consttime_memequal is the same as the old consttime_bcmp.
explicit_memset is to memset as explicit_bzero was to bcmp.
Passes amd64 release and i386/ALL, but I'm sure I missed some spots,
so please let me know.
rndsink(9):
- Simplify API.
- Simplify locking scheme.
- Add a man page.
- Avoid races in destruction.
- Avoid races in requesting entropy now and scheduling entropy later.
Periodic distribution of entropy to sinks reduces the need for the
last one, but this way we don't need to rely on periodic distribution
(e.g., in a future tickless NetBSD).
rndsinks_lock should probably eventually merge with the rndpool lock,
but we'll put that off for now.
cprng(9):
- Make struct cprng_strong opaque.
- Move rndpseudo.c parts that futz with cprng guts to subr_cprng.c.
- Fix kevent locking. (Is kevent locking documented anywhere?)
- Stub out rump cprng further until we can rumpify rndsink instead.
- Strip code to grovel through struct cprng_strong in fstat.
MAXDIRSIZE -> UFS_MAXDIRSIZE or LFS_MAXDIRSIZE
NINDIR -> FFS_NINDIR, EXT2_NINDIR, LFS_NINDIR, or MFS_NINDIR
INOPB -> FFS_INOPB, LFS_INOPB
INOPF -> FFS_INOPF, LFS_INOPF
blksize -> ffs_blksize, ext2_blksize, or lfs_blksize
sblksize -> ffs_blksize
These are not the only ambiguously defined filesystem macros, of
course, there's a pile more. I may not have found all the ambiguous
definitions of blksize(), too, as there are a lot of other things
called 'blksize' in the system.
pollution. Specifically:
ROOTINO -> UFS_ROOTINO
WINO -> UFS_WINO
NXADDR -> UFS_NXADDR
NDADDR -> UFS_NDADDR
NIADDR -> UFS_NIADDR
MAXSYMLINKLEN -> UFS_MAXSYMLINKLEN
MAXSYMLINKLEN_UFS[12] -> UFS[12]_MAXSYMLINKLEN (for consistency)
Sort out ext2fs's misuse of NDADDR and NIADDR; fortunately, these have
the same values in ext2fs and ffs.
No functional change intended.
abd userland, as proposed on tech-security, with explicit_bzero using
a volatile function pointer as suggested by Alan Barrett.
Both do what the name says. For userland, both are prefixed by "__"
to keep them out of the user namespace.
Change some memset/memcmp uses to the new functions where it makes
sense -- these are just some examples, more to come.
in incorrect resid values, and causes the read of /boot.cfg to ignore the
file. If the requested transfer extends past the end of the file, force
the internal buffer to be used, and when transferring data from the
internal buffer, limit the transfer to what's left in the file. CDROM
boot will now process the /boot.cfg file.
This is in line with the core decision than even modular kernels should
contain the ffs code.
I've left in the code that tries to load "nfs" and "ext2fs", but it
isn't clear that is necessary.
Removes a warning message that (usually) flashes past to fast to read.
AFAICT all the relevant kernels contain ffs (and nfs for that matter).
1) Move core entropy-pool code and source/sink/sample management code
to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout
source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to
avoid expensive operations on disabled entropy sources; make the
rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might
have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM
system events, and skew between clocks, with a sample implementation
for each.
ok releng to go in before the branch due to the difficulty of later
pullup (widespread #ifdef removal and moved files). Tested with release
builds on amd64 and evbarm and live testing on amd64.
http://mail-index.NetBSD.org/tech-kern/2011/12/15/msg012226.htmlhttp://mail-index.NetBSD.org/tech-kern/2011/12/17/msg012229.html
- add 'ls' op to struct fs_ops to support ls command on each fs,
enabled by -DLIBSA_ENABLE_LS_OP and SAMISCMAKEFLAGS+="SA_ENABLE_LS_OP=yes"
in libsa
- split sys/lib/libsa/ufs_ls.c into UFS specific part and MI part (ls.c)
that opens the target fs and calls fs-depedent XXX_ls() functions
- add a ls op for ext2fs
(all other fs than ufs and ext2fs don't have actual ls ops yet)
- replace existing MD ufs_ls() calls with this new MI ls()
The original patch was written for i386 and ext2fs.
zaurus zboot has been tested by nonaka@.
ews4800mips and x68k loaders have been tested by me (with several fixes).
landisk might be okay since it was almost copied from i386.
