deraadt [Sat, 28 Dec 2013 03:35:42 +0000 (03:35 +0000)]
The few network drivers that called their children's (ie. mii PHY
drivers) activate functions at DVACT_RESUME time do not need to do
so, since their PHYs are repaired by IFF_UP.
NOTE: if_msk is the one that previously relied on mii/eephy.c doing
a crazy dance.
deraadt [Sat, 28 Dec 2013 03:34:53 +0000 (03:34 +0000)]
The few network drivers that called their children's (ie. mii PHY
drivers) activate functions at DVACT_RESUME time do not need to do
so, since their PHYs are repaired by IFF_UP.
deraadt [Sat, 28 Dec 2013 03:30:40 +0000 (03:30 +0000)]
mii drivers no longer need activate functions. Repair of the PHY
configuration setting is done at resume time because all networks
drivers which were previously up, do an IFF_UP operation which
hits PHY_RESET.
This was in snapshots for about 2 weeks.
deraadt [Sat, 28 Dec 2013 03:28:45 +0000 (03:28 +0000)]
Move the fairly heavy eephy_init sequence [which was only done at
attach() and activate() time] into the eephy_reset() routine. This
means that a bit more work gets done at PHY_RESET time, but it means
also means it gets done in all scenarios. Why? For the next commit...
This was in snapshots for about 2 weeks.
deraadt [Sat, 28 Dec 2013 03:22:52 +0000 (03:22 +0000)]
change the stack protector guard into a long word (removing the old legacy
compat pointed out by miod), and place it inside the ELF .openbsd.randomdata
segment. Inside main(), only re-initialize the guard if the bootblocks
failed to initialize it for us.
martynas [Sat, 28 Dec 2013 03:19:02 +0000 (03:19 +0000)]
- adjust getcwd-1.c.exp.gcc{3,4} after the getwd linker warning got added
- adjust gcc-builtins to use the same approach as gcc-bounds
- enable gcc-bounds and gcc-builtins in the default regression suite
now that everything passes
deraadt [Sat, 28 Dec 2013 03:12:56 +0000 (03:12 +0000)]
We can initialize the srandom/random system earlier from arc4random,
and do not need microtime.
deraadt [Sat, 28 Dec 2013 03:04:20 +0000 (03:04 +0000)]
We can random_start() earlier (not that it does too much) and call
arc4random() much earlier. Leading to random pids for anything
besides 0 and 1.
deraadt [Sat, 28 Dec 2013 02:58:17 +0000 (02:58 +0000)]
Put the entropy_pool[] into the ELF .openbsd.randomdata segment.
Also allow random_init() to be called later, by moving a few
entropy control initializions into the lower-level _rs_seed() layer.
tested by jsing, phessler and a few others
deraadt [Sat, 28 Dec 2013 02:53:03 +0000 (02:53 +0000)]
crank the version
deraadt [Sat, 28 Dec 2013 02:51:06 +0000 (02:51 +0000)]
Try to load entropy data from disk:/etc/random.seed, and additionally
use a MD-supplied random function. Then, insert this into the ELF
openbsd.randomdata of the kernel, so that it has entropy right from
the start. Some help from jsing for the softraid aspects.
Also tested by phessler
jsing [Sat, 28 Dec 2013 02:40:41 +0000 (02:40 +0000)]
If we fail to decrypt the softraid keys, return EPERM rather than falling
through and failing when we attempt to read and validate the disklabel.
Also return ENOTSUP rather than EPERM if an attempt is made to write to a
softraid volume.
deraadt [Sat, 28 Dec 2013 02:33:15 +0000 (02:33 +0000)]
Use preprocessor symbols where possible.
martynas [Sat, 28 Dec 2013 02:27:08 +0000 (02:27 +0000)]
Prevent GCC from inlining these unsafe builtins: sprintf, vsprintf,
stpcpy, strcat, strcpy. Also don't simplify some safe builtins
into unsafe ones, otherwise we'll hit the linker with the bogus
warning. OK miod@, millert@.
jsing [Sat, 28 Dec 2013 02:25:26 +0000 (02:25 +0000)]
Add initial implementations of early MD random, for use in the boot code.
