svn commit: r241029 - head/lib/libpam/modules/pam_radius
Author: des Date: Fri Sep 28 12:29:25 2012 New Revision: 241029 URL: http://svn.freebsd.org/changeset/base/241029 Log: Remove unnecessary #include. Modified: head/lib/libpam/modules/pam_radius/pam_radius.c Modified: head/lib/libpam/modules/pam_radius/pam_radius.c == --- head/lib/libpam/modules/pam_radius/pam_radius.c Fri Sep 28 12:13:34 2012(r241028) +++ head/lib/libpam/modules/pam_radius/pam_radius.c Fri Sep 28 12:29:25 2012(r241029) @@ -38,7 +38,6 @@ __FBSDID($FreeBSD$); #include sys/param.h -#include sys/types.h #include sys/socket.h #include netdb.h #include pwd.h ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r241031 - head/lib/libc/stdlib
Author: des Date: Fri Sep 28 13:50:37 2012 New Revision: 241031 URL: http://svn.freebsd.org/changeset/base/241031 Log: Slight stylification. Modified: head/lib/libc/stdlib/random.c Modified: head/lib/libc/stdlib/random.c == --- head/lib/libc/stdlib/random.c Fri Sep 28 13:43:42 2012 (r241030) +++ head/lib/libc/stdlib/random.c Fri Sep 28 13:50:37 2012 (r241031) @@ -216,10 +216,8 @@ static int rand_deg = DEG_3; static int rand_sep = SEP_3; static uint32_t *end_ptr = randtbl[DEG_3 + 1]; -static inline uint32_t good_rand(int32_t); - -static inline uint32_t good_rand (x) - int32_t x; +static inline uint32_t +good_rand(int32_t x) { #ifdef USE_WEAK_SEEDING /* @@ -264,8 +262,7 @@ static inline uint32_t good_rand (x) * for default usage relies on values produced by this routine. */ void -srandom(x) - unsigned long x; +srandom(unsigned long x) { int i, lim; @@ -295,7 +292,7 @@ srandom(x) * a fixed seed. */ void -srandomdev() +srandomdev(void) { int fd, done; size_t len; @@ -352,10 +349,7 @@ srandomdev() * complain about mis-alignment, but you should disregard these messages. */ char * -initstate(seed, arg_state, n) - unsigned long seed; /* seed for R.N.G. */ - char *arg_state;/* pointer to state array */ - long n; /* # bytes of state info */ +initstate(unsigned long seed, char *arg_state, long n) { char *ostate = (char *)(state[-1]); uint32_t *int_arg_state = (uint32_t *)arg_state; @@ -367,7 +361,7 @@ initstate(seed, arg_state, n) if (n BREAK_0) { (void)fprintf(stderr, random: not enough state (%ld bytes); ignored.\n, n); - return(0); + return (0); } if (n BREAK_1) { rand_type = TYPE_0; @@ -397,7 +391,7 @@ initstate(seed, arg_state, n) int_arg_state[0] = rand_type; else int_arg_state[0] = MAX_TYPES * (rptr - state) + rand_type; - return(ostate); + return (ostate); } /* @@ -420,8 +414,7 @@ initstate(seed, arg_state, n) * complain about mis-alignment, but you should disregard these messages. */ char * -setstate(arg_state) - char *arg_state;/* pointer to state array */ +setstate(char *arg_state) { uint32_t *new_state = (uint32_t *)arg_state; uint32_t type = new_state[0] % MAX_TYPES; @@ -452,7 +445,7 @@ setstate(arg_state) fptr = state[(rear + rand_sep) % rand_deg]; } end_ptr = state[rand_deg]; /* set end_ptr too */ - return(ostate); + return (ostate); } /* @@ -473,7 +466,7 @@ setstate(arg_state) * Returns a 31-bit random number. */ long -random() +random(void) { uint32_t i; uint32_t *f, *r; @@ -498,5 +491,5 @@ random() fptr = f; rptr = r; } - return((long)i); + return ((long)i); } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240563 - head/usr.sbin/jail
Author: des Date: Sun Sep 16 15:22:15 2012 New Revision: 240563 URL: http://svn.freebsd.org/changeset/base/240563 Log: Warn about filesystem-based attacks. Modified: head/usr.sbin/jail/jail.8 Modified: head/usr.sbin/jail/jail.8 == --- head/usr.sbin/jail/jail.8 Sun Sep 16 14:38:01 2012(r240562) +++ head/usr.sbin/jail/jail.8 Sun Sep 16 15:22:15 2012(r240563) @@ -25,7 +25,7 @@ .\ .\ $FreeBSD$ .\ -.Dd May 23, 2012 +.Dd September 15, 2012 .Dt JAIL 8 .Os .Sh NAME @@ -1225,3 +1225,11 @@ directory that is moved out of the jail' access to the file space outside of the jail. It is recommended that directories always be copied, rather than moved, out of a jail. +.Pp +In addition, there are several ways in which an unprivileged user +outside the jail can cooperate with a privileged user inside the jail +and thereby obtain elevated privileges in the host environment. +Most of these attacks can be mitigated by ensuring that the jail root +is not accessible to unprivileged users in the host environment. +Regardless, as a general rule, untrusted users with privileged access +to a jail should not be given access to the host environment. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240496 - in head: lib/libfetch usr.bin/fetch
