And the associated ezload EZ-USB code, which is only used by uyap.
It could theoretically be used by other drivers, but none of them are
in tree.
I suspect that this device isn't in use, as phone technology has improved
a lot since 2001 when uyap(4) was added to the tree.
Proposed with no objections on netbsd-users on 13 April 2020
It is simpler if there is only one place we check the condition.
That said, there are cases where the caller needs to re-check before
choosing to fail (e.g., futex_wait in kern/sys_futex.c, which must
verify the condition before taking destructive steps to abort the
wait). But it's not clear that that's the norm.
Previously, a negative timeout was forbidden (kassert), a zero or
maybe even just a sufficiently small timeout would block forever, and
we would subtract the time elapsed -- possibly longer than the
timeout, leading to a negative updated timeout, which would trip the
kassert the next time around if used as advertised. DERP.
Now negative timeouts are still forbidden in order to detect usage
mistakes, but a zero timeout fails immediately and we clamp the
subtracted time to be at least zero so you can always safely call
cv_timedwaitbt in a loop.
(An alternative would be to fail immediately for all nonpositive
timeouts, and to leave in the timespec the negative time we overshot,
but it's not clear this would be useful.)
This way the first two paragraphs have parallel structure:
- _Applications_ should read from /dev/urandom or sysctl kern.arandom...
- _Systems_ should be engineered to read once from /dev/random...
Primary goals:
1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.
Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources. Hardware RNG devices should have hardware-specific
health tests. For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug. Not all hardware RNGs are
necessarily designed to produce exactly uniform output.
ENTROPY POOL
- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
kludge as the cryptographic primitive.
- `Entropy depletion' is available for testing purposes with a sysctl
knob kern.entropy.depletion; otherwise it is disabled, and once the
system reaches full entropy it is assumed to stay there as far as
modern cryptography is concerned.
- No `entropy estimation' based on sample values. Such `entropy
estimation' is a contradiction in terms, dishonest to users, and a
potential source of side channels. It is the responsibility of the
driver author to study the entropy of the process that generates
the samples.
- Per-CPU gathering pools avoid contention on a global queue.
- Entropy is occasionally consolidated into global pool -- as soon as
it's ready, if we've never reached full entropy, and with a rate
limit afterward. Operators can force consolidation now by running
sysctl -w kern.entropy.consolidate=1.
- rndsink(9) API has been replaced by an epoch counter which changes
whenever entropy is consolidated into the global pool.
. Usage: Cache entropy_epoch() when you seed. If entropy_epoch()
has changed when you're about to use whatever you seeded, reseed.
. Epoch is never zero, so initialize cache to 0 if you want to reseed
on first use.
. Epoch is -1 iff we have never reached full entropy -- in other
words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
but it is better if you check for changes rather than for -1, so
that if the system estimated its own entropy incorrectly, entropy
consolidation has the opportunity to prevent future compromise.
- Sysctls and event counters provide operator visibility into what's
happening:
. kern.entropy.needed - bits of entropy short of full entropy
. kern.entropy.pending - bits known to be pending in per-CPU pools,
can be consolidated with sysctl -w kern.entropy.consolidate=1
. kern.entropy.epoch - number of times consolidation has happened,
never 0, and -1 iff we have never reached full entropy
CPRNG_STRONG
- A cprng_strong instance is now a collection of per-CPU NIST
Hash_DRBGs. There are only two in the system: user_cprng for
/dev/urandom and sysctl kern.?random, and kern_cprng for kernel
users which may need to operate in interrupt context up to IPL_VM.
(Calling cprng_strong in interrupt context does not strike me as a
particularly good idea, so I added an event counter to see whether
anything actually does.)
- Event counters provide operator visibility into when reseeding
happens.
INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)
- Unwired for now; will be rewired in a subsequent commit.
Addresses PR misc/52607. (I suppose something about this could also be
added to the man pages for the mount commands for each applicable file
system, but I think this should suffice.)
and pool_prime() (and their pool_cache_* counterparts):
- the pool_set*wat() APIs are supposed to specify thresholds for the count of
free items in the pool before pool pages are automatically allocated or freed
during pool_get() / pool_put(), whereas pool_sethardlimit() and pool_prime()
are supposed to specify minimum and maximum numbers of total items
in the pool (both free and allocated). these were somewhat conflated
in the existing code, so separate them as they were intended.
