OpenBSD src changes summary for 2016-10-02 to 2016-10-09 inclusive ==================================================================
Makefile bin/csh bin/ksh distrib/miniroot distrib/notes distrib/sets distrib/sgi etc/Makefile etc/changelist etc/examples/vm.conf etc/group etc/mail/aliases etc/master.passwd etc/mtree/4.4BSD.dist etc/rc etc/rc.conf etc/rc.d/switchd gnu/lib/libstdc++-v3 gnu/usr.bin/binutils-2.17 gnu/usr.bin/texinfo lib/csu lib/libc lib/libcrypto lib/libkvm lib/libssl lib/libtls regress/misc regress/sys regress/usr.bin regress/usr.sbin sbin/dhclient sbin/disklabel sbin/dmesg sbin/dump sbin/ifconfig sbin/init sbin/kbd sbin/mknod sbin/mount sbin/mount_ffs sbin/mount_msdos sbin/sysctl share/man share/misc share/mk sys/arch/alpha/alpha sys/arch/amd64/amd64 sys/arch/amd64/include sys/arch/arm/arm sys/arch/arm/armv7 sys/arch/arm/include sys/arch/arm/simplebus sys/arch/armv7/armv7 sys/arch/armv7/conf sys/arch/armv7/dev sys/arch/armv7/imx sys/arch/armv7/marvell sys/arch/armv7/omap sys/arch/armv7/stand/efiboot sys/arch/armv7/sunxi sys/arch/armv7/vexpress sys/arch/hppa/hppa sys/arch/i386/i386 sys/arch/landisk/landisk sys/arch/loongson/dev sys/arch/loongson/loongson sys/arch/loongson/stand/boot sys/arch/luna88k/luna88k sys/arch/m88k/m88k sys/arch/macppc/dev sys/arch/macppc/macppc sys/arch/mips64/include sys/arch/mips64/mips64 sys/arch/octeon/octeon sys/arch/octeon/stand/boot sys/arch/sgi/sgi sys/arch/sgi/stand sys/arch/sgi/stand/boot sys/arch/sh/sh sys/arch/socppc/socppc sys/arch/socppc/stand/boot sys/arch/sparc64/fpu sys/arch/sparc64/sparc64 sys/dev sys/dev/acpi sys/dev/ic sys/dev/pci sys/dev/pv sys/dev/usb sys/dev/wsfont sys/kern sys/msdosfs sys/net sys/net80211 sys/netinet sys/netinet6 sys/sys sys/ufs/ufs sys/uvm usr.bin/doas usr.bin/fstat usr.bin/gprof usr.bin/kdump usr.bin/make usr.bin/mandoc usr.bin/mg usr.bin/openssl usr.bin/signify usr.bin/ssh usr.bin/tmux usr.sbin usr.sbin/acme-client usr.sbin/bgpd usr.sbin/dhcpd usr.sbin/httpd usr.sbin/nsd usr.sbin/ntpd usr.sbin/pkg_add usr.sbin/rebound usr.sbin/relayd usr.sbin/smtpd usr.sbin/snmpd usr.sbin/switchd usr.sbin/syslogd usr.sbin/tcpdump usr.sbin/unbound usr.sbin/vmctl usr.sbin/vmd == Makefile ========================================================== 01/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/Makefile Makefile > stop supporting SUDO builds. Something better is coming, so let's > align everyone who is using SUDO builds towards the new strategy. > ok natano (deraadt@) > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) > Simplify the 'make includes' step in 'make build': move the privdrop > bit up into 'make includes', so the latter benefits from that idiom > as well. Sprinkle a few 'exec' while there. > ok natano (tb@) > Print the root check error message to stderr. While there add the name > of the target to the message to be more descriptive. > ok deraadt tb (natano@) == bin =============================================================== 02/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/bin csh ~ csh.1 > suppose we should fix csh while we're at it. (tedu@) ksh ~ ksh.1 > note that ulimit -m is not enforced, spotted by jmc (tedu@) == distrib =========================================================== 03/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/distrib miniroot ~ install.sub > Re-enable fetching sets from local sources (disk, cdrom, nfs) as root. > It's the users responsibility to ensure the integrity of these files! > Problem found by Laurence Tratt who placed the sets in his home dir > where the unprivileged users now used by the installer weren't able > to read them from. > discussed with deraadt@ > OK krw@ (rpe@) notes ~ sgi/install > Remove an outdated remark about the 'a' partition. The sgi bootblocks > now locate the partition by using the disklabel. > ok jsing@ (visa@) sets ~ lists/base/mi > sync (deraadt@) ~ lists/man/mi > sync (deraadt@) ~ lists/base/mi > remove signify.pm and x509.pm (tb@) ~ lists/base/mi ~ lists/man/mi > sync (deraadt@) ~ lists/man/mi > sync (deraadt@) sgi ~ ramdisk/install.md > Remove an outdated remark about the 'a' partition. The sgi bootblocks > now locate the partition by using the disklabel. > ok jsing@ (visa@) == etc =============================================================== 04/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/etc Makefile ~ Makefile > stop supporting SUDO builds. Something better is coming, so let's > align everyone who is using SUDO builds towards the new strategy. > ok natano (deraadt@) ~ Makefile > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) ~ Makefile > conditionally create obj & xobj same way that src is handled > ok natano (deraadt@) ~ Makefile > Build kernels as root for now. Otherwise we run into permission issues > when the source tree is not owned by ${BUILDUSER}. > ok deraadt (natano@) ~ Makefile > Print the root check error message to stderr. While there add the name > of the target to the message to be more descriptive. > ok deraadt tb (natano@) ~ Makefile > Add switchd > OK deraadt@ (reyk@) ~ Makefile > Check that DESTDIR is on a noperm filesystem that's properly locked > down and enforce reasonable permissions for RELEASEDIR. > prodded by and ok deraadt > ok tb (natano@) ~ Makefile > Remove check for RELEASEDIR permissions, there are usecases where other > filesystem permissions are required. > requested by deraadt (natano@) changelist ~ changelist > Add switchd > OK deraadt@ (reyk@) examples/vm.conf ~ examples/vm.conf > Add support for enhanced networking configuration and virtual switches. > See vm.conf(5) for more details. > OK mlarkin@ (reyk@) ~ examples/vm.conf > Change switch "wireless" to another example - bridging from VM to > wireless in station mode is not supported. (reyk@) group ~ group > Add _switchd (reyk@) ~ group > use better uid/gid for _switchd (deraadt@) mail/aliases ~ mail/aliases > Add switchd > OK deraadt@ (reyk@) master.passwd ~ master.passwd > Add switchd > OK deraadt@ (reyk@) ~ master.passwd > use better uid/gid for _switchd (deraadt@) mtree/4.4BSD.dist ~ mtree/4.4BSD.dist > conditionally create obj & xobj same way that src is handled > ok natano (deraadt@) rc ~ rc > Move vmd down as VMs might need the host's dhcpd, httpd etc. on startup. > OK mlarkin@ deraadt@ (reyk@) ~ rc > Add switchd > OK deraadt@ (reyk@) ~ rc > first set -max limit, then -cur, otherwise if -cur si higher than the > current > max, it won't be set. noted by Evgeny Grin; ok millert@ (otto@) rc.conf ~ rc.conf > Add switchd > OK deraadt@ (reyk@) rc.d/switchd + rc.d/switchd > Add switchd > OK deraadt@ (reyk@) == gnu =============================================================== 05/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/gnu lib/libstdc++-v3 ~ Makefile > Fix ownership for install on a noperm filesystem. > joint work with tb (natano@) usr.bin/binutils-2.17 ~ Makefile.bsd-wrapper > Fix ownership for install on a noperm filesystem. > joint work with tb (natano@) usr.bin/texinfo ~ Makefile.bsd-wrapper > Fix ownership for install on a noperm filesystem. > joint work with tb (natano@) == lib =============================================================== 06/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/lib csu ~ arm/md_init.h > Simplify code that sets up a stack frame for running .init code to be more > AEABI-like. > ok tom@, jsg@ (kettenis@) libc ~ arch/arm/sys/cerror.S > Use the userspace-visible thread register directly in __cerror instead > of indirecting through __errno(). > Register naming tweaks and clang testing by patrick@ and jsg@ > ok kettenis@ (guenther@) ~ stdlib/malloc.c > Beter implementation of chunk canaries: store size in chunk meta data > instead of chunk itself; does not change actual allocated size; ok tedu@ > (otto@) ~ stdlib/malloc.c > stray tab (otto@) ~ stdlib/malloc.3 > document "chunk canary corrupted" error (otto@) ~ stdlib/malloc.3 > grammar fix previous; (jmc@) ~ sys/getrlimit.2 > rss limit is no longer enforced. noticed by Raimo Niskanen (tedu@) ~ gen/sysctl.3 > introduce a sysctl to hijack dns sockets. when set to a port number, > all dns socket connections will be redirected to localhost:port. > this could be a sockopt on the listening socket, but sysctl is > an easier interface to work with right now. > ok deraadt (tedu@) ~ gen/sysctl.3 > sort; (jmc@) ~ stdlib/malloc.3 > make clear the length printed is the requested length (otto@) libcrypto ~ x509/x509_vfy.c > In X509_cmp_time(), pass asn1_time_parse() the tag of the field being > parsed so that a malformed GeneralizedTime field is recognized as an error > instead of potentially being interpreted as if it was a valid UTCTime. > Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) > ok beck@ tedu@ jsing@ (guenther@) ~ man/crypto.3 > Fix some broken .Xr links, loosely based on a diff > from Rob Pierce <rob at 2keys dot ca>. > The content of this page may also need expert attention, i suspect > it may be lacking modern algorithms and over-emphasizing obsolete > ones, but i dare not touch the content. (schwarze@) libkvm ~ shlib_version ~ kvm_cd9660.c ~ kvm_file2.c ~ kvm_ntfs.c ~ kvm_udf.c > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) libssl ~ t1_lib.c > Detect zero-length encrypted session data early, instead of when malloc(0) > fails or the HMAC check fails. > Noted independently by jsing@ and Kurt Cancemi (kurt (at) > x64architecture.com) > ok bcook@ (guenther@) ~ t1_lib.c > Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() > based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 > ok bcook@ (guenther@) ~ src/crypto/opensslv.h TAGGED OPENBSD_6_0 > bump to 2.4.4 (bcook@) ~ src/crypto/opensslv.h TAGGED OPENBSD_5_9 > bump to 2.3.9 (bcook@) ~ src/crypto/x509/x509_vfy.c TAGGED OPENBSD_6_0 > In X509_cmp_time(), pass asn1_time_parse() the tag of the field being > parsed so that a malformed GeneralizedTime field is recognized as an error > instead of potentially being interpreted as if it was a valid UTCTime. > Reported by Theofilos Petsios (theofilos (at) cs.columbia.edu) > ok beck@ tedu@ jsing@ (bcook@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_6_0 > Improve ticket validity checking when tlsext_ticket_key_cb() callback > chooses a different HMAC algorithm. > Avert memory leaks if the callback preps the HMAC in some way. > Based on openssl commit 1bbe48ab149893a78bf99c8eb8895c928900a16f > but retaining a pre-callback length check to guarantee the callback > is provided the buffer that the API claims. > ok bcook@ jsing@ > original commit by guenther@ (bcook@) ~ src/ssl/s3_srvr.c TAGGED OPENBSD_6_0 > Check for packet with truncated DTLS cookie. > Flip pointer comparison logic to avoid beyond-end-of-buffer pointers > to make it less likely a compiler will decide to screw you. > Based on parts of openssl commits > 6f35f6deb5ca7daebe289f86477e061ce3ee5f46 and > 89c2720298f875ac80777da2da88a64859775898 > ok jsing@ > original commit by @guenther (bcook@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_6_0 > Detect zero-length encrypted session data early, instead of when malloc(0) > fails or the HMAC check fails. > Noted independently by jsing@ and Kurt Cancemi (kurt (at) > x64architecture.com) > ok bcook@ > original patch by guenther@ (bcook@) ~ src/ssl/t1_lib.c TAGGED OPENBSD_6_0 > Check for and handle failure of HMAC_{Update,Final} or EVP_DecryptUpdate() > based on openssl commit a5184a6c89ff954261e73d1e8691ab73b9b4b2d4 > ok bcook@ > original patch by guenther@ (bcook@) libtls ~ tls_util.c > use the same type for buf as the return type in tls_load_file > ok tedu@, noted by kinichiro (bcook@) == regress =========================================================== 07/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/regress misc - utf8/t1.exp - utf8/t1.sh - utf8/t2.exp - utf8/t2.sh - utf8/wc.exp - utf8/wc.sh > Remove simple UTF-8 tests. Ingo has written propper tests for > cut(1) and wc(1). Tests for tr(1) will come when it is UTF-8 ready. > OK schwarze@ (bluhm@) sys ~ kern/setuid/Makefile > The setuid tests needs an obj directory that allows to run programs > with set user id. Skip the test if the current filesystem has set > the nosuid mount option. > OK otto@ (bluhm@) ~ kern/Makefile ~ kern/setuid/Makefile > Link the setuid regress test to the build in a way that the obj > directory gets created. But do not run the test during a global > make regress, as the test puts a setuid binary into the object > directory. Also remove the setuid bit after the test has been run > manually. > OK otto@ (bluhm@) ~ net/Makefile + net/etherip/Makefile + net/etherip/etherip_1.sh + net/etherip/etherip_subr + net/vxlan/Makefile + net/vxlan/vxlan_1.sh + net/vxlan/vxlan_subr > Add simple regress test for vxlan(4) and etherip(4). > ok bluhm (yasuoka@) usr.bin ~ ssh/Makefile > Move USER out of the way to unbreak the BUILDUSER mechanism. > ok tb (natano@) ~ Makefile > enable colrm and column, which i apparently forgot (schwarze@) + wc/Makefile + wc/wc.sh > minimal UTF-8 tests for wc(1) (schwarze@) + cut/Makefile + cut/cut.sh > test multibyte behaviour of cut(1) (schwarze@) ~ Makefile > enable tests for cut(1) and wc(1) (schwarze@) usr.sbin + syslogd/args-zulu.pl > Add test for syslogd(8) -Z ISO timestamp format. (bluhm@) ~ switchd/args-packet-jumbo.pm > Bump the sizes of generated jumbo frames up to the max. (reyk@) ~ syslogd/args-zulu.pl > Add millisecond precision to expected timestamp. (bluhm@) ~ syslogd/args-privsep.pl ~ syslogd/args-sighup-config.pl ~ syslogd/args-sighup-privsep.pl ~ syslogd/args-sighup-tcp.pl ~ syslogd/args-sighup-tls.pl ~ syslogd/args-sighup.pl ~ syslogd/args-sigpipe.pl ~ syslogd/args-sigterm.pl > Check that syslogd priv process does exec on itself. (bluhm@) == sbin ============================================================== 08/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sbin dhclient ~ clparse.c ~ dhclient.c ~ dispatch.c ~ options.c > Add support for RFC 6842, which says the client MUST drop packets when > the server provides a client-identifier value and it doesn't match > the value the client sent. > So stop suppressing client-identifer info in the leases file and when > reading the leases file stop discarding leases that don't have current > client-identifier info. Don't use them, but keep them around in case > the client-identifier info changes back next time. > Also construct the default client-identifier (if needed) before reading > the leases file. (krw@) disklabel ~ editor.c > init auto-partition table to zeroes; ok tb@ (otto@) dmesg ~ dmesg.8 > fix HISTORY; > patch from Sevan Janiyan <venture37 at geeklan dot co dot uk>; > verified using Kusick's UCB CSRG archive CDs (schwarze@) dump ~ dump.8 > fix HISTORY; > patches from Sevan Janiyan <venture37 at geeklan dot co dot uk>; > verified using minnie.tuhs.org/cgi-bin/utree.pl (schwarze@) ifconfig ~ ifconfig.8 > typo (naddy@) init ~ init.8 > fix HISTORY; > patches from Sevan Janiyan <venture37 at geeklan dot co dot uk>; > verified using minnie.tuhs.org/cgi-bin/utree.pl (schwarze@) kbd ~ kbd_wscons.c > Those while loops look better written as for loops > ok kettenis@ (jca@) mknod ~ mknod.8 > fix HISTORY; > patches from Sevan Janiyan <venture37 at geeklan dot co dot uk>; > verified using minnie.tuhs.org/cgi-bin/utree.pl (schwarze@) mount ~ mount.8 > Improve description of the noperm option. > ok jmc (on an earlier version of the diff), tb (who found a typo) and > deraadt (natano@) ~ mount.8 > fix HISTORY; > patches from Sevan Janiyan <venture37 at geeklan dot co dot uk>; > verified using minnie.tuhs.org/cgi-bin/utree.pl (schwarze@) ~ mount.8 > On noperm mount points honor the permissions of the root directory, so > access can be locked down. > ok deraadt tb (natano@) mount_ffs ~ mount_ffs.8 > fix HISTORY: > NetBSD 1.0A was not a release, but it was > what would be called NetBSD 1.0-current in OpenBSD terminology, > see http://cvsweb.netbsd.org/bsdweb.cgi/src/sys/conf/newvers.sh#rev1.17 > patch from Sevan Janiyan <venture37 at geeklan dot co dot uk> (schwarze@) mount_msdos ~ mount_msdos.8 > add missing AUTHORS; OK sobrado@, also checked by Sevan Janiyan (schwarze@) sysctl ~ sysctl.c > fix heap overflow by rewriting loop; detected by new malloc canaries > ok krw@ beck@ (otto@) == share ============================================================= 09/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/share man ~ man4/man4.armv7/Makefile + man4/man4.armv7/ompinmux.4 > Add a manual page for ompinmux. (jsg@) ~ man8/release.8 > Overhaul the release(8) manual: the current version prompted some users > to leave