Author: des Date: Fri Sep 14 13:00:43 2012 New Revision: 240496 URL: http://svn.freebsd.org/changeset/base/240496 Log: Use libmd if and only if OpenSSL is not available. PR: bin/171402 MFC after:3 days Modified: head/lib/libfetch/Makefile head/lib/libfetch/http.c head/usr.bin/fetch/Makefile Modified: head/lib/libfetch/Makefile == --- head/lib/libfetch/Makefile Fri Sep 14 12:15:13 2012(r240495) +++ head/lib/libfetch/Makefile Fri Sep 14 13:00:43 2012(r240496) @@ -16,8 +16,8 @@ CFLAGS+= -DINET6 .if ${MK_OPENSSL} != no CFLAGS+= -DWITH_SSL -DPADD= ${LIBSSL} ${LIBCRYPTO} ${LIBMD} -LDADD= -lssl -lcrypto -lmd +DPADD= ${LIBSSL} ${LIBCRYPTO} +LDADD= -lssl -lcrypto .else DPADD= ${LIBMD} LDADD= -lmd Modified: head/lib/libfetch/http.c == --- head/lib/libfetch/http.cFri Sep 14 12:15:13 2012(r240495) +++ head/lib/libfetch/http.cFri Sep 14 13:00:43 2012(r240496) @@ -76,7 +76,15 @@ __FBSDID($FreeBSD$); #include string.h #include time.h #include unistd.h + +#ifdef WITH_SSL +#include openssl/md5.h +#define MD5Init(c) MD5_Init(c) +#define MD5Update(c, data, len) MD5_Update(c, data, len) +#define MD5Final(md, c) MD5_Final(md, c) +#else #include md5.h +#endif #include netinet/in.h #include netinet/tcp.h Modified: head/usr.bin/fetch/Makefile == --- head/usr.bin/fetch/Makefile Fri Sep 14 12:15:13 2012(r240495) +++ head/usr.bin/fetch/Makefile Fri Sep 14 13:00:43 2012(r240496) @@ -4,11 +4,12 @@ PROG= fetch CSTD?= c99 +.if ${MK_OPENSSL} != no +DPADD= ${LIBFETCH} ${LIBSSL} ${LIBCRYPTO} +LDADD= -lfetch -lssl -lcrypto +.else DPADD= ${LIBFETCH} ${LIBMD} LDADD= -lfetch -lmd -.if ${MK_OPENSSL} != no -DPADD+=${LIBSSL} ${LIBCRYPTO} -LDADD+=-lssl -lcrypto .endif .include bsd.prog.mk ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240361 - in head/lib/libc: gen stdlib
Author: des Date: Tue Sep 11 12:55:15 2012 New Revision: 240361 URL: http://svn.freebsd.org/changeset/base/240361 Log: Add the same warning to rand48(3) as to rand(3) and random(3). MFC after:3 days Modified: head/lib/libc/gen/rand48.3 head/lib/libc/stdlib/random.3 Modified: head/lib/libc/gen/rand48.3 == --- head/lib/libc/gen/rand48.3 Tue Sep 11 11:05:32 2012(r240360) +++ head/lib/libc/gen/rand48.3 Tue Sep 11 12:55:15 2012(r240361) @@ -12,7 +12,7 @@ .\ @(#)rand48.3 V1.0 MB 8 Oct 1993 .\ $FreeBSD$ .\ -.Dd February 2, 2010 +.Dd September 4, 2012 .Dt RAND48 3 .Os .Sh NAME @@ -49,6 +49,14 @@ .Ft void .Fn lcong48 unsigned short p[7] .Sh DESCRIPTION +.Bf -symbolic +The functions described in this manual page are not cryptographically +secure. +Cryptographic applications should use +.Xr arc4random 3 +instead. +.Ef +.Pp The .Fn rand48 family of functions generates pseudo-random numbers using a linear @@ -174,10 +182,8 @@ It is thus not possible to use values gr Note that all three methods of seeding the random number generator always also set the multiplicand and addend for any of the six generator calls. -.Pp -For a more powerful random number generator, see -.Xr random 3 . .Sh SEE ALSO +.Xr arc4random 3 , .Xr rand 3 , .Xr random 3 .Sh AUTHORS Modified: head/lib/libc/stdlib/random.3 == --- head/lib/libc/stdlib/random.3 Tue Sep 11 11:05:32 2012 (r240360) +++ head/lib/libc/stdlib/random.3 Tue Sep 11 12:55:15 2012 (r240361) @@ -181,7 +181,6 @@ messages are printed on the standard err .Xr arc4random 3 , .Xr lrand48 3 , .Xr rand 3 , -.Xr srand 3 , .Xr random 4 .Sh HISTORY These ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240299 - head/usr.bin/find
Author: des Date: Mon Sep 10 07:56:59 2012 New Revision: 240299 URL: http://svn.freebsd.org/changeset/base/240299 Log: Note that -quit terminates successfully. Requested by: jmg@ Modified: head/usr.bin/find/find.1 Modified: head/usr.bin/find/find.1 == --- head/usr.bin/find/find.1Mon Sep 10 06:07:28 2012(r240298) +++ head/usr.bin/find/find.1Mon Sep 10 07:56:59 2012(r240299) @@ -744,7 +744,7 @@ option was specified. .It Ic -quit Causes .Nm -to immediately terminate. +to immediately terminate successfully. .It Ic -regex Ar pattern True if the whole path of the file matches .Ar pattern ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240278 - head/usr.bin/find
Author: des Date: Sun Sep 9 13:18:13 2012 New Revision: 240278 URL: http://svn.freebsd.org/changeset/base/240278 Log: Document -quit, four and a half years after it was implemented. MFC after:3 days Pointy hat to:imp@ Modified: head/usr.bin/find/find.1 Modified: head/usr.bin/find/find.1 == --- head/usr.bin/find/find.1Sun Sep 9 11:40:37 2012(r240277) +++ head/usr.bin/find/find.1Sun Sep 9 13:18:13 2012(r240278) @@ -31,7 +31,7 @@ .\@(#)find.1 8.7 (Berkeley) 5/9/95 .\ $FreeBSD$ .\ -.Dd July 25, 2012 +.Dd September 9, 2012 .Dt FIND 1 .Os .Sh NAME @@ -741,6 +741,10 @@ Note, the primary has no effect if the .Fl d option was specified. +.It Ic -quit +Causes +.Nm +to immediately terminate. .It Ic -regex Ar pattern True if the whole path of the file matches .Ar pattern ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240134 - head/sys/vm
Author: des Date: Wed Sep 5 12:24:50 2012 New Revision: 240134 URL: http://svn.freebsd.org/changeset/base/240134 Log: Whitespace cleanup. Modified: head/sys/vm/swap_pager.c Modified: head/sys/vm/swap_pager.c == --- head/sys/vm/swap_pager.cWed Sep 5 12:02:09 2012(r240133) +++ head/sys/vm/swap_pager.cWed Sep 5 12:24:50 2012(r240134) @@ -50,7 +50,7 @@ * * - on the fly reallocation of swap during putpages. The new system * does not try to keep previously allocated swap blocks for dirty - * pages. + * pages. * * - on the fly deallocation of swap * @@ -154,13 +154,13 @@ int swap_pager_avail; static int swdev_syscall_active = 0; /* serialize swap(on|off) */ static vm_ooffset_t swap_total; -SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, Total amount of available swap storage.); static vm_ooffset_t swap_reserved; -SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, Amount