- change pool_prime() to take an absolute number of items to preallocate
rather than an increment over whatever was done before, and wait for
any memory allocations to succeed. since pool_prime() can no longer fail
after this, change its return value to void and adjust all callers.
- pool_setlowat() is documented as not immediately attempting to allocate
any memory, but it was changed some time ago to immediately try to allocate
up to the lowat level, so just fix the manpage to describe the current
behaviour.
- add a pool_cache_prime() to complete the API set.
on the OpenBSD single-port XR21V1410 uxrcom driver, but adds support
for multi-port chipsets and uses the common umodem framework instead of
being a standalone driver.
Thanks to skrll@ for much USB clue and mrg@ for financing the
development of this driver.
again after wakeup. Previously it could panic because cv_signal() could
be called by cv_wait_sig() + others:
cv_broadcast(cv);
cv_destroy(cv);
- In support of the above, if an LWP doing a timed wait is awoken by
cv_broadcast() or cv_signal(), don't return an error if the timer
fires after the fact, i.e. either succeed or fail, not both.
- Remove LOCKDEBUG code for CVs which never worked properly and is of
questionable use.
/netbsd/modules respectively instead of /netbsd and
/stand/<arch>/<version>/modules. This is only supported for x86,
and is turned off by default. To try it, add KERNEL_DIR=yes in your
/mk.conf and install a system from that build.
libraries from other DSO's. For example in /usr/bin/passwd:
ld: krb5_passwd.o: undefined reference to symbol \
'UI_UTIL_read_pw_string@@OPENSSL_1_1_0'
ld: /usr/obj/amd64-x86_64/release/lib/libcrypto.so.14: error adding symbols: \
DSO missing from command line
- Modify the writing code to only write entries in the new
format for the terminal descriptions that require it.
- Store new format entries as <name>@v3
- Store old format entries with clamped values as <name> for
backwards compatibility
- Lookup first <name>@v3 and then <name> if that is not found.
- Don't create terminfo2 anymore; old programs keep working with
clamped entries, and new programs be able to use the wide
fields with using the original db file.
In the Finnish language, the recommended symbol for euro is the euro sign
where it is available, and the lowercase letter e otherwise.
The use of the ISO currency code EUR is not an abbreviation of the word
euro in the Finnish language, just like FIM is not an abbreviation of
the word markka.
Reference:
https://www.kielikello.fi/-/euro-
Euro
Kielikello 3/1998
Kotimaisten kielten keskus
Institute for the Languages of Finland
[Last retrieved 2020-03-23]
When a mono recording device is set to use 1 channel, the kernel will
correct the number of channels back down to 1. This information can be
obtained with AUDIO_GETINFO...
It doesn't work properly, but this turns out to not be a problem in most
code (code where it is generally uses threads)...
Don't provide misleading information about using it, or programmers
might start wondering why their code doesn't work.
Noted by Yorick Hardy on current-users
true, all mappings have been removed, the pmap is totally cleared out, and
UVM can then avoid doing the work to call pmap_remove() for each map entry.
If false, either nothing has been done, or some helpful arch-specific voodoo
has taken place.
On devices such as the Thinkpad X250, the clickpad can be pressed
to generate mouse button events 1 and 2. There are also additional
physical buttons which the pms(4) driver recognizes as "up/down" buttons
(mouse buttons 3 and 4). Allow these to be remapped to buttons 1 and 2
and used like normal touchpad buttons with the following sysctl:
# sysctl -w hw.synaptics.up_down_emulation=3
While here, adjust the existing "middle button emulation"
(hw.synaptics.up_down_emulation=1) so it works with single-button
clickpads.
XXX: 3 may be a more useful default than the current default,
depending on hardware availability of touchpads with "up/down buttons".
Update the documentation accordingly.
POSIX mandates implementations must support upto a short but may exceed it.
When NetBSD terminfo was implemented, no terminfo description used over
a short, but because ncurses has supported ints for some time, some now do.
Infact, such a terminfo description was imported where colour pairs for
screen-256color went up to 65536 which exposed a bug in the existing
implementation where it set to zero. Because the number might mean
something more than a range, we need to be able to store it accurately.
