summaryrefslogtreecommitdiff
path: root/sys/conf
AgeCommit message (Collapse)Author
2017-10-04re-enable POOL_DEBUG after the releaseChristian Weisgerber
2017-10-04reminder to create <version>.html and roll errata pages for release.Sebastian Benoit
ok deraadt@
2017-10-046.2-current, back to workTheo de Raadt
2017-10-03work around config(8) modifying bss, using __attribute__ ((section(".data"))).Theo de Raadt
From yasuoka. I really want this fixed in a different way after release is finished.
2017-09-26disable POOL_DEBUG for releaseJonathan Gray
ok deraadt@
2017-09-25take us out of -betaTheo de Raadt
2017-09-12Remove option DDB_STRUCTINFO. Now that ddb(4) is CTF aware, similarMartin Pieuchot
functionnalities are available in GENERIC. ok jasper@, deraadt@, guenther@, dlg@
2017-08-20crank to 6.2-betaTheo de Raadt
2017-08-11Merge DDBCTF into DDB.Martin Pieuchot
2017-07-31Give back some space to the ramdisk by compiling net/radix.c onlyFlorian Obser
if we compile pf, ipsec, pipex or nfsserver. Suggested by mpi some time ago. Tweak & OK bluhm deraadt assumes it's fair
2017-07-30Switch installer to Allotment Routing Table (ART).Florian Obser
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken in the installer. OK mpi, "go for it" deraadt
2017-07-16Pass the linker from make environment to makegap.sh. This is (only)Visa Hankala
a partial solution to cross compiling the kernel with KARL. OK deraadt@ a while ago
2017-06-28hfsc.c should depend on pf instead of inetMike Belopuhov
Discussed with and OK henning@ at d2k17 as a part of a larger diff.
2017-06-26RANDOM1 was subject to rather bad modulus bias. Improve the situation a bitTheo Buehler
by implementing an arc4random_uniform(3) clone with beloved jot(1) and using it. discussed with and ok deraadt
2017-06-26note.ABI-tag and .MIPS.options are not needed anymore whenTheo de Raadt
we use gapdummy.o
2017-06-25lld's linker-script parser has to be fixed to accept ; after LONG()Theo de Raadt
directives. binutils requires it, and binutils is the authoritative parser in this regard. This means arm64 +lld remains broken (but all the other architectures work)
2017-06-25ldd is more strict wrt semicolons, they can only appear after anOtto Moerbeek
expression line. Removing the extra semicolons makes both ld and ldd accept the link script generated, although ldd produces a wrong object file on arm64; ok kettenis@ deraadt@
2017-06-22Generate a gap.link script, and use that to generate gap.o. On multi-ABITheo de Raadt
architectures we must also link against a gapdummy.o to repair the ABI of the resulting .o file. Woe is me. Also repair install: target to update the linkkit & hash when a kernel is installed. ok rpe tb mlarkin and tested by others also
2017-06-05include machine/param.h before machine.asm.h because uhm alpha.Theo de Raadt
2017-06-05Avoid use of _C_LABEL, since it is not portable to all our architectures.Theo de Raadt
And anyways, everything is ELF now.
2017-06-04Don't need to provide a padbyte value for .bss, it will always be 0Theo de Raadt
pointed out by kettenis
2017-06-03".section .bss" is portable to more platforms than plain ".bss"Theo de Raadt
2017-06-03use .balign instead of .align, it is portable to more architecturesTheo de Raadt
discussed with patrick
2017-06-02typo; meant to say locore0.STheo de Raadt
2017-05-31Split early startup code out of locore.S into locore0.S. Adjust linkTheo de Raadt
run so that this locore0.o is always at the start of the executable. But randomize the link order of all other .o files in the kernel, so that their exec/rodata/data/bss segments land all over the place. Late during kernel boot, unmap the early startup code. As a result, the internal layout of every newly build bsd kernel is different from past kernels. Internal relative offsets are not known to an outside attacker. The only known offsets are in the startup code, which has been unmapped. Ramdisk kernels cannot be compiled like this, because they are gzip'd. When the internal pointer references change, the compression dictionary bloats and results in poorer compression. ok kettenis mlarkin visa, also thanks to tedu for getting me back to this
2017-05-29Add hibernate support for nvme(4). This creates a separate IO queue that isJonathan Matthew
