Update cv_timedwaitbt documentation to reflect useful reality.

Previously, a negative timeout was forbidden (kassert), a zero or
maybe even just a sufficiently small timeout would block forever, and
we would subtract the time elapsed -- possibly longer than the
timeout, leading to a negative updated timeout, which would trip the
kassert the next time around if used as advertised.  DERP.

Now negative timeouts are still forbidden in order to detect usage
mistakes, but a zero timeout fails immediately and we clamp the
subtracted time to be at least zero so you can always safely call
cv_timedwaitbt in a loop.

(An alternative would be to fail immediately for all nonpositive
timeouts, and to leave in the timespec the negative time we overshot,
but it's not clear this would be useful.)

(riastradh)

Make sure futex waits never return ERESTART.

If the user had passed in a relative timeout, this would have the
effect of waiting for the full relative time repeatedly, without
regard for how much time had elapsed during the wait before a signal.

In principle this may not be necessary for absolute timeouts or
indefinite timeouts, but it's not clear there's an advantage; we do
the same for various other syscalls like nanosleep.

Perhaps in the future we can arrange to keep the state of how much
time had elapsed when we restart like Linux does, but that's a much
more ambitious change.

(riastradh)

Use cv_timedwaitclock_sig in futex.

Possible fix for hangs observed with Java under Linux emulation.

(riastradh)

New cv_timedwaitclock, cv_timedwaitclock_sig.

Usage: given a struct timespec timeout copied from userland, along
with a clockid and TIMER_* flags,

        error = cv_timedwaitclock(cv, lock, timeout, clockid, flags,
            DEFAULT_TIMEOUT_EPSILON);
        if (error)
                /* fail */

If flags is relative (i.e., (flags & TIMER_ABSTIME) == 0), then this
deducts the time spent waiting from timeout, so you can run it in a
loop:

        struct timespec timeout;

        error = copyin(SCARG(uap, timeout), &timeout, sizeof timeout);
        if (error)
                return error;

        mutex_enter(lock);
        while (!ready()) {
                error = cv_timedwaitclock_sig(cv, lock, &timeout,
                    SCARG(uap, clockid), SCARG(uap, flags),
                    DEFAULT_TIMEOUT_EPSILON);
                if (error)
                        break;
        }
        mutex_exit(lock);

CAVEAT: If the system call is interrupted by a signal with SA_RESTART
so cv_timedwaitclock_sig fails with ERESTART, then the system call
will be restarted with the _original_ relative timeout, not counting
the time that was already spent waiting.  This is a problem but it's
not a problem I want to deal with at the moment.

(riastradh)

Define DEFAULT_TIMEOUT_EPSILON for cv_timedwaitbt.

For now, it is roughly one bintime's worth of ticks.

This is about the smallest difference between wait periods we can
rely on at the moment; in the glorious tickless future we can revisit
this.

(riastradh)

Fix edge cases in cv_timedwaitbt, cv_timedwaitbt_sig.

- If the timeout is exactly zero, fail immediately with EWOULDBLOCK.

- If the timeout is just so small it would be rounded to zero ticks,
  make sure to wait at least one tick.

- Make sure we never return with a negative timeout left.

(riastradh)

Always clear FUTEX_PRIVATE_FLAG for Linux processes.  NetBSD-native futexes
exist in different namespace depending on FUTEX_PRIVATE_FLAG.  This appears
not to be the case in Linux, and some futex users will mix private and non-
private ops on the same futex object.  Provide a convenience wrapper that
puts this logic in one place witn a comment explaining why.

While here, move the Linux futex wrapper out of its own file and plop
it in linux_misc.c, which is where it lives in the linux32 module.

(thorpej)

Include netbsd32_futex.c in the module.

(thorpej)

Remove the unlock/relock hack by using IO_EXT to indicate that we are already
holding the lock.

(christos)

document MKCOMPATMODULES

(christos)

Add support for debugging modules for multi-arch (xen etc.)

(christos)

external/bsd/dhcpcd: Suppress -Werror=sign-conversion error.

Add -Wno-error=sign-conversion to prevent build failure, when run with MKLIBCSANITIZER=yes.

