| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The timecounter struct is large and I think it may change in the
future. Changing it later will be easier if we use C99-style
initialization for all timecounter structs. It also makes reading the
code a bit easier.
For reasons I cannot explain, switching to C99-style initialization
sometimes changes the hash of the resulting object file, even though
the resulting struct should be the same. So there is a binary change
here, but only sometimes. No behavior should change in either case.
I can't compile-test this everywhere but I have been staring at the
diff for days now and I'm relatively confident this will not break
compilation. Fingers crossed.
ok gnezdo@
|
| |
|
|
| |
From miod@
|
| |
|
|
|
|
|
|
|
| |
exposing battery sensors for HID++ 2.0 devices. Most of the code is
derived from the hid-logitech-hidpp Linux driver.
Thanks to Ville Valkonen <weezeldinga at gmail dot com> for testing.
ok mglocker@
|
| |
|
|
|
| |
SMALL_KERNEL specific variations.
ok espie jsg
|
| |
|
|
|
|
|
|
| |
This includes ujoy_hid_is_collection() to work around limitations of
hid_is_collection() until this can be combined without fallout.
input, testing with 8bitdo controller, and ok brynet@
PS4 controller testing, fix for hid_is_collection, and ok mglocker@
|
| |
|
|
| |
ok miod@, deraadt@
|
| |
|
|
|
|
|
| |
Clean up things a bit, adding documentation about the source of the
information about these instructions.
From miod@
|
| |
|
|
|
|
|
|
|
|
| |
At a minimum, amd64/i386 should now boot from 4TB GPT formatted disks.
More daddr32_t terminations with extreme prejudice to follow.
Tested by various, in snaps for a few days.
ok deraadt@
|
| |
|
|
|
|
|
| |
Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.
ok cheloha@, deraadt@
|
| |
|
|
|
| |
minor refactorings to narrow KERNEL_LOCK just around uvm_fault()
ok kettenis
|
| |
|
|
|
| |
within the correct #ifdef of course.
ok kettenis
|
| |
|
|
|
|
| |
copyoutstr(9) should bail out properly if they are called with a
length of 0.
ok kettenis@
|
| |
|
|
| |
ok kettenis
|
| |
|
|
|
|
|
|
| |
This should be sufficient for identifying pivoted ROP. Doing so for other
traps is at best opportunistic for finding a straight-running ROP chain,
but the added (and rare) sleeping point has proven to be dangerous.
Discussed at length with kettenis and mortimer.
ok mortimer kettenis mpi
|
| |
|
|
|
|
|
|
| |
and take the cr27 value that was saved in the trap frame. This matches
what process_read_regs() does and prevents returning the wrong values if
the uvm_map_inentry() checks sleeps trying to grab the vm_map read lock.
ok miod@, deraadt@
|
| |
|
|
| |
ok kettenis@, visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
| |
|
|
| |
"looks right" deraadt@
|
| |
|
|
|
|
|
|
| |
functionality is provided by <sys/stdarg.h> using compiler builtins.
Tested in a ports bulk build on amd64 by naddy@
OK naddy@ mpi@
|
| |
|
|
| |
ok dlg@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
rnd.c uses nanotime to get access to some bits that change quickly
between events that it can mix into the entropy pool. it doesn't
use nanotime to get a monotonically increasing set or ordered and
accurate timestamps, it just wants something with bits that change.
there's been discussions for years about letting rnd use a clock
that's super fast to read, but not necessarily accurate, but it
wasn't until recently that i figured out it wasn't interested in
time at all, so things like keeping a fast clock coherent between
cpu cores or correct according to ntp is unecessary. this means we
can just let rnd read the cycle counters on cpus and things will
be fine. cpus with cycle counters that vary in their speed and
arent kept consistent between cores may even be desirable in this
context.
so this is the first step in converting rnd.c to reading cycle
counter. it copies the nanotime backend to each arch, and they can
replace it with something MD as a second step later on.
djm@ suggested rnd_messybytes, but we landed on cpu_rnd_messybits.
thanks to visa for his eyes.
ok deraadt@ visa@
deraadt@ says he will help handle any MD fallout that occurs.
|
| |
|
|
|
|
| |
conversion steps). it only contains kernel prototypes for 4 interfaces,
all of which legitimately belong in sys/systm.h, which are already included
by all enqueue_randomness() users.
|
| |
|
|
|
|
| |
Nothing uses the header anymore.