of swap storage needed to back all allocated anonymous memory.); static int overcommit = 0; -SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, +SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, Configure virtual memory overcommit behavior. See tuning(7) for details.); @@ -184,7 +184,7 @@ swap_reserve_by_cred(vm_ooffset_t incr, static int curfail; static struct timeval lastfail; struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (incr PAGE_MASK) @@ -285,7 +285,7 @@ void swap_release_by_cred(vm_ooffset_t decr, struct ucred *cred) { struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (decr PAGE_MASK) @@ -328,7 +328,7 @@ static struct sx sw_alloc_sx; SYSCTL_INT(_vm, OID_AUTO, swap_async_max, -CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); + CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); /* * named and unnamed anon region objects. Try to reduce the overhead @@ -340,7 +340,7 @@ SYSCTL_INT(_vm, OID_AUTO, swap_async_max #define NOBJLIST(handle) \ (swap_pager_object_list[((int)(intptr_t)handle 4) (NOBJLISTS-1)]) -static struct mtx sw_alloc_mtx;/* protect list manipulation */ +static struct mtx sw_alloc_mtx;/* protect list manipulation */ static struct pagerlst swap_pager_object_list[NOBJLISTS]; static uma_zone_t swap_zone; static struct vm_objectswap_zone_obj; @@ -419,7 +419,7 @@ swp_pager_free_nrpage(vm_page_t m) /* * SWP_SIZECHECK() - update swap_pager_full indication - * + * * update the swap_pager_almost_full indication and warn when we are * about to run out of swap space, using lowat/hiwat hysteresis. * @@ -474,7 +474,7 @@ swp_pager_hash(vm_object_t object, vm_pi /* * SWAP_PAGER_INIT() - initialize the swap pager! * - * Expected to be started from system init. NOTE: This code is run + * Expected to be started from system init. NOTE: This code is run * before much else so be careful what you depend on. Most of the VM * system has yet to be initialized at this point. */ @@ -519,7 +519,7 @@ swap_pager_swap_init(void) * MAX_PAGEOUT_CLUSTER. Also be aware that swap ops are * constrained by the swap device interleave stripe size. * -* Currently we hardwire nsw_wcount_async to 4. This limit is +* Currently we hardwire nsw_wcount_async to 4. This limit is * designed to prevent other I/O from having high latencies due to * our pageout I/O. The value 4 works well for one or two active swap * devices but is probably a little low if you have more. Even so, @@ -568,7 +568,7 @@ swap_pager_swap_init(void) /* * Initialize our meta-data hash table. The swapper does not need to -* be quite as efficient as the VM system, so we do not use an +* be quite as efficient as the VM system, so we do not use an * oversized hash table. * * n: size of hash table, must be power of 2 @@ -654,7 +654,7 @@ swap_pager_alloc(void *handle, vm_ooffse /* * SWAP_PAGER_DEALLOC() - remove swap metadata from object * - * The swap backing for the object is destroyed. The code is + * The swap backing for the object is destroyed. The code is * designed such that we can reinstantiate it later, but this * routine is typically called only when the entire object is * about to be destroyed. @@ -679,7 +679,7 @@ swap_pager_dealloc(vm_object_t object) vm_object_pip_wait(object, swpdea); /* -* Free all remaining metadata. We only bother to free
svn commit: r240096 - head/sys/vm
Author: des Date: Tue Sep 4 19:04:02 2012 New Revision: 240096 URL: http://svn.freebsd.org/changeset/base/240096 Log: No memory barrier is required. This was pointed out by kib@ a while ago, but I got distracted by other matters. Modified: head/sys/vm/swap_pager.c Modified: head/sys/vm/swap_pager.c == --- head/sys/vm/swap_pager.cTue Sep 4 17:29:35 2012(r240095) +++ head/sys/vm/swap_pager.cTue Sep 4 19:04:02 2012(r240096) @@ -50,7 +50,7 @@ * * - on the fly reallocation of swap during putpages. The new system * does not try to keep previously allocated swap blocks for dirty - * pages. + * pages. * * - on the fly deallocation of swap * @@ -154,15 +154,21 @@ int swap_pager_avail; static int swdev_syscall_active = 0; /* serialize swap(on|off) */ static vm_ooffset_t swap_total; -SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, Total amount of available swap storage.); static vm_ooffset_t swap_reserved; -SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, Amount of swap storage needed to back all allocated anonymous memory.); static int overcommit = 0; -SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, +SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, Configure virtual memory overcommit behavior. See tuning(7) for details.); +static unsigned long swzone; +SYSCTL_ULONG(_vm, OID_AUTO, swzone, CTLFLAG_RD, swzone, 0, +Actual size of swap metadata zone); +static unsigned long swap_maxpages; +SYSCTL_ULONG(_vm, OID_AUTO, swap_maxpages, CTLFLAG_RD, swap_maxpages, 0, +Maximum amount of swap supported); /* bits from overcommit */ #defineSWAP_RESERVE_FORCE_ON (1 0) @@ -184,7 +190,7 @@ swap_reserve_by_cred(vm_ooffset_t incr, static int curfail; static struct timeval lastfail; struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (incr PAGE_MASK) @@ -285,7 +291,7 @@ void swap_release_by_cred(vm_ooffset_t