Module Name: src
Committed By: sevan
Date: Fri Apr 26 21:40:33 UTC 2019
Modified Files:
src/sys/arch/acorn32/conf: GENERIC
src/sys/arch/alpha/conf: GENERIC
src/sys/arch/amd64/conf: GENERIC
src/sys/arch/amiga/conf: GENERIC
src/sys/arch/amigappc/conf: GENERIC
src/sys/arch/arc/conf: GENERIC
src/sys/arch/bebox/conf: GENERIC
src/sys/arch/cats/conf: GENERIC
src/sys/arch/cesfic/conf: GENERIC
src/sys/arch/cobalt/conf: GENERIC
src/sys/arch/evbarm/conf: GENERIC.common
src/sys/arch/evbmips/conf: ADM5120 ADM5120-NB ADM5120-USB ALCHEMY AP30
CI20 CPMBR1400 DB120 ERLITE GDIUM LOONGSON MALTA MERAKI RB153
RB433UAH SBMIPS XLSATX ZYXELKX
src/sys/arch/evbppc/conf: EV64260 EXPLORA451 MPC8536DS MPC8548CDS
OPENBLOCKS200 OPENBLOCKS266 OPENBLOCKS600 P2020DS P2020RDB PMPPC
RB800 RB850GX2 TWRP1025
src/sys/arch/evbsh3/conf: AP_MS104_SH4 T_SH7706LAN T_SH7706LSR
src/sys/arch/ews4800mips/conf: GENERIC
src/sys/arch/hp300/conf: GENERIC
src/sys/arch/hpcarm/conf: IPAQ JORNADA720 WZERO3
src/sys/arch/hpcmips/conf: GENERIC
src/sys/arch/hpcsh/conf: GENERIC
src/sys/arch/hppa/conf: GENERIC
src/sys/arch/i386/conf: GENERIC
src/sys/arch/ibmnws/conf: GENERIC
src/sys/arch/iyonix/conf: GENERIC
src/sys/arch/landisk/conf: GENERIC
src/sys/arch/mac68k/conf: GENERIC
src/sys/arch/macppc/conf: GENERIC
src/sys/arch/mipsco/conf: GENERIC
src/sys/arch/mmeye/conf: GENERIC
src/sys/arch/netwinder/conf: GENERIC
src/sys/arch/news68k/conf: GENERIC
src/sys/arch/newsmips/conf: GENERIC
src/sys/arch/next68k/conf: GENERIC
src/sys/arch/ofppc/conf: GENERIC
src/sys/arch/pmax/conf: GENERIC
src/sys/arch/prep/conf: GENERIC
src/sys/arch/rs6000/conf: GENERIC
src/sys/arch/sandpoint/conf: GENERIC
src/sys/arch/sbmips/conf: GENERIC
src/sys/arch/sgimips/conf: GENERIC32_IP12 GENERIC32_IP2x GENERIC32_IP3x
src/sys/arch/shark/conf: GENERIC
src/sys/arch/sparc/conf: GENERIC
src/sys/arch/sparc64/conf: GENERIC
src/sys/arch/vax/conf: GENERIC
Log Message:
Enable BUFQ_PRIOCSCAN, CARP, Veriexec by default in GENERIC kernel configs.
On ports without a GENERIC kernel config enable in individul files, e.g evbmips.
Omit on:
atari, dreamcast, emips, epoc32, evbppc/VIRTEX*, ia64, luna68x, mvme68k,
mvmeppc, playstation2, riscv, sun2, sun3, x68k, zaurus due to resource
constraints or port infancy.