OK deraadt@ mpi@
|
| | |
|
| |
|
|
|
|
|
| |
here, and alternatively would need to rewind). WRITE code exists, but was
always wrong -- it writes the cache-buffer to disk, rather than the provided
write-buffer. Copy the write-buffer into the cache, and invalidate the cache
completely so that future reads start from scratch.
|
| |
|
|
| |
This shrinks the ramdisks a tiny bit.
|
| |
|
|
|
| |
ok deraadt@, mpi@, visa@
ok cheloha@ as well (would have preferred in new file for this code)
|
| |
|
|
|
|
|
| |
the file system such that implementations can use it to guess the right
century.
ok mpi@
|
| |
|
|
|
|
|
|
| |
amd64/arm64/armv7/i386/sparc64 and move it to the end of machdep.c. Rework the
actual implementation for the MC14818 compatible RTC into something that can
be used as a todr_handle just like on amd64.
ok mpi@
|
| |
|
|
|
|
|
|
| |
Upgrade stacktrace_save() to stacktrace_save_at() on architectures where
the latter is missing. Define stacktrace_save() as an inline function
in header <sys/stacktrace.h> to reduce duplication of code.
OK mpi@
|
| | |
|
| |
|
|
|
|
| |
Tested by kettenis@.
ok kettenis@
|
| |
|
|
| |
ok visa@, kettenis@, deraadt@
|
| |
|
|
|
|
|
|
| |
i was lazy and just put them at the end of the existing set. fyi,
i think major 51 is free on all archs if anyone is looking for
another one.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
| |
require the debugger on most architectures, and the separation makes the
code easier to use from other subsystems.
The function definitions are still conditional to DDB. However, that
should not matter for now.
OK deraadt@, mpi@
|
| |
|
|
|
| |
Document the new feature in boot(8) man page.
OK jmc@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
While FIDO/U2F keys were already supported by the generic uhid(4)
driver, this driver adds the first step to tighten the security of
FIDO/U2F access. Specifically, users don't need read/write access to
all USB/HID devices anymore and the driver also improves integration
with pledge(2) and unveil(2): It is pledge-friendly because it doesn't
require any ioctls to discover the device and unveil-friendly because
it uses a single /dev/fido/* directory for its device nodes.
It also allows to support FIDO/U2F in firefox without further
weakening the "sandbox" of the browser. Firefox does not have a
proper privsep design and many operations, such as U2F access, are
handled directly by the main process. This means that the browser's
"fat" main process needs direct read/write access to all USB HID
devices, at least on other operating systems. With fido(4) we can
support security keys in Firefox under OpenBSD without such a
compromise.
With this change, libfido2 stops using the ioctl to query the device
vendor/product and just assumes "OpenBSD" "fido(4)" instead. The
ioctl is still supported but there was no benefit in obtaining the
vendor product or name; it also allows to use libfido2 under pledge.
With feedback from deraadt@ and many others
OK kettenis@ djm@ and jmc@ for the manpage bits
|
| |
|
|
|
|
| |
inspect the memory layout that the firmware has created. It is
especially useful for UEFI debugging.
OK deraadt@ kettenis@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
retguard and similar when profiling. However, that missed all the .S files,
as ${PROF} wasn't added when ${NORMAL_S} was converted from direct invocation
of ${AS} to instead use ${CC}. Similarly, mcount.o still had retguards
as it cannot be built with -pg. So: pass ${PROF} when compiling .S files,
and compile "no profiling" files with -fno-ret-protector on archs with
retguard.
feedback and ok mpi@ mortimer@
|
| | |
|
| |
|
|
| |
ok dlg@, jasper@
|
| |
|
|
|
|
|
|
|
| |
section, which has grown a fair bit with the introduction of retguard.
Mortimer discovered the repeated 512-byte sequence as retguard keys, and
this resolves the issue. (Chacha does not fit on the media, so 1.5K early
drop RC4 is hopefully sufficient in our KARL link universe)
Version crank the bootblocks. sysupgrade -s will install new bootblocks.
ok djm mortimer
|
| |
|
|
| |
From and OK jmc
|
| |
|
|
| |
OK deraadt
|
| | |
|
| |
|
|
|
|
| |
userret() must be called on trap() exit to deliver it, rather than
repeating the same cause infinitely. discovered by George Koehler
ok kettenis bluhm visa
|
| | |
|
| | |
|
jsg
cheloha
kettenis
anton
deraadt
thfr
krw
mpi
pirofti
dlg
visa
naddy
otto
bluhm
reyk
guenther
kn