XXX1: "ls" op in fs_ops looks a bit inconsistent, but we will be able to
replace it with real fs ops like readdir if it's really worth
XXX2: someone might have to check sys/arch/ia64/stand/efi/libefi/efifs_ls.c
arc4random() hacks in rump with stubs that call the host arc4random() to
get numbers that are hopefully actually random (arc4random() keyed with
stack junk is not). This should fix some of the currently failing anita
tests -- we should no longer generate duplicate "random" MAC addresses in
the test environment.
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
is to provide routines that do as KASSERT(9) says: append a message
to the panic format string when the assertion triggers, with optional
arguments.
Fix call sites to reflect the new definition.
Discussed on tech-kern@. See
http://mail-index.netbsd.org/tech-kern/2011/09/07/msg011427.html
"millicode" function that uses compiler-private ABI. Newer gcc uses
heavily tuned __udivsi3_i4i that is NOT compatible with __udivsi3
because it's expected to clobber different registers. We don't want
to link the kernel against libgcc and we don't have resources to write
heavily tuned version ourselves, so clone __udivsi3 but adjust it to
conform to the __udivsi3_i4i clobber spec.
Ditto for signed division.
You can make gcc use old routines with -mdiv=call-div1 to avoid few
extra instructions to save/restore the right registers in the signed
division funcion.
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.
optimisation is critical. Use this on i386 to switch to register passing
calling convention for the file system entry points and most assembler
call backs that have to preserve at least 3 registers.
optimisation is critical. Use this on i386 to switch to register passing
calling convention for the file system entry points and most assembler
call backs that have to preserve at least 3 registers.
>revision 1.6
>date: 2011/03/23 20:54:35; author: martin; state: Exp; lines: +2 -2
>Avoid using %g7
fixes rump on sparc, at least somewhat.
tested that normal kernels runs fine this with this change, too.
Push -Wno-array-bounds down to the cases that depend on it.
Selectively disable warnings for 3rd party software or non-trivial
issues to be reviewed later to get clang -Werror to build most of the
tree.
parse quota plists; as well as a getfsquota() function to retrieve quotas
for a single id from a single filesystem (whatever filesystem this is:
a local quota-enabled fs or NFS). This is build on functions getufsquota()
(for local filesystems with UFS-like quotas) and getnfsquota();
which are also available to userland programs.
move functions from quota2_subr.c to libquota or libprop as appropriate,
and ajust in-tree quota tools.
move some declarations from kernel headers to either sys/quota.h or
quota/quota.h as appropriate. ufs/ufs/quota.h still installed because
it's needed by other installed ufs headers.
ufs/ufs/quota1.h still installed as a quick&dirty way to get a code
using the old quotactl() to compile (just include ufs/ufs/quota1.h instead of
ufs/ufs/quota.h - old code won't compile without this change and this is
on purpose).
Discussed on tech-kern@ and tech-net@ (long thread, but not much about
libquota itself ...)
copyright. Confirmed by Mike Hibler, mike at cs.utah.edu - thanks!
Also, merge UCB and Utah copyright texts back into one, as they
originally were.
Extra verification by snj@.
not doing it for cosmetic value or out of angst. See, PIC_PROLOGUE
on i386 uses the "1" label internally. Now, everything would be
fine and dandy for the first 551245 calls to random. After that
p+q is negative and the jump is taken. However, it is taken into
the middle of PIC_PROLOGUE instead of where upon superficial
examination we assumed we are jumping. This causes wrong(tm) things
to happen and "ret" triggers a jump into hyperspace.
(no, I did not see that coming)
While kernel source code is supposed to use <machine/macros.h> via
<sys/param.h> and pick an inline asm version from there, gcc itself
can generate direct calls to memset() for structure initialization, so
the symbol must be provided.
Fixes INSTALL kernel, for which -Os caused gcc to use memset() call to
initialize a struct in uvm_fault_internal().
at boot.
Add a ksyms_mod_foreach() function to iterate a callback function over the
set of elf symbols for a specific module (netbsd included).
Add kern_ctf.c and mod_ctf_get() to allow the retrieval and decompression
of CTF sections for a specific module.