only active during hibernation, preallocating the the submission and completion queues during attach as they need to be page-aligned. tested on an x270 that successfully hibernates now. ok dlg@
2017-05-29PFKEY version 2 is the only pfkey version supported. No need for extraClaudio Jeker
abstraction. First step of making PF_KEY a bit more like PF_ROUTE. OK mpi@
2017-05-27Kill option KEY, it is a useless knob, nobody uses pfkeyv2 without IPSEC orClaudio Jeker
tcp md5. OK mpi@
2017-05-15Hook up FQ-CoDel to the tree and enable configuration in the pfctl(8)Mike Belopuhov
OK sthen, visa
2017-04-30Constant time AES implementationMike Belopuhov
This introduces a 32-bit constant time AES implementation from Thomas Pornin originally for BearSSL and then adjusted by Thomas and myself to fit OpenBSD kernel. One of the additional features is an API for encryption and decryption subkey expansion in the format specified by NIST in FIPS 197. Tested by myself and naddy@, ok djm@
2017-04-30Unifdef KGDB.Martin Pieuchot
It doesn't compile und hasn't been working during the last decade. ok kettenis@, deraadt@
2017-04-28Add futex(2) syscall based on a sane subset of its Linux equivalent.Martin Pieuchot
The syscall is marked NOLOCK and only FUTEX_WAIT grabs the KERNEL_LOCK() because of PCATCH and the signal nightmare. Serialization of threads is currently done with a global & exclusive rwlock. Note that the current implementation still use copyin(9) which is not guaranteed to be atomic. Committing now such that remaining issues can be addressed in-tree. With inputs from guenther@, kettenis@ and visa@. ok deraadt@, visa@
2017-04-20Add option to compile witness(4).Visa Hankala
2017-04-20Hook up mutex(9) to witness(4).Visa Hankala
2017-04-20Add a port of witness(4) lock validation tool from FreeBSD.Visa Hankala
Go-ahead from kettenis@, guenther@, deraadt@
2017-04-08re-enable POOL_DEBUG after the release; ok deraadt@Christian Weisgerber
2017-04-02unlock tree, we are now hacking on 6.1-currentTheo de Raadt
2017-03-29POOL_DEBUG off for releaseTheo de Raadt
2017-03-29move to 6.1 release, drop -beta tagTheo de Raadt
2017-03-04crank to 6.1-betaTheo de Raadt
2017-02-21temporarily disable BFD, to not block work on unlocking the socket layer.Peter Hessler
requested by deraadt@
2017-02-08In exec_elf.c: expand ELFNAME(), ELFNAME2(), and ELFNAMEEND() exceptPhilip Guenther
leaving out the size, so that ELFNAME2(exec,makecmds) becomes exec_elf_makecmds instead of exec_elf{32,64}_makecmds and then delete the ELFNAME2() and ELFNAMEEND() macros. Move the prototypes for functions local to exec_elf.c to there from exec_elf.h. Simplify the SMALL_KERNEL conditionals around the ELF coredump code. Change exec_conf.c to use the size-generic names and macros Remove exec_elf{32,64}.c and just build exec_elf.c; delete the _KERN_DO_ELF and _KERN_DO_ELF64 #defines. ok jca@, encouragement from deraadt@ and tom@
2017-01-25enable BFDPeter Hessler
OK deraadt@
2017-01-24logname(1) uses getlogin(2) to determine the user associated with theTheo Buehler
current session. This way kernels built during 'make release' should again have names such as deraadt@... bluhm@... instead of build@... in most environments. Issue reported by bluhm on icb eons ago. ok deraadt
2017-01-22define virtio in conf/filesReyk Floeter
This unbreaks build on archs that are non-pv but PCI because I moved virtio out of files.pci but kept a virtio dependency for the virtio_pci driver. Issue report and fix suggested by visa@ and miod@
2017-01-17Enable switch(4).Rafael Zalamena
ok jca@, reyk@
2017-01-13Always compile the mira code if net80211 is included.Stefan Sperling
Should unbreak the tree on many platforms broken since athn(4) 11n commit.
2016-12-22Remove PIM support from the multicast stack.Rafael Zalamena
ok mpi@
2016-12-15Remove rasops2 (2-bit color depth) functions, they are unused.Frederic Cambus
It seems unlikely that any future new platform will ever need them. OK mpi@
2016-11-30Enable mira in kernel builds.Stefan Sperling
For now, only build mira if the iwm(4) or iwn(4) drivers are also built since other wifi drivers don't even have 11n support yet. This limits platforms affected by this change to i386 and amd64. make release on i386/amd64 platforms tested by tb@ (thanks!) ok tb@ mpi@ kettenis@