This makes use of rdrand if the CPU supports it, otherwise we fall back to
using rdtsc. Further development will happen in the tree.
Tested by phessler@
ok deraadt@
martynas [Sat, 28 Dec 2013 02:14:32 +0000 (02:14 +0000)]
Add regression tests to check whether GCC folds unsafe builtins and
actually shows the security warning. Also add some other cases
where GCC used to yield the warning but shouldn't (e.g. strncat
simplified into strcat).
martynas [Sat, 28 Dec 2013 01:51:53 +0000 (01:51 +0000)]
Annotate a few more bounded functions: realpath(3) needs a buffer
of size at least PATH_MAX. pread(2), pwrite(2) and readlinkat(2)
also take the buffer and the bound. OK theo.
deraadt [Sat, 28 Dec 2013 01:00:18 +0000 (01:00 +0000)]
document a hack we want fixed later
rpe [Fri, 27 Dec 2013 23:43:39 +0000 (23:43 +0000)]
- add chmod of seedfile in /etc
- use its return code for single/multiuser detection
ok deraadt
rpe [Fri, 27 Dec 2013 23:40:29 +0000 (23:40 +0000)]
re-use random_seed in shutdown section
ok deraadt
djm [Fri, 27 Dec 2013 22:37:18 +0000 (22:37 +0000)]
correct comment
deraadt [Fri, 27 Dec 2013 22:34:40 +0000 (22:34 +0000)]
create a seed file for the bootloader in /etc/random.seed
deraadt [Fri, 27 Dec 2013 22:33:27 +0000 (22:33 +0000)]
nest random_seed() contents into a single redirection
idea from rpe
djm [Fri, 27 Dec 2013 22:30:17 +0000 (22:30 +0000)]
make the original RSA and DSA signing/verification code look more like
the ECDSA/
Ed25519 ones: use key_type_plain() when checking the key type
rather than tediously listing all variants, use __func__ for debug/
error messages
deraadt [Fri, 27 Dec 2013 22:15:40 +0000 (22:15 +0000)]
re-do shutdown operations. Run the scripts if we may; take down carp
unconditionally, and then do the optional powerdown
discussed at length with rpe
deraadt [Fri, 27 Dec 2013 22:08:37 +0000 (22:08 +0000)]
remove lots from the Makefile, since this never depended on libsa.
deraadt [Fri, 27 Dec 2013 21:43:47 +0000 (21:43 +0000)]
sync
deraadt [Fri, 27 Dec 2013 21:40:57 +0000 (21:40 +0000)]
oops, correct wording
deraadt [Fri, 27 Dec 2013 21:40:16 +0000 (21:40 +0000)]
correct comment about why first 16 pages are skipped: SMI corruption
is the real cause
discussed with mlarkin
deraadt [Fri, 27 Dec 2013 19:17:28 +0000 (19:17 +0000)]
from netbsd, free(bbp) in error paths. Coverity CID 274748.
via Loganaden Velvindron
deraadt [Fri, 27 Dec 2013 18:32:19 +0000 (18:32 +0000)]
do not need to create the stack cookie using a constructor anymore,
since the kernel supplies a .openbsd.randomdata segment.
ok matthew miod guenther
deraadt [Fri, 27 Dec 2013 18:08:36 +0000 (18:08 +0000)]
/stand went away
prompted by jmc
deraadt [Fri, 27 Dec 2013 17:41:30 +0000 (17:41 +0000)]
/stand has not been used in decades
ok miod
jsing [Fri, 27 Dec 2013 15:02:49 +0000 (15:02 +0000)]
Instead of playing #include games to get a 32-bit ELF implementation on
amd64, simply compile in our own nlist_elf32. Remove ECOFF and AOUT from
the nlist implementation since we do not need it.
