script from wroking if the system is booted into single user mode & then
moved onto multi-user mode.
Reported by <pgoyette> for NPF but the issue is there in PF too.
With this switch processes (such as xconsole) can open /dev/console
without breaking login on the text or serial console. This can be
trivially triggered by enabling xdm in rc.conf and hitting
Ctrl+Alt+F1 or equivalent once booted.
The changes:
- Add entry for /dev/console or /dev/constty if missing
- If a port's had /dev/console 'on' switch it off and enable /dev/constty
- If a port did not have /dev/console 'on', leave /dev/constty off
Some ports had /dev/console off and /dev/ttyE0 enabled, presumably to
avoid just this issue. It may make sense to adjust these also (but not
in this pass)
As discussed on current-users
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.
Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
from userland via /dev/vhci. Using this, it becomes possible to test and
fuzz the USB stack and all the USB drivers without having the associated
hardware.
The vHCI device has four ports independently addressable.
For each xfer on each port, we create two packets: a setup packet (which
indicates mostly the type of request) and a data packet (which contains
the raw data). These packets are processed by read and write operations
on /dev/vhci: userland poll-reads it to fetch usb_device_request_t
structures, and dispatches the requests depending on bRequest and
bmRequestType.
A few ioctls are available:
VHCI_IOC_GET_INFO - Get the current status
VHCI_IOC_SET_PORT - Choose a vHCI port
VHCI_IOC_USB_ATTACH - Attach a USB device on the current port
VHCI_IOC_USB_DETACH - Detach the USB device on the current port
vHCI has already allowed me to automatically find several bugs in the USB
stack and its drivers.
Enable in all the supported variations for NetBSD/amd64:
- Address Sanitizer
- Thread Sanitizer
- Memory Sanitizer
- Undefined Behavior Sanitizer
- SafeStack
- libFuzzer
- XRay
This change enables the features on amd64 for start.
We probably don't need more than one pci file, but the code needs to be
changed for it, which might introduce problems, and we're just before a
branch.
Not needed for evbarm because it uses devpubd by default.
Stopgap fix for PR xsrc/54388.
Also add the other gm20x nouveau firmwares to the source tree
to make it easier to add them for someone who can test them.
Installed if MKNOUVEAUFIRMWARE is set to 'yes'.
This defaults to no except on amd64 and i386 (like for radeon).
My keyboard and mouse use multiple device nodes each. I can't use
any other devices once they're attached. With my keyboard, mouse,
and two game controllers attached, a total of 9 nodes are required.
Particularly, high-end keyboards with N-key rollover support require
more device nodes, since they pretend to be multiple keyboards to work
around limitations in the uhid compat spec.
My original intention was to raise it from 4 to 12, but martin
suggested increasing it to 16.
"somewhat insane, but so is reality" - mlelstv
(like sensor readout) are locked, so that a userland program may interfere with
envsys operation.
To use this you need a program like ipmitool built with OpenIPMI support.
pipes. Skip the "error" printf from GetSmtId() as there is no easy
portable way to avoid it occurring (there are complicated ways) - but
we don't need it, there is no logical difference between "error" and ""
so just use the latter (if we get an ID, good, if there is nothing, then
there is none - saying 'error' does not mean anything.)
Use quoting everywhere possibly useful (always the right way, except
in the few cases where it is wrong...)
Avoid using cut & grep (from /usr/bin) so script could run before /usr
is mounted (pity cpuctl is in /usr/sbin ...).
Use sysctl -n rather than attempting to parse its output.
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.
The default is "smtoff=NO", which means that SMT remains enabled.
boards that use u-boot. A known board database lists boards and their
respective u-boot packages. u-boot packages are discovered at run-time
(in /usr/pkg/share/u-boot, by default). These packages contain board
database overlays that describe u-boot installation procedure that's
specific for that board.
Support this as a native tool and as a host tool. The native tool
will attempt to determine the running board type using OpenFirmware
calls. Host tool and native tool alike may also specify a board type
directly using the "-o board=xxx option" or have installboot(8) determine
the board type from a device tree blob using "-o dtb=/path/to/board.dtb".