To generate a diff of this commit:
cvs rdiff -u -r1.128 -r1.129 src/sys/arch/acorn32/conf/GENERIC
cvs rdiff -u -r1.393 -r1.394 src/sys/arch/alpha/conf/GENERIC
cvs rdiff -u -r1.525 -r1.526 src/sys/arch/amd64/conf/GENERIC
cvs rdiff -u -r1.323 -r1.324 src/sys/arch/amiga/conf/GENERIC
cvs rdiff -u -r1.36 -r1.37 src/sys/arch/amigappc/conf/GENERIC
cvs rdiff -u -r1.192 -r1.193 src/sys/arch/arc/conf/GENERIC
cvs rdiff -u -r1.159 -r1.160 src/sys/arch/bebox/conf/GENERIC
cvs rdiff -u -r1.172 -r1.173 src/sys/arch/cats/conf/GENERIC
cvs rdiff -u -r1.71 -r1.72 src/sys/arch/cesfic/conf/GENERIC
cvs rdiff -u -r1.161 -r1.162 src/sys/arch/cobalt/conf/GENERIC
cvs rdiff -u -r1.32 -r1.33 src/sys/arch/evbarm/conf/GENERIC.common
cvs rdiff -u -r1.27 -r1.28 src/sys/arch/evbmips/conf/ADM5120 \
src/sys/arch/evbmips/conf/ADM5120-USB src/sys/arch/evbmips/conf/CI20
cvs rdiff -u -r1.25 -r1.26 src/sys/arch/evbmips/conf/ADM5120-NB
cvs rdiff -u -r1.66 -r1.67 src/sys/arch/evbmips/conf/ALCHEMY
cvs rdiff -u -r1.38 -r1.39 src/sys/arch/evbmips/conf/AP30
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/evbmips/conf/CPMBR1400
cvs rdiff -u -r1.21 -r1.22 src/sys/arch/evbmips/conf/DB120
cvs rdiff -u -r1.22 -r1.23 src/sys/arch/evbmips/conf/ERLITE \
src/sys/arch/evbmips/conf/RB153
cvs rdiff -u -r1.35 -r1.36 src/sys/arch/evbmips/conf/GDIUM
cvs rdiff -u -r1.41 -r1.42 src/sys/arch/evbmips/conf/LOONGSON
cvs rdiff -u -r1.95 -r1.96 src/sys/arch/evbmips/conf/MALTA
cvs rdiff -u -r1.32 -r1.33 src/sys/arch/evbmips/conf/MERAKI
cvs rdiff -u -r1.18 -r1.19 src/sys/arch/evbmips/conf/RB433UAH
cvs rdiff -u -r1.8 -r1.9 src/sys/arch/evbmips/conf/SBMIPS
cvs rdiff -u -r1.28 -r1.29 src/sys/arch/evbmips/conf/XLSATX
cvs rdiff -u -r1.15 -r1.16 src/sys/arch/evbmips/conf/ZYXELKX
cvs rdiff -u -r1.72 -r1.73 src/sys/arch/evbppc/conf/EV64260
cvs rdiff -u -r1.63 -r1.64 src/sys/arch/evbppc/conf/EXPLORA451
cvs rdiff -u -r1.27 -r1.28 src/sys/arch/evbppc/conf/MPC8536DS
cvs rdiff -u -r1.26 -r1.27 src/sys/arch/evbppc/conf/MPC8548CDS \
src/sys/arch/evbppc/conf/OPENBLOCKS600 src/sys/arch/evbppc/conf/TWRP1025
cvs rdiff -u -r1.47 -r1.48 src/sys/arch/evbppc/conf/OPENBLOCKS200
cvs rdiff -u -r1.74 -r1.75 src/sys/arch/evbppc/conf/OPENBLOCKS266
cvs rdiff -u -r1.30 -r1.31 src/sys/arch/evbppc/conf/P2020DS \
src/sys/arch/evbppc/conf/P2020RDB
cvs rdiff -u -r1.49 -r1.50 src/sys/arch/evbppc/conf/PMPPC
cvs rdiff -u -r1.36 -r1.37 src/sys/arch/evbppc/conf/RB800
cvs rdiff -u -r1.5 -r1.6 src/sys/arch/evbppc/conf/RB850GX2
cvs rdiff -u -r1.11 -r1.12 src/sys/arch/evbsh3/conf/AP_MS104_SH4
cvs rdiff -u -r1.14 -r1.15 src/sys/arch/evbsh3/conf/T_SH7706LAN
cvs rdiff -u -r1.16 -r1.17 src/sys/arch/evbsh3/conf/T_SH7706LSR
cvs rdiff -u -r1.57 -r1.58 src/sys/arch/ews4800mips/conf/GENERIC
cvs rdiff -u -r1.202 -r1.203 src/sys/arch/hp300/conf/GENERIC
cvs rdiff -u -r1.81 -r1.82 src/sys/arch/hpcarm/conf/IPAQ
cvs rdiff -u -r1.102 -r1.103 src/sys/arch/hpcarm/conf/JORNADA720