Error was reported when build.sh was run with MKLIBCSANITIZER=yes flag.

Reviewed by: kamil@

(fox)

Back out changes to use a threadpool for now; it's causing trouble
for some folks on Thinkpads.

(thorpej)

Fix build without XEN

(christos)

HANDLE_DEFERRED_FPU has to be donne with interrupt disabled;
move it before STIC.
Fix fpudna panic on i386 PV

(bouyer)

We don't have rnd_ctx anymore.

(christos)

nuke random stuff that does not exist anymore.

(christos)

Move x86_hotpatch() in !XENPV section. Fixes XEN3* builds.

(bouyer)

Note Xen PVH support

(bouyer)

This is called pvh_consinit not hvm_consinit

(bouyer)

Introduce Xen PVH support in GENERIC.
This is compiled in with
options XENPVHVM
x86 changes:
- add Xen section and xen pvh entry points to locore.S. Set vm_guest
  to VM_GUEST_XENPVH in this entry point.
  Most of the boot procedure (especially page table setup and switch to
  paged mode) is shared with native.
- change some x86_delay() to delay_func(), which points to x86_delay() for
  native/HVM, and xen_delay() for PVH

Xen changes:
- remove Xen bits from init_x86_64_ksyms() and init386_ksyms()
  and move to xen_init_ksyms(), used for both PV and PVH
- set ISA no-legacy-devices property for PVH
- factor out code from Xen's cpu_bootconf() to xen_bootconf()
  in xen_machdep.c
- set up a specific pvh_consinit() which starts with printk()
  (which uses a simple hypercall that is available early) and switch to
  xencons when we can use pmap_kenter_pa().

(bouyer)

Tickets #882 - #884

(martin)

Pull up following revision(s) (requested by tnn in ticket #884):
sys/arch/aarch64/aarch64/sig_machdep.c: revision 1.5
sys/arch/aarch64/aarch64/cpu_machdep.c: revision 1.9
aarch64: handle _UC_SETSTACK and _UC_CLRSTACK like on arm32
ok ryo@

(martin)

Call kasan_early_init earlier, to unbreak KASAN after the recent RNG
changes. Will also prevent further trouble.

(maxv)

Pull up following revision(s) (requested by tnn in ticket #883):

sys/arch/aarch64/aarch64/netbsd32_machdep.c: revision 1.11

fix inverted logic in NETBSD32 user signal stack handling (PR evbarm/55200)

(martin)

Remove the D bit as part of the hotpatch cleanup procedure.

(maxv)

Pull up following revision(s) (requested by riastradh in ticket #882):

etc/rc.d/random_seed: revision 1.9

Don't delete the random seed before issuing `rndctl -S'.
`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.

XXX pullup

(martin)

Cast off_t to size_t to appease lint:
warning: conversion from 'long long' to 'int' may lose accuracy

(christos)

gdb has been fixed, so no need to reload the symbol file.

(christos)

Switch to the current thread, and reload the symbol file.

(christos)

Modify the hotpatch mechanism, in order to make it much less ROP-friendly.

Currently x86_patch_window_open is a big problem, because it is a perfect
function to inject/modify executable code with ROP.

- Remove x86_patch_window_open(), along with its x86_patch_window_close()
  counterpart.
- Introduce a read-only link-set of hotpatch descriptor structures,
  which reference a maximum of two read-only hotpatch sources.
- Modify x86_hotpatch() to open a window and call the new
  x86_hotpatch_apply() function in a hard-coded manner.
- Modify x86_hotpatch() to take a name and a selector, and have
  x86_hotpatch_apply() resolve the descriptor from the name and the
  source from the selector, before hotpatching.
- Move the error handling in a separate x86_hotpatch_cleanup() function,
  that gets called after we closed the window.

The resulting implementation is a bit complex and non-obvious. But it
gains the following properties: the code executed in the hotpatch window
is strictly hard-coded (no callback and no possibility to execute your own
code in the window) and the pointers this code accesses are strictly
read-only (no possibility to forge pointers to hotpatch an area that was
not designated as hotpatchable at compile-time, and no possibility to
choose what bytes to write other than the maximum of two read-only
templates that were designated as valid for the given destination at
compile-time).