their boxes wide open with ... unfortunate doas.conf(5) rules. > Only give the essential commands for -release and -stable. Remove all > mentions of doas(1). Tighten up the style: avoid repetitions and the > second person. > requested by & ok deraadt, tweaks & ok tj (tb@) ~ man4/hvn.4 > Add a few tips on setting up hvn(4) interfaces (mikeb@) ~ man4/hvn.4 > tweak previous; (jmc@) ~ man5/mk.conf.5 > document BUILDUSER; ok tb (jmc@) - man4/man4.armv7/imx.4 ~ man4/man4.armv7/Makefile > imx(4) is no more. (kettenis@) ~ man4/man4.armv7/imxtemp.4 ~ man4/man4.armv7/intro.4 > no more imx.4; (jmc@) ~ man4/man4.armv7/sysreg.4 > Dynamically attach sysreg(4) using the FDT. (jsg@) ~ man5/mk.conf.5 > downgrade the description of SUDO somewhat; ok tb (jmc@) ~ man4/man4.armv7/plrtc.4 ~ man4/man4.armv7/pluart.4 > Remove Xrs to vexpress(4) for drivers that no longer attach to it. (jsg@) ~ man4/man4.armv7/sxipio.4 > sxipio now attaches with fdt (jsg@) - man4/man4.armv7/vexpress.4 ~ man4/man4.armv7/Makefile > Remove the vexpress platform abstraction and board id. All the devices > that attached to vexpress have been converted to fdt so this is no > longer required. (jsg@) ~ man4/man4.armv7/Makefile + man4/man4.armv7/psci.4 > add a manual page for psci (jsg@) misc ~ airport > Specify update rules, and add my home airport to the list > OK deraadt@ (fcambus@) mk ~ bsd.own.mk > De-escalate to an unprivileged users during 'make build' and 'make > release'. > - If you start make build as root, everything will be run as root. > Nothing new here. New is, that you can set BUILDUSER=somebody and the > unprived parts will be run as somebody. > - If you start make build with sudo, the unprived parts will be run as > the real user (meaning YOU). You can still set BUILDUSER=somebody and > the uprived parts will run as somebody. > - If you start make build as a normal user it will error out. "I'm sorry > Dave." > Note that DESTDIR must be on partition with the noperm flag set for make > release to work correctly as an unprivileged user. > idea and ok deraadt > input and ok tb ratchov millert > rpe, halex and probably others where part of the conversation to make > this happen, thanks! (natano@) ~ bsd.obj.mk > Use BUILDUSER as the owner of new links/directories created in 'make obj' > when started as root. > diff by millert with tweaks by me > ok tb deraadt (natano@) ~ bsd.subdir.mk > Do not let "make all" run the tests in the subdirectories twice > if a Makefile using <bsd.regress.mk> defines both SUBDIR and > REGRESS_TARGETS. > This helps for example src/regress/usr.bin/ssh/. > Same for "make cleandir", don't run "make clean" twice in SUBDIR. > OK bluhm@, and no opposition when shown on tech@. (schwarze@) == sys =============================================================== 10/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/alpha/alpha ~ vm_machdep.c > The new thread's userspace v0, a3, and a4 registers are updated in > child_return() like on other archs, so cpu_fork() doesn't need to > touch them. > ok kettenis@ deraadt@ (guenther@) ~ interrupt.c ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/amd64/amd64 ~ vmm.c > disable PAT and MTRR in guest VMs (mlarkin@) ~ vmm.c > Add a missing flush; this appears to fix the broadwell/skylake "failed to > launch with valid vmcs" issue some people have been seeing when launching > vmm(4) VMs. > tested by reyk@ (mlarkin@) ~ vmm.c > add a debug function that was useful in finding the previous > broadwell/skylake bug. (mlarkin@) ~ vmm.c > turn off vmm(4) debug mode (mlarkin@) ~ vmm.c > Update the list of vmm ioctls that are allowed by pledge. > OK mlarkin@ stefan@ (reyk@) ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/amd64/include ~ vmmvar.h > disable PAT and MTRR in guest VMs (mlarkin@) ~ specialreg.h ~ vmmvar.h > add a debug function that was useful in finding the previous > broadwell/skylake bug. (mlarkin@) arch/arm/arm ~ fault.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/arm/armv7 ~ armv7_space.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/arm/include ~ tcb.h > The userspace TCB_GET() shouldn't take an argument > ok deraadt@ tom@ patrick@ (guenther@) ~ bus.h > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/arm/simplebus ~ simplebus.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) arch/armv7/armv7 ~ armv7_machdep.c ~ armv7_machdep.h ~ platform.c > Introduce a global function pointer to reset the CPU akin to amd64 and > i386. As newer ARMs where we use device tree from the get go don't > necessarily have a 'platform', this will allow drivers to hook > themselves as a way to reset the CPU. > ok jsg@ kettenis@ tom@ (patrick@) ~ armv7_machdep.c > Some device trees use 64-bit intermediate virtual addresses. This > means that even though the hardware in the end never leaves the 32-bit > address space, some addresses used solely in the device tree can be > bigger than 32-bit. As bus_space_map(9) takes addresses of size > bus_addr_t, which is 32-bit on ARMv7, we cannot pass those virtual > addresses to the parent bus, even though it will be mapped back into a > 32-bit address in the end. To work around this, make bus_space_map(9) > take a 64-bit address. Since this is implemented as a macro and > function pointer we can safely do that without harming any other > architecture. > ok kettenis@ deraadt@ (patrick@) ~ armv7var.h ~ platform.c > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) ~ armv7_machdep.c > Simplify handling of cold reboot on armv7 to match other platforms > Suggested by and ok both patrick@ and kettenis@ (tom@) ~ armv7_machdep.c ~ armv7_machdep.h ~ platform.c > Add a power down function pointer so power down can work without the > platform abstraction. > ok tom@ kettenis@ (jsg@) ~ armv7var.h ~ platform.c > Remove the vexpress platform abstraction and board id. All the devices > that attached to vexpress have been converted to fdt so this is no > longer required. (jsg@) ~ armv7_start.S > Change raw dsb and smc opcodes to instructions. The dsb encoding did > not set an option where as having just a 'dsb' instruction results in > the 'sy'/full system option being set. > Unknown/reserved options are supposed to result in a full system dsb > but the ARM ARM specifically calls this out as something software > should not rely on. > ok patrick@ (jsg@) ~ armv7_start.S > Add psci(4) a driver for the reset and power down portion of the > ARM Power State Coordination Interface (PSCI) specification. > Tested with qemu-system-arm -M virt. > Feedback from patrick@, ok kettenis@ tom@ (jsg@) arch/armv7/conf ~ GENERIC ~ RAMDISK > Disable sitaracm and add a new ompinmux driver for omap pin muxing/pad > configuration that attaches with the fdt and writes values to registers > based on the pinctrl data in the fdt. Handles 16 bit values > (OMAP3/OMAP4) and 32 bit values (AM335x/AM57xx). > Feedback from and ok kettenis@ tom@ on an earlier version. (jsg@) ~ GENERIC ~ RAMDISK > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) ~ GENERIC ~ RAMDISK ~ files.armv7 > Add a driver for the Marvell Armada 380 core clock. This driver > provides information about the four big clocks that are part of > this SoC. Attach it early as the serial console needs it and the > core clock is after the console in the device tree. > ok kettenis@ (patrick@) ~ GENERIC ~ RAMDISK > Support the Marvell Armada's System Controller to be able to reset > the machine. > ok kettenis@ > ok tom@ on previous version (patrick@) ~ GENERIC ~ RAMDISK > Implement a driver for Marvell Armada's clock gates. This basically > turns on a peripheral's power and functionality. > ok kettenis@ (patrick@) ~ GENERIC ~ RAMDISK > Dynamically attach sysreg(4) using the FDT. (jsg@) ~ GENERIC ~ RAMDISK > Attach sxipio(4) using the fdt. > ok jsg@, patrick@ (kettenis@) ~ GENERIC ~ RAMDISK > Remove the vexpress platform abstraction and board id. All the devices > that attached to vexpress have been converted to fdt so this is no > longer required. (jsg@) ~ GENERIC ~ RAMDISK > Attach sxiccmu(4) using the fdt. > ok jsg@ (kettenis@) ~ GENERIC ~ RAMDISK ~ files.armv7 > Add psci(4) a driver for the reset and power down portion of the > ARM Power State Coordination Interface (PSCI) specification. > Tested with qemu-system-arm -M virt. > Feedback from