the original ad-audiomp branch notes:
Add MP locking to the audio drivers.
Making the audio drivers MP safe is necessary before efforts
can be made to make the VM system MP safe.
The are two locks per device instance, an ISR lock and
a character device lock. The ISR lock replaces calls to
splaudio()/splx(), and will be held across calls to device
methods which were called at splaudio() before (e.g.
trigger_output). The character device lock is held across
calls to nearly all of the methods, excluding some only
used for initialization, e.g. get_locks.
Welcome to 5.99.57.
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
'cast to pointer from integer of different size' warnings.
Unbreaks i386 ALL kernel.
Oh, I'm sure I mentioned this before:
THIS DRIVER SHOULD NOT BE DOING THIS!
as not to call it in some error paths.
Instead, if there is a watchdog present, deregister the NULL handler before
establishing the one for the watchdog.
While here, rename one of the bus_space_handle_ts
to be be descriptive of its function.
Fixes crash caused by uninitialized bus_space_tag_t
discovered by Paul Goyette.
bus_space_tag_create(9), and bus_space_tag_destroy(9). Use
bus_space_is_equal(9) throughout the kernel to compare
bus_space_tag_t's. Tested on i386 and on sparc64.
pcdisplay.c: #if 0 some code that compares two bus_space_tag_t's
in order to see if pcdisplay0 is console. It does not seem to
be helpful to compare the tags; maybe the author intended to
compare some other bus property?
MI code should not compare an opaque type such as bus_space_tag_t!
handler! Stops a crash on the HP Pavilion N3270.
Cosmetic: sc->ih is a pointer, so set to NULL instead of 0. Compare
with NULL instead of testing truth.
especially on RTL8019AS which is also used for non-ISA local bus of
embedded controllers and some m68k machines like atari and x68k.
* move RTL8019 probe and attach code from each bus attachment
to MI ne2000_detect() and ne2000_attach()
* change a method for backend and attachment to specify 8 bit mode
to use a new sc->sc_quirk member, instead of sc->sc_dmawidth
* handle more NE2000 8 bit mode specific settings, including
bus_space(9) access width and available size of buffer memory
* add a function to detect NE2000 8 bit mode
(disabled by default, but enalbed by options NE2000_DETECT_8BIT
to avoid possible regression on various ISA clones)
* fix ipkdb attachment accordingly (untested)
Tested on two NE2000 ISA variants (RTL8019AS and another clone named UL0001)
in both 8 bit and 16 bit mode on i386. "Looks good" from nonaka@.
See my post on tech-kern for details:
http://mail-index.NetBSD.org/tech-kern/2010/02/26/msg007423.html
and non-const types, and the kernel uses both const and non-const
PMF qualifiers and device suspensors, so change the pmf_qual_t and
device_suspensor_t typedefs from "pointers to const" to non-pointer,
non-const types.
#if NBPFILTER is no longer required in the client. This change
doesn't yet add support for loading bpf as a module, since drivers
can register before bpf is attached. However, callers of bpf can
now be modularized.
Dynamically loadable bpf could probably be done fairly easily with
coordination from the stub driver and the real driver by registering
attachments in the stub before the real driver is loaded and doing
a handoff. ... and I'm not going to ponder the depths of unload
here.
Tested with i386/MONOLITHIC, modified MONOLITHIC without bpf and rump.
bus:
1 Add isadetach() for detaching the ISA bus, and add some helper
routines that release resources held for ISA DMA.
2 In isachilddetached(), forget references to child devices.
While I am here, change ISA_DMA_DRQ_ISFREE(...) == 0 to the simpler
expression, !ISA_DMA_DRQ_ISFREE(...).
partutil.c::getdiskinfo to use it to get disk geometry info.
Use DIOCGWEDGEINFO ioctl to get information about partition size, if disk
driver doesn't support it use old DIOCGDINFO. This patch adds support for
wedge like devices(lvm logical volumes, ZFS zvol partitions) to newfs and
other tools.
No objections on tech-userlevel@.
corresponding attimer(4) resource is not perpetually busy: now it
is possible to detach and to reattach pcppi(4). Make attimer(4)'s
device-detachment hook return EBUSY if pcppi(4) is still attached, so
that pcppi(4) cannot end up with a dangling pointer to attimer(4).
Call the detach routine for every device in the device tree, starting
with the leaves and moving toward the root, expecting that each
(pseudo-)device driver will use the opportunity to gracefully commit
outstandings transactions to the underlying (pseudo-)device and to
relinquish control of the hardware to the system BIOS.
Detaching devices is not suitable for every shutdown: in an emergency,
or if the system state is inconsistent, we should resort to a fast,
simple shutdown that uses only the pmf(9) shutdown hooks and the
(deprecated) shutdownhooks. For now, if the flag RB_NOSYNC is set in
boothowto, opt for the fast, simple shutdown.
Add a device flag, DVF_DETACH_SHUTDOWN, that indicates by its presence
that it is safe to detach a device during shutdown. Introduce macros
CFATTACH_DECL3() and CFATTACH_DECL3_NEW() for creating autoconf
attachments with default device flags. Add DVF_DETACH_SHUTDOWN
to configuration attachments for atabus(4), atw(4) at cardbus(4),
cardbus(4), cardslot(4), com(4) at isa(4), elanpar(4), elanpex(4),
elansc(4), gpio(4), npx(4) at isa(4), nsphyter(4), pci(4), pcib(4),
pcmcia(4), ppb(4), sip(4), wd(4), and wdc(4) at isa(4).
Add a device-detachment "reason" flag, DETACH_SHUTDOWN, that tells the
autoconf code and a device driver that the reason for detachment is
system shutdown.
Add a sysctl, kern.detachall, that tells the system to try to detach
every device at shutdown, regardless of any device's DVF_DETACH_SHUTDOWN
flag. The default for kern.detachall is 0. SET IT TO 1, PLEASE, TO
HELP TEST AND DEBUG DEVICE DETACHMENT AT SHUTDOWN.
This is a work in progress. In future work, I aim to treat
pseudo-devices more thoroughly, and to gracefully tear down a stack of
(pseudo-)disk drivers and filesystems, including cgd(4), vnd(4), and
raid(4) instances at shutdown.
Also commit some changes that are not easily untangled from the rest:
(1) begin to simplify device_t locking: rename struct pmf_private to
device_lock, and incorporate device_lock into struct device.
(2) #include <sys/device.h> in sys/pmf.h in order to get some
definitions that it needs. Stop unnecessarily #including <sys/device.h>
in sys/arch/x86/include/pic.h to keep the amd64, xen, and i386 releases
building.
There are still about 1600 left, but they have ',' or /* ... */
in the actual variable definitions - which my awk script doesn't handle.
There are also many that need () -> (void).
(The script does handle misordered arguments.)
jmcneill