A "-o media=xxx" option is provided for boards that have different u-boot
binaries and/or installation procedures for different media types (e.g.
SDMMC, eMMC, or USB).
This is trivial to extend to other evb* platforms that use u-boot, even if
they don't use FDT for autoconfiguration.
enabled and don't warn our users that it might not and already suggest
workarounds.
The ability to disable ACPI and SMP is still there, by dropping to
the boot prompt.
for x86 and evbarm:
- install headers and libEGL
- install xorg-server glamoregl component
- link xorg drivers against gbm/egl
bonus fix:
- fix some wrongly marked compatx11file files
build tested on shark, sgimips, evbarm64-el, amd64 and i386.
run tested on radeon, intel and nvidia on amd64, including
'modesetting' driver on amd64. however, my systems disable
it due to llvmpipe so i'm not sure what is happening.
./usr/include/$MACHINE and automatically add it.
add sun68k for sun2/sun3. tested on about 12 platforms.
there may be more failures to figure out but this should make
them all special cases rather than always expected cases.
fortunately, most builds don't see to hit these issues for
reasons i haven't determined yet.
- add khrplatform.h for mesa_ver=18 platforms.
need to enable libvdpau.pc generation (needs special rules)
this mostly comes from maya in the first one, and a small part
of the second:
commit 48eb746983a5a7967fba221e7b167808af36f44a
Author: Maya Rashish <maya@NetBSD.org>
Date: Sun Feb 24 09:31:22 2019 +0200
More of vdpau. Cogs spin.
commit d9fbba8f61a43648d32f160c5fa62626788566ff
Author: Maya Rashish <maya@NetBSD.org>
Date: Sat Feb 23 22:36:37 2019 +0200
Adjust for MesaLib 18.
Build llvmpipe driver on x86 (the driver itself is x86-only).
build llvm on all x86, even on GCC builds.
galahad driver removed (upstream).
Don't build mesa 7 at all.
(how many more builds will i find like this? the end result
is that i think we should generate the ./usr/include/$MACHINE
entry, i think, but i have to survey many ports.)
Previously spi would configure the controller to use the lowest speed of
all connected devices since the kernel started and to fail attempted mode
changes. This is now improved to keep individual modes and speeds for each
slave and to reconfigure the controller as necessary for each transfer.
Added man page for spi(9).
The KCOV driver implements collection of code coverage inside the kernel.
It can be enabled on a per process basis from userland, allowing the kernel
program counter to be collected during syscalls triggered by the same
process.
The device is oriented towards kernel fuzzers, in particular syzkaller.
Currently the only supported coverage type is -fsanitize-coverage=trace-pc.
The KCOV driver was initially developed in Linux. A driver based on the
same concept was then implemented in FreeBSD and OpenBSD.
Documentation is borrowed from OpenBSD and ATF tests from FreeBSD.
This patch has been prepared by Siddharth Muralee, improved by <maxv>
and polished by myself before importing into the mainline tree.
All ATF tests pass.
put compat stuff in NetBSD.compat.$MACHINE_ARCH, and normal
stuff in NetBSD.dist.$MACHINE/MACHINE_ARCH, etc.
probably need at at more files for sh3, mips, ppc, sparc,
m68k, arm, ia64, etc., as every port has port- or arch-
specific header subdirectory.
./usr/include/dev/nvmm/x86 (amd64).
(perhaps we should stop 'make includes' from creating the target directory
for normal builds as this leads to mtree inconsistencies.)
- add missing header files fpr gcc=7
- add some missing gcc=5 obsolete entries
- create ./usr/include/dev/bluetooth in mtree not make, and move it into the
base set where all other directories are.
provides support for hardware-accelerated virtualization on NetBSD.
It is made of an MI frontend, to which MD backends can be plugged. One
MD backend is implemented, x86-SVM, for x86 AMD CPUs.
We install
/usr/include/dev/nvmm/nvmm.h
/usr/include/dev/nvmm/nvmm_ioctl.h
/usr/include/dev/nvmm/{arch}/nvmm_{arch}.h
And the kernel module. For now, the only architecture where we do that
is amd64 (arch=x86).
