Age | Commit message (Collapse) | Author |
|
writing to disk using the Open Firmware interfaces is buggy and causes
corruption of the disk. While it isn't entirely clear what versions
of Open Firmware are affected, but it seems to only affect IDE drives.
So if we detect an IDE drive, disable writing to it. This results in
a small lose of bootloader functionality (bsd.upgrade loop prevention
and flagging /etc/random.seed re-use) but that is better than losing
the ability to run OpenBSD at all.
Based on a diff by Ted Bullock (who did all the hard work of debugging
this and coming up with a viable fix).
ok deraadt@
|
|
to 3-term BSD license.
|
|
ok krw@, deraadt@
|
|
ok kettenis@
|
|
O_RDONLY rather using 0
ok beck
|
|
I should have used Byte (unsigned char) which led to passing twice the
correct size to free.
Found & tested by bluhm with the sys/netinet/ipsec tests on i386.
|
|
Rebased version of a diff from miod who described it as follows:
This tries to keep diffability against upstream, hence a questionable
choice of the size type for zcfree() - but all sizes should fit in 32
bits anyway.
Since all zcfree routines used in the tree cope with NULL arguments
(including the various alloc.c used by the boot blocks), I have
simplified TRY_FREE to compensate for the growth.
Reminded by and ok mpi
|
|
These library functions were added as stopgaps because GCC 4.2.1
lacks the corresponding __sync_* builtins on mips64. However,
the builtins are now provided by Clang.
|
|
option BUILDFIXED -- which is incompatible with kernel hibernate unpack since
it places side-effects into BSS, rather than inside z_streamp or using
the private allocator. While here DYNAMIC_CRC_TABLE could cause similar
problems, so disable this also.
Space savings for the media is best done with bootblock-specific libz
compile options, coming in the following commit.
ok tb mlarkin
|
|
|
|
|
|
made sense.
Tested in snaps for a few days. deraadt helped with fitting things on
floppies and jmatthew found a bug I introduced.
ok deraadt
|
|
|
|
|
|
|
|
|
|
|
|
At a minimum, amd64/i386 should now boot from 4TB GPT formatted disks.
More daddr32_t terminations with extreme prejudice to follow.
Tested by various, in snaps for a few days.
ok deraadt@
|
|
This changes RETGUARD_SETUP(ffs) to RETGUARD_SETUP(ffs, %r11, %r12)
and RETGUARD_CHECK(ffs) to RETGUARD_CHECK(ffs, %r11, %r12)
to show that r11 and r12 are in use between setup and check, and to
pick registers other than r11 and r12 in some kernel functions.
ok mortimer@ deraadt@
|
|
This was in the macppc snap, but I forgot to include it in my last
commit "Retguard asm macros for powerpc libc, ld.so"
|
|
OK kettenis@
|
|
ok mortimer kettenis
|
|
Needed to build a sparc64 kernel with clang 10.
ok kettenis@
|
|
so that we can reuse them in other compiler_rt routines.
ok kettenis@
|
|
clang 10 on armv7 references these when building RAMDISK (-Oz) but not
GENERIC (-O2).
feedback and ok guenther@
|
|
this fell out of a discussion with mortimer
ok kettenis
|
|
|
|
blf_enc() takes a number of 64-bit blocks to encrypt, but using
sizeof(uint64_t) in the calculation triggers a warning from clang
10 because the actual data type is uint32_t. Pass BCRYPT_WORDS / 2
for the number of blocks like libc bcrypt(3) does. OK kettenis@
|
|
arm64/powerpc/powerpc64, making use of the count leading zeros
instruction.
powerpc testing by cwen@; ok kettenis@ deraadt@
|
|
of returning -1. With a return type of u_int16_t, -1 is not different
to a valid checksum. For incoming packets, the header lengths don't
exceed that size anyway, but for outgoing packets it's better to see
if our bootloader crafts a broken one.
Discussed with gerhard@
ok deraadt@ procter@
|
|
with odd packet lengths, which can happen when using TFTP to load
a file with an odd length. ospfd actually took dvmrpd's version
in 2006 to fix the same issue, and both daemons implementations are
the same. For the bootloader we keep the consts from the previous
version and replace the fatal with a print and return.
ok deraadt@
|
|
With this it's possible to build the kernel using clang.
Discussed with claudio@, ok deraadt@
|
|
MDFSOPT and add a missing prototype.
|
|
The macros are defined in a part of the header where a C compiler
is required. In addition, the macros expand to C code, so it looks
unnecessary to define the asserts with traditional cpp in mind.
OK cheloha@, mpi@
|
|
entry point.
ok mlarkin@, deraadt@
|
|
inspect the memory layout that the firmware has created. It is
especially useful for UEFI debugging.
OK deraadt@ kettenis@
|
|
ok kettenis@, jca@
|
|
it larger than RC4STATE. A long discussion ensued. In conclusion all
entropy inputs are either satisfactory enough, or just as shitty at 512.
|
|
section, which has grown a fair bit with the introduction of retguard.
Mortimer discovered the repeated 512-byte sequence as retguard keys, and
this resolves the issue. (Chacha does not fit on the media, so 1.5K early
drop RC4 is hopefully sufficient in our KARL link universe)
Version crank the bootblocks. sysupgrade -s will install new bootblocks.
ok djm mortimer
|
|
ok djm mortimer
|
|
so the file cannot be re-executed upon the next boot. This provides a
stronger one-shot-upgrade model than the upgrade script's rm /bsd.upgrade.
Now various forms of upgrade failure will reboot into /bsd, which is probably
more recoverable. Performing fchmod -x depends on (1) use of MI boot.c
(not alpha/macppc/sparc64/sgi/octeon) and (2) "can write blocks" functionality
in the IO layer. Most architectures have this support now.
Two diagnostics "fchmod a-x %s: failed" and "/bsd.upgrade is not u+x" will
remain in the tree while refinements happen for some of the laggard
architectures.
based upon a discussion florian
tested in snapshots for more than a week without any complaints
|
|
Probably not very useful (given the lack of feedback) but feels more
correct. Kernel part tested with option ZLIB_CONST.
|
|
Introduced in zlib-1.2.5.2, used by a few ports. ok deraadt@
|
|
|
|
fails and locks early in boot.
|
|
memcpy() correct behaviour. This also brings the bcopy() macro into line.
|
|
details from the ELF header instead of faking it.
Proposal from mlarkin, tested on most architectures already
|
|
|
|
half or more would be wasted. Causes more effective re-use of blocks.
ok jsing@
|
|
Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.
With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.
This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).
ok mortimer@ tb@
|