With current CPUs this slightly improves a situation that is already
pretty bad by definition on x86. Assuming CET however, this change closes
a big hole and is kinda great.

The only ~problem there is, is that dtrace-fbt tries to hotpatch random
places with random bytes, and there is just no way to make it safe.
However dtrace is only in a module, that is rarely used and never compiled
into the kernel, so it's not a big problem; add a shitty & vulnerable
independent hotpatch window in it, and leave big XXXs. It looks like fbt
is going to collapse soon anyway.

(maxv)

fix gref offset when setting up copy of multi-fragment packet so data
for second and further fragments gets copied into correct place

(jdolecek)

Remove unused.

(maxv)

Fix previous; add missing <module>.kmod.debug to realall.

(rin)

Fix inverted condition in r1.136 - we do want LOCKDEBUG spinouts of the
kernel lock to assert as soon as we have userland running - not in
the early boot phase (where firmware loading and device init could take
a long time).

(martin)

Don't attempt to read opcodes and their timeouts at attach time for
old devices.  The MAINTENANCE IN command was introduced with SCSI-3
and sending it to older peripherals can cause timeouts or them not
to respond to further requests.

(jdc)

don't forget to destroy the new sc_media_mtx mutex.

now re-plugging and re-using the same softc doesn't give mutex
already initialised error.

(mrg)

report no enabled capabilities when no interface is part of bridge

(jdolecek)

Add a place for the debug modules.

(christos)

/usr/libdata/debug/stand is where the debug modules go

(christos)

KMODULEDIR is no longer absolute (${DESTDIR} is added to it by the system
makefile because we need to install the module in two places the debug part
and the regular part)

(christos)

Install <module>.kmod.debug files for kernel crash debugging.

(christos)

add more module sets.

(christos)

Add module debug sets

(christos)

Fix the vax build and explain why...

(christos)

link also m_apply(9) to mbuf(9)

(jdolecek)

s/&&/&/ and also return POLLRDNORM (pointed out by joerg@)

(christos)

no need for alloca() (breaks SSP)

(christos)

destroy dma maps in xennetback_xenbus_destroy() to avoid memory leak
when xvif(4) is destroyed

(jdolecek)

Combine some related paragraphs.

(riastradh)

Tighten language so it fits in one paragraph again.

This way the first two paragraphs have parallel structure:

- _Applications_ should read from /dev/urandom or sysctl kern.arandom...
- _Systems_ should be engineered to read once from /dev/random...

(riastradh)

make the csum blank/undefer counters per interface

(jdolecek)

aarch64: handle _UC_SETSTACK and _UC_CLRSTACK like on arm32

ok ryo@

(tnn)

Move the rump module test programs in the regular mi file. These are not
really kernel modules and the other md module test is in the md.amd64 file
already.

(christos)

mention the need to reload the kernel symbols

(christos)

usr.bin/make: add test demonstrating that .for stops at newline

(rillig)

usr.bin/make: fix test for late evaluated condition

(rillig)

Don't delete the random seed before issuing `rndctl -S'.

`rndctl -S' can replace the file just fine, and deleting it ahead of
time adds a window during which we can lose the seed altogether if
the system is interrupted by a crash or power outage.

XXX pullup

(riastradh)

Use PRIxPADDR for paddr_t to make i386/ALL compile.

(hannken)

Remove wd* at umass?, it was dropped.

(hannken)

rnd.4: Bump dates.

(nia)

rnd.4: Explain why libraries should use kern.arandom over /dev/urandom

(nia)

Tickets #880 and #881

(martin)

Pull up following revision(s) (requested by hannken in ticket #881):

sys/kern/vfs_mount.c: revision 1.82

Undo Rev. 1.79, it breaks root-on-raid where it destroys the component
disks before the raid:

forcefully unmounting / (/dev/raid0a)...
sd1: detached
sd0: detached
raid0: cache flush to component /dev/sd0a failed.
raid0: cache flush to component /dev/sd1a failed.
fatal page fault in supervisor mode
Stopped in pid 2356.2356 (reboot) at netbsd:sdstrategy+0x36

Reopens PR kern/54969: Disk cache is no longer flushed on shutdown

(martin)

Pull up following revision(s) (requested by tsutsui in ticket #880):

sys/arch/hp300/stand/uboot/version: revision 1.21
sys/arch/hp300/stand/inst/version: revision 1.14
sys/arch/hp300/stand/common/netio.c: revision 1.17

Fix inappropriate error messages when nfs_mount() fails.

