#
bf320262 |
| 22-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
rumpkern: Provide stub pnbuf_cache weak alias.
Needed only by sys_module.c handle_modctl_load, which won't work if there's no rumpvfs linked in anyway.
|
#
499ecc5b |
| 22-Apr-2023 |
riastradh <riastradh@NetBSD.org> |
rumpkern: Provide fs_filtops weak alias.
We should introduce a link set for sys_kfilters, but this works around the problem for now -- librump's dependency on librumpvfs symbols.
|
#
a2861a51 |
| 26-Feb-2023 |
skrll <skrll@NetBSD.org> |
nkmempages should be size_t
|
#
7f4e4d94 |
| 30-Apr-2020 |
riastradh <riastradh@NetBSD.org> |
Rewrite entropy subsystem.
Primary goals:
1. Use cryptography primitives designed and vetted by cryptographers. 2. Be honest about entropy estimation. 3. Propagate full entropy as soon as possible.
Rewrite entropy subsystem.
Primary goals:
1. Use cryptography primitives designed and vetted by cryptographers. 2. Be honest about entropy estimation. 3. Propagate full entropy as soon as possible. 4. Simplify the APIs. 5. Reduce overhead of rnd_add_data and cprng_strong. 6. Reduce side channels of HWRNG data and human input sources. 7. Improve visibility of operation with sysctl and event counters.
Caveat: rngtest is no longer used generically for RND_TYPE_RNG rndsources. Hardware RNG devices should have hardware-specific health tests. For example, checking for two repeated 256-bit outputs works to detect AMD's 2019 RDRAND bug. Not all hardware RNGs are necessarily designed to produce exactly uniform output.
ENTROPY POOL
- A Keccak sponge, with test vectors, replaces the old LFSR/SHA-1 kludge as the cryptographic primitive.
- `Entropy depletion' is available for testing purposes with a sysctl knob kern.entropy.depletion; otherwise it is disabled, and once the system reaches full entropy it is assumed to stay there as far as modern cryptography is concerned.
- No `entropy estimation' based on sample values. Such `entropy estimation' is a contradiction in terms, dishonest to users, and a potential source of side channels. It is the responsibility of the driver author to study the entropy of the process that generates the samples.
- Per-CPU gathering pools avoid contention on a global queue.
- Entropy is occasionally consolidated into global pool -- as soon as it's ready, if we've never reached full entropy, and with a rate limit afterward. Operators can force consolidation now by running sysctl -w kern.entropy.consolidate=1.
- rndsink(9) API has been replaced by an epoch counter which changes whenever entropy is consolidated into the global pool. . Usage: Cache entropy_epoch() when you seed. If entropy_epoch() has changed when you're about to use whatever you seeded, reseed. . Epoch is never zero, so initialize cache to 0 if you want to reseed on first use. . Epoch is -1 iff we have never reached full entropy -- in other words, the old rnd_initial_entropy is (entropy_epoch() != -1) -- but it is better if you check for changes rather than for -1, so that if the system estimated its own entropy incorrectly, entropy consolidation has the opportunity to prevent future compromise.
- Sysctls and event counters provide operator visibility into what's happening: . kern.entropy.needed - bits of entropy short of full entropy . kern.entropy.pending - bits known to be pending in per-CPU pools, can be consolidated with sysctl -w kern.entropy.consolidate=1 . kern.entropy.epoch - number of times consolidation has happened, never 0, and -1 iff we have never reached full entropy
CPRNG_STRONG
- A cprng_strong instance is now a collection of per-CPU NIST Hash_DRBGs. There are only two in the system: user_cprng for /dev/urandom and sysctl kern.?random, and kern_cprng for kernel users which may need to operate in interrupt context up to IPL_VM.
(Calling cprng_strong in interrupt context does not strike me as a particularly good idea, so I added an event counter to see whether anything actually does.)
- Event counters provide operator visibility into when reseeding happens.
