Age | Commit message (Collapse) | Author |
|
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
|
"looks right" deraadt@
|
|
functionality is provided by <sys/stdarg.h> using compiler builtins.
Tested in a ports bulk build on amd64 by naddy@
OK naddy@ mpi@
|
|
rnd.c uses nanotime to get access to some bits that change quickly
between events that it can mix into the entropy pool. it doesn't
use nanotime to get a monotonically increasing set or ordered and
accurate timestamps, it just wants something with bits that change.
there's been discussions for years about letting rnd use a clock
that's super fast to read, but not necessarily accurate, but it
wasn't until recently that i figured out it wasn't interested in
time at all, so things like keeping a fast clock coherent between
cpu cores or correct according to ntp is unecessary. this means we
can just let rnd read the cycle counters on cpus and things will
be fine. cpus with cycle counters that vary in their speed and
arent kept consistent between cores may even be desirable in this
context.
so this is the first step in converting rnd.c to reading cycle
counter. it copies the nanotime backend to each arch, and they can
replace it with something MD as a second step later on.
djm@ suggested rnd_messybytes, but we landed on cpu_rnd_messybits.
thanks to visa for his eyes.
ok deraadt@ visa@
deraadt@ says he will help handle any MD fallout that occurs.
|
|
Nothing uses the header anymore.
OK deraadt@ mpi@
|
|
|
|
since the bootxx needs to interpret the fs metadata and it has
very little spare room. We could make two version of xxboot, but
that's hardly worth the trouble.
|
|
i was lazy and just put them at the end of the existing set. fyi,
i think major 51 is free on all archs if anyone is looking for
another one.
ok claudio@
|
|
The design is fairly simple: events, in the form of descriptors on a
ring, are being produced in any kernel context and being consumed by
a userland process reading /dev/dt.
Code and hooks are all guarded under '#if NDT > 0' so this commit
shouldn't introduce any change as long as dt(4) is disable in GENERIC.
ok kettenis@, visa@, jasper@, deraadt@
|
|
Document the new feature in boot(8) man page.
OK jmc@ deraadt@
|
|
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
|
inspect the memory layout that the firmware has created. It is
especially useful for UEFI debugging.
OK deraadt@ kettenis@
|
|
retguard and similar when profiling. However, that missed all the .S files,
as ${PROF} wasn't added when ${NORMAL_S} was converted from direct invocation
of ${AS} to instead use ${CC}. Similarly, mcount.o still had retguards
as it cannot be built with -pg. So: pass ${PROF} when compiling .S files,
and compile "no profiling" files with -fno-ret-protector on archs with
retguard.
feedback and ok mpi@ mortimer@
|
|
section, which has grown a fair bit with the introduction of retguard.
Mortimer discovered the repeated 512-byte sequence as retguard keys, and
this resolves the issue. (Chacha does not fit on the media, so 1.5K early
drop RC4 is hopefully sufficient in our KARL link universe)
Version crank the bootblocks. sysupgrade -s will install new bootblocks.
ok djm mortimer
|
|
From and OK jmc
|
|
OK deraadt
|
|
|
|
|
|
so the file cannot be re-executed upon the next boot. This provides a
stronger one-shot-upgrade model than the upgrade script's rm /bsd.upgrade.
Now various forms of upgrade failure will reboot into /bsd, which is probably
more recoverable. Performing fchmod -x depends on (1) use of MI boot.c
(not alpha/macppc/sparc64/sgi/octeon) and (2) "can write blocks" functionality
in the IO layer. Most architectures have this support now.
Two diagnostics "fchmod a-x %s: failed" and "/bsd.upgrade is not u+x" will
remain in the tree while refinements happen for some of the laggard
architectures.
based upon a discussion florian
tested in snapshots for more than a week without any complaints
|
|
Use install -F to instead of cp, for fsync(2). Coupled with the new
sync(8) in the reorder_kernel script, the window for a incomplete /bsd
file on-disk due to a crash has now shrunk substantially.
Discussion with kettenis, millert and tedu
|
|
ok deraadt@
|
|
|
|
tightly-built ramdisk kernels, set the option in per-arch Makefile.inc
based upon SMALL_KERNEL
|
|
|
|
details from the ELF header instead of faking it.
Proposal from mlarkin, tested on most architectures already
|
|
|
|
ok deraadt
|
|
|
|
Based on a submisison from Jan Klemkow.
|
|
OK deraadt@ mpi@
|
|
From Mathieu <naabed at poolp.org>, ok visa@
|
|
ok krw@ mpi@
|
|
Fixes 'make install' when /bsd is not present for some reason.
ok rob florian, "fine with me" deraadt
|
|
definitive list of block devices supported on an architecture.
ok kettenis@ deraadt@
|
|
OK mpi@
|
|
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
|
|
end of rc we call reorder_kernel which creates a /obsd hard link to
the same kernel.
In the past obsd was only created when doing a manual make install in
the kernel sources.
There is no need for two backup hard links during boot, rearange the
kernel Makefiles to restore previous behaviour and thus stopping
reorder_kernel from scribbling over /obsd.
Makes muscle memory of some kernel developers work again: /obsd can
serve as a known good kernel; and there was much rejoycing...
Discussed at length with benno, rpe, phessler and tb at
p2k17.
Seems like a good idea to deraadt.
OK benno, phessler, rpe, tb
|
|
the kernel makefiles was removed which lead to C files not being re-
compiled when a dependency changed. This can lead to panics in odd
places and generally a broken system.
ok deraadt@
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
|
|
|
|
ok deraadt@, jasper@
|
|
clang optimizes better for size with -Oz so use that as a default to avoid
overflowing the ramdisk floppies. gcc now accepts -Oz as an alias for -Os.
ok kettenis@
|
|
whenever make is issued. Only do this when there are actual source changes
below /sys. This restores the behavior prior to the KARL implementation.
Problem noticed and patiently explained by mpi
implementation with a lot of help from espie
ok mpi, espie, deraadt
|
|
a partial solution to cross compiling the kernel with KARL.
OK deraadt@ a while ago
|
|
According to tobiasu@, landisk is moribund and writing new manual
pages for it would be a waste of time.
|
|
|
|
"go for it" deraadt@
|
|
without src and comp work. That is what we've designed for, but since
we always have src and comp on our systems it is so easy to slide...
problem first noted by rpe.
|
|
architectures we must also link against a gapdummy.o to repair the ABI
of the resulting .o file. Woe is me.
Also repair install: target to update the linkkit & hash when a kernel
is installed.
ok rpe tb mlarkin and tested by others also
|