decr, struct ucred *cred) { struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (decr PAGE_MASK) @@ -328,7 +334,7 @@ static struct sx sw_alloc_sx; SYSCTL_INT(_vm, OID_AUTO, swap_async_max, -CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); + CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); /* * named and unnamed anon region objects. Try to reduce the overhead @@ -340,7 +346,7 @@ SYSCTL_INT(_vm, OID_AUTO, swap_async_max #define NOBJLIST(handle) \ (swap_pager_object_list[((int)(intptr_t)handle 4) (NOBJLISTS-1)]) -static struct mtx sw_alloc_mtx;/* protect list manipulation */ +static struct mtx sw_alloc_mtx;/* protect list manipulation */ static struct pagerlst swap_pager_object_list[NOBJLISTS]; static uma_zone_t swap_zone; static struct vm_objectswap_zone_obj; @@ -419,7 +425,7 @@ swp_pager_free_nrpage(vm_page_t m) /* * SWP_SIZECHECK() - update swap_pager_full indication - * + * * update the swap_pager_almost_full indication and warn when we are * about to run out of swap space, using lowat/hiwat hysteresis. * @@ -474,7 +480,7 @@ swp_pager_hash(vm_object_t object, vm_pi /* * SWAP_PAGER_INIT() - initialize the swap pager! * - * Expected to be started from system init. NOTE: This code is run + * Expected to be started from system init. NOTE: This code is run * before much else so be careful what you depend on. Most of the VM * system has yet to be initialized at this point. */ @@ -506,7 +512,7 @@ swap_pager_init(void) void swap_pager_swap_init(void) { - int n, n2; + unsigned long n, n2; /* * Number of in-transit swap bp operations. Don't @@ -519,7 +525,7 @@ swap_pager_swap_init(void) * MAX_PAGEOUT_CLUSTER. Also be aware that swap ops are * constrained by the swap device interleave stripe size. * -* Currently we hardwire nsw_wcount_async to 4. This limit is +* Currently we hardwire nsw_wcount_async to 4. This limit is * designed to prevent other I/O from having high latencies due to * our pageout I/O. The value 4 works well for one or two active swap * devices but is probably a little low if you have more. Even so, @@ -548,11 +554,11 @@ swap_pager_swap_init(void) n = cnt.v_page_count / 2; if (maxswzone n maxswzone / sizeof(struct swblock)) n = maxswzone / sizeof(struct swblock); - n2 = n; swap_zone = uma_zcreate(SWAPMETA, sizeof(struct swblock), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE |
svn commit: r240105 - head/sys/vm
Author: des Date: Tue Sep 4 21:06:53 2012 New Revision: 240105 URL: http://svn.freebsd.org/changeset/base/240105 Log: Revert previous commit, which was performed in the wrong tree. Modified: head/sys/vm/swap_pager.c Modified: head/sys/vm/swap_pager.c == --- head/sys/vm/swap_pager.cTue Sep 4 21:02:57 2012(r240104) +++ head/sys/vm/swap_pager.cTue Sep 4 21:06:53 2012(r240105) @@ -50,7 +50,7 @@ * * - on the fly reallocation of swap during putpages. The new system * does not try to keep previously allocated swap blocks for dirty - * pages. + * pages. * * - on the fly deallocation of swap * @@ -154,21 +154,15 @@ int swap_pager_avail; static int swdev_syscall_active = 0; /* serialize swap(on|off) */ static vm_ooffset_t swap_total; -SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_total, CTLFLAG_RD, swap_total, 0, Total amount of available swap storage.); static vm_ooffset_t swap_reserved; -SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, +SYSCTL_QUAD(_vm, OID_AUTO, swap_reserved, CTLFLAG_RD, swap_reserved, 0, Amount of swap storage needed to back all allocated anonymous memory.); static int overcommit = 0; -SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, +SYSCTL_INT(_vm, OID_AUTO, overcommit, CTLFLAG_RW, overcommit, 0, Configure virtual memory overcommit behavior. See tuning(7) for details.); -static unsigned long swzone; -SYSCTL_ULONG(_vm, OID_AUTO, swzone, CTLFLAG_RD, swzone, 0, -Actual size of swap metadata zone); -static unsigned long swap_maxpages; -SYSCTL_ULONG(_vm, OID_AUTO, swap_maxpages, CTLFLAG_RD, swap_maxpages, 0, -Maximum amount of swap supported); /* bits from overcommit */ #defineSWAP_RESERVE_FORCE_ON (1 0) @@ -190,7 +184,7 @@ swap_reserve_by_cred(vm_ooffset_t incr, static int curfail; static struct timeval lastfail; struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (incr PAGE_MASK) @@ -291,7 +285,7 @@ void swap_release_by_cred(vm_ooffset_t decr, struct ucred *cred) { struct uidinfo *uip; - + uip = cred-cr_ruidinfo; if (decr PAGE_MASK) @@ -334,7 +328,7 @@ static struct sx sw_alloc_sx; SYSCTL_INT(_vm, OID_AUTO, swap_async_max, - CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); +CTLFLAG_RW, swap_async_max, 0, Maximum running async swap ops); /* * named and unnamed anon region objects. Try to reduce the overhead @@ -346,7 +340,7 @@ SYSCTL_INT(_vm, OID_AUTO, swap_async_max #define NOBJLIST(handle) \ (swap_pager_object_list[((int)(intptr_t)handle 4) (NOBJLISTS-1)]) -static struct mtx sw_alloc_mtx;/* protect list manipulation */ +static struct mtx sw_alloc_mtx;/* protect list manipulation */ static struct pagerlst swap_pager_object_list[NOBJLISTS]; static uma_zone_t swap_zone; static struct vm_objectswap_zone_obj; @@ -425,7 +419,7 @@ swp_pager_free_nrpage(vm_page_t m) /* * SWP_SIZECHECK() - update