NVMM is not enabled by default in amd64-GENERIC, but is instead easily
modloadable.
Sent to tech-kern@ a month ago. Validated with kASan, and optimized
with tprof.
when unmounting tmpfs file systems at shutdown time, avoid unmounting
a tmpfs created by init on /dev - behaviour overridable from rc.conf.
By default all tmpfs that have device nodes are not mounted.
mostly just on general principle... this resulted in one or two minor
code reformattings to keep 80 char limits - a few needless uses of
quotes ("no" ??) were also removed (sh is not C. strings are strings
without quotes around them...)
is of poor quality, and is now an obstacle to MP-ification. It was removed
ten years ago from FreeBSD for the same reason.
This retires a big user of the mbuf API, and will ease maintenance of the
kernel.
Two new test programs, one for the version of printf in /bin/sh
and one for the command /usr/bin/printf (t_builtin and t_command)
Each test program has 28 test cases (the same in each) of which
currently 27 pass, and 1 is skipped.
See the test scripts themselves for more information.
populate /dev with zvol device nodes.
Following on with the recent ZFS/DTrace update, this is no longer a valid option
and causes the mountall script to barf zfs usage() following from
unrecognized command 'volinit' error.
XMSS is a stateful post-quantum signature scheme.
- Post-quantum security for _online_ authentication is not important
until quantum computers become practical; there's no danger of
retroactive forgery in sessions that have already completed.
- As a stateful signature schemes, XMSS is qualitatively different
from all the other ones sshd supports, requiring additional
administrative care: roll back the state (e.g., from a disk backup
or VM snapshot), and you've shot yourself in the foot.
If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.
Discussed with christos offline.
Use ps -A instead of ps -ax (-A means -ax, but -A is posix, -x is not)
Use ps -o args instead of ps -o command (same reason).
This makes no difference when the ps used is /bin/ps on NetBSD, but
can make a difference when some other ps command gets invoked instead.
XXX pullup -8
- sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. (by skrll@)
- add support fdt. evbarm/conf/GENERIC64 fdt (bcm2837,sunxi,tegra) based generic 64bit kernel config. (by skrll@, jmcneill@)
https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11
This includes the new KSK2017 key which is planned to replace the KSK2010
in October 11th, 2018. It is important to have software that ships with
both before September 11th 2018. Anything that bootstraps after that could
have trouble switching.
XXX: pullup-8, pullup-7, pullup-6
through the list of kernel names it is configured to try. This way there is
fallback if /netbsd is not present. netbsd is the first name to be tried anyway.
Issue brought up on tech-kern@ by Patrick Welche <prlw1 AT cam ac uk> where a system
without /netbsd hung on boot.
Suggestion by rudolf <netbsd AT eq cz>
https://mail-index.netbsd.org/tech-kern/2018/02/16/msg023122.html
Install:
- allocator_interface.h
- asan_interface.h
- common_interface_defs.h
- tsan_interface_atomic.h
Into:
- /usr/include/gcc-5/sanitizer
Note headers in a comment headers for introduction in future:
- dfsan_interface.h
- lsan_interface.h
- msan_interface.h
Skip a file that will never be relevant on NetBSD:
- linux_syscall_hooks.h
PR 52265 by Kamil Rytarowski
Proposed and accepted on tech-toolchain@.
Sponsored by <The NetBSD Foundation>
node results in a non working config, despite following manual to get setup.
Remove a step for the user by creating a device node for veriexec by default.
ok mrg jakllsch
/usr/mdec/sbmips/ and document them in installboot(8) even though
it isn't really ported yet. also build the SBMIPS kernels.
unfortunately, sbmips has been broken since mips64 merge, but the
fix can happen in the evbmips version, which we might merge into
the older trees anyway.
XXX: releng can turn off sbmips* builds now for -current.
sleep / resume.
This should no longer be needed now the various applications
(dhcpcd, ntpd, wpa_supplicant et all) are more aware to the network state
as all interface carriers should be brought down and up again.
