rndctl -S triggers entropy consolidation, so whatever we gathered
during kernel startup -- interrupt timings, autoconf timings, &c. --
will be incorporated into the seed and into subsequent data read from
/dev/urandom, just like if rndctl -L had run at this boot, and the
seed will carry them into the next boot too.
But it still avoids frequently consolidating entropy on any regular
schedule, in order to continue to mitigate iterative-guessing
attacks.
- Teach rndctl to load the seed, but treat it as zero entropy, if the
medium is read-only or if the update fails.
- Teach rndctl to accept `-i' flag instructing it to ignore the
entropy estimate in the seed.
- Teach /etc/rc.d/random_seed to:
(a) assume nonlocal file systems are unsafe, and use -i, but
(b) assume / is safe, even if it is nonlocal.
If the medium is nonwritable, leave it to rndctl to detect that.
(Could use statvfs and check for ST_LOCAL in rndctl, I guess, but I
already implemented it this way.)
Treating nonlocal / as safe is a compromise: it's up to the operator
to secure the network for (e.g.) nfs mounts, but that's true whether
we're talking entropy or not -- if the adversary has access to the
network that you've mounted / from, they can do a lot more damage
anyway; this reduces warning fatigue for diskless systems, e.g. test
racks.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.
XXX pullup
/netbsd/modules respectively instead of /netbsd and
/stand/<arch>/<version>/modules. This is only supported for x86,
and is turned off by default. To try it, add KERNEL_DIR=yes in your
/mk.conf and install a system from that build.
- Move /etc/daily from 03:15 -> 04:15
- Move /etc/weekly from 04:30 -> 05:30 (to keep the spacing)
This should prevent problems during daylight savings changeover (which
is usually between 01:00 -> 04:00, depending upon the region) where the
cronjobs may be executed twice, or never at all...
This expands on the previous fix in revision 1.13 from 1997.
It seems that working kernel should be more smaller.
Strip off most kernel options, and provide by kernel modules.
Also add GENERIC kernel for NFS root instead of FFS.
If you set zfs=YES, presumably you positively want the automatic rc.d
actions, so if there's no /sbin/zfs or if zfs can't find pools with
/etc/zfs/zpool.cache, presumably you would like feedback about that
in rc.log.
At this point it is highly unlikely this 1999 device still has users,
but it still comes up in the context of maxv's USB-fuzzing (and any device
could pretend to be a urio(4)), so it's best to get rid of it.
Renamed all major entries to obsolete, as was done in previous removals.
This still requires an update to sanitizers, but they're located in
"external", perhaps it should be first committed upstream?
Proposed on tech-kern a month ago.
Discussed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/01/13/msg025938.html
This was never (intentionally) enabled by default, and the design has
some shortcomings. You can get mostly the same results with ktrace,
as in usr.bin/make/filemon/filemon_ktrace.c which is now used instead
of filemon for make's meta mode.
If applications require higher performance than ktrace, or nesting
that ktrace doesn't support, we might consider adding something back
into the vfs system calls themselves, without hijacking the syscall
table. (Might want a more reliable output format too, e.g. one that
can handle newlines in file names.)
script takes care of mounting filesystems.
Don't try to unmount all file systems before unloading the ZFS module, leave
that to the operator in preperation or the mountall script to take care
of. Module will of course fail to unload then if file systems are still
mounted.
script from wroking if the system is booted into single user mode & then
moved onto multi-user mode.
Reported by <pgoyette> for NPF but the issue is there in PF too.
With this switch processes (such as xconsole) can open /dev/console
without breaking login on the text or serial console. This can be
trivially triggered by enabling xdm in rc.conf and hitting
Ctrl+Alt+F1 or equivalent once booted.
The changes:
- Add entry for /dev/console or /dev/constty if missing
- If a port's had /dev/console 'on' switch it off and enable /dev/constty
- If a port did not have /dev/console 'on', leave /dev/constty off
Some ports had /dev/console off and /dev/ttyE0 enabled, presumably to
avoid just this issue. It may make sense to adjust these also (but not
in this pass)
As discussed on current-users
in the ZFS properties of the dataset and a simple man page for
mount_zfs. With this, it is possible to put ZFS filesystems in
/etc/fstab as file system type zfs.