__assert -> kern_assert
__sigtimedwait1 -> sigtimedwait1
__wdstart -> wdstart1
The rest are MD and/or shared with userspace, so they will require
a little more involvement than what is available for this quick
"ride the 5.99.24 bump" action.
in libsa printf(3). Disabled by default but enabled by
-DLIBSA_PRINTF_LONGLONG_SUPPORT and -DLIBSA_PRINTF_WIDTH_SUPPORT.
Provided by tnozaki@ for my libsa debugging. Thanks!
Any .S files added by the arch/*/Makefile.inc cause the .c file to
be excluded.
Specific exclusions added using NO_SRCS to match previous files.
At least sparc, sparc64, i386, amd64 and vax GENERIC still build.
(There is a fubar with the naming of the byte-swap files ...)
as tsutsui@ suggested, and include <sys/param.h> in sha2.c instead.
On the vax, this causes <machine/macros.h> to be included, and it contains
that machine's memset() macro+inline.
This is a port of the OpenBSD pmap and trap handling code to get us
- Performance boost on some/all machines.
- Well on the way to PA2.0 (in 32bit mode) support. Several
machines probe hardware, but fail sometime after interrupts
are enabled.
Other things changed / fixed on the branch are
- update autoconf to use the OpenBSD code.
- com @ dino is very close to being supported.
- HPPA_REDZONE has been replaced with a working redzone which
is enabled with DIAGNOSTIC.
- UPAGES has been halved in size.
- power(4) from OpenBSD to fix a few bugs.
- updated list of modules from OpenBSD.
- initial ports of uturn(4), astro(4) and elroy(4).
- update some copyrights (remove advertising clause, etc.)
Thanks to mjf for some of the above, testing and listening.
Extends the Opencrypto API to allow the destination buffer size to be
specified when its not the same size as the input buffer (i.e. for
operations like compress and decompress).
The crypto_op and crypt_n_op structures gain a u_int dst_len field.
The session_op structure gains a comp_alg field to specify a compression
algorithm.
Moved four ioctls to new ids; CIOCGSESSION, CIOCNGSESSION, CIOCCRYPT,
and CIOCNCRYPTM.
Added four backward compatible ioctls; OCIOCGSESSION, OCIOCNGSESSION,
OCIOCCRYPT, and OCIOCNCRYPTM.
Backward compatibility is maintained in ocryptodev.h and ocryptodev.c which
implement the original ioctls and set dst_len and comp_alg to 0.
Adds user-space access to compression features.
Adds software gzip support (CRYPTO_GZIP_COMP).
Adds the fast version of crc32 from zlib to libkern. This should be generally
useful and provide a place to start normalizing the various crc32 routines
in the kernel. The crc32 routine is used in this patch to support GZIP.
With input and support from tls@NetBSD.org.
because they could be larger than __OPTIMIZE_SIZE__'ed libsa ones and
__builtin_memcpy() on vax rejects NULL (i.e. copying from/to address 0x0).
No particular comments on tech-toolchain.
Tested on alpha, arc, cobalt, hp300, i386, landisk, macppc, news68k, sgimips,
sparc, sparc64, sun3, and vax (on simh).
macro which replace them with mem*() functions in #ifdef _KERNEL as noted
in man pages
- move declarations of bcopy(3) and bzero(3) into <lib/libsa/stand.h>
since they are still in libsa for some MD standalone sources
(I guess all bcmp(3) in standalone sources have been replaced with memcmp(3)
but they should be replaced with memcmp() anyway)
There are still about 1600 left, but they have ',' or /* ... */
in the actual variable definitions - which my awk script doesn't handle.
There are also many that need () -> (void).
(The script does handle misordered arguments.)
made to fail. Specifically, change
.ifdef(SYMBOL) -> .ifdef SYMBOL or .if defined(SYMBOL),
and corresponding for .ifndef.
Also correct one error in lib/libm/Makefile (.ifdef (${MKCOMPLEX} != "no")?!?).
to avoid unnecessary 64 bit ops which would make binaries larger:
satime_t (currently unsigned int):
numbers in seconds returned by the machine dependent getsecs() function
which are used to measure relative time
saseconds_t (currently int):
numbers in seconds used to specify timeout to network drivers
Per discussion on current-users.
sucks in all libkern sources), so mark them ".hidden". I'm not sure
if this is the best course of action (dropping millicode from librump
might be a better idea), but it's the quickest fix to get sh3 builds
going again for now.
