This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
llvm-symbolizer is an alternative for GNU addr2line(1), heavily used by the
LLVM sanitizers.
Do not install it as tools as it is not necessary as of today in that
stage.
==> Provide a much more complete set of setters and getters for different
value types in the prop_array_util(3) and prop_dictionary_util(3)
functions.
==> Overhaul the prop_data(3), prop_number(3), and prop_string(3) APIs
to be easier to use and less awkwardly named, Deprecate the old
awkward names, and produce link-time warnings when they are referenced.
==> Deprecate mutable prop_data(3) and prop_string(3) objects. The old
APIs that support them still exist, but will now produce link-time
warnings when used.
==> When the new prop_string(3) API is used, strings are internally
de-duplicated as a memory footprint optimization.
==> Provide a rich set of bounds-checked gettter functions in and a
corresponding set of convenience setters in the prop_number(3) API.
==> Add a new prop_bool_value(3) function that is equivalent to
prop_bool_true(3), but aligned with the new "value" routines in
prop_data(3), prop_string(3), and prop_number(3).
And the associated ezload EZ-USB code, which is only used by uyap.
It could theoretically be used by other drivers, but none of them are
in tree.
I suspect that this device isn't in use, as phone technology has improved
a lot since 2001 when uyap(4) was added to the tree.
Proposed with no objections on netbsd-users on 13 April 2020
fifo_vnodeop_opv_desc symbols.
Many filesystems ffs, lfs, ulfs, chfs, ext2fs etc. use fifofs
internally for their fifo vnops. NFS does too, but it also needs
networking anyway. Unfortunately fifofs brings in a lot of the
networking code so that the rumpkernel is not well partition. In
addition the fifo code is rarely used.
The existing hack depended on duplicating the above symbols and
adding minimal functionality for the majority of the the tests
(except the ffs and the puffs one). In these two cases both symbols
were loaded and the symbol sizes clashed which broke the sanitizers.
While this can be fixed with weak symbols and other kinds of
indirection, it is more straight forward to select between the
minimal and the full fifofs implementation by introducing a new
shared library librumpvfs_nofifofs.
Posted to tech-userlevel@ a week ago and reviewed by riastradh@.
GETENTROPY(3) Library Functions Manual GETENTROPY(3)
NAME
getentropy - fill a buffer with high quality random data
LIBRARY
Standard C Library (libc, -lc)
SYNOPSIS
#include <unistd.h>
int
getentropy(void *buf, size_t buflen);
DESCRIPTION
The getentropy() function fills a buffer with high quality random data,
suitable for seeding cryptographically secure psuedorandom number
generators.
getentropy() is only intended for seeding random number generators and is
not intended for use by regular code which simply needs secure random
data. For this purpose, please use arc4random(3).
The maximum value for buflen is 256 bytes.
IMPLEMENTATION NOTES
getentropy() reads from the sysctl(7) variable kern.arandom.
RETURN VALUES
The getentropy() function returns 0 on success, and -1 if an error
occurred.
ERRORS
getentropy() will succeed unless:
[EFAULT] The buf argument points to an invalid memory address.
[EIO] Too many bytes were requested.
SEE ALSO
arc4random(3), rnd(4)
STANDARDS
The getentropy() function is non-standard.
HISTORY
The getentropy() function first appeared in OpenBSD 5.6, then in
FreeBSD 12.0, and NetBSD 10.
Primary goals:
1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.
Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources. Hardware RNG devices should have hardware-specific
health tests. For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug. Not all hardware RNGs are
necessarily designed to produce exactly uniform output.
ENTROPY POOL
- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
kludge as the cryptographic primitive.
- `Entropy depletion' is available for testing purposes with a sysctl
knob kern.entropy.depletion; otherwise it is disabled, and once the
system reaches full entropy it is assumed to stay there as far as
modern cryptography is concerned.
- No `entropy estimation' based on sample values. Such `entropy
estimation' is a contradiction in terms, dishonest to users, and a
potential source of side channels. It is the responsibility of the
driver author to study the entropy of the process that generates
the samples.
- Per-CPU gathering pools avoid contention on a global queue.
- Entropy is occasionally consolidated into global pool -- as soon as
it's ready, if we've never reached full entropy, and with a rate
limit afterward. Operators can force consolidation now by running
sysctl -w kern.entropy.consolidate=1.
- rndsink(9) API has been replaced by an epoch counter which changes
whenever entropy is consolidated into the global pool.