This makes the code identical for the i386 and amd64 versions of
installboot(8).
jsing [Fri, 27 Dec 2013 14:23:49 +0000 (14:23 +0000)]
Add installboot support for hppa.
jsing [Fri, 27 Dec 2013 14:17:55 +0000 (14:17 +0000)]
Provide a bootstrap implementation (effectively a `disklabel -B'
equivalent) for use with architectures like hppa, landisk and vax.
jsing [Fri, 27 Dec 2013 14:12:56 +0000 (14:12 +0000)]
Add installboot support for amd64.
jsing [Fri, 27 Dec 2013 14:03:00 +0000 (14:03 +0000)]
Rename some confusing variables.
jsing [Fri, 27 Dec 2013 13:52:40 +0000 (13:52 +0000)]
Initial version of a unified installboot(8) that lives outside of
sys/arch/${MACHINE}/stand. For now this only supports i386, however
additional architectures will be added and further development can happen
in tree.
Requested by deraadt@ quite some time ago.
deraadt [Fri, 27 Dec 2013 04:21:48 +0000 (04:21 +0000)]
when forcing a re-key, might as well toss in dmesg as additional seed
material
deraadt [Fri, 27 Dec 2013 04:21:03 +0000 (04:21 +0000)]
all the random devices have been the same for a while; so let us avoid
being obtuse and use /dev/random
deraadt [Fri, 27 Dec 2013 03:22:27 +0000 (03:22 +0000)]
remove non-openbsd.randomdata parts
ok miod matthew
schwarze [Fri, 27 Dec 2013 00:48:18 +0000 (00:48 +0000)]
Add HISTORY and AUTHORS; triggered by a shorter patch from bcallah@.
OK bcallah@ on a previous version, plus feedback from guenther@.
guenther [Fri, 27 Dec 2013 00:00:49 +0000 (00:00 +0000)]
Document the P_SUSPSINGLE flag bit
miod [Thu, 26 Dec 2013 21:02:37 +0000 (21:02 +0000)]
When running the ll/sc version of the mutex code (for MULTIPROCESSOR kernels),
correctly handle sc failures. All other ll/sc constructs were doing this
correctly but apparently noone had noticed mutex did not.
mlarkin [Thu, 26 Dec 2013 18:52:09 +0000 (18:52 +0000)]
Back at t2k13, I wrote code to park APs in real mode before resuming a
hibernated image. We backed out the code because it was causing reboots on
resume. Turns out the parking code had a bug that caused the CPU to jump
to some bogus address (calculating a bad offset for the jump target), which
was likely the source of the problem. This diff fixes the bad offset
calculation (verified by looking at the resulting asm output). This will be
the first step in attempting to resurrect the original idea (and eventually
add i386 if/when it works).
discussed with deraadt@
espie [Thu, 26 Dec 2013 18:05:31 +0000 (18:05 +0000)]
make absence of pkg_scripts non silent, after nits from theo and halex.
okay rpe@, kirby@
eric [Thu, 26 Dec 2013 17:32:33 +0000 (17:32 +0000)]
constify data parameter in imsg_add() and imsg_compose()
ok deraadt@
eric [Thu, 26 Dec 2013 17:25:32 +0000 (17:25 +0000)]
bcopy -> memmove
bzero -> memset
schwarze [Thu, 26 Dec 2013 17:23:31 +0000 (17:23 +0000)]
Rework the documentation of Spaces, using the Ossanna/Kernighan/Ritter
Heirloom Nroff/Troff User's Manual at the authoritative reference.
Part of our text was outright wrong.
Also, refrain from advertising the paddable non-breaking space `\~'
in the DESCRIPTION, for three reasons: For nroff mode, -Tascii, and
fixed width fonts in general, it makes no difference, so keep the
discussion simple. Compared to `\ ', '\~' is of questionable portability.
And if you want to keep words together, it is also more usual that you
don't want padding to intervene either.