cvs rdiff -u -r1.48 -r1.49 src/sys/arch/hpcarm/conf/WZERO3
cvs rdiff -u -r1.239 -r1.240 src/sys/arch/hpcmips/conf/GENERIC
cvs rdiff -u -r1.111 -r1.112 src/sys/arch/hpcsh/conf/GENERIC
cvs rdiff -u -r1.26 -r1.27 src/sys/arch/hppa/conf/GENERIC
cvs rdiff -u -r1.1204 -r1.1205 src/sys/arch/i386/conf/GENERIC
cvs rdiff -u -r1.53 -r1.54 src/sys/arch/ibmnws/conf/GENERIC
cvs rdiff -u -r1.106 -r1.107 src/sys/arch/iyonix/conf/GENERIC
cvs rdiff -u -r1.62 -r1.63 src/sys/arch/landisk/conf/GENERIC
cvs rdiff -u -r1.227 -r1.228 src/sys/arch/mac68k/conf/GENERIC
cvs rdiff -u -r1.353 -r1.354 src/sys/arch/macppc/conf/GENERIC
cvs rdiff -u -r1.93 -r1.94 src/sys/arch/mipsco/conf/GENERIC
cvs rdiff -u -r1.125 -r1.126 src/sys/arch/mmeye/conf/GENERIC
cvs rdiff -u -r1.136 -r1.137 src/sys/arch/netwinder/conf/GENERIC
cvs rdiff -u -r1.132 -r1.133 src/sys/arch/news68k/conf/GENERIC
cvs rdiff -u -r1.136 -r1.137 src/sys/arch/newsmips/conf/GENERIC
cvs rdiff -u -r1.147 -r1.148 src/sys/arch/next68k/conf/GENERIC
cvs rdiff -u -r1.169 -r1.170 src/sys/arch/ofppc/conf/GENERIC
cvs rdiff -u -r1.198 -r1.199 src/sys/arch/pmax/conf/GENERIC
cvs rdiff -u -r1.188 -r1.189 src/sys/arch/prep/conf/GENERIC
cvs rdiff -u -r1.40 -r1.41 src/sys/arch/rs6000/conf/GENERIC
cvs rdiff -u -r1.101 -r1.102 src/sys/arch/sandpoint/conf/GENERIC
cvs rdiff -u -r1.107 -r1.108 src/sys/arch/sbmips/conf/GENERIC
cvs rdiff -u -r1.34 -r1.35 src/sys/arch/sgimips/conf/GENERIC32_IP12
cvs rdiff -u -r1.115 -r1.116 src/sys/arch/sgimips/conf/GENERIC32_IP2x
cvs rdiff -u -r1.124 -r1.125 src/sys/arch/sgimips/conf/GENERIC32_IP3x
cvs rdiff -u -r1.132 -r1.133 src/sys/arch/shark/conf/GENERIC
cvs rdiff -u -r1.265 -r1.266 src/sys/arch/sparc/conf/GENERIC
cvs rdiff -u -r1.214 -r1.215 src/sys/arch/sparc64/conf/GENERIC
cvs rdiff -u -r1.209 -r1.210 src/sys/arch/vax/conf/GENERIC
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/arch/acorn32/conf/GENERIC
diff -u src/sys/arch/acorn32/conf/GENERIC:1.128 src/sys/arch/acorn32/conf/GENERIC:1.129
--- src/sys/arch/acorn32/conf/GENERIC:1.128 Sat Apr 13 08:22:58 2019
+++ src/sys/arch/acorn32/conf/GENERIC Fri Apr 26 21:40:28 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.128 2019/04/13 08:22:58 isaki Exp $
+# $NetBSD: GENERIC,v 1.129 2019/04/26 21:40:28 sevan Exp $
#
# GENERIC --- NetBSD/acorn32 complete configuration
#
@@ -22,7 +22,7 @@ include "arch/acorn32/conf/std.acorn32"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.128 $"
+#ident "GENERIC-$Revision: 1.129 $"
# estimated number of users
maxusers 32
@@ -131,7 +131,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Development and Debugging options
@@ -285,7 +285,7 @@ ne* at podulebus? # NE2000 clone cards
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device sl # CSLIP
pseudo-device ppp # PPP
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -328,18 +328,7 @@ pseudo-device putter # for puffs and p
