designated initializers.
I have not built every extant kernel so I have probably broken at
least one build; however I've also found and fixed some wrong
cdevsw/bdevsw entries so even if so I think we come out ahead.
1) Move core entropy-pool code and source/sink/sample management code
to sys/kern from sys/dev.
2) Remove use of NRND as test for presence of entropy-pool code throughout
source tree.
3) Remove use of RND_ENABLED in device drivers as microoptimization to
avoid expensive operations on disabled entropy sources; make the
rnd_add calls do this directly so all callers benefit.
4) Fix bug in recent rnd_add_data()/rnd_add_uint32() changes that might
have lead to slight entropy overestimation for some sources.
5) Add new source types for environmental sensors, power sensors, VM
system events, and skew between clocks, with a sample implementation
for each.
ok releng to go in before the branch due to the difficulty of later
pullup (widespread #ifdef removal and moved files). Tested with release
builds on amd64 and evbarm and live testing on amd64.
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
wsmouse(4) can attach directly at arckbd(4) and I can dispose of the
ugly arcwsmouse(4) and arcwskbd(4) interpositions. Do that, and purge
them from the documentation as well.
- Split device_t out of softc.
- Use device_t and cfdata_t rather than explicit structure pointers.
- Use device_*() rather than accessing parts of device_t directly.
- Use aprint_*() rather than printf().
Also ANSIfy arcpppushbytes.
- Split struct device out of the softc.
- Use device_t and cfdata_t rather than explicit structure pointers.
- Use aprint_*() rather than printf().
- Use device_private() to convert device_t into softc.
- Use device_t and cfdata_t rather than explicit structure pointers.
- Use aprint_*() rather than printf().
- Pass "self" to config_found_ia rather than &sc->sc_dev.
Also an amount of KNF.
I haven't actually split the device structure off from the softc because
iociic_bootstrap_cookie() expects to allocate fake versions of both at once,
and I've not yet decided what it's best to do about that.
- Use device_t and cfdata_t rather than explicit structure pointers.
- Split device and (non-existent) softc for arcwskbd and arcwsmouse.
- Use aprint_*() rather than printf().
- Use device_*() to access fields of device_t.
- Use device_private() rather than a cast to convert from device_t to softc.
device/softc split not done for arckbd(4) itself because there are lots
of void* cookies that get treated as arckbd_softc at one end and device_t
at the other, and they'll need a little thought to clean up.
This branch was a major cleanup and rototill of many of the various OEA
cpu based PPC ports that focused on sharing as much code as possible
between the various ports to eliminate near-identical copies of files in
every tree. Additionally there is a new PIC system that unifies the
interface to interrupt code for all different OEA ppc arches. The work
for this branch was done by a variety of people, too long to list here.
TODO:
bebox still needs work to complete the transition to -renovation.
ofppc still needs a bunch of work, which I will be looking at.
ev64260 still needs to be renovated
amigappc was not attempted.
NOTES:
pmppc was removed as an arch, and moved to a evbppc target.
P_*/L_* naming convention, and rename the in-kernel flags to avoid
conflict. (P_ -> PK_, L_ -> LW_ ). Add back the (now unused) LSDEAD
constant.
Restores source compatibility with pre-newlock2 tools like ps or top.
Reviewed by Andrew Doran.
-Wcast-qual differently, by instead changing the signatore of those
"functions" to take a "volatile struct timeval*" instead of a
"struct timeval*". Many places, these functions are called with
&time, and time is declared as volatile in <sys/kernel.h>. This
way we can get rid of all the ugly casts which now also triggered
warnings, and caused more code to be added to work around the
problem.
Reviewed by thorpej.
interface controllers (of varying intelligence levels).
Contributed by Wasabi Systems, Inc. Primarily written by Steve Woodford,
with some modification by me.
(NOTE: "cvs add" was missed on this file during the initial checkin
of the new I2C code.)
interface controllers (of varying intelligence levels).
Contributed by Wasabi Systems, Inc. Primarily written by Steve Woodford,
with some modification by me.
kqueue provides a stateful and efficient event notification framework
currently supported events include socket, file, directory, fifo,
pipe, tty and device changes, and monitoring of processes and signals
kqueue is supported by all writable filesystems in NetBSD tree
(with exception of Coda) and all device drivers supporting poll(2)
based on work done by Jonathan Lemon for FreeBSD
initial NetBSD port done by Luke Mewburn and Jason Thorpe
dholland