swap_pager_full indication - * + * * update the swap_pager_almost_full indication and warn when we are * about to run out of swap space, using lowat/hiwat hysteresis. * @@ -480,7 +474,7 @@ swp_pager_hash(vm_object_t object, vm_pi /* * SWAP_PAGER_INIT() - initialize the swap pager! * - * Expected to be started from system init. NOTE: This code is run + * Expected to be started from system init. NOTE: This code is run * before much else so be careful what you depend on. Most of the VM * system has yet to be initialized at this point. */ @@ -512,7 +506,7 @@ swap_pager_init(void) void swap_pager_swap_init(void) { - unsigned long n, n2; + int n, n2; /* * Number of in-transit swap bp operations. Don't @@ -525,7 +519,7 @@ swap_pager_swap_init(void) * MAX_PAGEOUT_CLUSTER. Also be aware that swap ops are * constrained by the swap device interleave stripe size. * -* Currently we hardwire nsw_wcount_async to 4. This limit is +* Currently we hardwire nsw_wcount_async to 4. This limit is * designed to prevent other I/O from having high latencies due to * our pageout I/O. The value 4 works well for one or two active swap * devices but is probably a little low if you have more. Even so, @@ -554,11 +548,11 @@ swap_pager_swap_init(void) n = cnt.v_page_count / 2; if (maxswzone n maxswzone / sizeof(struct swblock)) n = maxswzone / sizeof(struct swblock); + n2 = n; swap_zone = uma_zcreate(SWAPMETA, sizeof(struct swblock), NULL, NULL, NULL, NULL, UMA_ALIGN_PTR, UMA_ZONE_NOFREE | UMA_ZONE_VM); if (swap_zone == NULL)
svn commit: r240107 - head/lib/libc/stdlib
Author: des Date: Tue Sep 4 21:40:53 2012 New Revision: 240107 URL: http://svn.freebsd.org/changeset/base/240107 Log: Add a prominent warning about these functions' unsuitability for cryptographic purposes, and recommend using arc4random(3) instead. Modified: head/lib/libc/stdlib/rand.3 head/lib/libc/stdlib/random.3 Modified: head/lib/libc/stdlib/rand.3 == --- head/lib/libc/stdlib/rand.3 Tue Sep 4 21:38:31 2012(r240106) +++ head/lib/libc/stdlib/rand.3 Tue Sep 4 21:40:53 2012(r240107) @@ -55,9 +55,15 @@ .Fn rand_r unsigned *ctx .Sh DESCRIPTION .Bf -symbolic +The functions described in this manual page are not cryptographically +secure. +Cryptographic applications should use +.Xr arc4random 3 +instead. +.Ef +.Pp These interfaces are obsoleted by .Xr random 3 . -.Ef .Pp The .Fn rand @@ -88,9 +94,6 @@ The function initializes a seed using the .Xr random 4 random number device which returns good random numbers. -However, the -.Fn rand -function still remains unsuitable for cryptographic use. .Pp The .Fn rand_r @@ -105,8 +108,6 @@ For better generator quality, use .Xr random 3 or .Xr lrand48 3 . -Applications requiring cryptographic quality randomness should use -.Xr arc4random 3 . .Sh SEE ALSO .Xr arc4random 3 , .Xr lrand48 3 , Modified: head/lib/libc/stdlib/random.3 == --- head/lib/libc/stdlib/random.3 Tue Sep 4 21:38:31 2012 (r240106) +++ head/lib/libc/stdlib/random.3 Tue Sep 4 21:40:53 2012 (r240107) @@ -53,6 +53,14 @@ .Ft char * .Fn setstate char *state .Sh DESCRIPTION +.Bf -symbolic +The functions described in this manual page are not cryptographically +secure. +Cryptographic applications should use +.Xr arc4random 3 +instead. +.Ef +.Pp The .Fn random function @@ -98,10 +106,8 @@ as the seed. .Pp The .Fn srandomdev -routine initializes a state array using the -.Xr random 4 -random number device which returns good random numbers, -suitable for cryptographic use. +routine initializes a state array using data from +.Xr random 4 . Note that this particular seeding procedure can generate states which are impossible to reproduce by calling @@ -191,6 +197,3 @@ The historical implementation used to ha random sequence did not vary much with the seed. The current implementation employs a better pseudo-random number generator for the initial state calculation. -.Pp -Applications requiring cryptographic quality randomness should use -.Xr arc4random 3 . ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240109 - head/etc/rc.d
Author: des Date: Tue Sep 4 21:56:16 2012 New Revision: 240109 URL: http://svn.freebsd.org/changeset/base/240109 Log: Add a configtest command. Submitted by: gjb@ MFC after:1 week Modified: head/etc/rc.d/sshd Modified: head/etc/rc.d/sshd == --- head/etc/rc.d/sshd Tue Sep 4 21:47:09 2012(r240108) +++ head/etc/rc.d/sshd Tue Sep 4 21:56:16 2012(r240109) @@ -14,8 +14,9 @@ rcvar=sshd_enable command=/usr/sbin/${name} keygen_cmd=sshd_keygen start_precmd=sshd_precmd +configtest_cmd=sshd_configtest pidfile=/var/run/${name}.pid -extra_commands=keygen reload +extra_commands=configtest keygen reload timeout=300 @@ -87,6 +88,12 @@ sshd_keygen() ) } +sshd_configtest() +{ + echo Performing sanity check on ${name} configuration. + eval ${command} ${sshd_flags} -t +} + sshd_precmd() { if [ ! -f /etc/ssh/ssh_host_key -o \ @@ -96,6 +103,7 @@ sshd_precmd() user_reseed run_rc_command keygen fi + sshd_configtest } load_rc_config $name ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240111 - head/lib/libc/stdlib