Finally, drop the `\c' escape sequence (interrupt text processing)
which is not a special character but an input processing instruction
akin to the \<newline> escape sequence.
kettenis [Thu, 26 Dec 2013 16:22:55 +0000 (16:22 +0000)]
spacing
espie [Thu, 26 Dec 2013 10:25:07 +0000 (10:25 +0000)]
to be dealt with
espie [Thu, 26 Dec 2013 07:17:15 +0000 (07:17 +0000)]
either dvp == vp or dvp != vp: zap extra test.
okay guenther@
schwarze [Thu, 26 Dec 2013 02:55:35 +0000 (02:55 +0000)]
I have no idea how it happened that \B, \H, \h, \L, and \l got
mapped to ESCAPE_NUMBERED (which is for \N and only for \N), that
made no sense at all. Properly remap them to ESCAPE_IGNORE.
While here, move \B and \w from the group taking number arguments
to the group taking string arguments; right now, that doesn't imply
any functional change, but if we ever go ahead and implement a
parser for roff(7) numerical expressions, it will suddenly start
to matter, and cause confusion.
schwarze [Thu, 26 Dec 2013 02:43:12 +0000 (02:43 +0000)]
The roff language really has two groups of basic building blocks:
Requests and escape sequences. Consequently, supplement the
REQUEST REFERENCE by an ESCAPE SEQUENCE REFERENCE, such that people
no longer need to guess or experiment what mandoc(1) implements,
what it parses and ignores, and what it doesn't handle at all.
schwarze [Wed, 25 Dec 2013 22:45:16 +0000 (22:45 +0000)]
Parse and ignore the roff(7) escape sequences \d (move half line down)
und \u (move half line up). Found by bentley@ in some DocBook crap.
Surprisingly, these two do actually occur in our terminfo(5),
so this patch reduces groff-mandoc differences in base by 0.03%.
schwarze [Wed, 25 Dec 2013 22:28:37 +0000 (22:28 +0000)]
repair the dates
schwarze [Wed, 25 Dec 2013 22:00:34 +0000 (22:00 +0000)]
Implement .Fo/.Fa/.Fc indentation and break handling for -Tman.
schwarze [Wed, 25 Dec 2013 21:24:03 +0000 (21:24 +0000)]
Oops, .Fa never breaks the output line in the middle of any of its
arguments, not even outside SYNOPSIS mode. Quite surprising as .Fn
does break the line in the middle of its arguments outside SYNOPSIS
mode, and only doesn't do that in SYNOPSIS mode. Wonders of groff...
miod [Wed, 25 Dec 2013 21:01:01 +0000 (21:01 +0000)]
Instead of deciding which iockbc port is the keyboard port, and which one is the
mouse port, depending upon the system time, match what the prom is doing and
actually probe for a keyboard on both ports, and decide the first port with a
keyboard is the keyboard port.
If no keyboard is found, but a mouse is found, decide the keyboard port is the
empty one.
If no device is found, then we can try and pick the defaults, depending upon
the system we are running on, as this used to be the case (i.e. coping with
Fuel having keyboard on port 1 and mouse on port 0 when connecting devices
according to the chassis' markings).
This is necessary because different IO9 board revisions on Tezro come with
different wirings, and we can not tell these boards apart.
Discussed with "nullnilaki" (nullnilaki on gmail) who is the lucky owner of an
Onyx 350 with correct wiring and a Tezro with inverted wiring. Tested on Octane
and Fuel with all combinations of devices connected (mouse only, keyboard only,
keyboard and mouse) in both ports, glass and serial console.
XXX We probably want to allow for more pckbd attachment flexibility on non-x86
XXX platforms eventually (at least where the PS/2 slots are really independent,
XXX so that we can attach pckbd to any port and better cope with human error
XXX when connecting devices.
espie [Wed, 25 Dec 2013 15:59:51 +0000 (15:59 +0000)]
fix autoloading of quirks: don't try to run quirks while processing the
quirks set, as we may accidentally load the old one.
also, in case we can't load quirks, report if quirks should be there,
e.g., compilation error, without regard to verbose status
miod [Wed, 25 Dec 2013 15:14:59 +0000 (15:14 +0000)]
Pass _dl_dtors as the csu cleanup routine on sh
schwarze [Wed, 25 Dec 2013 15:12:39 +0000 (15:12 +0000)]
Garbage collect two local variables each used only one single time.
miod [Wed, 25 Dec 2013 15:01:39 +0000 (15:01 +0000)]
Pass _dl_dtors as the csu cleanup routine on arm.
schwarze [Wed, 25 Dec 2013 14:40:29 +0000 (14:40 +0000)]
In the SYNOPSIS, implement hanging indentation for .Fo
and avoid output line breaks inside .Fa arguments.
