drwx------ so when we change to a different user, we can't find the socket
we created.
Make a directory and put the socket in there. Of course now atf can't
record its results as a different user, but that is not fatal.
tc-se:FATAL ERROR: Cannot create results file '/tmp/atf-run.9vOjFd/tcr': \
Permission denied
Still planning to replace wgconfig(8) and wg-keygen(8) by one wg(8)
tool compatible with wireguard-tools; update wg(4) for the minor
changes from the 2018-06-30 spec to the 2020-06-01 spec; &c. This just
clarifies the current state of affairs as it exists in the development
tree for now.
Mark the man page EXPERIMENTAL for extra clarity.
Use sigaction() without SA_RESTART -- signal() implies SA_RESTART so
we never got the EINTR.
While here, reduce the timeout to something more reasonable so we
don't waste 20min of testbed time if anything goes wrong and the
one-second alarm doesn't fire.
It had no effect because RUMP_SOCKETS_LIST is not set in the shell
running the cleanup phase. Even if RUMP_SOCKETS_LIST had been set,
the code would still not have worked correctly because it ran
rump.halt via "atf_check -s exit:1", which would cause the first
successful halting of a rump processes to be treated as a failure
and abort the cleanup without halting any other rump processes still
running.
Three ways to call:
getrandom(p, n, 0) Blocks at boot until full entropy.
Returns up to n bytes at p; guarantees
up to 256 bytes even if interrupted
after blocking. getrandom(0,0,0)
serves as an entropy barrier: return
only after system has full entropy.
getrandom(p, n, GRND_INSECURE) Never blocks. Guarantees up to 256
bytes even if interrupted. Equivalent
to /dev/urandom. Safe only after
successful getrandom(...,0),
getrandom(...,GRND_RANDOM), or read
from /dev/random.
getrandom(p, n, GRND_RANDOM) May block at any time. Returns up to n
bytes at p, but no guarantees about how
many -- may return as short as 1 byte.
Equivalent to /dev/random. Legacy.
Provided only for source compatibility
with Linux.
Can also use flags|GRND_NONBLOCK to fail with EWOULDBLOCK/EAGAIN
without producing any output instead of blocking.
- The combination GRND_INSECURE|GRND_NONBLOCK is the same as
GRND_INSECURE, since GRND_INSECURE never blocks anyway.
- The combinations GRND_INSECURE|GRND_RANDOM and
GRND_INSECURE|GRND_RANDOM|GRND_NONBLOCK are nonsensical and fail
with EINVAL.
As proposed on tech-userlevel, tech-crypto, tech-security, and
tech-kern, and subsequently adopted by core (minus the getentropy part
of the proposal, because other operating systems and participants in
the discussion couldn't come to an agreement about getentropy and
blocking semantics):
https://mail-index.netbsd.org/tech-userlevel/2020/05/02/msg012333.html
cgd performance is not as good as I was hoping (~4% improvement over
chacha_ref.c) but it should improve substantially more if we let the
cgd worker thread keep fpu state so we don't have to pay the cost of
isb and zero-the-fpu on every 512-byte cgd block.
The 4-blocks-at-a-time assembly helper is disabled for now; adapting
it to armv7 is going to be a little annoying with only 16 128-bit
vector registers.
(Should also do a fifth block in the integer registers for 320 bytes
at a time.)
evbarm-aarch64 testbed to hang (PR port-evbarm/55521), and will not be
safe to run by default even after that bug is fixed, for similar
reasons as t_repeated_updown.
repeated_updown test case unless explicitly enabled with "atf-run -v
run_unsafe=yes". Gratuitously configuring interfaces "up" is no more
safe than gratuitously configuring them "down"; for example, it could
lead to accidentally connecting to an insecure network or diverting
traffic from the desired route.