Author: des Date: Tue Sep 4 22:03:16 2012 New Revision: 240111 URL: http://svn.freebsd.org/changeset/base/240111 Log: Bump dates. Reminded by: bz@ Modified: head/lib/libc/stdlib/rand.3 head/lib/libc/stdlib/random.3 Modified: head/lib/libc/stdlib/rand.3 == --- head/lib/libc/stdlib/rand.3 Tue Sep 4 21:58:22 2012(r240110) +++ head/lib/libc/stdlib/rand.3 Tue Sep 4 22:03:16 2012(r240111) @@ -32,7 +32,7 @@ .\ @(#)rand.3 8.1 (Berkeley) 6/4/93 .\ $FreeBSD$ .\ -.Dd October 6, 2010 +.Dd September 4, 2012 .Dt RAND 3 .Os .Sh NAME Modified: head/lib/libc/stdlib/random.3 == --- head/lib/libc/stdlib/random.3 Tue Sep 4 21:58:22 2012 (r240110) +++ head/lib/libc/stdlib/random.3 Tue Sep 4 22:03:16 2012 (r240111) @@ -28,7 +28,7 @@ .\ @(#)random.3 8.1 (Berkeley) 6/4/93 .\ $FreeBSD$ .\ -.Dd June 4, 1993 +.Dd September 4, 2012 .Dt RANDOM 3 .Os .Sh NAME ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240113 - head/sys/vm
Author: des Date: Tue Sep 4 22:19:33 2012 New Revision: 240113 URL: http://svn.freebsd.org/changeset/base/240113 Log: No memory barrier is required. This was pointed out by kib@ a while ago, but I got distracted by other matters. (for real this time) Modified: head/sys/vm/swap_pager.c Modified: head/sys/vm/swap_pager.c == --- head/sys/vm/swap_pager.cTue Sep 4 22:17:33 2012(r240112) +++ head/sys/vm/swap_pager.cTue Sep 4 22:19:33 2012(r240113) @@ -1848,7 +1848,7 @@ retry: mtx_unlock(swhash_mtx); VM_OBJECT_UNLOCK(object); if (uma_zone_exhausted(swap_zone)) { - if (atomic_cmpset_rel_int(exhausted, 0, 1)) + if (atomic_cmpset_int(exhausted, 0, 1)) printf(swap zone exhausted, increase kern.maxswzone\n); vm_pageout_oom(VM_OOM_SWAPZ); @@ -1859,7 +1859,7 @@ retry: goto retry; } - if (atomic_cmpset_rel_int(exhausted, 1, 0)) + if (atomic_cmpset_int(exhausted, 1, 0)) printf(swap zone ok\n); swap-swb_hnext = NULL; ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r240075 - in head: crypto/openssh crypto/openssh/openbsd-compat secure/lib/libssh
Author: des Date: Mon Sep 3 16:51:41 2012 New Revision: 240075 URL: http://svn.freebsd.org/changeset/base/240075 Log: Upgrade OpenSSH to 6.1p1. Deleted: head/crypto/openssh/version.c Modified: head/crypto/openssh/ChangeLog head/crypto/openssh/INSTALL head/crypto/openssh/LICENCE head/crypto/openssh/PROTOCOL.certkeys head/crypto/openssh/PROTOCOL.mux head/crypto/openssh/README head/crypto/openssh/addrmatch.c head/crypto/openssh/audit-bsm.c head/crypto/openssh/auth-krb5.c head/crypto/openssh/auth-options.c head/crypto/openssh/auth-passwd.c head/crypto/openssh/auth.c head/crypto/openssh/auth2-pubkey.c head/crypto/openssh/auth2.c head/crypto/openssh/authfile.c head/crypto/openssh/channels.c head/crypto/openssh/channels.h head/crypto/openssh/clientloop.c head/crypto/openssh/clientloop.h head/crypto/openssh/compat.c head/crypto/openssh/compat.h head/crypto/openssh/config.h.in head/crypto/openssh/defines.h head/crypto/openssh/dh.c head/crypto/openssh/dns.c head/crypto/openssh/dns.h head/crypto/openssh/entropy.c head/crypto/openssh/entropy.h head/crypto/openssh/jpake.c head/crypto/openssh/kex.c head/crypto/openssh/key.c head/crypto/openssh/key.h head/crypto/openssh/mac.c head/crypto/openssh/misc.c head/crypto/openssh/moduli head/crypto/openssh/moduli.c head/crypto/openssh/monitor.c head/crypto/openssh/mux.c head/crypto/openssh/myproposal.h head/crypto/openssh/openbsd-compat/bsd-cygwin_util.c head/crypto/openssh/openbsd-compat/bsd-cygwin_util.h head/crypto/openssh/openbsd-compat/bsd-misc.h head/crypto/openssh/openbsd-compat/getcwd.c head/crypto/openssh/openbsd-compat/getgrouplist.c head/crypto/openssh/openbsd-compat/getrrsetbyname.c head/crypto/openssh/openbsd-compat/glob.c head/crypto/openssh/openbsd-compat/inet_ntop.c head/crypto/openssh/openbsd-compat/mktemp.c head/crypto/openssh/openbsd-compat/openbsd-compat.h head/crypto/openssh/openbsd-compat/openssl-compat.h head/crypto/openssh/openbsd-compat/port-linux.c head/crypto/openssh/openbsd-compat/setenv.c head/crypto/openssh/openbsd-compat/sha2.c head/crypto/openssh/openbsd-compat/sha2.h head/crypto/openssh/openbsd-compat/strlcpy.c head/crypto/openssh/packet.c head/crypto/openssh/packet.h head/crypto/openssh/readconf.c head/crypto/openssh/readconf.h head/crypto/openssh/roaming.h head/crypto/openssh/roaming_client.c head/crypto/openssh/roaming_common.c head/crypto/openssh/sandbox-rlimit.c head/crypto/openssh/sandbox-systrace.c head/crypto/openssh/scp.1 head/crypto/openssh/scp.c head/crypto/openssh/servconf.c head/crypto/openssh/servconf.h head/crypto/openssh/serverloop.c head/crypto/openssh/session.c head/crypto/openssh/sftp-client.c head/crypto/openssh/sftp-glob.c head/crypto/openssh/sftp.1 head/crypto/openssh/sftp.c head/crypto/openssh/ssh-add.1 head/crypto/openssh/ssh-add.c head/crypto/openssh/ssh-ecdsa.c head/crypto/openssh/ssh-keygen.1 head/crypto/openssh/ssh-keygen.c head/crypto/openssh/ssh-pkcs11-client.c head/crypto/openssh/ssh-pkcs11-helper.c head/crypto/openssh/ssh.1 head/crypto/openssh/ssh.c head/crypto/openssh/ssh_config head/crypto/openssh/ssh_config.5 head/crypto/openssh/ssh_namespace.h head/crypto/openssh/sshconnect.c head/crypto/openssh/sshconnect2.c head/crypto/openssh/sshd.8 head/crypto/openssh/sshd.c head/crypto/openssh/sshd_config head/crypto/openssh/sshd_config.5 head/crypto/openssh/umac.c head/crypto/openssh/version.h head/secure/lib/libssh/Makefile Directory Properties: head/crypto/openssh/ (props changed) Modified: head/crypto/openssh/ChangeLog == --- head/crypto/openssh/ChangeLog Mon Sep 3 15:22:02 2012 (r240074) +++ head/crypto/openssh/ChangeLog Mon Sep 3 16:51:41 2012 (r240075) @@ -1,3 +1,629 @@ +20120828 + - (djm) Release openssh-6.1 + +20120828 + - (dtucker) [openbsd-compat/bsd-cygwin_util.h] define WIN32_LEAN_AND_MEAN + for compatibility with future mingw-w64 headers. Patch from vinschen at + redhat com. + +20120822 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Update version numbers + +20120731 + - (djm) OpenBSD CVS Sync + - j...