. Usage: Cache entropy_epoch() when you seed. If entropy_epoch()
has changed when you're about to use whatever you seeded, reseed.
. Epoch is never zero, so initialize cache to 0 if you want to reseed
on first use.
. Epoch is -1 iff we have never reached full entropy -- in other
words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
but it is better if you check for changes rather than for -1, so
that if the system estimated its own entropy incorrectly, entropy
consolidation has the opportunity to prevent future compromise.
- Sysctls and event counters provide operator visibility into what's
happening:
. kern.entropy.needed - bits of entropy short of full entropy
. kern.entropy.pending - bits known to be pending in per-CPU pools,
can be consolidated with sysctl -w kern.entropy.consolidate=1
. kern.entropy.epoch - number of times consolidation has happened,
never 0, and -1 iff we have never reached full entropy
CPRNG_STRONG
- A cprng_strong instance is now a collection of per-CPU NIST
Hash_DRBGs. There are only two in the system: user_cprng for
/dev/urandom and sysctl kern.?random, and kern_cprng for kernel
users which may need to operate in interrupt context up to IPL_VM.
(Calling cprng_strong in interrupt context does not strike me as a
particularly good idea, so I added an event counter to see whether
anything actually does.)
- Event counters provide operator visibility into when reseeding
happens.
INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)
- Unwired for now; will be rewired in a subsequent commit.
repository, don't attempt to install it, and don't expect it to
be installed. If a better fix is to return 02-dump, then this
change can be reverted (by anyone, just go ahead and do it).
dhcpcd(8) should also have mention of 02-dump removed, if removing
it was intentional.
on the OpenBSD single-port XR21V1410 uxrcom driver, but adds support
for multi-port chipsets and uses the common umodem framework instead of
being a standalone driver.
Thanks to skrll@ for much USB clue and mrg@ for financing the
development of this driver.
/netbsd/modules respectively instead of /netbsd and
/stand/<arch>/<version>/modules. This is only supported for x86,
and is turned off by default. To try it, add KERNEL_DIR=yes in your
/mk.conf and install a system from that build.
- Modify the writing code to only write entries in the new
format for the terminal descriptions that require it.
- Store new format entries as <name>@v3
- Store old format entries with clamped values as <name> for
backwards compatibility
- Lookup first <name>@v3 and then <name> if that is not found.
- Don't create terminfo2 anymore; old programs keep working with
clamped entries, and new programs be able to use the wide
fields with using the original db file.
While here also document (but comment it out since it isn't
available - yet) strerror_lr(). To include that, simply
uncomment the relevant lines, and (twice I think) s/returns/return/
on lines just after currently commented out lines (that is, it
currently says, "A returns" after the comments are returned, we
need it to be "A and B return" - the "and B" appears when the comment
markers are removed, removing the 's' from returns must be done manually.
In addition to adding strerror_l() some additional enhancements were
made to the general strerror() doc.
No mouse support actually included.
But that doesn't matter because most terms don't actually support a mouse.
We should look into hooking these into wsmouse(4) and xterm mouse
in the future.
Compatable with nCurses mouse API version 2.
POSIX mandates implementations must support upto a short but may exceed it.
When NetBSD terminfo was implemented, no terminfo description used over
a short, but because ncurses has supported ints for some time, some now do.
Infact, such a terminfo description was imported where colour pairs for
screen-256color went up to 65536 which exposed a bug in the existing
implementation where it set to zero. Because the number might mean
something more than a range, we need to be able to store it accurately.
This requires a version bump because whilst the API hasn't changed thanks
to C int promotion, the ABI has. Also the underlying database structure
has changed as well - we now store the numeric paramter inside a uint32_t
field rather than a uint16_t one.
Whilst this change can still read the old style database, the old one
cannot read the new one and thus we now maintain the database as
terminfo2.cdb, leaving the old library and database alone so old programs
still work fine.
libcurses, libfrom, libmenu and libpanel have also been bumped to
accomoate this change.
t_ptrace_sigchld - for SIGCHLD handler + ptrace(2).
Right now a single test is enabled (raise(SIGKILL)) and marked as failed
as it never finishes as the child is never collected before exiting the
parent uninterested about its child (SA_NOCLDWAIT).
Some tools that use libhack expect thread locking.
An example of this is zpool(8).
Without it, it randomly crashes. As such, force _REENTRANT to avoid
debugging future random crashes from any other applications which
rely on this.
