hubertf's NetBSD Blog
Send interesting links to hubert at feyrer dot de!
 
[20160521] Catching up: audio-mixing, arm, x86 and amd64 platform improvements and security
A few noteworthy things have happened in NetBSD land, and being lazy I will collect them in one blog posting. Here we go:
  • In-kernel audio mixing: So far, NetBSD's audio device can only be opened once. If more than one application wants to play sound, the first one wins. This is suboptimal if you want to (say) play some MP3s but also get some occasional noise from your webbrowser.

    Now, Nathanial Sloss has made a stab at this, providing several implementation choices. Challenges in the task are that sounds with different quality (sampling rate, mono/stereo etc.) need to be brought to one common quality before mixing and passing on to the actual audio hardware. Further fun is added by the delay this process adds. See the discussion on tech-kern for all the gory details!

  • Freescale i.MX7 support: Ryo Shimizu has committed support for the Freescale i.MX7 processor and the Atmark Techno Armadillo-IoT G3 board. according to his posting to port-arm (dmesg included), UART, Ethernet, USB, SDHC, RTC, GPIO, WDOG and MULTIPROCESSOR work. Interesting thing of the platform is that is has two Cortex-A7 cores and one Cortex-M4 core, the latter without MMU. Ideas on how to use the latter are welcome! :)

  • PIE binaries with PaX, ASLR+MPROTECT are now the default for i386. ASLR and MPROTECT can be turned off either globally or per-binary if any problems should arise. Be sure to document those exceptions in your risk management! :-)

    More information: PaX, PIE, ASLR, MPROTECT.

  • Platform improvements for i386 and amd64. For amd64, Maxime Villard writes:
     - I cleaned up the asm code and fixed several comments, which makes the
       boot process much easier to understand.
     - I fixed the alignment for the text segment, so that it can be covered by
       more large pages [1] - thereby reducing TLB contention.
     - I fixed a bug in the way the secondary CPUs are launched [2], which
       caused them to crash if they tried to access an X-less page.
     - I took rodata out of the text+rodata chunk, and put it in the data+bss+
       PRELOADED_MODULES+BOOTSTRAP_TABLES chunk [3]. rodata was no longer large
       page optimized, and had RWX permissions.
     - I retook rodata out of the rodata+data+bss+PRELOADED_MODULES+
       BOOTSTRAP_TABLES chunk, and made the kernel map it independently without
       the W permision [4].
     - I made the kernel map rodata without the X permission, by using the NOX
       bit on its pages [5] (now that the secondary CPUs could handle that
       properly).
     - I took the data+bss chunk out of the data+bss+PRELOADED_MODULES+
       BOOTSTRAP_TABLES chunk, and made the kernel map it independently without
       X permission [6].
     - I made the kernel remap rodata and data+bss with large pages and proper
       permissions [7] - which reduces once again TLB contention.
    
    See Maxime's posting to tech-kern for all the footnotes. Likewise, Maxime also tackled i386, and besides the changes from amd64, here is the list of changes from his email:
     - on non-PAE i386, NOX does not exist. Therefore the mappings all have an
       additional X permission. To benefit from X-less mappings, your CPU must
       support PAE, and your kernel must be GENERIC_PAE.
     - the segments are not large-page-aligned, which means that probably some
       parts of the segments are still mapped with normal pages. It is still more
       optimized than it used to be, but not as much as amd64 is.
    


[Tags: , , , , , , , , ]


[20160501] Bootstrap pkgsrc under 'bash on Windows'
Much bruha was made about Windows running Linux userland recently. Leaving out the fact that emulating other operating systems is something that NetBSD does for ages, there is one real challenge that every Linux user faces when he has set up his operating system: getting software installed easily. And of course there is only one truely portable answer to that question: use pkgsrc, of course!

The process is pretty much straight forward, and Ryo ONODERA has verified the prerequired Windows versions and Linux packages, and has sent instructions on how to bootstrap pkgsrc on Windows 10. Now who's the first one to post a screenshot with output of pkgsrc/misc/cowsay running "cowsay hello pkgsrc"? :-)

[Tags: , , , ]


[20160430] OpenHUB's NetBSD Project Statistics
This flew by on Twitter (thanks ajcc @6LR61!), and I think it's neat so I point to it here: BlackDuck's OpenHUB has a number of NetBSD project statistics, generated automatically. Statis include activity and vulnerability reports, languages, lines-of-code statistics (with comment and blank lines), 30 day and 12 month activity reports with commit and contributor numbers, number of contributers per month since 1993 and more. In a nutshell, NetBSD consists of 5902 years of effort. Have a look!

[Tags: ]


[20160424] NetBSD and Google's Summer of Code 2016: Projects announced
This year, NetBSD is part of Google's Summer of Code again, and the students that will work on NetBSD projects and what their project proposals this year are have been announced: Have a look at the links to learn more about the students and the projects. To all the students - welcome to NetBSD! :-)

[Tags: ]


[20160422] Two more NetBSD Security Advisories: compatibility layers, Bozohttpd
Two more security advisories have been released:

[Tags: , , ]


[20160416] NetBSD Security Advisories: ntp, libXfont, calendar
NetBSD has released a number of security advisories:
  • 2016-001: Multiple vulnerabilities in ntp daemon
  • 2016-002: BDF file parsing issues in libXfont
  • 2016-003: Privilege escalation in calendar(1)
See the advisories for more information on NetBSD releases that are and are not affected, the severity of the vulnerability as well as the date by which which NetBSD release branch was fixed.

The advisories also contain an abstract of the problem as well as in-depth technicals with solutions and workarounds. Go and have a look!

[Tags: , , ]


[20160213] Article: The Complexity of Doing Things Right in Distributed Board Elections
David Maxwell has volunteered to guide the election process of the NetBSD Foundation's Board of Directors for the upcoming election. In this article on LinkedIn David writes about the challenges of voting in a distributed project, and how they are adressed in the early stages of the voting process: ``A secure voting process shares a lot in common with cryptography. The creators have to understand the inputs, the quality of the randomness supplied, and the transformations applied to the data. The designer also needs to understand the properties which are meant to be guaranteed by the process, such as transparency and individual confirmation of the entire process in this case.''

Read the full article for more information.

[Tags: , ]


[20160213] Using GPIO on the Raspberry Pi
Marina Brown asked on port-arm how to get GPIO ports going with NetBSD on the Raspberry Pi, has collected the answers and posted the link to the document to the list.

In short, the key is to enable GPIO ports during boot when the system has not raised the securelevel yet.

[Tags: , ]


[20160213] NetBSD on Google's Compute Engine (Update #1)
Benny Siegert posted to Twitter that he got NetBSD going on Google Compute Engine. Similar to Amazon's AWS, Google Compute Engine, according to their website, ``lets you create and run virtual machines on Google infrastructure. Compute Engine offers scale, performance, and value that allows you to easily launch large compute clusters on Google's infrastructure. There are no upfront investments and you can run thousands of virtual CPUs on a system that has been designed to be fast, and to offer strong consistency of performance.''

For more information, see dmesg output.

Update: Twitter link fixed

[Tags: , , , ]


[20160131] NetBSD on KVM
KVM is one of many hypervisors that can run NetBSD. In the past the combination did have some issues, but this was fixed after the NetBSD 7 release now, and NetBSD works on KVM. See Emile 'iMil' Heitor's blog posting about more details on the fix and how to start things.

[Tags: , ]


More recent 10 entriesPrevious 10 entries
Disclaimer: All opinion expressed here is purely my own. No responsibility is taken for anything.

Access count: 34980137
Copyright (c) Hubert Feyrer