@cvs.openbsd.org 2012/07/06 06:38:03 + [ssh-keygen.c] + missing full stop in usage(); + - d...@cvs.openbsd.org 2012/07/10 02:19:15 + [servconf.c servconf.h sshd.c sshd_config] + Turn on systrace sandboxing of pre-auth sshd by default for new installs + by shipping a config that overrides the current UsePrivilegeSeparation=yes + default. Make it easier to flip the default in the future by adding too. + prodded markus@ feedback dtucker@ get it in deraadt@ + - dtuc...@cvs.openbsd.org 2012/07/13 01:35:21 + [servconf.c] + handle long comments in config files better. bz#2025, ok markus + -
svn commit: r239927 - head/tools/tools/track
Author: des Date: Thu Aug 30 22:56:32 2012 New Revision: 239927 URL: http://svn.freebsd.org/changeset/base/239927 Log: The error syntax has changed. Modified: head/tools/tools/track/track.sh Modified: head/tools/tools/track/track.sh == --- head/tools/tools/track/track.sh Thu Aug 30 22:18:25 2012 (r239926) +++ head/tools/tools/track/track.sh Thu Aug 30 22:56:32 2012 (r239927) @@ -35,7 +35,7 @@ do \\\*) endl=\r\n ;; - \*\*\*\ Error*) + \*\*\**) endl=\r\n ;; \=\=\=*) ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239836 - head/sbin/geom/class/part
Author: des Date: Wed Aug 29 15:18:56 2012 New Revision: 239836 URL: http://svn.freebsd.org/changeset/base/239836 Log: Change the gptboot example so the boot partition is aligned on a 4 kB boundary. MFC after:3 days Modified: head/sbin/geom/class/part/gpart.8 Modified: head/sbin/geom/class/part/gpart.8 == --- head/sbin/geom/class/part/gpart.8 Wed Aug 29 15:13:13 2012 (r239835) +++ head/sbin/geom/class/part/gpart.8 Wed Aug 29 15:18:56 2012 (r239836) @@ -1006,11 +1006,12 @@ or but smaller than 545 kB since the first-stage loader will load the entire partition into memory during boot, regardless of how much data it actually contains. -This example uses 94 blocks (47 kB) so the next partition will be +This example uses 88 blocks (44 kB) so the next partition will be aligned on a 64 kB boundary without the need to specify an explicit offset or alignment. +The boot partition itself is aligned on a 4 kB boundary. .Bd -literal -offset indent -/sbin/gpart add -b 34 -s 94 -t freebsd-boot ad0 +/sbin/gpart add -b 40 -s 88 -t freebsd-boot ad0 /sbin/gpart bootcode -p /boot/gptboot -i 1 ad0 .Ed .Pp ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239730 - head/sys/i386/include
Author: des Date: Mon Aug 27 13:22:27 2012 New Revision: 239730 URL: http://svn.freebsd.org/changeset/base/239730 Log: Parly revert r239255: reinstate a default maxswzone on i386, where KVA is scarce, but set it slightly higher so we can handle 8 GB of swap. Modified: head/sys/i386/include/param.h Modified: head/sys/i386/include/param.h == --- head/sys/i386/include/param.h Mon Aug 27 13:05:15 2012 (r239729) +++ head/sys/i386/include/param.h Mon Aug 27 13:22:27 2012 (r239730) @@ -123,6 +123,20 @@ #define KSTACK_GUARD_PAGES 1 /* pages of kstack guard; 0 disables */ /* + * Ceiling on amount of swblock kva space, can be changed via + * the kern.maxswzone /boot/loader.conf variable. + * + * 276 is sizeof(struct swblock), but we do not always have a definition + * in scope for struct swblock, so we have to hardcode it. Each struct + * swblock holds metadata for 32 pages, so in theory, this is enough for + * 16 GB of swap. In practice, however, the usable amount is considerably + * lower due to fragmentation. + */ +#ifndef VM_SWZONE_SIZE_MAX +#define VM_SWZONE_SIZE_MAX (276 * 128 * 1024) +#endif + +/* * Ceiling on size of buffer cache (really only effects write queueing, * the VM page cache is not effected), can be changed via * the kern.maxbcache /boot/loader.conf variable. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239327 - head/sys/vm
Author: des Date: Thu Aug 16 08:29:49 2012 New Revision: 239327 URL: http://svn.freebsd.org/changeset/base/239327 Log: - When running out of swzone, instead of spewing an error message every tick until the situation is resolved (if ever), just print a single message when running out and another when space becomes available. - When adding more swap, warn if the total amount exceeds half the theoretical maximum we can handle. Modified: head/sys/vm/swap_pager.c Modified: head/sys/vm/swap_pager.c == --- head/sys/vm/swap_pager.cThu Aug 16 07:43:15 2012(r239326) +++ head/sys/vm/swap_pager.cThu Aug 16 08:29:49 2012(r239327) @@ -1804,6 +1804,7 @@ restart: static void swp_pager_meta_build(vm_object_t object, vm_pindex_t pindex, daddr_t swapblk) { + static volatile int exhausted; struct swblock *swap; struct