Noticed by Chris Hanson and his HP332 and confirmed on my HP425e.

Also bump revisions to denote visible changes.
Worth to pull up to netbsd-9.

(martin)

regen

(jmcneill)

Add IDs for Ampere eMAG PCIe Root Ports

(jmcneill)

Update documentation of kern.arandom. It uses cprng_strong(9).

(nia)

Switch the rest of i386 to the x86_hotpatch mechanism.

(maxv)

Remove dead code, we are in an #ifndef XENPV block here.

(maxv)

Use absolute jumps, and drop the PC-relative patching. We want exact
templates.

(maxv)

Undo Rev. 1.79, it breaks root-on-raid where it destroys the component
disks before the raid:

  forcefully unmounting / (/dev/raid0a)...
  sd1: detached
  sd0: detached
  raid0: cache flush to component /dev/sd0a failed.
  raid0: cache flush to component /dev/sd1a failed.
  fatal page fault in supervisor mode
  Stopped in pid 2356.2356 (reboot) at netbsd:sdstrategy+0x36

Reopens PR kern/54969: Disk cache is no longer flushed on shutdown

(hannken)

There is no difference between a zero-sized and not yet
reclaimed directory vnode and a non-existent vnode.

Teach ufs_fhtovp() to treat zero-sized directories as stale.

PR kern/55211 (fs/vfs/t_vnops:nfs_dir_rmdirdotdot test fails)

(hannken)

Resolve delayed truncation from nfs_inactive() too.

Should prevent "locking against self" from nfs_unlock().

(hannken)

Use the hotpatch framework when patching _atomic_cas_64.

(maxv)

Move machine dependent AUDIO_BLK_MS default value to <machine/param.h>.
If the port has __AUDIO_BLK_MS in <machine/param.h>, it will be used.
Otherwise the default value (currently 10 msec) defined in audio.c will
be used.  This mechanism is for very old ports which cannot satisfactorily
handle 10 msec block.  Currently hppa, m68k, sh3, sparc(!64) and vax are.

For port maintainers, if general models in your port cannot satisfactorily
handle 10 msec block, please consider to define your suitable longer period
(40 msec would be a good first choice).
But please don't be eager to make the default value shorter.

<machine/param.h> was discussed in source-changes-d.  It's better than
ifdef storm, or adding 60+ new header files in every arch/*/include/
directories for this.  Thanks mrg@, ad@, and everyone.
http://mail-index.netbsd.org/source-changes-d/2020/05/01/msg012572.html

(isaki)

Add Ticket #879 (this time for real)

(martin)

Get rid of needless __predict_true() and move a comment slightly.

(simonb)

Explicitly align to 8 bytes, found by kUBSan.

Reported-by: syzbot+f1e1561ed739db869d44@syzkaller.appspotmail.com

(maxv)

Fix two tests.
- kqueue_mode_{RDONLY,RDWR}_READ: Fix expected value.
  This is rest of rev1.9.
- AUDIO_SETINFO_params_simul: Fix condition.
  This happens on full-duplex, not bi-directional.
These affect only standalone test, not atf.

(isaki)

- Add AMD INVLPGB/TLBSYNC hypervisor enable in VMCB and TLBSYNC intercept bit.
- Modify comment.

(msaitoh)

Move HP332 to "Supported hardware" list, as reported by Chris Hanson.

(tsutsui)

Oops, accidentally #if 0'd some tests, probably while debugging
something else.  Correct this silly mistake.

(thorpej)

Zero rndsource before using it.

XXX pullup

(riastradh)

Fix sense of conditional in previous.

