| Age | Commit message (Collapse) | Author |
|---|
|
ok kettenis
|
|
the code has rotted, and obviously hasnt been used for ages. it is
also hard to make mpsafe. if we need something like this again it
would be better to do it from scratch.
ok tedu@ visa@
|
|
Suggested by and OK mpi, OK visa
|
|
TCP_FACK was disabled by provos@ in June 1999.
TCP_FACK is an algorithm that decides that when something is lost, all
not SACKed packets until the most forward SACK are lost. It may be a
correct estimate, if network does not reorder packets.
OK visa@ mpi@ mikeb@
|
|
OK deraadt, mpi, visa, job
|
|
FullMAC, in comparison to SoftMAC, does most WiFi handling in the
firmware that's running on the controller. This means we have to
work around the net80211 stack while still implementing all the
WiFi interfaces to userland.
This driver is still in early development. So far it can connect
to open WiFis over the USB bus. SDIO and PCIe support, for devices
like the Raspberry Pi 3 or the Macbooks, is not yet implemented.
Also mbufs on the transmit path leak and are not yet freed.
ok stsp@
|
|
|
|
ok deraadt@
|
|
|
|
From yasuoka.
I really want this fixed in a different way after release is finished.
|
|
ok deraadt@
|
|
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
|
|
|
|
if we compile pf, ipsec, pipex or nfsserver.
Suggested by mpi some time ago.
Tweak & OK bluhm
deraadt assumes it's fair
|
|
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken
in the installer.
OK mpi, "go for it" deraadt
|
|
a partial solution to cross compiling the kernel with KARL.
OK deraadt@ a while ago
|
|
Discussed with and OK henning@ at d2k17 as a part of a larger diff.
|
|
by implementing an arc4random_uniform(3) clone with beloved jot(1) and
using it.
discussed with and ok deraadt
|
|
we use gapdummy.o
|
|
directives. binutils requires it, and binutils is the authoritative
parser in this regard. This means arm64 +lld remains broken (but all
the other architectures work)
|
|
expression line. Removing the extra semicolons makes both ld and
ldd accept the link script generated, although ldd produces a wrong
object file on arm64; ok kettenis@ deraadt@
|
|
architectures we must also link against a gapdummy.o to repair the ABI
of the resulting .o file. Woe is me.
Also repair install: target to update the linkkit & hash when a kernel
is installed.
ok rpe tb mlarkin and tested by others also
|
|
|
|
And anyways, everything is ELF now.
|
|
pointed out by kettenis
|
|
|
|
discussed with patrick
|
|
|
|
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, unmap the early startup code.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker. The only known offsets are in the startup code,
which has been unmapped.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
ok kettenis mlarkin visa, also thanks to tedu for getting me back to this
|
|
only active during hibernation, preallocating the the submission and completion
queues during attach as they need to be page-aligned.
tested on an x270 that successfully hibernates now.
ok dlg@
|
|
abstraction. First step of making PF_KEY a bit more like PF_ROUTE.
OK mpi@
|
|
tcp md5. OK mpi@
|
|
OK sthen, visa
|
|
This introduces a 32-bit constant time AES implementation from
Thomas Pornin originally for BearSSL and then adjusted by Thomas
and myself to fit OpenBSD kernel. One of the additional features
is an API for encryption and decryption subkey expansion in the
format specified by NIST in FIPS 197.
Tested by myself and naddy@, ok djm@
|
|
It doesn't compile und hasn't been working during the last decade.
ok kettenis@, deraadt@
|
|
The syscall is marked NOLOCK and only FUTEX_WAIT grabs the KERNEL_LOCK()
because of PCATCH and the signal nightmare.
Serialization of threads is currently done with a global & exclusive
rwlock.
Note that the current implementation still use copyin(9) which is not
guaranteed to be atomic. Committing now such that remaining issues can
be addressed in-tree.
With inputs from guenther@, kettenis@ and visa@.
ok deraadt@, visa@
|
|
|
|
|
|
Go-ahead from kettenis@, guenther@, deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
requested by deraadt@
|
|
leaving out the size, so that
ELFNAME2(exec,makecmds)
becomes
exec_elf_makecmds
instead of
exec_elf{32,64}_makecmds
and then delete the ELFNAME2() and ELFNAMEEND() macros.
Move the prototypes for functions local to exec_elf.c to there from
exec_elf.h.
Simplify the SMALL_KERNEL conditionals around the ELF coredump code.
Change exec_conf.c to use the size-generic names and macros
Remove exec_elf{32,64}.c and just build exec_elf.c; delete the
_KERN_DO_ELF and _KERN_DO_ELF64 #defines.
ok jca@, encouragement from deraadt@ and tom@
|
|
OK deraadt@
|
|
current session. This way kernels built during 'make release' should
again have names such as deraadt@... bluhm@... instead of build@... in
most environments.
Issue reported by bluhm on icb eons ago.
ok deraadt
|
