
+ cam_periph_lock(periph);
+ ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
+
scsi_send_key(&ccb->csio,
/* retries */ 1,
/* cbfcnp */ cddone,
@@ -3961,13 +3956,12 @@
error = cdrunccb(ccb, cderror, /*cam_flags*/CAM_RETRY_SELTO,
/*sense_flags*/SF_RETRY_UA);
-bailout:
+ xpt_release_ccb(ccb);
+ cam_periph_unlock(periph);
if (databuf != NULL)
free(databuf, M_DEVBUF);
- xpt_release_ccb(ccb);
-
return(error);
}
@@ -3985,8 +3979,6 @@
/* The address is reserved for many of the formats */
address = 0;
- ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
-
switch(dvdstruct->format) {
case DVD_STRUCT_PHYSICAL:
length = sizeof(struct scsi_read_dvd_struct_data_physical);
@@ -4004,13 +3996,7 @@
length = sizeof(struct scsi_read_dvd_struct_data_manufacturer);
break;
case DVD_STRUCT_CMI:
- error = ENODEV;
- goto bailout;
-#ifdef notyet
- length = sizeof(struct scsi_read_dvd_struct_data_copy_manage);
- address = dvdstruct->address;
-#endif
- break; /* NOTREACHED */
+ return (ENODEV);
case DVD_STRUCT_PROTDISCID:
length = sizeof(struct scsi_read_dvd_struct_data_prot_discid);
break;
@@ -4027,21 +4013,9 @@
length = sizeof(struct scsi_read_dvd_struct_data_spare_area);
break;
case DVD_STRUCT_RMD_LAST:
- error = ENODEV;
- goto bailout;
-#ifdef notyet
- length = sizeof(struct scsi_read_dvd_struct_data_rmd_borderout);
- address = dvdstruct->address;
-#endif
- break; /* NOTREACHED */
+ return (ENODEV);
case DVD_STRUCT_RMD_RMA:
- error = ENODEV;
- goto bailout;
-#ifdef notyet
- length = sizeof(struct scsi_read_dvd_struct_data_rmd);
- address = dvdstruct->address;
-#endif
- break; /* NOTREACHED */
+ return (ENODEV);
case DVD_STRUCT_PRERECORDED:
length = sizeof(struct scsi_read_dvd_struct_data_leadin);
break;
@@ -4049,13 +4023,7 @@
length = sizeof(struct scsi_read_dvd_struct_data_disc_id);
break;
case DVD_STRUCT_DCB:
- error = ENODEV;
- goto bailout;
-#ifdef notyet
- length = sizeof(struct scsi_read_dvd_struct_data_dcb);
- address = dvdstruct->address;
-#endif
- break; /* NOTREACHED */
+ return (ENODEV);
case DVD_STRUCT_LIST:
/*
* This is the maximum allocation length for the READ DVD
@@ -4067,9 +4035,7 @@
length = 65535;
break;
default:
- error = EINVAL;
- goto bailout;
- break; /* NOTREACHED */
+ return (EINVAL);
}
if (length != 0) {
@@ -4077,6 +4043,9 @@
} else
databuf = NULL;
+ cam_periph_lock(periph);
+ ccb = cdgetccb(periph, CAM_PRIORITY_NORMAL);
+
scsi_read_dvd_structure(&ccb->csio,
/* retries */ 1,
/* cbfcnp */ cddone,
@@ -4164,13 +4133,14 @@
min(sizeof(dvdstruct->data), dvdstruct->length));
break;
}
+
bailout:
+ xpt_release_ccb(ccb);
+ cam_periph_unlock(periph);
if (databuf != NULL)
free(databuf, M_DEVBUF);
- xpt_release_ccb(ccb);
-
return(error);
}
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/compat/freebsd32/syscalls.master#6 (text+ko) ====
@@ -913,6 +913,6 @@
fd_set *ou, fd_set *ex, \
const struct timespec32 *ts, \
const sigset_t *sm); }
-523 AUE_AUDITON NOPROTO { int auditon(int cmd, char *name, \
+523 AUE_AUDITON NOPROTO { int auditon_slice(int cmd, char *name, \
void *data, u_int length); }
524 AUE_AUDITCTL NOPROTO { int auditctl_slice(char *as_name, char *path); }
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/dev/if_ndis/if_ndis.c#4 (text+ko) ====
@@ -34,7 +34,7 @@
*/
#include <sys/cdefs.h>
-__FBSDID("$FreeBSD: src/sys/dev/if_ndis/if_ndis.c,v 1.171 2009/11/02 11:07:42 rpaulo Exp $");
+__FBSDID("$FreeBSD: src/sys/dev/if_ndis/if_ndis.c,v 1.172 2009/12/02 16:26:18 jhb Exp $");
#include <sys/param.h>
#include <sys/systm.h>
@@ -3222,14 +3222,8 @@
static void
ndis_scan(void *arg)
{
- struct ndis_softc *sc = arg;
- struct ieee80211com *ic;
- struct ieee80211vap *vap;
-
- ic = sc->ifp->if_l2com;
- vap = TAILQ_FIRST(&ic->ic_vaps);
+ struct ieee80211vap *vap = arg;
- ndis_scan_results(sc);
ieee80211_scan_done(vap);
}
@@ -3377,7 +3371,7 @@
return;
}
/* Set a timer to collect the results */
- callout_reset(&sc->ndis_scan_callout, hz * 3, ndis_scan, sc);
+ callout_reset(&sc->ndis_scan_callout, hz * 3, ndis_scan, vap);
}
static void
@@ -3401,5 +3395,7 @@
static void
ndis_scan_end(struct ieee80211com *ic)
{
- /* ignore */
+ struct ndis_softc *sc = ic->ic_ifp->if_softc;
+
+ ndis_scan_results(sc);
}
==== //depot/projects/soc2009/marinosi_appaudit/src/sys/i386/i386/mca.c#2 (text+ko) ====
>>> TRUNCATED FOR MAIL (1000 lines) <<<
More information about the p4-projects
mailing list