I must have tested (cold ? (void *)1 : curlwp) but then decided,
after testing, to replace cold by !curcpu_available() -- thinking
that would be a safe change to make, except I forgot to either write
the ! or change the sense of the conditional.  OOPS.

(riastradh)

Change module path to xen-* only for XENPV

(bouyer)

Don't #include xen/intrdefs.h is !XEN.
Should fix third-party module builds (e.g. virtualbox)

(bouyer)

Pull up following revision(s) (requested by nia in ticket #1729):

games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

(martin)

Trailing whitespace

(skrll)

G/C __HAVE_AST_PERPROC

(skrll)

Mark rnd_sources_locked __diagused -- only for KASSERTs.

(riastradh)

curlwp may not be available early enough for kern_entropy.c.

Fortunately, we're just using it to print helpful diagnostic messages
in kasserts here, so while we're still cold just use (void *)1 for
now until someone figures out how to make curlwp available earlier on
x86.

(All of the curcpu_available() business is a provisional crock here
and it would be better to get rid of it.)

(riastradh)

Make kern.arandom truncate the output instead of failing with ETOOBIG
when the requested data exceeds 256 bytes in size. The actual size of
the returned data is output to oldlenp.

This matches FreeBSD's behaviour and seems to be more in line with
what software in the wild expects.

"sounds reasonble" - Riastradh

(nia)

The labels are already global, drop unused.

(maxv)

Switch to templates.

(maxv)

Missed a spot!  (Part II(b) of no percpu_foreach under spin lock.)

(riastradh)

If we were processing a software int/excp, and got a VMEXIT in the middle,
we must also reflect the instruction length, otherwise the next VMENTER
fails and Qemu shuts the guest down.

(maxv)

When the identification fails, print the reason.

(maxv)

Lock the rndsource list without E->lock for ioctls too.

Use the same mechanism as entropy_request, with a little more
diagnostic information in case anything goes wrong.  No need for
LIST_FOREACH_SAFE; elements cannot be deleted while the list is
locked.

This is part II of avoiding percpu_foreach with spin lock held.

(riastradh)

Avoid calling entropy_pending() with E->lock held.

This is part I of avoiding percpu_foreach with spin lock held.

(riastradh)

Ticket #1729

(martin)

Ticket #1729

(martin)

Pull up following revision(s) (requested by nia in ticket #1729):

games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

(martin)

Ticket #1729

(martin)

Pull up following revision(s) (requested by nia in ticket #1729):

games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

(martin)

Tickets #1543 and #1544

(martin)

Pull up following revision(s) (requested by nia in ticket #1544):

games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

(martin)

Tickets #874 - #879

(martin)

Pull up following revision(s) (requested by nia in ticket #879):

games/fortune/strfile/strfile.c: revision 1.39
games/fortune/unstr/unstr.c: revision 1.15

strfile: Check that input/output filenames don't exceed the buffer size
unstr: Check that the input filename fits in the buffer.

(martin)

Pull up following revision(s) (requested by nia in ticket #878):

crypto/external/bsd/openssl/dist/crypto/rand/rand_unix.c: revision 1.16

Fix the detection of KERN_ARND by OpenSSL.

Firstly, include the correct headers. Then, make sure that requests
never exceed 256 bytes.

Disable a hack for old FreeBSD versions, just in case it actually gets
used.

This should mean that OpenSSL doesn't ever fall back to reading from
/dev/urandom.

XXX pullup, XXX upstream.

(martin)

Pull up following revision(s) (requested by isaki in ticket #877):

sys/dev/audio/audio.c: revision 1.55
sys/dev/audio/audio.c: revision 1.41
sys/dev/audio/audio.c: revision 1.48
sys/dev/audio/audiovar.h: revision 1.7
sys/dev/audio/audio.c: revision 1.63 (via patch)
sys/dev/audio/audiovar.h: revision 1.11
sys/dev/audio/audio.c: revision 1.64

Simplify async_mixer handling.
- It makes FIOASYNC code in mixer_ioctl() symmetric.
- For readability, mixer_async_{add,remove}() should take pid argument
  though pid is always curproc.

hw_if->query_format is already mandatory method.  Drop null checks.