This reduces groff-mandoc differences in base by more than 8%.
Patch from Franco Fichtner <franco at lastsummer dot de> (DragonFly).
espie [Wed, 25 Dec 2013 14:38:56 +0000 (14:38 +0000)]
sign package thru a signer object, instead of hardcoding signature parameters
espie [Wed, 25 Dec 2013 14:38:15 +0000 (14:38 +0000)]
move the choice of signature type for checking into one single place
espie [Wed, 25 Dec 2013 14:20:48 +0000 (14:20 +0000)]
a bit more scaffolding for running quirks. In particular, once quirks
have been loaded, complain loudly if something doesn't work.
(and complain when quirks don't load in !verbose mode)
schwarze [Wed, 25 Dec 2013 14:08:36 +0000 (14:08 +0000)]
Support .St -xsh4.2, the System Interfaces part of the original Single
UNIX Specification. As this one appears to be used in the wild and we
already have -xpg4.2 and even -xsh5, it makes sense to add this one.
Note that calling the original SUS XPG4.2 appears to be more common
than calling it SUSv1, so it's ok that we don't have .St -susv1.
From Sascha Wildner <saw at online dot de> (DragonFly) via Franco Fichtner.
espie [Wed, 25 Dec 2013 14:04:50 +0000 (14:04 +0000)]
zap defines that don't make any sense for us
okay tedu@
miod [Wed, 25 Dec 2013 13:06:00 +0000 (13:06 +0000)]
Pass _dl_dtors as the csu cleanup routine on m68k and m88k; change the
conditional in the MI code to only list the architectures left to adapt.
kettenis [Wed, 25 Dec 2013 11:10:02 +0000 (11:10 +0000)]
Make ld.so pass its cleanup handler in %g1 as required by the SPARC System V
ABI, and stop calling atexit(4) directly from ld.so on sparc.
aoyama [Wed, 25 Dec 2013 10:41:55 +0000 (10:41 +0000)]
Add missing IPL_MPSAFE, as same as mvme88k.
ok miod@
tedu [Wed, 25 Dec 2013 01:46:00 +0000 (01:46 +0000)]
final circleq to tailq fix. restore the previous pointer check by reading
the previous value again and checking prev.next is still next.
maybe ok guenther
schwarze [Wed, 25 Dec 2013 00:50:03 +0000 (00:50 +0000)]
s/[Nn]ull/NUL/ in comments where appropriate;
suggested by Thomas Klausner <wiz @ NetBSD dot org>.
schwarze [Wed, 25 Dec 2013 00:39:13 +0000 (00:39 +0000)]
Do not break output lines in .Fn function arguments in SYNOPSIS mode.
Following an idea from Franco Fichtner, but implemented more cleanly.
This reduces groff-mandoc-differences in base by a fantastic 7.5%.
tedu [Tue, 24 Dec 2013 23:29:38 +0000 (23:29 +0000)]
rearrange/correct timeout conditionals to work better.
fixes negative timeout panics. tested by sthen.
schwarze [Tue, 24 Dec 2013 23:04:29 +0000 (23:04 +0000)]
Delete the unused flag TERMP_IGNDELIM
and the empty callback termp_igndelim_pre().
Sort the remaining termp flags.
tedu [Tue, 24 Dec 2013 22:26:19 +0000 (22:26 +0000)]
more fixing after circleq conversion. a better fix to check the prev
pointer is forthcoming.
schwarze [Tue, 24 Dec 2013 22:08:23 +0000 (22:08 +0000)]
Implement SYNOPSIS .Fn indentation for -Tman.
schwarze [Tue, 24 Dec 2013 20:45:21 +0000 (20:45 +0000)]
It turns out SYNOPSIS mode does not imply .Bk in general,
but only within .Nm blocks. Simplify the code accordingly.
This reduces groff-mandoc differences in base by about 2%.