These are currently listed in order of uid because I went through
src/etc/group and src/etc/master.passwd line by line, and sorting any
other way after the fact -- like lexicographically, how it should be
-- was kinda inconvenient.
Feel free to sort, add information, add historical references,
correct any mistakes, &c., so that these remain living documents
describing NetBSD's standard users and groups and practices around
them.
It's been determined that it's too magical and it's either the job
of the bootloader or you compile it into the kernel yourself.
This entry works in /boot.cfg:
menu=Boot ZFS Root:load solaris;load zfs;fs /ramdisk-zfsroot.fs;boot
Rather than copying the needed modules from FFS to the ramdisk,
load then directly from FFS instead.
This way, we can symlink ramdisk stand into /altroot and let nature take
it's course like loading firmware.
Set shell exit on error rather than using chained commands.
zpool import seems to SIGBUS randomly on amd64 and if we didn't do the
former then zpool would hang the init. Now at least we exit to the shell.
Until we get ZFS integrated into our boot loader, this is the next best
thing. The idea is simple - have a small FFS partition with a kernel,
modules and this ramdisk. Once the ramdisk boots it will mount the FFS
partition read only, copy the needed ZFS modules to the ramdisk and then
unmount the partition. Then we import the ZFS root pool, mount the
ZFS root filesystem and then pivot to it.
Because the initial FFS partition is not mounted at this point, we
can mount it in /altroot so we can replace the kernel and modules with
newer ones so it's easily maintainable.
This ZFS boot strapper currently makes the following assumptions:
* The device NAME=boot is the FFS with kernel, modules and this ramdisk.
* The ZFS root pool and root filesystem are called rpool/ROOT.
A boot.cfg menu entry can then be added like so:
menu=Boot ZFS root:fs /ramdisk-zfsroot.fs;boot
91 passed test cases
0 failed test cases.
0 expected failed test cases.
62 skipped test cases.
There are many skipped tests, because the test itself supports full-
duplex, half-duplex and uni-directional devices but pad(4) used in ATF
tests is uni-directional device.
Background:
- All m68k ports have fixed PAGE_SIZE value in their kernels,
but each port uses different PAGE_SIZE value (4096 or 8192)
due to historical reasons.
- Currently module(7) binaries are built per each port so
all m68k kernel sources don't support run-time variable PAGE_SIZE.
- MI <uvm/uvm_param.h> assumes that the port supports a variable
PAGE_SIZE on module(7) builds if both MAX_PAGE_SIZE and MIN_PAGE_SIZE
are defined and they have different values.
- On the other hand, jemalloc(3) checks MAX_PAGE_SHIFT in
src/external/bsd/jemalloc/include/jemalloc/internal/jemalloc_internal_defs.h
for internal optimization.
- m68k ports share userland binaries (especially pkgsrc binaries)
among all ports, so we need to define MAX_PAGE_SHIFT as 13 to
support m68k ports where PAGE_SIZE==8192.
(though this would affect only if static binaries built on
4k page hosts are executed on 8k page hosts)
To solve these inconsistency on PAGE_SIZE definitions,
we should have an independent PAGE_SIZE related definitions
for userland, but it requires major reorganization.
For now (especially for netbsd-9) we define MAX/MIN PAGE_SIZE and
PAGE_SHIFT values in <m68k/vmparam.h> only in !defined(_KERNEL) case.
Discussed on source-changes-d@ and tech-kern@ with christos@ and thorpej@:
https://mail-index.netbsd.org/source-changes-d/2020/01/thread1.html#012035https://mail-index.netbsd.org/tech-kern/2020/01/thread1.html#025954
Should be pulled up to netbsd-9.
Associates a constructor and destructor with the percpu. Currently
the constructor runs immediately, but in principle we could use the
same API for future CPU hotplug support.
This lets you sleep for allocation or draining users before
deallocation when setting up or tearing down a percpu -- currently we
have many abuses of percpu_foreach in tree for that purpose.
Proposed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/01/30/msg026036.html
At this point it is highly unlikely this 1999 device still has users,
but it still comes up in the context of maxv's USB-fuzzing (and any device
could pretend to be a urio(4)), so it's best to get rid of it.
Renamed all major entries to obsolete, as was done in previous removals.
This still requires an update to sanitizers, but they're located in
"external", perhaps it should be first committed upstream?
Proposed on tech-kern a month ago.