Improve error handling around audio_hw_probe().
It was difficult to return multiple errors.

Split sc_lock and sc_exlock.

Most (probably all) malloc/free (or routines which may sleep) now can be
called without holding mutex.
Pointed out by riastradh@.

Fix/Update comments about allocm/freem.

(martin)

Pull up following revision(s) (requested by isaki in ticket #876):

sys/dev/audio/audio.c: revision 1.60
sys/dev/audio/audio.c: revision 1.62

Fix wrong parameter displayed in debug messages.

Restore backward compatibility with netbsd-7 audio.

For sticky parameters (encoding, precision, channels, sample_rate and pause):
- AUDIO_SETINFO for nonexistent track updates sticky parameters.
- AUDIO_GETINFO for nonexistent track reads sticky parameters.

For blocksize, hiwat, lowat and {play.record}.buffer_size:
- AUDIO_SETINFO for nonexistent track does nothing.
- AUDIO_GETINFO for nonexistent track returns dummy non-zero values.

Nonexistent track is a playback track on O_RDONLY descriptor for example,
or both tracks on /dev/audioctl.

(martin)

Pull up following revision(s) (requested by isaki in ticket #875):

sys/dev/audio/audio.c: revision 1.59
share/man/man4/audio.4: revision 1.102
share/man/man4/audio.4: revision 1.103
sys/dev/audio/audio.c: revision 1.43

Limit the number of channels that userland apps can set (by AUDIO_SETINFO)
to the number of channels supported by the hardware or less, if the hardware
supports multi channels.
- On monaural or stereo hardware, userland apps can always set 1ch or 2ch.
  The kernel (audio layer) can convert mono-stereo each other.
- On 3ch (2.1ch) hardware, for example, userland apps can set 1, 2, or 3ch,
  but not 4ch or more.

This allows userland apps to know actual number of channels supported by
the hardware in the same way as before.

PR kern/54973.

Reinitialize the sticky parameters whenever the hardware format is changed.

When the number of the hardware channels becomes less than the number of
channels that sticky parameters remember, subsequent open("/dev/sound") will
fail without this treatment.  This is for rev 1.43.

Add description about channel limitation introduced in audio.c 1.43.
PR kern/54973.

Remove trailing whitespace.

(martin)

Pull up following revision(s) (requested by riastradh in ticket #1543):

sys/kern/subr_cprng.c: revision 1.34

Disable rngtest on output of cprng_strong.

We already do a self-test for correctenss of Hash_DRBG output;
applying rngtest to it does nothing but give everyone warning fatigue
about spurious rngtest failures.

(martin)

Pull up following revision(s) (requested by riastradh in ticket #874):

sys/kern/subr_cprng.c: revision 1.34

Disable rngtest on output of cprng_strong.

We already do a self-test for correctenss of Hash_DRBG output;
applying rngtest to it does nothing but give everyone warning fatigue
about spurious rngtest failures.

(martin)

futexput: cast the mask to u_long (as the op already is)

(martin)

GNU as on ARM silently accepts @progbits, but interpretes it as comment
internally. LLVM bails out on the other hand. So conditionally this
properly.

(joerg)

msk(4): actually moderate interrupts from the Yukon 2 Status BMU

Previously the interrupt moderation enable register was being programmed
with sk(4)-style enable bits, none of which matched the significant
interrupt sources of the Yukon 2 we enable.

(jakllsch)

add sc_capenable member, forgot to commit

(jdolecek)

msk(4): during attach print intrstr only once

(jakllsch)

Hack "gcc-4.5 arm without -fno-tree-vrp generate broken code" was removed in
src/lib/libc/softfloat/Makefile.inc rev 1.21:

http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/softfloat/Makefile.inc#rev1.21

Now, all tests mentioned in the entry are passed for softfloat arm.

(rin)

Simplify, little KNF

(christos)

lmcconfig(8) was removed.

(rin)

Simplify, errors to stderr.

(christos)

Add missing dates and revisions.

(rin)

Decode futex op codes.