Triggered by research done by Franco Fichtner.
schwarze [Tue, 24 Dec 2013 19:10:34 +0000 (19:10 +0000)]
When deciding whether two consecutive macros are on the same input line,
we have to compare the line where the first one *ends* (not where it begins)
to the line where the second one starts.
This fixes the bug that .Bk allowed output line breaks right after block
macros spanning more than one input line, even when the next macro follows
on the same line.
schwarze [Tue, 24 Dec 2013 16:01:15 +0000 (16:01 +0000)]
More .Bk tests to lessen the risk of upcoming work.
schwarze [Tue, 24 Dec 2013 15:58:07 +0000 (15:58 +0000)]
When i replaced the very ugly .in: suffix rule in my previous commit,
that inadvertently disabled the -Tman tests. Oops.
Enable them again.
Fortunately, in the meantime, nothing slipped.
deraadt [Tue, 24 Dec 2013 14:17:02 +0000 (14:17 +0000)]
sync
kettenis [Tue, 24 Dec 2013 13:23:21 +0000 (13:23 +0000)]
If the FADT has its SMI_CMD set to zero, assume we're only ACPI-only hardware
and don't need to disable SMI ownership of the ACPI hardware registers.
ok mlarkin@
jca [Tue, 24 Dec 2013 13:00:59 +0000 (13:00 +0000)]
Add support for SSL/TLS server certificate validation, enabled by
default. See the documentation for the `-S' switch. This also allows
setting the preferred ciphers for the communication. Documentation bits
ok'ed by jmc@, ok beck@ sthen@.
kettenis [Tue, 24 Dec 2013 10:53:37 +0000 (10:53 +0000)]
Remove some leftover bits that are no longer necessary now that we no
longer call atexit(4) directly on hppa.
deraadt [Tue, 24 Dec 2013 05:31:48 +0000 (05:31 +0000)]
sync
deraadt [Tue, 24 Dec 2013 05:31:13 +0000 (05:31 +0000)]
yup, we do ELF
dlg [Tue, 24 Dec 2013 01:11:04 +0000 (01:11 +0000)]
get rid of if (timeout_pending()) timeout_del(). this is racy. any
conditionals you did on timeout_pending can now be done on timeout_del
now that it returns what it did.
ok and a very good fix from kettenis@
tedu [Tue, 24 Dec 2013 01:11:00 +0000 (01:11 +0000)]
rename local ticks to nticks to avoid aliasing global. ok krw
halex [Tue, 24 Dec 2013 00:18:46 +0000 (00:18 +0000)]
fix error checking oddity in msdosfs code, as noted by kettenis@
ok mikeb@ espie@
deraadt [Mon, 23 Dec 2013 23:32:40 +0000 (23:32 +0000)]
remove junk
deraadt [Mon, 23 Dec 2013 23:23:22 +0000 (23:23 +0000)]
spelling
tedu [Mon, 23 Dec 2013 23:00:38 +0000 (23:00 +0000)]
install a link as sha512. simplify program internals; there are only
two modes. ok deraadt gilles jca
tedu [Mon, 23 Dec 2013 22:39:50 +0000 (22:39 +0000)]
fix circleq tailq conversion
kettenis [Mon, 23 Dec 2013 22:24:37 +0000 (22:24 +0000)]
Use slightly diffrerent code to get the global offset table address. This
version will match the (upcoming) 32-bit version (for sparc) and allegedly
is slightly faster.
kettenis [Mon, 23 Dec 2013 22:13:03 +0000 (22:13 +0000)]
Make ld.so pass its cleanup handler in %rdx as required by the AMD64 System V
ABI, and stop calling atexit(4) directly from ld.so on amd64. Note that this
means that binaries built before the middle of november may no longer call
destructors in shared libraries implemented in C++. Update your packages!
ok guenther@
kettenis [Mon, 23 Dec 2013 22:03:52 +0000 (22:03 +0000)]
Make ld.so pass its cleanup handler in r7 as required by the PowerPC System V
ABI, and stop calling atexit(4) directly from ld.so on powerpc.