patrick@, ok kettenis@ tom@ (jsg@) arch/armv7/dev + psci.c > Add psci(4) a driver for the reset and power down portion of the > ARM Power State Coordination Interface (PSCI) specification. > Tested with qemu-system-arm -M virt. > Feedback from patrick@, ok kettenis@ tom@ (jsg@) arch/armv7/imx ~ imxehci.c > Save and restore the (non-standard) USBMODE register around a reset of the > controller. This register controls whether the controller is in device or > host mode on many dual role controllers and gets reset during a reset of > the controller, placing the controller in (non-functional) idle mode. By > saving and restoring it, we keep the controller in host mode. Since this > is > a non-standard register, add a new EHCIF_USBMODE flag and only do the save > and > restore if it has been set. > Makes the upper "OTG" port of the Cubox-i work. > ok mpi@, jsg@ (kettenis@) - imx.c - imx6.c - imx_machdep.c ~ files.imx ~ imxdog.c > Make imxdog(4) set cpuresetfn, and remove all the imx platform that is no > longer needed, including the imx board IDs. > ok patrick@, jsg@ (kettenis@) arch/armv7/marvell + files.marvell + mvacc.c > Add a driver for the Marvell Armada 380 core clock. This driver > provides information about the four big clocks that are part of > this SoC. Attach it early as the serial console needs it and the > core clock is after the console in the device tree. > ok kettenis@ (patrick@) ~ mvacc.c > Don't forget to add the CVS Id tag. (patrick@) ~ files.marvell + mvsysctrl.c > Support the Marvell Armada's System Controller to be able to reset > the machine. > ok kettenis@ > ok tom@ on previous version (patrick@) ~ files.marvell + mvagc.c > Implement a driver for Marvell Armada's clock gates. This basically > turns on a peripheral's power and functionality. > ok kettenis@ (patrick@) arch/armv7/omap ~ if_cpsw.c > Set IFCAP_VLAN_MTU capability in cpsw(4). Avoids > "ifconfig: SIOCSETVLAN: No buffer space available" when creating vlan > interfaces without first lowering the mtu. Reported by Steven Chamberlain, > diagnosed by mikeb@, patch from Brad. ok bmercer@ (jsg@) ~ files.omap ~ omap.c + ompinmux.c > Disable sitaracm and add a new ompinmux driver for omap pin muxing/pad > configuration that attaches with the fdt and writes values to registers > based on the pinctrl data in the fdt. Handles 16 bit values > (OMAP3/OMAP4) and 32 bit values (AM335x/AM57xx). > Feedback from and ok kettenis@ tom@ on an earlier version. (jsg@) ~ ommmc.c > Only set the highspeed bit in bus_clock if highspeed is supported > by the controller. Needed as the bus_clock callback is called with > SDMMC_TIMING_HIGHSPEED even if the controller capability is not set. > Required to raise the bus width on pandaboard which doesn't have the > highspeed capability. > As anything other than 1 bit mode results in the emmc on the bbb > timing out waiting for command completion, limit higher bus > modes to the first hsmmc controller. This at least lets 4 bit > modes work with sd cards on bbb and pandaboard. (jsg@) ~ omapid.c > Use the fdt root node instead of board ids to gate omap4 specific code. > (jsg@) arch/armv7/stand/efiboot ~ conf.c ~ efiboot.c ~ exec.c > Remove board IDs for the i.MX platform. The kernel doesn't need them > anymore. > Make sure we pass 0 as the board ID instead of random garbage if we don't > find a matching compatible string. > ok jsg@ (kettenis@) arch/armv7/sunxi ~ sxiccmu.c > Fixup comment by removing a word. > "free commit" kettenis@ (patrick@) ~ files.sunxi ~ sun4i.c ~ sun7i.c ~ sunxi.c ~ sxipio.c > Attach sxipio(4) using the fdt. > ok jsg@, patrick@ (kettenis@) ~ sunxi_machdep.c ~ sxidog.c > Make sxidog(4) set cpuresetfn, and cut some dead wood from the platform > code. (kettenis@) ~ files.sunxi ~ sun4i.c ~ sun7i.c ~ sunxi.c ~ sxiccmu.c > Attach sxiccmu(4) using the fdt. > ok jsg@ (kettenis@) arch/armv7/vexpress ~ files.vexpress ~ sysreg.c ~ vexpress.c > Dynamically attach sysreg(4) using the FDT. (jsg@) - vexpress.c - vexpress_a15.c - vexpress_a9.c - vexpress_machdep.c ~ files.vexpress ~ sysreg.c > Remove the vexpress platform abstraction and board id. All the devices > that attached to vexpress have been converted to fdt so this is no > longer required. (jsg@) arch/hppa/hppa ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/i386/i386 ~ apm.c ~ trap.c ~ vm86.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/landisk/landisk ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/loongson/dev + radeonfb.c > Add an initial framebuffer driver for the RS780E chipset on loongson, > ported from sparc64. For now, it works without hardware acceleration, > but otherwise it is usable enough as a console and with X. > Diff from Miod's hoard (visa@) ~ apm.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/loongson/loongson ~ wscons_machdep.c > Add an initial framebuffer driver for the RS780E chipset on loongson, > ported from sparc64. For now, it works without hardware acceleration, > but otherwise it is usable enough as a console and with X. > Diff from Miod's hoard (visa@) ~ machdep.c ~ wscons_machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/loongson/stand/boot ~ start.S > Pass `prid' properly to pmon_init(). (visa@) arch/luna88k/luna88k ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/m88k/m88k ~ sig_machdep.c > Report the PID in sendsig() debugging > tested by aoyama@ (guenther@) ~ m88k_machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) ~ m88k_machdep.c > Tweak the special handling of pid 1 in setregs()...and document that > while it's not 100% correct, it's okay > tested by aoyama@ (guenther@) arch/macppc/dev ~ apm.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/macppc/macppc ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/mips64/include ~ pte.h > Do not use MIPS64r2 instructions on Loongson 2. Now, a generic loongson > kernel has to learn a new trick in order to use TLB RI/XI on 3A2000. > (visa@) arch/mips64/mips64 ~ pmap.c ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/octeon/octeon ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/octeon/stand/boot ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/sgi/sgi ~ ip22_machdep.c ~ ip27_machdep.c ~ ip30_machdep.c ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/sgi/stand ~ Makefile32.inc > Make the sgi boot blocks read the real OpenBSD disklabel instead of > assuming that the 'a' partition starts at the same location as the > volume header partition #0. > Diff from Miod Vallat (visa@) arch/sgi/stand/boot ~ Makefile ~ diskio.c ~ version > Make the sgi boot blocks read the real OpenBSD disklabel instead of > assuming that the 'a' partition starts at the same location as the > volume header partition #0. > Diff from Miod Vallat (visa@) arch/sh/sh ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/socppc/socppc ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/socppc/stand/boot ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) arch/sparc64/fpu ~ fpu.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) arch/sparc64/sparc64 ~ genassym.cf > p_wchan and p_pid aren't used from asm (anymore?) (guenther@) ~ db_interface.c ~ machdep.c ~ trap.c > Various printf claim to report the PID, so actually report that and not the > TID > Build testing assistance from deraadt@ (guenther@) ~ machdep.c > Apply consistency to forever loops with continue and NOTREACHED > Same thought from kettenis@, ok krw@ phessler@ millert@ (tom@) dev ~ audio.c > At acpithinkpad attach time determine the value of the mute, and defer > telling the audio subsystem about this later on in boot. (Mute state > is maintained by the BIOS over a suspend, hibernate, reboot, etc -- this > may be last missing piece of the puzzle we tore our hair out in Brisbane) > diagnosis and code by Anton Lindqvist, ok ratchov (deraadt@) ~ audio.c > Fix the condition used to decide whether to automatically start the > device, and factor it into a single function. Without this fix, if the > device is open in full-duplex mode, it could start with empty play > buffer. (ratchov@) ~ rnd.c > the old time delta code is no longer used. nothing reads these values. > remove it another relic of the superstitious past. > ok deraadt millert mikeb (tedu@) ~ rnd.c > another unused variable bites the dust. spotted