(thorpej)

It was aboard the Space Shuttle Atlantis using a Macintosh Portable.
https://support.apple.com/kb/TA30635

(sevan)

add support for scatter-gather when accepting packets on frontend Tx path
(frontend -> backend)

don't enable ETHERCAP_JUMBO_MTU nor feature-sg yet, need to implement
support also for the frontend Rx side

(jdolecek)

NETTXF_csum_blank and NETTXF_data_validated should be set only for first
fragment of the packet

(jdolecek)

Add a test for sigaltstack(2) and SA_ONSTACK

(ryo)

Fix the detection of KERN_ARND by OpenSSL.

Firstly, include the correct headers. Then, make sure that requests
never exceed 256 bytes.

Disable a hack for old FreeBSD versions, just in case it actually gets
used.

This should mean that OpenSSL doesn't ever fall back to reading from
/dev/urandom.

XXX pullup, XXX upstream.

(nia)

remove debugging stuff accidentally committed.

(christos)

for bridge(4), report the common enabled capabilities of the members
via SIOCGIFCAP for visibility

(jdolecek)

include sys/lwp.h and fix the build.

(mrg)

Convert pmap_check_alias into a function that resolves any aliases issues
to deal with the locking around entering a mapping of the same page with
and alias issue in the same pmap (pmap lock already held in pmap_enter)

This has the added benefit of only flushing the troublesome mappings.

The locking could be simplified further here and an PV list iterator
function with callback is probably useful.

(skrll)

Missed a spot -- need <sys/atomic.h> to use atomic_*.

(riastradh)

- In uvm_voaddr_acquire(), take an extra hold on the anon lock obj.
- In uvm_voaddr_release(), if the anon ref count drops to 0, call
  uvm_anfree() rather than uvm_anon_release().  Unconditionally drop
  the anon lock, and release the extra hold on the anon lock obj.

Fixes a panic that occurs if the backing store for a futex backed by
an anon memory location is unmapped while a thread is waiting in the
futex.

Add a test case that reproduced the panic to verify that it's fixed.

(thorpej)

Accept both byte orders for random seed in the kernel.

The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it).  Fortunately we have a checksum to verify the order.

This way you can use `rndctl -S' on a little-endian machine to
generate a seed when installing NetBSD on a big-endian machine, and
the kernel will accept it on boot.

(riastradh)

Make WM_NRXDESC unsigned.

(riastradh)

Revert "- rnd_add_*() call must be serialized. Unserialized accesses broke the"

It is no longer necessary to serialize calls to rnd_add_data, so we
can use the same rndsource for every queue.

This also reverts some unrelated changes that were mixed in:

1. WM_NRXDESC was made unsigned
2. The specific samples were changed.

(1) will be redone in a separate commit.  (2) was buggy (wrote `='
where `|=' was meant) and is not needed; it's fine to do rnd_add_data
in a thread or softint too, not just in a hard interrupt handler.

(riastradh)

No need for a lock around rnd_add_data any more.

(riastradh)

rnd_attach_source calls the callback itself now.

No need for every driver to explicitly call it to prime the pool.

Eliminate now-unused <sys/rndpool.h>.

(riastradh)

Omit needless #include <sys/rnd.h>.

(riastradh)

Convert ether_input from rnd_initial_entropy to entropy_epoch().

(riastradh)

Count cprng_fast reseed events.

(riastradh)

Adapt cprng_fast to use entropy_epoch(), not rnd_initial_entropy.

This way it has an opportunity to be reseeded after boot.

(riastradh)

Simplify Intel RDRAND/RDSEED and VIA C3 RNG API.

Push it all into MD x86 code to keep it simpler, until we have other
examples on other CPUs.  Simplify RDSEED-to-RDRAND fallback.
Eliminate cpu_earlyrng in favour of just using entropy_extract, which
is available early now.

(riastradh)

Rewrite entropy subsystem.

Primary goals:

1. Use cryptography primitives designed and vetted by cryptographers.
2. Be honest about entropy estimation.
3. Propagate full entropy as soon as possible.
4. Simplify the APIs.
5. Reduce overhead of rnd_add_data and cprng_strong.
6. Reduce side channels of HWRNG data and human input sources.
7. Improve visibility of operation with sysctl and event counters.

