openbsd changes of note 6
In a bit of a hurry, but here’s some random stuff that happened.
Add connection timeout for ftp (http). Mostly for the installer so it can error out and try something else.
simplefb for framebuffer on armv7 devices like rpi.
Complete https support for the installer.
find -delete support like all the other kids have.
The ongoing effort to rewrite many libssl and libcrypto man pages is still ongoing.
Remove “CVS tips” section from the web site. This forbidden knowledge is now forbidden.
Add cross compiler build support for clang.
Prevent boot from crashing on amd64 by allocating a buffer on the heap instead of the extremely tiny stack.
Build ld.so with -fno-builtin because otherwise clang would optimize the local versions of functions like _dl_memset into a call to memset, which doesn’t exist.
A new song was added.
The serial console faq has been reworked
Make urtwn(4) use AMRR instead of letting the firmware handle rate scaling.
Manage the HT protection setting if acting as hostap with 11n enabled.
net lock here, net lock there, net lock not quite everywhere but more than before.
More per cpu counters in networking code as well.
Other 11n wifi fixes.
A driver for collecting entropy from hyper-v host to guest.
arm64: Prohibit execution of kernel pages by userland and prohibit execution of user pages by the kernel. Other changes to improve trap handling.
libm support for aarch64. Plus other libraries. arm64 and aarch64 are kind of like two names for the same thing. arm64 is the platform name, aarch64 is specifically the cpu, but you probably don’t care about the difference.
Better output for mandoc.
11n support for athn.
vmm gets vmmci, a guest side driver for a control interface which allows vmd to issue shutdown, etc.
Disable and lock Silicon Debug feature on modern Intel CPUs.
Add support for draft-ietf-idr-shutdown to bgpd.
Prevent wireless frame injection attack described at 33C3 in the talk titled “Predicting and Abusing WPA2/802.11 Group Keys” by Mathy Vanhoef.
Work continues on syspatch.
RFC 8021 “IPv6 Atomic Fragments Considered Harmful” deprecates generating atomic fragments. So remove the code that sends them.
eject works on sd devices.
In “%.s” the takes (int). gcc whines if you try to use the result of pointer subtraction without a cast. So cast those expressions to (int).
Make LLVM create strict aligned code for OpenBSD/arm64.
Start creating and using /etc/installurl. This file is created during installation if an OpenBSD mirror server is used for the sets download. It contains the mirror server url in the same format as provided by ftplist.cgi.
Configuration file support for acme-client.
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite.
virtio moves from pci to pv, since it can attach to other busses.
Introduce the KEEPKERNELS variable: if this is set either in mk.conf or the environment, ‘make cleandir’ does not descend into kernel build dirs.
Some updates to xinput drivers.
Like 20 more changes to make arm64 work.
Ticket support for libtls.
Add support for multiple transmit ifqueues per network interface. Supported drivers include bge, bnx, em, myx, ix, hvn, xnf.
pledge now tracks when a file as opened and uses this to permit or deny ioctl.
In preparation of compiling our kernels with -ffreestanding, explicitly map a few performance-critical functions to compiler builtins.
Did I say LLVM 3.9.1? I meant LLVM 4.0.0.
New ocspcheck utility to validate a certificate against its ocsp responder.
Some run environnement do not properly reset signals (e.g., python) and as a result pkg_add + signify fails with weird error messages, as it relies on default SIGPIPE behavior. Finally fix the problem, sanitize our running environment before forking.
Add infrastructure to build LLVM for mips64.
Split the tls_init(3) that had grown fat to allow healthy future growth. Sooner or later I suppose it’s inevitably that every library does too much. I blame ocsp.
Reimplement httpd’s support for byte ranges. Fixes a memory DOS.
tmux implements “all event” (1003) mouse mode but in a way that works.
The latest and greatest perl, 5.24.1.
AF_UNIX SOCK_RAW support (whatever that meant) was broken years ago. FreeBSD and NetBSD deleted it years ago and nothing uses it, so delete it.
Exciting arm64 fact: As far as we understood the architecture reference manual it should only need a data cache write-back to PoU (Point of Unification) to make changes to the pagetables visible. Interestingly enough, this does not seem to work on the AMD hardware. Instead we need to flush to PoC (Point of Coherence), which essentially means flush to memory.
Implement Dynamic Profiling, a ddb(4) based & gprof compatible kernel profiling framework, for i386. Code patching is used to enable probes when entering functions. The probes will call a mcount()-like function to match the behavior of a GPROF kernel.
enable per cpu caches on the mbuf pools. this didnt make sense previously since the mbuf pools had item limits that meant the cpus had to coordinate via a single counter to make sure the limit wasnt exceeded. mbufs are now limited by how much memory can be allocated for pages from the system. individual pool items are no longer counted and therefore do not have to be coordinated.