swblock **pswap; int idx; @@ -1847,7 +1848,9 @@ retry: mtx_unlock(swhash_mtx); VM_OBJECT_UNLOCK(object); if (uma_zone_exhausted(swap_zone)) { - printf(swap zone exhausted, increase kern.maxswzone\n); + if (atomic_cmpset_rel_int(exhausted, 0, 1)) + printf(swap zone exhausted, + increase kern.maxswzone\n); vm_pageout_oom(VM_OOM_SWAPZ); pause(swzonex, 10); } else @@ -1856,6 +1859,9 @@ retry: goto retry; } + if (atomic_cmpset_rel_int(exhausted, 1, 0)) + printf(swap zone ok\n); + swap-swb_hnext = NULL; swap-swb_object = object; swap-swb_index = pindex ~(vm_pindex_t)SWAP_META_MASK; @@ -2112,6 +2118,31 @@ done: return (error); } +/* + * Check that the total amount of swap currently configured does not + * exceed half the theoretical maximum. If it does, print a warning + * message and return -1; otherwise, return 0. + */ +static int +swapon_check_swzone(unsigned long npages) +{ + unsigned long maxpages; + + /* absolute maximum we can handle assuming 100% efficiency */ + maxpages = uma_zone_get_max(swap_zone) * SWAP_META_PAGES; + + /* recommend using no more than half that amount */ + if (npages maxpages / 2) { + printf(warning: total configured swap (%lu pages) + exceeds maximum recommended amount (%lu pages).\n, + npages, maxpages); + printf(warning: increase kern.maxswzone + or reduce amount of swap.\n); + return (-1); + } + return (0); +} + static void swaponsomething(struct vnode *vp, void *id, u_long nblks, sw_strategy_t *strategy, sw_close_t *close, dev_t dev) { @@ -2175,6 +2206,7 @@ swaponsomething(struct vnode *vp, void * nswapdev++; swap_pager_avail += nblks; swap_total += (vm_ooffset_t)nblks * PAGE_SIZE; + swapon_check_swzone(swap_total / PAGE_SIZE); swp_sizecheck(); mtx_unlock(sw_dev_mtx); } ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org
svn commit: r239255 - in head/sys: amd64/include boot/common i386/include
Author: des Date: Tue Aug 14 17:01:21 2012 New Revision: 239255 URL: http://svn.freebsd.org/changeset/base/239255 Log: As discussed on -current, remove the hardcoded default maxswzone. MFC after:3 weeks Modified: head/sys/amd64/include/param.h head/sys/boot/common/loader.8 head/sys/i386/include/param.h Modified: head/sys/amd64/include/param.h == --- head/sys/amd64/include/param.h Tue Aug 14 14:07:34 2012 (r239254) +++ head/sys/amd64/include/param.h Tue Aug 14 17:01:21 2012 (r239255) @@ -123,14 +123,6 @@ #defineKSTACK_GUARD_PAGES 1/* pages of kstack guard; 0 disables */ /* - * Ceiling on amount of swblock kva space, can be changed via - * the kern.maxswzone /boot/loader.conf variable. - */ -#ifndef VM_SWZONE_SIZE_MAX -#defineVM_SWZONE_SIZE_MAX (32 * 1024 * 1024) -#endif - -/* * Mach derived conversion macros */ #defineround_page(x) unsigned long)(x)) + PAGE_MASK) ~(PAGE_MASK)) Modified: head/sys/boot/common/loader.8 == --- head/sys/boot/common/loader.8 Tue Aug 14 14:07:34 2012 (r239254) +++ head/sys/boot/common/loader.8 Tue Aug 14 17:01:21 2012 (r239255) @@ -613,17 +613,26 @@ Not all architectures use such buffers; for details. .It Va kern.maxswzone Limits the amount of KVM to be used to hold swap -meta information, which directly governs the -maximum amount of swap the system can support. -This value is specified in bytes of KVA space -and defaults to 32MBytes on i386 and amd64. -Care should be taken -to not reduce this value such that the actual -amount of configured swap exceeds 1/2 the -kernel-supported swap. -The default of 32MB allows -the kernel to support a maximum of ~7GB of swap. -Only change +metadata, which directly governs the +maximum amount of swap the system can support, +at the rate of approximately 200 MB of swap space +per 1 MB of metadata. +This value is specified in bytes of KVA space. +If no value is provided, the system allocates +enough memory to handle an amount of swap +that corresponds to eight times the amount of +physical memory present in the system. +.Pp +Note that swap metadata can be fragmented, +which means that the system can run out of +space before it reaches the theoretical limit. +Therefore, care should be taken to not configure +more swap than approximately half of the +theoretical maximum. +.Pp +Running out of space for swap metadata can leave +the system in an unrecoverable state. +Therefore, you should only change this parameter if you need to greatly extend the KVM reservation for other resources such as the buffer cache or Modified: head/sys/i386/include/param.h == --- head/sys/i386/include/param.h Tue Aug 14 14:07:34 2012 (r239254) +++ head/sys/i386/include/param.h Tue Aug 14 17:01:21 2012 (r239255) @@ -123,14 +123,6 @@ #define KSTACK_GUARD_PAGES 1 /* pages of kstack guard; 0 disables */ /* - * Ceiling on amount of swblock kva space, can be changed via - * the kern.maxswzone /boot/loader.conf variable. - */ -#ifndef VM_SWZONE_SIZE_MAX -#define VM_SWZONE_SIZE_MAX (32 * 1024 * 1024) -#endif - -/* * Ceiling on size of buffer cache (really only effects write queueing, * the VM page cache is not effected), can be changed via * the kern.maxbcache /boot/loader.conf variable. ___ svn-src-head@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/svn-src-head To unsubscribe, send any mail to svn-src-head-unsubscr...@freebsd.org