Fixes PR misc/52397.
- the names "ttya" and "ttyb" in zs(4) man page were leftover of the orignal
sparc/sun3 ports which used the same name for their native SunOS users
- symlinks ttya -> tty00 -> ttyZ0 (by "lndev tty00 ttya") are awful anyway
(symlinks tty0? -> ttyZ? are handled in MI MAKEDEV.tmpl)
See details on discussion on source-changes-d@:
http://mail-index.netbsd.org/source-changes-d/2017/07/thread1.html#009301
for more than one of the -m -p -s -t args (and checks whether any were given
to pick one if not) to be more shell friendly.
Note that while the method here is the same as was discussed on the list,
the actual implementation is free of the typos, and just pure lunacy that
was in the code that was shown there.
Also note these changes are intended to be completely internal, there
should be no visible impact upon the way that MAKEDEV works.
ok:christos. Thanks to pgoyette for the code review.
CAN stands for Controller Area Network, a broadcast network used
in automation and automotive fields. For example, the NMEA2000 standard
developped for marine devices uses a CAN network as the link layer.
This is an implementation of the linux socketcan API:
https://www.kernel.org/doc/Documentation/networking/can.txt
you can also see can(4).
This adds a new socket family (AF_CAN) and protocol (PF_CAN),
as well as the canconfig(8) utility, used to set timing parameter of
CAN hardware. Also inclued is a driver for the CAN controller
found in the allwinner A20 SoC (I tested it with an Olimex lime2 board,
connected with PIC18-based CAN devices).
There is also the canloop(4) pseudo-device, which allows to use
the socketcan API without CAN hardware.
At this time the CANFD part of the linux socketcan API is not implemented.
Error frames are not implemented either. But I could get the cansend and
canreceive utilities from the canutils package to build and run with minimal
changes. tcpudmp(8) can also be used to record frames, which can be
decoded with etherreal.
Originally, MKCRYPTO was introduced because the United States
classified cryptography as a munition and restricted its export. The
export controls were substantially relaxed fifteen years ago, and are
essentially irrelevant for software with published source code.
In the intervening time, nobody bothered to remove the option after
its motivation -- the US export restriction -- was eliminated. I'm
not aware of any other operating system that has a similar option; I
expect it is mainly out of apathy for churn that we still have it.
Today, cryptography is an essential part of modern computing -- you
can't use the internet responsibly without cryptography.
The position of the TNF board of directors is that TNF makes no
representation that MKCRYPTO=no satisfies any country's cryptography
regulations.
My personal position is that the availability of cryptography is a
basic human right; that any local laws restricting it to a privileged
few are fundamentally immoral; and that it is wrong for developers to
spend effort crippling cryptography to work around such laws.
As proposed on tech-crypto, tech-security, and tech-userlevel to no
objections:
https://mail-index.netbsd.org/tech-crypto/2017/05/06/msg000719.htmlhttps://mail-index.netbsd.org/tech-security/2017/05/06/msg000928.htmlhttps://mail-index.netbsd.org/tech-userlevel/2017/05/06/msg010547.html
P.S. Reviewing all the uses of MKCRYPTO in src revealed a lot of
*bad* crypto that was conditional on it, e.g. DES in telnet... That
should probably be removed too, but on the grounds that it is bad,
not on the grounds that it is (nominally) crypto.
This is a copy of t_hello from usr.bin/cc.
Added tests:
- hello
- hello_pic
- hello_pie
- hello32
These tests do not use c++ runtime library functions.
Protect these tests with MKCXX.
- Check if setkey correctly handles algorithms for AH/ESP
- Check IPsec of transport mode with AH/ESP over IPv4/IPv6
- Check IPsec of tunnel mode with AH/ESP over IPv4/IPv6
The tests/kernel/arch directory has been removed. The t_ptrace files have
been merged and moved to tests/lib/libc/sys.
Sponsored by <The NetBSD Foundation>
is complete, so that scripts invoked from powerd don't think that they
are still invoked by the rc system and fail.
Reported by rudolf @ tech-userlevel