Add a rc.d script that kicks the module ZFS load mostly before
mountall runs simular to what LVM does. This allows for any legacy
mounts to be specified in critical_local_filesystems and allows for
ZFS pools on top of cgd (probably among other things). Introduce a
rc.conf variable called zfs which needs to be set to YES, in the usual
manor of things, to get zvols and ZFS dataset support rather then just
assume that 'zfs mount' does that in mountall. Fix a problem in
mountall if ZFS is not compiled into the system.
from userland via /dev/vhci. Using this, it becomes possible to test and
fuzz the USB stack and all the USB drivers without having the associated
hardware.
The vHCI device has four ports independently addressable.
For each xfer on each port, we create two packets: a setup packet (which
indicates mostly the type of request) and a data packet (which contains
the raw data). These packets are processed by read and write operations
on /dev/vhci: userland poll-reads it to fetch usb_device_request_t
structures, and dispatches the requests depending on bRequest and
bmRequestType.
A few ioctls are available:
VHCI_IOC_GET_INFO - Get the current status
VHCI_IOC_SET_PORT - Choose a vHCI port
VHCI_IOC_USB_ATTACH - Attach a USB device on the current port
VHCI_IOC_USB_DETACH - Detach the USB device on the current port
vHCI has already allowed me to automatically find several bugs in the USB
stack and its drivers.
Enable in all the supported variations for NetBSD/amd64:
- Address Sanitizer
- Thread Sanitizer
- Memory Sanitizer
- Undefined Behavior Sanitizer
- SafeStack
- libFuzzer
- XRay
This change enables the features on amd64 for start.
We probably don't need more than one pci file, but the code needs to be
changed for it, which might introduce problems, and we're just before a
branch.
Not needed for evbarm because it uses devpubd by default.
Stopgap fix for PR xsrc/54388.
Also add the other gm20x nouveau firmwares to the source tree
to make it easier to add them for someone who can test them.
Installed if MKNOUVEAUFIRMWARE is set to 'yes'.
This defaults to no except on amd64 and i386 (like for radeon).
My keyboard and mouse use multiple device nodes each. I can't use
any other devices once they're attached. With my keyboard, mouse,
and two game controllers attached, a total of 9 nodes are required.
Particularly, high-end keyboards with N-key rollover support require
more device nodes, since they pretend to be multiple keyboards to work
around limitations in the uhid compat spec.
My original intention was to raise it from 4 to 12, but martin
suggested increasing it to 16.
"somewhat insane, but so is reality" - mlelstv
(like sensor readout) are locked, so that a userland program may interfere with
envsys operation.
To use this you need a program like ipmitool built with OpenIPMI support.
pipes. Skip the "error" printf from GetSmtId() as there is no easy
portable way to avoid it occurring (there are complicated ways) - but
we don't need it, there is no logical difference between "error" and ""
so just use the latter (if we get an ID, good, if there is nothing, then
there is none - saying 'error' does not mean anything.)
Use quoting everywhere possibly useful (always the right way, except
in the few cases where it is wrong...)
Avoid using cut & grep (from /usr/bin) so script could run before /usr
is mounted (pity cpuctl is in /usr/sbin ...).
Use sysctl -n rather than attempting to parse its output.
parses the output of cpuctl, and executes "cpuctl offline" for each CPU
that has SmtID!=0.
The default is "smtoff=NO", which means that SMT remains enabled.
boards that use u-boot. A known board database lists boards and their
respective u-boot packages. u-boot packages are discovered at run-time
(in /usr/pkg/share/u-boot, by default). These packages contain board
database overlays that describe u-boot installation procedure that's
specific for that board.
Support this as a native tool and as a host tool. The native tool
will attempt to determine the running board type using OpenFirmware
calls. Host tool and native tool alike may also specify a board type
directly using the "-o board=xxx option" or have installboot(8) determine
the board type from a device tree blob using "-o dtb=/path/to/board.dtb".
A "-o media=xxx" option is provided for boards that have different u-boot
binaries and/or installation procedures for different media types (e.g.
SDMMC, eMMC, or USB).
This is trivial to extend to other evb* platforms that use u-boot, even if
they don't use FDT for autoconfiguration.
enabled and don't warn our users that it might not and already suggest
workarounds.