Caveat: rngtest is no longer used generically for RND_TYPE_RNG
rndsources.  Hardware RNG devices should have hardware-specific
health tests.  For example, checking for two repeated 256-bit outputs
works to detect AMD's 2019 RDRAND bug.  Not all hardware RNGs are
necessarily designed to produce exactly uniform output.

ENTROPY POOL

- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1
  kludge as the cryptographic primitive.

- `Entropy depletion' is available for testing purposes with a sysctl
  knob kern.entropy.depletion; otherwise it is disabled, and once the
  system reaches full entropy it is assumed to stay there as far as
  modern cryptography is concerned.

- No `entropy estimation' based on sample values.  Such `entropy
  estimation' is a contradiction in terms, dishonest to users, and a
  potential source of side channels.  It is the responsibility of the
  driver author to study the entropy of the process that generates
  the samples.

- Per-CPU gathering pools avoid contention on a global queue.

- Entropy is occasionally consolidated into global pool -- as soon as
  it's ready, if we've never reached full entropy, and with a rate
  limit afterward.  Operators can force consolidation now by running
  sysctl -w kern.entropy.consolidate=1.

- rndsink(9) API has been replaced by an epoch counter which changes
  whenever entropy is consolidated into the global pool.
  . Usage: Cache entropy_epoch() when you seed.  If entropy_epoch()
    has changed when you're about to use whatever you seeded, reseed.
  . Epoch is never zero, so initialize cache to 0 if you want to reseed
    on first use.
  . Epoch is -1 iff we have never reached full entropy -- in other
    words, the old rnd_initial_entropy is (entropy_epoch() != -1) --
    but it is better if you check for changes rather than for -1, so
    that if the system estimated its own entropy incorrectly, entropy
    consolidation has the opportunity to prevent future compromise.

- Sysctls and event counters provide operator visibility into what's
  happening:
  . kern.entropy.needed - bits of entropy short of full entropy
  . kern.entropy.pending - bits known to be pending in per-CPU pools,
    can be consolidated with sysctl -w kern.entropy.consolidate=1
  . kern.entropy.epoch - number of times consolidation has happened,
    never 0, and -1 iff we have never reached full entropy

CPRNG_STRONG

- A cprng_strong instance is now a collection of per-CPU NIST
  Hash_DRBGs.  There are only two in the system: user_cprng for
  /dev/urandom and sysctl kern.?random, and kern_cprng for kernel
  users which may need to operate in interrupt context up to IPL_VM.

  (Calling cprng_strong in interrupt context does not strike me as a
  particularly good idea, so I added an event counter to see whether
  anything actually does.)

- Event counters provide operator visibility into when reseeding
  happens.

INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)

- Unwired for now; will be rewired in a subsequent commit.

(riastradh)

Sort includes.

(riastradh)

Accept both byte orders for random seed in `rndctl -L'.

The file format was defined with a machine-dependent 32-bit integer
field (the estimated number of bits of entropy in the process that
generated it).  Take whichever byte order gives a number that is
reasonable, i.e. lower than the number of bits in the buffer.

Continue to have `rndctl -S' generate it in machine-dependent byte
order for now, so that if you roll back to an older rndctl(8) then
`rndctl -L' on the same machine will still be able to load it with
the right entropy estimate.  In a future revision, perhaps we can
change it to be little-endian.

(riastradh)

Turn XXX comment into KASSERT.

(riastradh)

Don't attach rndsource until it's actually ready to run.

(riastradh)

msk(4): rework rx descriptor loading to support multiple segments

This paves the way to replace the driver-internal jumbo frame rx buffer
with other recieve buffers (for example MCLGET/MEXTMALLOC) in the future.

(jakllsch)

New kernel example module written by Ayushi Sharma

(christos)

Sync with r1.3 from OpenBSD

"Use correct bit mask to promptly exit rge_set_phy_power() and
rge_exit_oob() timeout loops.

Spotted by CID 1491296 and 1491309."

(sevan)

usr.bin/make: add test case for lazy conditions

(rillig)