Since it's headerless this is important so the data can be interpreted
properly. Also, ordinary audio ioctls cannot be used on a pad and the
format can't be changed, so applications that attempt to automatically
determine the format of a device like audiorecord don't work.
temporary use where allocation on the stack is desirable, but only up to
a certain size. If the requested size fits within the specified stack
buffer, the stack buffer is returned. Otherwise, memory is allocated with
kmem_alloc(). Add a corresponding kmem_tmpbuf_free() function that frees
the memory using kmem_free() if it is not the tempory stack buffer location.
- New /etc/security check for entropy in daily security report.
- New /etc/rc.d/entropy script runs (after random_seed and rndctl) to
check for entropy at boot -- in rc.conf, you can:
. set `entropy=check' to halt multiuser boot and enter single-user
mode if not enough entropy
. set `entropy=wait' to make multiuser boot wait until enough entropy
Default is to always boot without waiting -- and rely on other
channels like security report to alert the operator if there's a
problem.
- New man page entropy(7) discussing the higher-level concepts and
system integration with cross-references.
- New paragraph in afterboot(8) about entropy citing entropy(7) for
more details.
This change addresses many of the issues discussed in security/55659.
This is a first draft; happy to take improvements to the man pages and
scripted messages to improve clarity.
I considered changing motd to include an entropy warning with a
reference to the entropy(7) man page, but it's a little trickier:
- Not sure it's appropriate for all users to see at login rather than
users who have power to affect the entropy estimate (maybe it is,
just haven't decided).
- We only have a mechanism for changing once at boot; the message would
remain until next boot even if an operator adds enough entropy.
- The mechanism isn't really conducive to making a message appear
conditionally from boot to boot.
The /dev/acpi character device gives an aperture into physical memory
that allows only read access to known ACPI tables: RSDP, XSDT/RSDT, and
the root tables. Adapt acpidump(8) to use this interface by default,
falling back to the old /dev/mem method if it is not available or if
ACPIDUMP_USE_DEVMEM=1 is set in the environment. The user visible benefit
of this change is that "options INSECURE" is no longer required to
dump ACPI tables.
Additionally:
- Make it easier for the reader to learn which keywords can be used
multiple times
- Use multiple "userconf" lines in the EXAMPLES section, conveniently
listing the current DRM drivers that a user might need to disable to
troubleshoot "blank screen after boot" issues.
the implementation stuff in a variable CTFCONVERT_RUN
- introduce an OBJECT_TARGET variable that contains the output object file
- when we need to run ctfconvert, go through an intermediate ${.TARGET}.o
file, instead of writing directly to ${.TARGET} and then overwriting
${.TARGET} with ctfconvert. This avoids build failures after a build
got interrupted (the "partially built from C" scourge).
- move from sys/arch/x86/x86/{vmt.c,vmtreg.h,vmtvar.h} to sys/dev/vmt/{vmt_subr.c,vmtreg.h,vmtvar.h},
and split the attach part of the cpufeaturebus and fdt
- add aarch64 vmware backdoor op
- add include guard to vmt{reg,var}.h
- Yet there is still some little-endian dependency. it needs to be fixed in order to work properly on aarch64eb
This moves machdep.*.frequency.* to machdep.cpu.frequency.*.
This was proposed on tech-kern some time ago. The intention is to allow
third-party tools such as estd and conky to more easily and reliably
fetch or modify the current CPU frequency without iterating through
various machine-dependent variables to check their presence.
idea stolen from various other operating systems.
this configurable with a sysctl in case somebody wants to hold the middle
button, e.g. with old window managers that close menus when a button is
released.
The vether interface simulates a normal Ethernet interface by encapsulating
standard network frames with an Ethernet header, specifically for use as
a member in a bridge(4).
To use vether the administrator needs to configure an address onto the
interface so that packets can be routed to it. An Ethernet header will
be prepended and, if the vether interface is a member of a bridge(4),
the frame will show up there.
Taken from OpenBSD.
Otherwise, object files compiled with -mlongcall contain relocation types
referring PLT, which our in-kernel linker cannot handle.
This ends up with failure in kernel module load with
``kobj_reloc: unexpected relocation type 31'' (31 == R_PPC_PLT16_HA here).
See descriptions for -mlongcall in gcc(1) of GCC9 for more details.
Allow multiple concurrent waits at a time, and allow enqueueing work
at the same time (as long as it's not the work we're waiting for).
This way multiple users can use a shared global workqueue and safely
wait for individual work items concurrently, while the workqueue is
still in use for other items (e.g., wg(4) peers).
This has the side effect of taking away a diagnostic measure, but I
think allowing the diagnostic's false positives instead of rejecting
them is worth it. We could cheaply add it back with some false
negatives if it's important.
right now. new address-of-packed-member and format-overflow
warnings have new GCC_NO_ADDR_OF_PACKED_MEMBER amd
GCC_NO_FORMAT_OVERFLOW variables to remove these warnings.
apply to a bunch of the tree. mostly, these are real bugs that
should be fixed, but in many cases, only by removing the 'packed'
attribute from some structure that doesn't really need it. (i
looked at many different ones, and while perhaps 60-80% were
already properly aligned, it wasn't clear to me that the uses
were always coming from sane data vs network alignment, so it
doesn't seem safe to remove packed without careful research for
each affect struct.) clang already warned (and was not erroring)
for many of these cases, but gcc picked up dozens more.
Unclear why this was set; setting it seems to have required a kludge
in netinet/in.c that broke ipsec tunnels. Clearing it makes wg work
again after that kludge was reverted.
