| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The timecounter struct is large and I think it may change in the
future. Changing it later will be easier if we use C99-style
initialization for all timecounter structs. It also makes reading the
code a bit easier.
For reasons I cannot explain, switching to C99-style initialization
sometimes changes the hash of the resulting object file, even though
the resulting struct should be the same. So there is a binary change
here, but only sometimes. No behavior should change in either case.
I can't compile-test this everywhere but I have been staring at the
diff for days now and I'm relatively confident this will not break
compilation. Fingers crossed.
ok gnezdo@
|
| |
|
|
|
|
|
|
|
| |
exposing battery sensors for HID++ 2.0 devices. Most of the code is
derived from the hid-logitech-hidpp Linux driver.
Thanks to Ville Valkonen <weezeldinga at gmail dot com> for testing.
ok mglocker@
|
| |
|
|
| |
ok kettenis
|
| |
|
|
|
| |
SMALL_KERNEL specific variations.
ok espie jsg
|
| |
|
|
|
|
|
|
| |
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
|
| |
|
|
|
|
|
|
|
|
| |
At a minimum, amd64/i386 should now boot from 4TB GPT formatted disks.
More daddr32_t terminations with extreme prejudice to follow.
Tested by various, in snaps for a few days.
ok deraadt@
|
| |
|
|
|
|
|
| |
Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.
ok cheloha@, deraadt@
|
| |
|
|
| |
to need KERNE_LOCK. Been testing this for about 3 weeks.
|
| | |
|
| |
|
|
| |
as best we can.
|
| |
|
|
|
| |
minor refactorings to narrow KERNEL_LOCK just around uvm_fault()
ok kettenis
|
| |
|
|
|
|
| |
The condition around uvm_grow() can be simplified, as the error result
adjustment is effectively a dead store
ok kettenis
|
| | |
|
| |
|
|
|
| |
need to do it
ok kettenis
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Normally we set hz(9) at compile-time in sys/conf/param.c to the value
of HZ. HZ is one of the fundamental compilation options(4). However,
sometimes we need to reset hz(9) at runtime.
Whenever we reset hz(9) we need to recompute tick and tick_nsec.
Otherwise a variety of "time stuff" in the kernel will not work
correctly. For example, most timeouts will expire "too slow" or "too
fast". There are a bunch of other places we use tick and tick_nsec
that will exhibit similar problems.
Test-compiled by deraadt@.
|
| |
|
|
| |
ok kettenis
|
| |
|
|
|
| |
the current cpu so use curcpu() rather than the old cpu in ci.
ok kettenis
|
| |
|
|
|
|
|
|
| |
This should be sufficient for identifying pivoted ROP. Doing so for other
traps is at best opportunistic for finding a straight-running ROP chain,
but the added (and rare) sleeping point has proven to be dangerous.
Discussed at length with kettenis and mortimer.
ok mortimer kettenis mpi
|
| |
|
|
| |
OK deraadt@, mpi@
|
| |
|
|
| |
ok kettenis@, visa@
|
| | |
|
| |
|
|
| |
OK deraadt@, visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
| |
|
|
| |
"looks right" deraadt@
|
| |
|
|
|
|
|
|
| |
functionality is provided by <sys/stdarg.h> using compiler builtins.
Tested in a ports bulk build on amd64 by naddy@
OK naddy@ mpi@
|
| |
|
|
| |
ok dlg@, powerpc/sparc64 ok kettenis@, sparc64/alpha tested by deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rnd.c uses nanotime to get access to some bits that change quickly
between events that it can mix into the entropy pool. it doesn't
use nanotime to get a monotonically increasing set or ordered and
accurate timestamps, it just wants something with bits that change.
there's been discussions for years about letting rnd use a clock
that's super fast to read, but not necessarily accurate, but it
wasn't until recently that i figured out it wasn't interested in
time at all, so things like keeping a fast clock coherent between
cpu cores or correct according to ntp is unecessary. this means we
can just let rnd read the cycle counters on cpus and things will
be fine. cpus with cycle counters that vary in their speed and
arent kept consistent between cores may even be desirable in this
context.
so this is the first step in converting rnd.c to reading cycle
counter. it copies the nanotime backend to each arch, and they can
replace it with something MD as a second step later on.
djm@ suggested rnd_messybytes, but we landed on cpu_rnd_messybits.
thanks to visa for his eyes.
ok deraadt@ visa@
deraadt@ says he will help handle any MD fallout that occurs.
|
| |
|
|
|
|
| |
conversion steps). it only contains kernel prototypes for 4 interfaces,
all of which legitimately belong in sys/systm.h, which are already included
by all enqueue_randomness() users.
|
| |
|
|
|
|
| |
Nothing uses the header anymore.
OK deraadt@ mpi@
|
| |
|
|
|
| |
(fchmod +T by bootcode, chmod 600 by /etc/rc). If the seed is reused, and
HWRNG isn't available, the kernel won't get RB_GOODSEED indication...
|
| |
|
|
|
|
| |
relax the fstat() check because the system will have left the file
in the right mode.
ok visa kettenis
|
| | |
|
| | |
|
| |
|
|
| |
miod@ agrees this can go
|
| | |
|
| |
|
|
|
|
|
| |
These were removed from files.alpha 1.105 in 2017 and the rcons bits
they reference were removed in 2006.
removal suggested by miod@
|
| |
|
|
| |
This shrinks the ramdisks a tiny bit.
|
| |
|
|
|
| |
ok deraadt@, mpi@, visa@
ok cheloha@ as well (would have preferred in new file for this code)
|
| |
|
|
|
|
|
|
| |
amd64/arm64/armv7/hppa/i386/landisk/macppc/mips64/sparc64 and move it to
the end of machdep.c. Wrap the existing clockfns hooks into something
that can be used as a todr_handle.
ok deraadt@
|
| | |
|
| |
|
|
|
| |
custom installboot to deal with ffs2. While there, fix the partition
read code to deal with offsets > 2G; ok deraadt@
|
| |
|
|
|
| |
messages do have the newline already.
OK anton@ kettenis@
|
| |
|
|
| |
ok visa@, kettenis@, deraadt@
|
| |
|
|
|
|
|
|
| |
i was lazy and just put them at the end of the existing set. fyi,
i think major 51 is free on all archs if anyone is looking for
another one.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
| |
|
|
| |
OK deraadt@
|
| |
|
|
|
|
|
|
|
|
|
| |
retguard and similar when profiling. However, that missed all the .S files,
as ${PROF} wasn't added when ${NORMAL_S} was converted from direct invocation
of ${AS} to instead use ${CC}. Similarly, mcount.o still had retguards
as it cannot be built with -pg. So: pass ${PROF} when compiling .S files,
and compile "no profiling" files with -fno-ret-protector on archs with
retguard.
feedback and ok mpi@ mortimer@
|
| | |
|
| |
|
|
| |
ok jasper@, deraadt@
|
jsg
cheloha
anton
deraadt
thfr
krw
mpi
visa
fcambus
pirofti
dlg
naddy
kettenis
jmc
otto
claudio
reyk
guenther