This requires a version bump because whilst the API hasn't changed thanks
to C int promotion, the ABI has. Also the underlying database structure
has changed as well - we now store the numeric paramter inside a uint32_t
field rather than a uint16_t one.
Whilst this change can still read the old style database, the old one
cannot read the new one and thus we now maintain the database as
terminfo2.cdb, leaving the old library and database alone so old programs
still work fine.
libcurses, libfrom, libmenu and libpanel have also been bumped to
accomoate this change.
TFTPROOT does *not* require MEMORY_DISK_IS_ROOT. In fact, it doesn't
work at all when MEMORY_DISK_IS_ROOT is set, because then setroot()
tries to perform dhcp on md0 instead of the network card.
These are currently listed in order of uid because I went through
src/etc/group and src/etc/master.passwd line by line, and sorting any
other way after the fact -- like lexicographically, how it should be
-- was kinda inconvenient.
Feel free to sort, add information, add historical references,
correct any mistakes, &c., so that these remain living documents
describing NetBSD's standard users and groups and practices around
them.
This behaviour is probably due to a past behaviour of clang, where it
always emitted frame pointer code.
This is no longer true for clang on netbsd, and I don't think it was true
for GCC.
Meanwhile, this flag bleeds into pkgsrc where it breaks random packages,
requiring workarounds like lang/ruby*-base/hacks.mk.
KLEAK was a nice feature and served its purpose; it allowed us to detect
dozens of info leaks on the kernel->userland boundary, and thanks to it we
tackled a good part of the infoleak problem 1.5 years ago.
Nowadays however, we have kMSan, which can detect uninitialized memory in
the kernel. kMSan supersedes KLEAK: it can detect what KLEAK was able to
detect, but in addition, (1) it operates in all of the kernel and not just
the kernel->userland boundary, (2) it requires no user interaction, and (3)
it is deterministic and not statistical.
That makes kMSan the feature of choice to detect info leaks nowadays;
people interested in detecting info leaks should boot a kMSan kernel and
just wait for the magic to happen.
KLEAK was a good ride, and a fun project, but now is time for it to go.
Discussed with several people, including Thomas Barabosch.
Associates a constructor and destructor with the percpu. Currently
the constructor runs immediately, but in principle we could use the
same API for future CPU hotplug support.
This lets you sleep for allocation or draining users before
deallocation when setting up or tearing down a percpu -- currently we
have many abuses of percpu_foreach in tree for that purpose.
Proposed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/01/30/msg026036.html
At this point it is highly unlikely this 1999 device still has users,
but it still comes up in the context of maxv's USB-fuzzing (and any device
could pretend to be a urio(4)), so it's best to get rid of it.
Renamed all major entries to obsolete, as was done in previous removals.
This still requires an update to sanitizers, but they're located in
"external", perhaps it should be first committed upstream?
Proposed on tech-kern a month ago.
If \*[title-section] is non-empty, use it to override the title
instead of appending it. Nothing in the tree uses title-section
currently, so it shouldn't affect any existing document.
This override will be used by the installation notes where the default
title is less than helpful.
Discussed on tech-kern:
https://mail-index.NetBSD.org/tech-kern/2020/01/13/msg025938.html
This was never (intentionally) enabled by default, and the design has
some shortcomings. You can get mostly the same results with ktrace,
as in usr.bin/make/filemon/filemon_ktrace.c which is now used instead
of filemon for make's meta mode.
If applications require higher performance than ktrace, or nesting
that ktrace doesn't support, we might consider adding something back
into the vfs system calls themselves, without hijacking the syscall
table. (Might want a more reliable output format too, e.g. one that
can handle newlines in file names.)
This is a driver for a "nonsense machine" made by the art group Maywa-Denki
in 2008. It was disabled by default.
Unfortunately even so it draws development attention (flaws found in the
code, MP-ification needs) and it is best not to continue to maintain this
driver.
Proposed without objections on tech-kern.
Add link0 (IFF_LINK0) flag to map INIT state to LINK_STATE_DOWN
instead of LINK_STATE_UNKNOWN. This allows routing software to
suppress routes to the interface of the carp interface when in
init state (e. g. link down in the parent interface).