The ability to disable ACPI and SMP is still there, by dropping to
the boot prompt.
for x86 and evbarm:
- install headers and libEGL
- install xorg-server glamoregl component
- link xorg drivers against gbm/egl
bonus fix:
- fix some wrongly marked compatx11file files
build tested on shark, sgimips, evbarm64-el, amd64 and i386.
run tested on radeon, intel and nvidia on amd64, including
'modesetting' driver on amd64. however, my systems disable
it due to llvmpipe so i'm not sure what is happening.
./usr/include/$MACHINE and automatically add it.
add sun68k for sun2/sun3. tested on about 12 platforms.
there may be more failures to figure out but this should make
them all special cases rather than always expected cases.
fortunately, most builds don't see to hit these issues for
reasons i haven't determined yet.
- add khrplatform.h for mesa_ver=18 platforms.
need to enable libvdpau.pc generation (needs special rules)
this mostly comes from maya in the first one, and a small part
of the second:
commit 48eb746983a5a7967fba221e7b167808af36f44a
Author: Maya Rashish <maya@NetBSD.org>
Date: Sun Feb 24 09:31:22 2019 +0200
More of vdpau. Cogs spin.
commit d9fbba8f61a43648d32f160c5fa62626788566ff
Author: Maya Rashish <maya@NetBSD.org>
Date: Sat Feb 23 22:36:37 2019 +0200
Adjust for MesaLib 18.
Build llvmpipe driver on x86 (the driver itself is x86-only).
build llvm on all x86, even on GCC builds.
galahad driver removed (upstream).
Don't build mesa 7 at all.
(how many more builds will i find like this? the end result
is that i think we should generate the ./usr/include/$MACHINE
entry, i think, but i have to survey many ports.)
Previously spi would configure the controller to use the lowest speed of
all connected devices since the kernel started and to fail attempted mode
changes. This is now improved to keep individual modes and speeds for each
slave and to reconfigure the controller as necessary for each transfer.
Added man page for spi(9).
The KCOV driver implements collection of code coverage inside the kernel.
It can be enabled on a per process basis from userland, allowing the kernel
program counter to be collected during syscalls triggered by the same
process.
The device is oriented towards kernel fuzzers, in particular syzkaller.
Currently the only supported coverage type is -fsanitize-coverage=trace-pc.
The KCOV driver was initially developed in Linux. A driver based on the
same concept was then implemented in FreeBSD and OpenBSD.
Documentation is borrowed from OpenBSD and ATF tests from FreeBSD.
This patch has been prepared by Siddharth Muralee, improved by <maxv>
and polished by myself before importing into the mainline tree.
All ATF tests pass.
put compat stuff in NetBSD.compat.$MACHINE_ARCH, and normal
stuff in NetBSD.dist.$MACHINE/MACHINE_ARCH, etc.
probably need at at more files for sh3, mips, ppc, sparc,
m68k, arm, ia64, etc., as every port has port- or arch-
specific header subdirectory.
./usr/include/dev/nvmm/x86 (amd64).
(perhaps we should stop 'make includes' from creating the target directory
for normal builds as this leads to mtree inconsistencies.)
- add missing header files fpr gcc=7
- add some missing gcc=5 obsolete entries
- create ./usr/include/dev/bluetooth in mtree not make, and move it into the
base set where all other directories are.
provides support for hardware-accelerated virtualization on NetBSD.
It is made of an MI frontend, to which MD backends can be plugged. One
MD backend is implemented, x86-SVM, for x86 AMD CPUs.
We install
/usr/include/dev/nvmm/nvmm.h
/usr/include/dev/nvmm/nvmm_ioctl.h
/usr/include/dev/nvmm/{arch}/nvmm_{arch}.h
And the kernel module. For now, the only architecture where we do that
is amd64 (arch=x86).
NVMM is not enabled by default in amd64-GENERIC, but is instead easily
modloadable.
Sent to tech-kern@ a month ago. Validated with kASan, and optimized
with tprof.
when unmounting tmpfs file systems at shutdown time, avoid unmounting
a tmpfs created by init on /dev - behaviour overridable from rc.conf.