pseudo-device accf_data # "dataready" accept filter
pseudo-device accf_http # "httpready" accept filter
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
# If the standard modes don't work for your monitor, you can specify
# a RISC-OS-format monitor definition file and a list of modes here.
Index: src/sys/arch/alpha/conf/GENERIC
diff -u src/sys/arch/alpha/conf/GENERIC:1.393 src/sys/arch/alpha/conf/GENERIC:1.394
--- src/sys/arch/alpha/conf/GENERIC:1.393 Sat Apr 13 08:22:58 2019
+++ src/sys/arch/alpha/conf/GENERIC Fri Apr 26 21:40:28 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.393 2019/04/13 08:22:58 isaki Exp $
+# $NetBSD: GENERIC,v 1.394 2019/04/26 21:40:28 sevan Exp $
#
# This machine description file is used to generate the default NetBSD
# kernel.
@@ -19,7 +19,7 @@ include "arch/alpha/conf/std.alpha"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "GENERIC-$Revision: 1.393 $"
+ident "GENERIC-$Revision: 1.394 $"
maxusers 32
@@ -51,7 +51,7 @@ options NTP # kernel PLL for NTP
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # Cheap kernel consistency checks
@@ -707,7 +707,7 @@ pseudo-device crypto # /dev/crypto de
pseudo-device swcrypto # software crypto implementation
pseudo-device bpfilter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device ccd
pseudo-device cgd # cryptographic disk devices
pseudo-device raid # RAIDframe disk driver
@@ -757,21 +757,7 @@ pseudo-device bcsp # BlueCore Serial P
pseudo-device btuart # Bluetooth HCI UART (H4)
pseudo-device putter # for puffs and pud
-#options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
options PAX_ASLR=0 # PaX Address Space Layout Randomization
Index: src/sys/arch/amd64/conf/GENERIC
diff -u src/sys/arch/amd64/conf/GENERIC:1.525 src/sys/arch/amd64/conf/GENERIC:1.526
--- src/sys/arch/amd64/conf/GENERIC:1.525 Thu Apr 25 03:53:11 2019
+++ src/sys/arch/amd64/conf/GENERIC Fri Apr 26 21:40:28 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.525 2019/04/25 03:53:11 msaitoh Exp $
+# $NetBSD: GENERIC,v 1.526 2019/04/26 21:40:28 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.525 $"
+#ident "GENERIC-$Revision: 1.526 $"
maxusers 64 # estimated number of users
@@ -1133,7 +1133,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device mpls # MPLS pseudo-interface
pseudo-device ppp # Point-to-Point Protocol
@@ -1196,21 +1196,7 @@ pseudo-device pad
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-options FILEASSOC # fileassoc(9) - needed by Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
options PAX_MPROTECT=1 # PaX mprotect(2) restrictions
Index: src/sys/arch/amiga/conf/GENERIC
diff -u src/sys/arch/amiga/conf/GENERIC:1.323 src/sys/arch/amiga/conf/GENERIC:1.324
--- src/sys/arch/amiga/conf/GENERIC:1.323 Sat Apr 13 08:26:14 2019
+++ src/sys/arch/amiga/conf/GENERIC Fri Apr 26 21:40:28 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.323 2019/04/13 08:26:14 isaki Exp $