by deraadt (tedu@) ~ softraid_raid5.c > Using '4' as the max # of ccb's in a work unit doesn't work so well > when the number of chunks in your RAID5 is significantly more than > 4. Each work unit needs to use at least a ccb per chunk to do the > i/o. > Set the max to the number of chunks, which all the other RAID types > do in one varient or other. Note that it's not really a max, just > the number used when allocating the entire collection of ccb's for the > volume. > Fixes doing largeish i/o's (e.g. dd bs=1m count=128) to RAID5 volumes > with many chunks. > Problem reported by Alex McWhirter. > ok jsing@ (krw@) ~ vnd.c > Various printf claim to report the PID, so actually report that and not the > TID > ok kettenis@ tedu@ (guenther@) ~ audio.c > Don't allocate struct mixer_devinfo instances on the stack. It is a fairly > large data structure and if the compiler gets clever and inlines some code > we hit the stack size compiler warning. This makes things compile with > clang. > ok ratchov@ (kettenis@) dev/acpi ~ acpithinkpad.c > At acpithinkpad attach time determine the value of the mute, and defer > telling the audio subsystem about this later on in boot. (Mute state > is maintained by the BIOS over a suspend, hibernate, reboot, etc -- this > may be last missing piece of the puzzle we tore our hair out in Brisbane) > diagnosis and code by Anton Lindqvist, ok ratchov (deraadt@) dev/ic ~ ahci.c > Contrary to e. g. the xHCI specification, the AHCI rev. 1.3 spec > does not say anything about which type (snoopable/uncached etc.) of > bus transactions are issued by HBAs on accesses to the descriptors. > Thus, the right assumption would be "classical" concurrent accesses > by both CPU/driver as well as hardware to the descriptors and their > DMA memory backings respectively, which is also confirmed by actual > testing. Consequently, switch to BUS_DMA_COHERENT mappings for said > DMA memory as otherwise corruption of descriptors is seen. > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Given that ahci_port_alloc() grabs one CCB for use during NCQ error > recovery from the CCB pool sized based on the NCS capability, i. e. > number of command slots reported by the controller, it is necessary > to pretend at least 2 slots in sc->sc_ncmds for devices without NCQ > support. That way, also at least 1 available slot is made available > for atascsi(4). Otherwise, controllers having only a single command > slot will trigger "no free xfers on a new port" in atascsi(4). > Note that pretending 2 command slots is also fine with the abuse of > the NCQ error recovery CCB in ahci_port_softreset(). > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Some HBAs report NCQ capability despite only supporting one command > slot. Thus, extend the check whether NCQ actually should be enabled > accordingly. > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ ahci.c > Some HABs reset parts of AHCI_PREG_CMD when AHCI_PREG_SCTL_DET_INIT > gets set. Therefore, ahci_port_softreset() restores the sate of the > former register once the device detection sequence is finished. The > device detection code in ahci_pmp_port_portreset() does not restore > AHCI_PREG_CMD afterwards, so let it catch up. Apparently, this part > was an oversight as ahci_pmp_port_portreset() did not otherwise use > "cmd". > From Marius Strobl > tested by awolk (amd64), bluhm (amd64, i386), myself (amd64, armv7) > ok jmatthew@ (patrick@) ~ rt2560.c > Disable RTS for long frames in ral(4) for rt2560 chips. > On these chips RTS causes bad performance in hostap mode for unknown > reasons. > Convert some debug printfs to DPRINTF. > Add a comment which explains why 2 free slots are needed on the Tx queue. > ok phessler@ sthen@ (stsp@) ~ dwc_gmac.c ~ dwc_gmac_var.h > Bring receive filter handling closer to the way we do things. > From Brad Smith. (kettenis@) ~ ar5008.c ~ ar9003.c > Add comments explaining why athn(4) disables multi-rate retries with RTS. > ok kettenis (stsp@) dev/pci ~ if_iwm.c > Set the USE_RTS flag in the right place. Error introduced in if_iwm.c > r1.139. (stsp@) ~ if_wpi.c > Hide wpi(4) fatal firmware error details inside #ifdef WPI_DEBUG. > ok sthen tb deraadt (stsp@) ~ drm/drmP.h ~ drm/drm_linux.h > Various printf claim to report the PID, so actually report that and not the > TID > ok kettenis@ tedu@ (guenther@) ~ if_iwn.c > Hide details of fatal firmware errors in iwn(4) behind #ifdef IWN_DEBUG. > ok kettenis@ (stsp@) ~ if_iwm.c > Rate sets managed by net80211 are sorted by effective data rate speed while > the iwm_rates array sorts CCK rates before OFDM rates. Add a mapping > function > to fill the ACK rate bitmap correctly. > Problem pointed out by Imre Vadasz. > ok kettenis (stsp@) ~ if_iwn.c > Make iwn(4) write MCS into the radiotap rate field. > ok kettenis@ (stsp@) dev/pv ~ hyperv.c > Check the actual pointer returned by km_alloc(9) instead of the array. The > latter will always be non-NULL, and therefore the test will always be > false. > Caught by clang. > ok jca@, mikeb@, jsg@ (kettenis@) ~ vmt.c > Use "%s" in vm_rpc_send_rpci_tx() call. Avoids a "format string is not a > string literal" warning from clang. > ok jca@ (kettenis@) ~ if_hvn.c > Enable hardware VLAN tagging > Turns out that hardware VLAN tagging is required to use VLANs at all > (while QinQ VLANs are not filtered regardless...). On top of that a > PowerShell command needs to be executed to configure Trunk mode on > virtual interfaces. An example of such command is: > Set-VMNetworkAdapterVlan -VMName OpenBSD -Trunk \ > -AllowedVlanIdList 10-100 -NativeVlanId 5 > This will enable trunking mode on all hvn(4) interfaces. An option > -VMNetworkAdapterName can be passed to turn trunking on one interface, > and although by default all networking interfaces have the same name > "Network Adapter", a "Rename-VMNetworkAdapter" command can be used > to rename them one by one. (mikeb@) ~ if_xnf.c ~ xen.c ~ xenvar.h > Remove _ds_boundary abuse (again) > The logic behind this change is this: a single mbuf may reference > only a contiguous chunk of memory. When this chunk crosses a page > boundary only the first part of it has a non-zero offset while all > other chunks start at the beginning of the page. > We take advantage of this fact and calculate the offset of a first > chunk as a simple "mtod(m, vaddr_t) & PAGE_MASK". (mikeb@) ~ if_xnf.c > Fold the bus_dmamap_destroy into the loop above (mikeb@) dev/usb ~ ehci.c ~ ehcireg.h ~ ehcivar.h > Save and restore the (non-standard) USBMODE register around a reset of the > controller. This register controls whether the controller is in device or > host mode on many dual role controllers and gets reset during a reset of > the controller, placing the controller in (non-functional) idle mode. By > saving and restoring it, we keep the controller in host mode. Since this > is > a non-standard register, add a new EHCIF_USBMODE flag and only do the save > and > restore if it has been set. > Makes the upper "OTG" port of the Cubox-i work. > ok mpi@, jsg@ (kettenis@) ~ xhci.c > Fix some bus_dmamap_sync(9) calls. > Do not fold multiple DMA synchronizations into one when chaining TRBs > as the ring might wrap. > Add missing "READ" transfer direction from the HC to host when applicable. > From Marius Strobl. (mpi@) ~ usbdi.c > Let the stack perform DMA synchronization instead of doing it (partially) > in HC drivers. > Only ehci(4) was performing pre & post synchronization completly. Now > pre-synchronization is done in usbd_transfer() and post-synchronization > in usbd_transfer_complete(). This will allow us to remove the partial > synchronization primitives from the pipe handlers. > This is similar to what FreeBSD did in r158998, r164519 and r176203. > From Marius Strobl. > ok kettenis@ (mpi@) dev/wsfont ~ wsfont.c > Remove reference to non existing font. > Include file with font data (courier11x18.h) was removed from NetBSD due > to licensing concerns before wsfont was imported into OpenBSD. > Cookie values have been renumbered for consistency. (fcambus@) kern ~ kern_sysctl.c > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) ~ kern_timeout.c > avoid holding timeout_mutex while interacting with the scheduler. > as noted by haesbaert, this is necessary to avoid deadlocks