INTEL RDRAND/RDSEED, VIA C3 RNG (CPU_RNG)
- Unwired for now; will be rewired in a subsequent commit.
show more ...
|
#
1813308f |
| 02-Jan-2020 |
thorpej <thorpej@NetBSD.org> |
- Eliminate the global "boottime" variable, which was being accessed without any synchronization against changes by e.g. clock_settime(). - Replace with new getbinboottime() / getnanoboottime() / g
- Eliminate the global "boottime" variable, which was being accessed without any synchronization against changes by e.g. clock_settime(). - Replace with new getbinboottime() / getnanoboottime() / getmicroboottime() functions (naming mirrors that of other time access functions in kern_tc.c). It returns the (maybe-converted) value of timebasebin, which also tracks our estimate of when the system was booted (i.e. the legacy "boottime" was redundant).
XXX There needs to be a lockless synchronization mechanism for reading timebasebin, but this is a problem in kern_tc.c that pre-existed these "boottime" changes. At least now the problem is centralized in one location.
show more ...
|
#
5972bb69 |
| 02-Jan-2020 |
martin <martin@NetBSD.org> |
Add shutting_down variable for rump.
|
#
e4255408 |
| 16-Dec-2019 |
ad <ad@NetBSD.org> |
- Extend the per-CPU counters matt@ did to include all of the hot counters in UVM, excluding uvmexp.free, which needs special treatment and will be done with a separate commit. Cuts system time
- Extend the per-CPU counters matt@ did to include all of the hot counters in UVM, excluding uvmexp.free, which needs special treatment and will be done with a separate commit. Cuts system time for a build by 20-25% on a 48 CPU machine w/DIAGNOSTIC.
- Avoid 64-bit integer divide on every fault (for rnd_add_uint32).
show more ...
|
#
0b4461b2 |
| 26-Sep-2019 |
bad <bad@NetBSD.org> |
Provide a weak alias for vnode_to_path to be used unless librumpvfs is present.
|
#
77504bbf |
| 02-Jun-2019 |
kre <kre@NetBSD.org> |
Apply a patch from hannken@ which adds a weak alias for rump_getcwd_common() allowing -lrump to be used without -lrumpvfs.
This is an alternate fix to the earluer one which added -lrumvfs to many ru
Apply a patch from hannken@ which adds a weak alias for rump_getcwd_common() allowing -lrump to be used without -lrumpvfs.
This is an alternate fix to the earluer one which added -lrumvfs to many rump based tests (and the rump server) which might be undone soon.
This also fixes the sun2 build.
show more ...
|
#
ff3b3558 |
| 09-Mar-2019 |
hannken <hannken@NetBSD.org> |
Rumpkernel has its own thread deallocation. Add missing fstrans_lwp_dtor() to lwproc_freelwp().
PR bin/50350: rump/rumpkern/t_sp/stress_{long,short} fail on Core 2 Quad
|
#
42abd99a |
| 05-Dec-2018 |
christos <christos@NetBSD.org> |
no more need for get_expose_address() here.
|
#
1ec6020d |
| 06-Oct-2018 |
christos <christos@NetBSD.org> |
add get_expose_address()
|
#
c71e1b35 |
| 05-Oct-2018 |
hannken <hannken@NetBSD.org> |
Bring back three state file system suspension:
NORMAL -> SUSPENDING -> SUSPENDED
and add operation fstrans_start_lazy() that only blocks while SUSPENDED.
Change vndthread() support operation han
Bring back three state file system suspension:
NORMAL -> SUSPENDING -> SUSPENDED
and add operation fstrans_start_lazy() that only blocks while SUSPENDED.
Change vndthread() support operation handle_with_rdwr() to bracket its file system operations by fstrans_start_lazy() and fstrans_done().