By default all tmpfs that have device nodes are not mounted.
mostly just on general principle... this resulted in one or two minor
code reformattings to keep 80 char limits - a few needless uses of
quotes ("no" ??) were also removed (sh is not C. strings are strings
without quotes around them...)
is of poor quality, and is now an obstacle to MP-ification. It was removed
ten years ago from FreeBSD for the same reason.
This retires a big user of the mbuf API, and will ease maintenance of the
kernel.
Two new test programs, one for the version of printf in /bin/sh
and one for the command /usr/bin/printf (t_builtin and t_command)
Each test program has 28 test cases (the same in each) of which
currently 27 pass, and 1 is skipped.
See the test scripts themselves for more information.
populate /dev with zvol device nodes.
Following on with the recent ZFS/DTrace update, this is no longer a valid option
and causes the mountall script to barf zfs usage() following from
unrecognized command 'volinit' error.
XMSS is a stateful post-quantum signature scheme.
- Post-quantum security for _online_ authentication is not important
until quantum computers become practical; there's no danger of
retroactive forgery in sessions that have already completed.
- As a stateful signature schemes, XMSS is qualitatively different
from all the other ones sshd supports, requiring additional
administrative care: roll back the state (e.g., from a disk backup
or VM snapshot), and you've shot yourself in the foot.
If users want XMSS keys, they can make them explicitly, but there's
no need for this to be enabled by default.
Discussed with christos offline.
Use ps -A instead of ps -ax (-A means -ax, but -A is posix, -x is not)
Use ps -o args instead of ps -o command (same reason).
This makes no difference when the ps used is /bin/ps on NetBSD, but
can make a difference when some other ps command gets invoked instead.
XXX pullup -8
- sys/arch/evbarm64 is gone and integrated into sys/arch/evbarm. (by skrll@)
- add support fdt. evbarm/conf/GENERIC64 fdt (bcm2837,sunxi,tegra) based generic 64bit kernel config. (by skrll@, jmcneill@)
https://ftp.isc.org/isc/bind9/keys/9.11/bind.keys.v9_11
This includes the new KSK2017 key which is planned to replace the KSK2010
in October 11th, 2018. It is important to have software that ships with
both before September 11th 2018. Anything that bootstraps after that could
have trouble switching.
XXX: pullup-8, pullup-7, pullup-6
through the list of kernel names it is configured to try. This way there is
fallback if /netbsd is not present. netbsd is the first name to be tried anyway.
Issue brought up on tech-kern@ by Patrick Welche <prlw1 AT cam ac uk> where a system
without /netbsd hung on boot.
Suggestion by rudolf <netbsd AT eq cz>
https://mail-index.netbsd.org/tech-kern/2018/02/16/msg023122.html
Install:
- allocator_interface.h
- asan_interface.h
- common_interface_defs.h
- tsan_interface_atomic.h
Into:
- /usr/include/gcc-5/sanitizer
Note headers in a comment headers for introduction in future:
- dfsan_interface.h
- lsan_interface.h
- msan_interface.h
Skip a file that will never be relevant on NetBSD:
- linux_syscall_hooks.h
PR 52265 by Kamil Rytarowski
Proposed and accepted on tech-toolchain@.
Sponsored by <The NetBSD Foundation>
node results in a non working config, despite following manual to get setup.
Remove a step for the user by creating a device node for veriexec by default.
ok mrg jakllsch
/usr/mdec/sbmips/ and document them in installboot(8) even though
it isn't really ported yet. also build the SBMIPS kernels.
unfortunately, sbmips has been broken since mips64 merge, but the
fix can happen in the evbmips version, which we might merge into
the older trees anyway.
XXX: releng can turn off sbmips* builds now for -current.
sleep / resume.
This should no longer be needed now the various applications
(dhcpcd, ntpd, wpa_supplicant et all) are more aware to the network state
as all interface carriers should be brought down and up again.
Fixes PR misc/52397.
- the names "ttya" and "ttyb" in zs(4) man page were leftover of the orignal
sparc/sun3 ports which used the same name for their native SunOS users
- symlinks ttya -> tty00 -> ttyZ0 (by "lndev tty00 ttya") are awful anyway
(symlinks tty0? -> ttyZ? are handled in MI MAKEDEV.tmpl)
See details on discussion on source-changes-d@:
http://mail-index.netbsd.org/source-changes-d/2017/07/thread1.html#009301
riastradh