because > the scheduler can call back into the timeout subsystem while its > holding its own locks. > this happened in two places. firstly, in softclock() it would take > timeout_mutex to find pending work. if that pending work needs a > process context, it would queue the work for the thread and call > wakeup, which enters the scheduler locks. if another cpu is trying > to tsleep (or msleep) with a timeout specified, the sleep code would > be holding the sched lock and call timeout_add, which takes > timeout_mutex. > this is solved by deferring the wakeup to after timeout_mutex is > left. this also has the benefit of mitigating the number of wakeups > done per softclock tick. > secondly, the timeout worker thread takes timeout_mutex and calls > msleep when there's no work to do (ie, the queue is empty). msleep > will take the sched locks. again, if another cpu does a tsleep > with a timeout, you get a deadlock. > to solve this im using sleep_setup and sleep_finish to sleep on an > empty queue, which is safe to do outside the lock as it is comparisons > of the queue head pointers, not derefs of the contents of the queue. > as long as the sleeps and wakeups are ordered correctly with the > enqueue and dequeue operations under the mutex, this all works. > you can think of the queue as a single descriptor ring, and the > wakeup as an interrupt. > the second deadlock was identified by guenther@ > ok tedu@ mpi@ (dlg@) ~ exec_elf.c ~ kern_sig.c ~ kern_xxx.c > Display/test/use the process PID, not the thread's TID, in a few places. > ok mpi@ mikeb@ (guenther@) ~ kern_pledge.c > Display the process's PID with p->p_p->ps_pid, not p->p_pid. > Use a local variable struct process *pr to simplify expressions > ok deraadt@ (guenther@) ~ kern_pledge.c > In pledge_namei_wlpath() if resolvpath() errors out early it will not > set variables that will be later used as the size argument to > free(NULL calls. This should be harmless as free returns early if the > address is NULL without checking the size. Initialise these variables > before the call to ensure they are never passed to another function > uninitialised. > ok tedu@ millert@ deraadt@ (jsg@) ~ sys_socket.c ~ uipc_socket.c > Separate splsoftnet() from variable initialization. > From mpi@'s netlock diff; OK mikeb@ (bluhm@) ~ uipc_socket.c ~ uipc_socket2.c > Remove redundant comments that say a function must be called at > splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) > anyway. (bluhm@) ~ uipc_syscalls.c ~ kern_sysctl.c > introduce a sysctl to hijack dns sockets. when set to a port number, > all dns socket connections will be redirected to localhost:port. > this could be a sockopt on the listening socket, but sysctl is > an easier interface to work with right now. > ok deraadt (tedu@) ~ uipc_syscalls.c ~ sys_pipe.c > Add ktracing of the fds returned by pipe() and socketpair() > ok deraadt@ (guenther@) ~ kern_sysctl.c > initialize the port variable before sysctl, since it's also read out. > (tedu@) ~ kern_sysctl.c > upon further review, port numbers go all the way up to ushort max (tedu@) ~ uipc_socket2.c > sowakeup() is only called from sorwakeup() and sowwakeup(). Both > have an splsoftassert(IPL_SOFTNET) now, so sowakeup() does not need > to call splsoftnet() anymore. > From mpi@'s netlock diff; OK mikeb@ (bluhm@) ~ sys_process.c > With systrace and procfs gone, process_checkioperm() and process_domem() > are for option PTRACE only > ok kettenis@ (guenther@) msdosfs ~ msdosfs_vfsops.c > Do not check the SecPerTrack field of the BPB when mounting a MSDOS > file system. In modern images the field is not set properly and > the value is not used anyway. FreeBSD has removed the check already > in 2008. > From Alexander von Gernler; OK krw@ (bluhm@) net ~ if.c ~ if_bridge.c ~ if_bridge.h > Use detach hook to notify bridge of interface removal instead of adding > code to if.c. > ok mpi@ (rzalamena@) ~ if_bridge.c > Use detach hook to notify bridge(4) about span port removals. > ok mpi@ (rzalamena@) ~ if_pflow.c ~ if_pfsync.c > Convert timeouts that need a process context to timeout_set_proc(9). > The current reason is that rtalloc_mpath(9) inside ip_output() might > end up inserting a RTF_CLONED route and that require a write lock. > ok kettenis@, bluhm@ (mpi@) ~ route.c > Correct the flag checks inside rt_ifa_addlocal(9) and rt_ifa_dellocal(9). > There's no need to insert an RTF_LOCAL route if it is already there, not > if a route with the same destination exist. > This fixes a KASSERT() triggered by adding an alias for an address already > present in the ARP cache as reported by weerd@ and Peter J. Philipp. > This should also fix a KASSERT() triggered by a NDP change reported by > Sebastien Marie. > ok bluhm@ (mpi@) ~ switchofp.c > Don't use padding for ofp_action_header when building the table property > response thus respecting what the OpenFlow 1.3.5 spec says. > ok reyk@ (rzalamena@) ~ route.c > rt_timer_timer() needs a process context because it messes with the > routing table. > Found the hardway by Chris Jackman. (mpi@) ~ if_ppp.c ~ pf.c ~ route.c > Remove redundant comments that say a function must be called at > splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) > anyway. (bluhm@) ~ if_vxlan.c > Fix vxlan_lookup() to comply the assumption of ether_input(). Put the > entire ethernet header on first mbuf and align 32bit at the payload. > Also fix the vxlan_output() not to cause an alignment fault. Use a > new mbuf for VXLAN header instead of M_PREPEND to make sure that the > mbuf is aligned 32bit. This is required to align 32 bit at the outer > IP header. > input vgross mikeb > ok dlg (yasuoka@) ~ if.c ~ if_switch.c ~ if_switch.h > Use detach hook to notify switch(4) about interface removals instead of > adding code to if.c. > ok mpi@ (rzalamena@) ~ raw_usrreq.c > Instead of setting errno and then doing a goto do a m_freem() and return > error. > Same thing but nicer to read. OK henning@ (claudio@) ~ switchofp.c > Check for the correct header length size. MINCLSIZE is used for cluster, > instead we should use MHLEN for header size. > ok mikeb@ (rzalamena@) ~ if_switch.c > Add missing if_put() in the switch(4) destroy path. > ok mikeb@ (rzalamena@) ~ pf.c > formatting nit (a tab got lost somewhen) (henning@) ~ if.c > This needs radix.h because it uses rn_refines(). > OK guenther@ (claudio@) net80211 ~ ieee80211_radiotap.h > Allow writing an MCS index to radiotap's rate field. The format we use is > the same as FreeBSD is using and is already recognized by third party > tools. > For this file a documentation change is all that's needed. > ok kettenis (stsp@) netinet ~ ip_carp.c ~ tcp_timer.h ~ tcp_var.h > Convert timeouts that need a process context to timeout_set_proc(9). > The current reason is that rtalloc_mpath(9) inside ip_output() might > end up inserting a RTF_CLONED route and that require a write lock. > ok kettenis@, bluhm@ (mpi@) ~ tcp_input.c > One more timeout_set_proc(9) conversion. > Found by Chris Jackman, thanks! (mpi@) ~ in_pcb.c > Remove redundant comments that say a function must be called at > splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) > anyway. (bluhm@) netinet6 ~ in6.c ~ in6.h ~ ip6_forward.c ~ ip6_id.c ~ ip6_mroute.c ~ nd6.c ~ nd6_rtr.c > Convert some of the remaining usages of time_second to time_uptime. > time_second is unix time so it can be affected by clock changes. > time_uptime is monotonic so it isnt affected by clock changes. that > in turn means route expiries wont jump with clock changes if set > against time_uptime. > the expiry is translated into unix time for export to userland though. > Should fix mismatch between route timers that were already converted > and ND default routers that were still using time_second. > Tested by matthieu@ and sthen@ > ok sthen@, dlg@ (mpi@) ~ in6.c > Correct the flag checks inside rt_ifa_addlocal(9) and rt_ifa_dellocal(9). > There's no need to insert an RTF_LOCAL route if it is already there, not > if a route with the same destination exist. > This fixes a KASSERT() triggered by adding an alias for an address already > present in the ARP cache as reported by weerd@ and Peter J. Philipp. > This should also fix a KASSERT() triggered by a NDP change reported by > Sebastien Marie. > ok bluhm@ (mpi@) sys ~ ctf.h > add integer and float encoding macros > ok mpi@ (jasper@) ~ sysctl.h > Add va_nlink information to struct kinfo_file (so bump the shlib minor) > from Sebastien Marie (guenther@) ~ sysctl.h > introduce a sysctl to hijack dns sockets. when set to a port number, > all dns socket connections will be redirected to localhost:port. > this could be a sockopt on the listening socket, but sysctl is > an easier interface to work with right now. > ok deraadt (tedu@) ~ ktrace.h > Add ktracing of the fds returned by pipe() and socketpair() > ok deraadt@ (guenther@) ufs/ufs ~ ufs_vnops.c > On noperm mount points honor the permissions of the root directory, so > access can be locked down. > ok deraadt tb (natano@) ~ ufs_vnops.c > Extra parentheses in conditional; no binary change. > from brynet, ok deraadt (natano@) uvm ~ uvm_mmap.c > Display/test/use the process PID, not the thread's TID, in a few places. > ok mpi@ mikeb@ (guenther@) ~ uvm_amap.c > Prevent infinite loops for amap allocations with >= 2^17 slots > This was caused by an integer overflow in a loop. mlarkin@ > noticed the hang when trying to run a vmm(4) guest with lots of RAM. > (stefan@) ~ uvm_amap.c TAGGED OPENBSD_6_0 > Backport r1.78 from -current: > Prevent infinite loops for amap allocations with >= 2^17 slots > This was caused by an integer overflow in a loop. mlarkin@ > noticed the hang when trying to run a vmm(4) guest with lots of RAM. > (stefan@) == usr.bin =========================================================== 11/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin doas ~ doas.c ~ doas.h ~ parse.y > as a result of the env rework, arraylen() is only used in parse.y. > move it there and make it static. (tedu@) ~ doas.c ~ doas.h > move yyparse decl next to yyfp (tedu@) ~ doas.c > Add back the call to yyparse() that was accidentally dropped in the > previous commit. Fortunately, doas fails closed... > ok tedu (tb@) fstat ~ fstat.1 ~ fstat.c > Indicate with an asterisk when a file has been unlinked. > from Sebastien Marie (guenther@) gprof ~ gprof.1 > remove some Xr that had no section numbers (since we don;t have the pages); > from a diff from anton lindqvist; (jmc@) ~ gprof.c > findcall() for the -c option is implemented on mips64, not sparc64 > (guenther@) kdump ~ ktrstruct.c > Add ktracing of the fds returned by pipe() and socketpair() > ok deraadt@ (guenther@) make ~ varmodifiers.c > Avoid two printf("%s", NULL) with 'make -d v'. > improvements & ok espie, earlier version ok deraadt (tb@) mandoc ~ mandoc.h ~ mdoc_term.c ~ mdoc_validate.c ~ read.c > Delete complicated code dealing with .Bl -tag without -width, > and just let it default to -width 6n, which agrees with the > traditional -width Ds that is still in widespread use. > I just pushed a patch upstream to GNU roff that does the same for > groff_mdoc(7). Before, groff contained code that was even more > complicated than mandoc, but both resulted in quite different > user-visible output. Now, both agree, and output is nicer for both. > Useless complication noticed by Carsten Kunze (Heirloom roff). (schwarze@) mg ~ dired.c > Switch a SLIST_FOREACH loop containing SLIST_REMOVE to SLIST_FOREACH_SAFE. > ok lum@ sunil@ (jsg@) openssl ~ openssl.1 > typo (naddy@) signify ~ zsig.c > typo (espie@) ~ signify.c > combining an assignment and *two* tests in one conditional is a bit much. > pull things apart. > reported by espie in a separate complaint. :) (tedu@) ~ signify.1 > document the previously hidden keyname detection. urged by espie. (tedu@) ~ signify.c > more properly check the secret key extension. from espie (tedu@) ~ signify.c > when generating keys, make sure the names specified adhere to all > department of keyname compliance regulations. see if anybody complains... > (tedu@) ~ signify.c > - better check for seckeyname/pubkeyname "equality", remove the path > (you could legitimately store secret keys on a temporary mount > - error out if seckeyname does not follow the *.sec pattern for signing, > augment the check to deal with that. > - special case: seckeyfile can come from a pipe, and then, well, there's no > way to store *.pub in the comment. > okay tedu@ (espie@) ssh ~ sshkey.c > add a comment about implicitly-expected checks to > sshkey_ec_validate_public() (djm@) ~ sshd_config.5 > tidy up the formatting in this file. more specifically, replace > .Dq, which looks appalling, with .Cm, where appropriate; (jmc@) tmux ~ tty.c > Remove some redundant checks and make ich/dch consistent. (nicm@) ~ tmux.1 > Document set-hook -u. (nicm@) ~ alerts.c ~ client.c ~ cmd-move-window.c ~ input-keys.c ~ input.c ~ options-table.c ~ tty-acs.c ~ window-copy.c ~ xterm-keys.c > Remove some dead code in cmd-move-window.c and make a load of local > functions static. (nicm@) ~ cmd.c > Allow cmd_mouse_at return arguments to be NULL. (nicm@) ~ paste.c ~ tmux.h > Keep buffer creation time and add accessors for it and the order number. > (nicm@) ~ screen-write.c > Wrap some long lines in screen-write.c. (nicm@) ~ screen-write.c > screen_write_copy tried to be clever and clear the line if it reached > the end of the source, but it was wrong and causes problems that are > only showing up now we are more aggressive about skipping redundant > screen updates. Remove the optimization entirely as more trouble than it > is worth to fix (and it'll have to go when BCE is done anyway). (nicm@) ~ window-copy.c > Use xsnprintf not snprintf for the prompt in window_copy_write_line > because we don't care if it is truncated to the screen width, we don't > want it to be fatal. (nicm@) ~ cmd-set-option.c > Handle NULL window or session for user options. (nicm@) ~ cmd-if-shell.c ~ cmd-run-shell.c > Pass file/line to new command for if-shell so that errors appear > sensibly. (nicm@) ~ screen-redraw.c ~ server-client.c ~ tmux.h > Make the CLIENT_STATUS flag imply that pane status lines are redrawn if > they are enabled and break the actual screen generation code into a > separate function. Fixes problems reported by Romain Francoise. (nicm@) == usr.sbin ========================================================== 12/12 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.sbin usr.sbin ~ Makefile > Enable switchd + switchctl. It is not finished yet but we made a lot > of progress and enabling it early is a better process. > Requested by deraadt@ (reyk@) acme-client ~ http.c > tls_close() can return TLS_WANT_POLLIN/TLS_WANT_POLLOUT - handle this > case correctly. > ok florian@ (jsing@) ~ netproc.c > s/letsencrypt/ACME/ (jsing@) ~ http.c ~ http.h ~ netproc.c > Avoid a potential MITM - calling tls_config_insecure_noverify() is a bad > idea, so stop doing that. Instead, use a single tls_config, set it up and > configure the CA file to use while we still have rpath, then drop rpath. > This also avoids creating a new tls_config for each and every HTTPS > connection, which is unnecessary. > ok benno@ florian@ (jsing@) bgpd ~ bgpd.conf.5 ~ bgpd.h ~ kroute.c ~ parse.y ~ printconf.c > Let bgpd announce routes based on a route-label. > OK henning@ benno@ (phessler@) dhcpd ~ dhcp.c ~ options.c ~ sync.c ~ sync.h > Zap stray whitespace. (krw@) ~ dhcp.c > Use consistant idiom (intermediate variable 'i' rather than repeated > uses of very long #define names) to access option data in nak_lease() > and ack_lease(). > Shortens a lot of lines, which allows a number of line splits to > be eliminates. > Makes some upcoming diffs easier to integrate. > No intentional functional change. (krw@) ~ dhcp.c ~ dhcpd.h > Add support for RFC 6842. RFC 2131 said the server MUST NOT echo > the client-identifier value. RFC 6842 says the server MUST echo it. > Echoing the information disambiguates packets for relays and clients > when chaddr is 0. Similar to what dhcpv6 does. (krw@) httpd ~ httpd.h ~ proc.c > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Check if oldd == newd before dup2(), if that is the case we need to remove > the CLOEXEC flag ourselves. > ok bluhm@, deraadt@ (rzalamena@) ~ server_fcgi.c > Empty lines cause server_fcgi_getheaders() to immediately return. > Unfortunately in that case the line was not freed. This lead to a > memleak on each request. Thus, save the return value prior to > returning, free the line and return the saved value. > ok jung@ (patrick@) ~ server_fcgi.c > The strchr() call either returns a NULL pointer, on which the code will > break out of the loop, or a pointer to ':'. Thus the extra check for > ':' is unnecessary and can be removed. > ok jung@ (patrick@) nsd ~ Makefile.bsd-wrapper > Rewriting USER gets in the way of the de-escalation mechanism as it > shadows the real user's identity. > ok deraadt (natano@) ntpd ~ util.c > Fix a possible bug that will happen with dup2() when oldd == newd. In that > case the dup2() would fail silently and the descriptor would remain with > the CLOEXEC flag causing the exec*()d child process to have unexpected > behavior. > ok guenther@ (rzalamena@) pkg_add ~ OpenBSD/PkgInfo.pm > report signify2 as well (espie@) ~ OpenBSD/PkgSign.pm ~ OpenBSD/Signer.pm > throw a decent error message, signify2 can't (yet) sign non local packages > (it would need a way to get "raw" gzip data) (espie@) ~ OpenBSD/PkgSign.pm > display a decent error message (espie@) ~ pkg_sign.1 > document what signify2 does, remove remnants of signify/x509. > comment out stuff that's not supported yet, but may make a come-back later > (espie@) ~ OpenBSD/PkgCreate.pm ~ OpenBSD/PkgSign.pm ~ OpenBSD/Signer.pm > kill creating old signatures. (espie@) ~ OpenBSD/PackageLocation.pm > No need to record gzip position after CONTENTS since we don't need partial > copy for newer signatures (espie@) ~ OpenBSD/PkgAdd.pm ~ OpenBSD/State.pm > gc the old checking code in pkg_add (espie@) ~ OpenBSD/PackageLocator.pm ~ OpenBSD/PackageRepository.pm > add TRUSTED_PKG_PATH after discussing with aja@ > use case is testing binary packages among developers, -Dunsigned means > everything is unsigned, which is bad for dependencies (espie@) ~ pkg_add.1 > document (partially) new stuff (espie@) ~ OpenBSD/PackageLocation.pm ~ OpenBSD/PkgInfo.pm > remove may_check_data logic, since signatures are now handled externally > (espie@) ~ OpenBSD/PackingList.pm > check_signature is gone (espie@) - OpenBSD/signify.pm - OpenBSD/x509.pm ~ Makefile > no longer needed (espie@) ~ OpenBSD/PackageRepository.pm > slightly smarter parsing of error log (espie@) ~ OpenBSD/PackageRepository.pm > getting errors is trivial, just don't forget to close the handle and not > return anything in case signature did fail. (espie@) ~ package.5 > document signature change (espie@) rebound ~ rebound.8 ~ rebound.c > several big changes, tied together. > switch to reading resolv.conf to find upstream name servers. > moitor this file and automatically restart if it changes. > use the dnsjackport sysctl to steal DNS connections from libc. > listen on port 54 to avoid collisions with other DNS servers. (tedu@) ~ rebound.c > the parent mostly never crashes, but the child might. or the config file > disappears. in such cases, the parent will exit. make sure to always > reset the jackport, not just when receiving sigterm. > (doesn't protect against parent crashing, but that shouldn't happen.) > (tedu@) ~ rebound.8 > kern.dnsjacking -> kern.dnsjackport; (jmc@) ~ rebound.c > too many blank lines (tedu@) ~ rebound.c > a little more precision about reloading config. only reopen if it changed > (tedu@) relayd ~ proc.c ~ relayd.h > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) smtpd ~ smtp_session.c > fix smtp session logic bug that can lead to a server crash. (eric@) ~ smtp_session.c TAGGED OPENBSD_6_0 > OpenBSD 6.0 errata 10, Oct 3, 2016 > A bug in the smtp session logic can lead to a server crash. > Found and reported by Mickael Torres. (jsg@) snmpd ~ snmpd.h > include sys/tree.h explicitly rather than rely on a random pf header > to do it. > ok deraadt@ (dlg@) ~ usm.c > use EVP_CipherFinal_ex instead of EVP_CipherFinal > EVP_CipherFinal_ex has well defined behaviour, where EVP_CipherFinal > can vary depending on the version of your ssl library. > ok bcook@ jsing@ (dlg@) switchd ~ ofrelay.c > More debugging (reyk@) ~ ofrelay.c > I added a second buffer as fix for the fact that /dev/switch doesn't > act like a socket. Unfortunately, this broke handling of jumbo > buffers in the adjusted version of ofrelay. Don't abort the > connection until there is no more data to read or the connection has > been closed. > Problem out by rzalamena@ (reyk@) ~ ofp10.c > Move ofp_validate_header() to ofp10.c until we have a better place (reyk@) ~ ofp.c > Remove ofp_validate_header() here (reyk@) ~ proc.c ~ proc.h > sync proc.c with vmd: add p_pw to specify a non-standard user for a > process. > OK rzalamena@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) ~ types.h > Switch switchd to the _switchd user. (reyk@) ~ ofp13.c ~ ofrelay.c ~ switchd.h > Add support for multipart replies and implement a simple ofp 1.3.5 error > message sending function. > ok reyk@ (rzalamena@) ~ Makefile ~ ofp13.c ~ switchd.h + ofp_common.c > Move some shared code into a new file. > Discussed with rzalamena@ (reyk@) syslogd ~ syslogd.8 ~ syslogd.c > When doing global remote logging and archiving, it is inconvenient > that the syslog timestamp does not contain the year and the timezone, > but has local time with daylight saving time. > Now with -Z syslogd(8) switches to RFC 5424 ISO format for timestamps. > Then all logging is also done in UTC. Default is to keep local > time and BSD syslog RFC 3164 format. > BIG BIG BIG OK for the feature ajacoutot@; OK deraadt@ (bluhm@) ~ syslogd.c > Syslog RFC 5424 says you should add 1 to 6 digits with fractions > of a second to each syslog timestamp. As we do not measure the > time in syslog(3), use only 3 digits with millisecond precision. > OK dlg@ (bluhm@) ~ privsep.c ~ syslogd.c ~ syslogd.h > Do an exec on itself in the privileged syslogd(8) parent process > to reshuffle its memory layout. > Input rzalamena@; OK deraadt@ (bluhm@) tcpdump ~ print-802_11.c > Make tcpdump show MCS stored in radiotap's rate field. > ok kettenis@ (stsp@) unbound ~ Makefile.bsd-wrapper > Rewriting USER gets in the way of the de-escalation mechanism as it > shadows the real user's identity. > ok deraadt (natano@) vmctl ~ vmctl.8 > Add an example to find the generated tap(4) interface description. (reyk@) ~ vmctl.c > The start control imsg has been switched to a new "struct > vmop_create_params" that also includes configuration that is only for > userland. I forgot to commit this chunk. > Found the hard way by mlarkin@ (reyk@) vmd ~ virtio.c > style cleanup (mlarkin@) ~ i8253.c ~ i8253.h ~ i8259.c ~ i8259.h ~ mc146818.c ~ mc146818.h ~ ns8250.c ~ ns8250.h > add RCS tags (mlarkin@) ~ Makefile ~ config.c ~ proc.c ~ proc.h ~ vmd.c ~ vmd.h ~ vmm.c + priv.c > Add a new "priv" process that is responsible for ioctls and restricted > operations that aren't allowed under pledge. This is a companion to > the "vmd" process that runs as root but with pledge. > With the "priv" process, each new tap(4) interface now gets a > description to indicate the vm, eg. "vm1-if0-myvm". For network > configuration will be done by vmd/priv later. > OK mlarkin@ (reyk@) ~ proc.c > Call setsid() to create a new session for the executed processes. > From deraadt@ > OK rzalamena@ (reyk@) ~ config.c ~ parse.y ~ priv.c ~ proc.h ~ virtio.c ~ vm.conf.5 ~ vmd.c ~ vmd.h ~ vmm.c > Add support for enhanced networking configuration and virtual switches. > See vm.conf(5) for more details. > OK mlarkin@ (reyk@) ~ parse.y > Replace one u_int8_t with uint8_t (finger memory) (reyk@) ~ proc.c > Sync with httpd(8) proc file. Check for dup2() usage to avoid oldd == newd > and remove the CLOEXEC with fcntl() if necessary. > ok reyk@ (rzalamena@) ~ vm.conf.5 > tweak previous; (jmc@) ~ vmd.c ~ vmd.h ~ vmm.c > Terminate VMs on shutdown of vmd instead of leaving them running as > undead VM processes. > OK mlarkin@ (reyk@) ~ vmm.c > Enable pledge(2) in vmm and the VM processes: This way the VMs and > their monitor run in a very restricted environment. VMs only pledge > "stdio vmm" which allows them to do most basic functions and a subset > of vmm ioctls (the other part of vmm ioctls are only permitted in the > parent). > This requires the previous change in the vmm kernel part. > OK mlarkin@ (reyk@) =============================================================================== _______________________________________________ owc mailing list [email protected] http://www.squish.net/mailman/listinfo/owc