PR kern/53624 (dom0 freeze on domU exit)
show more ...
|
#
ffe0b410 |
| 10-Aug-2018 |
pgoyette <pgoyette@NetBSD.org> |
Allow syscall_establish() to install new syscalls when the existing entry-point is either sys_nomodule or sys_nosys. Update the makesyscalls.sh script to create a const array of bits to allow syscal
Allow syscall_establish() to install new syscalls when the existing entry-point is either sys_nomodule or sys_nosys. Update the makesyscalls.sh script to create a const array of bits to allow syscall_disestablish() to properly restore the original entry-point. Update all the initializers of struct emul to initialize the pointer to the bit array struct emul.
XXX Regen of all files created by makesyscalls.sh will come soon, XXX followed by a kernel version bump (since struct emul is being XXX modified).
This commit should address PR kern/45781 and also removes the need for the work-around for that PR in file
sys/arch/usermode/modules/syscallemu/syscallemu.c
show more ...
|
#
a17f455c |
| 21-Nov-2017 |
ozaki-r <ozaki-r@NetBSD.org> |
Add missing inclusion of pserialize.h (fix build)
|
#
d56f1577 |
| 21-Nov-2017 |
ozaki-r <ozaki-r@NetBSD.org> |
Implement debugging feature for pserialize(9)
The debugging feature detects violations of pserialize constraints. It causes a panic: - if a context switch happens in a read section, or - if a sleepa
Implement debugging feature for pserialize(9)
The debugging feature detects violations of pserialize constraints. It causes a panic: - if a context switch happens in a read section, or - if a sleepable function is called in a read section.
The feature is enabled only if LOCKDEBUG is on.
Discussed on tech-kern@
show more ...
|
#
557f14e7 |
| 09-Nov-2017 |
christos <christos@NetBSD.org> |
added booted_method
|
#
0444b930 |
| 04-Jun-2017 |
hannken <hannken@NetBSD.org> |
Operations fstrans_start() and fstrans_start_nowait() now always use FSTRANS_SHARED as lock type so remove the lock type argument.
File system state FSTRANS_SUSPENDING is now unused so remove it.
R
Operations fstrans_start() and fstrans_start_nowait() now always use FSTRANS_SHARED as lock type so remove the lock type argument.
File system state FSTRANS_SUSPENDING is now unused so remove it.
Regen vnode_if files.
Ride 8.99.1 less than a hour ago.
show more ...
|
#
c16d7848 |
| 22-Feb-2017 |
hannken <hannken@NetBSD.org> |
Add weak aliases for _fstrans_start() and fstrans_done().
|
#
21353e98 |
| 22-Dec-2016 |
cherry <cherry@NetBSD.org> |
physmem should be of type psize_t
Also, use PRIxPSIZE when printf(9)ing physmem.
|
#
ff225a39 |
| 26-Jan-2016 |
pooka <pooka@NetBSD.org> |
Put the kernelside rump kernel headers into <rump-sys> instead of sprinkling them around the faction directories. Avoids having to add a CPPFLAGS (or several) to pretty much every component Makefile
Put the kernelside rump kernel headers into <rump-sys> instead of sprinkling them around the faction directories. Avoids having to add a CPPFLAGS (or several) to pretty much every component Makefile.
Leave compat headers around in the old locations.
The commit changes some autogenerated files, but I'll fix the generators shortly and regen.
show more ...
|
#
16341d97 |
| 22-Jan-2016 |
ozaki-r <ozaki-r@NetBSD.org> |
Fix build with RUMP_LOCKDEBUG=yes
|
#
00906b30 |
| 18-Jan-2016 |
pooka <pooka@NetBSD.org> |
put lwp/proc stuff into the same source module (emul.c -> lwproc.c)
|
#
291a5453 |
| 18-Jan-2016 |
pooka <pooka@NetBSD.org> |
massively reduce header pollution from times prehistoric
|
#
2a5eaf3c |
| 18-Jan-2016 |
pooka <pooka@NetBSD.org> |
boottime is a timespec, not timeval
|