| Age | Commit message (Collapse) | Author |
|---|
|
|
|
adding more filter properties without cluttering the struct.
OK mpi@, anton@
|
|
|
|
ok tedu@ jsg@
|
|
ok tedu@ jsg@
|
|
in drivers. Terse one liners, NULLs instead of 0's, explicitly specify
all members, etc.
Nuke #ifdef notyet blocks related to the scsi_adapter in aic.
No intentional functional change.
ok tedu@
|
|
i was lazy and just put them at the end of the existing set. fyi,
i think major 51 is free on all archs if anyone is looking for
another one.
ok claudio@
|
|
The design is fairly simple: events, in the form of descriptors on a
ring, are being produced in any kernel context and being consumed by
a userland process reading /dev/dt.
Code and hooks are all guarded under '#if NDT > 0' so this commit
shouldn't introduce any change as long as dt(4) is disable in GENERIC.
ok kettenis@, visa@, jasper@, deraadt@
|
|
ok deraadt krw
|
|
There are no units noted here, but macppc is a 100hz platform so it's safe
to just assume 2500 milliseconds here.
ok jsg@
|
|
make the structs const so that the data are put in .rodata.
OK mpi@, deraadt@, anton@, bluhm@
|
|
Document the new feature in boot(8) man page.
OK jmc@ deraadt@
|
|
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
|
In May 29 2008, Matthew R. Green removed it in NetBSD:
github.com/IIJ-NetBSD/netbsd-src/commit/7ea20401d535da9996394136ef
ok deraadt@
|
|
inspect the memory layout that the firmware has created. It is
especially useful for UEFI debugging.
OK deraadt@ kettenis@
|
|
retguard and similar when profiling. However, that missed all the .S files,
as ${PROF} wasn't added when ${NORMAL_S} was converted from direct invocation
of ${AS} to instead use ${CC}. Similarly, mcount.o still had retguards
as it cannot be built with -pg. So: pass ${PROF} when compiling .S files,
and compile "no profiling" files with -fno-ret-protector on archs with
retguard.
feedback and ok mpi@ mortimer@
|
|
section, which has grown a fair bit with the introduction of retguard.
Mortimer discovered the repeated 512-byte sequence as retguard keys, and
this resolves the issue. (Chacha does not fit on the media, so 1.5K early
drop RC4 is hopefully sufficient in our KARL link universe)
Version crank the bootblocks. sysupgrade -s will install new bootblocks.
ok djm mortimer
|
|
This diff completely converts sys/arch/macppc to *sleep_nsec(9).
Also convert dev/thermal.c while we're down here. Unsure what that
file's driver's name is, if any.
ok kn@ visa@
|
|
|
|
|
|
|
|
|
|
|
|
ok deraadt@
|
|
ok deraadt@
|
|
ok jsg
|
|
|
|
ok deraadt@
|
|
The DST and TIMEZONE options(4) are incompatible with KARL, so we need
some other way to compensate for an RTC running with a known offset.
Enter kern.utc_offset, an offset in minutes East of UTC. TIMEZONE has
always been minutes West, but this is inconsistent with how everyone
else talks about timezones, hence the flip.
TIMEZONE has the advantage of being compiled into the binary. Our new
sysctl(2) has no such luck, so it needs to be set as early as possible
in boot, from sysctl.conf(5), so we can correct the kernel clock from
the RTC's local time to UTC before daemons like ntpd(8) and cron(8)
start. To encourage this, kern.utc_offset is made immutable after the
securelevel(7) is raised to 1.
Prompted by yasuoka@. Discussed with deraadt@, kettenis@, yasuoka@.
Additional testing by yasuoka@.
ok deraadt@, yasuoka@
|
|
|
|
|
|
so the file cannot be re-executed upon the next boot. This provides a
stronger one-shot-upgrade model than the upgrade script's rm /bsd.upgrade.
Now various forms of upgrade failure will reboot into /bsd, which is probably
more recoverable. Performing fchmod -x depends on (1) use of MI boot.c
(not alpha/macppc/sparc64/sgi/octeon) and (2) "can write blocks" functionality
in the IO layer. Most architectures have this support now.
Two diagnostics "fchmod a-x %s: failed" and "/bsd.upgrade is not u+x" will
remain in the tree while refinements happen for some of the laggard
architectures.
based upon a discussion florian
tested in snapshots for more than a week without any complaints
|
|
From Christian Ludwig <christian_ludwig at genua dot de>
ok visa@
|
|
Use install -F to instead of cp, for fsync(2). Coupled with the new
sync(8) in the reorder_kernel script, the window for a incomplete /bsd
file on-disk due to a crash has now shrunk substantially.
Discussion with kettenis, millert and tedu
|
|
ok deraadt@
|
|
memcpy() correct behaviour. This also brings the bcopy() macro into line.
|
|
tightly-built ramdisk kernels, set the option in per-arch Makefile.inc
based upon SMALL_KERNEL
|
|
linux 4.19.34.
Adds support for more Intel hardware:
Broxton/Apollo Lake (was is_preliminary in 4.4)
Amber Lake (another Kaby Lake refresh)
Gemini Lake
Coffee Lake
Whiskey Lake
Cannon Lake (though no hardware with Intel graphics ever shipped)
Ice Lake (alpha support, hardware not released)
This does not add support for new radeon hardware on the AMD side as
newer radeons have a different kernel driver (amdgpu).
Thanks to the OpenBSD Foundation for sponsoring this work, kettenis@ for
helping and a bunch of other developers for testing.
|
|
details from the ELF header instead of faking it.
Proposal from mlarkin, tested on most architectures already
|
|
ok deraadt
|
|
|
|
|
|
|
|
no words or punctation were modified.
|
|
|
|
Passes 'make release' build.
|
|
Tested by Christian Hammerschmidt.
|
|
Based on a submisison from Jan Klemkow.
|
|
|
|
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
|