+# $NetBSD: GENERIC,v 1.324 2019/04/26 21:40:28 sevan Exp $
#
# This file was automatically created.
# Changes will be lost when make is run in this directory.
@@ -29,7 +29,7 @@ include "arch/amiga/conf/std.amiga"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.323 $"
+#ident "GENERIC-$Revision: 1.324 $"
makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk
@@ -164,7 +164,7 @@ options NTP # NTP phase/frequency lock
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
#
# Misc. debugging options
@@ -552,7 +552,7 @@ pseudo-device tun # network tunnel lin
pseudo-device tap # virtual Ethernet
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
#pseudo-device faith # IPv[46] tcp relay translation i/f
@@ -594,17 +594,6 @@ pseudo-device nsmb # experimental - SM
pseudo-device bcsp # BlueCore Serial Protocol
pseudo-device btuart # Bluetooth HCI UART (H4)
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
config netbsd root on ? type ?
Index: src/sys/arch/amigappc/conf/GENERIC
diff -u src/sys/arch/amigappc/conf/GENERIC:1.36 src/sys/arch/amigappc/conf/GENERIC:1.37
--- src/sys/arch/amigappc/conf/GENERIC:1.36 Sat Apr 13 08:22:58 2019
+++ src/sys/arch/amigappc/conf/GENERIC Fri Apr 26 21:40:28 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.36 2019/04/13 08:22:58 isaki Exp $
+# $NetBSD: GENERIC,v 1.37 2019/04/26 21:40:28 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/amigappc/conf/std.amigappc
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.36 $"
+#ident "GENERIC-$Revision: 1.37 $"
maxusers 8
@@ -58,7 +58,7 @@ options SYSVSEM # System V-like semaph
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
#
# Diagnostic/debugging support options
@@ -392,7 +392,7 @@ pseudo-device tun # network tunnel lin
pseudo-device tap # virtual Ethernet
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
#pseudo-device faith # IPv[46] tcp relay translation i/f
@@ -431,18 +431,7 @@ options RAID_AUTOCONFIG # auto-configu
pseudo-device ksyms # /dev/ksyms (kernel symbols)
pseudo-device nsmb # experimental - SMB requester
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
# Kernel root file system and dump configuration
config netbsd root on ? type ?
Index: src/sys/arch/arc/conf/GENERIC
diff -u src/sys/arch/arc/conf/GENERIC:1.192 src/sys/arch/arc/conf/GENERIC:1.193
--- src/sys/arch/arc/conf/GENERIC:1.192 Wed Dec 12 06:29:36 2018
+++ src/sys/arch/arc/conf/GENERIC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.192 2018/12/12 06:29:36 maxv Exp $
+# $NetBSD: GENERIC,v 1.193 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/arc/conf/std.arc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.192 $"
+#ident "GENERIC-$Revision: 1.193 $"
maxusers 32 # estimated number of users
@@ -60,7 +60,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -445,7 +445,7 @@ pseudo-device putter # for puffs and p
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -482,15 +482,4 @@ pseudo-device clockctl # user control o
#pseudo-device wsmux
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/bebox/conf/GENERIC
diff -u src/sys/arch/bebox/conf/GENERIC:1.159 src/sys/arch/bebox/conf/GENERIC:1.160
--- src/sys/arch/bebox/conf/GENERIC:1.159 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/bebox/conf/GENERIC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.159 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: GENERIC,v 1.160 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/bebox/conf/std.bebox"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.159 $"
+#ident "GENERIC-$Revision: 1.160 $"
maxusers 32
@@ -44,7 +44,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -272,7 +272,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -324,22 +324,7 @@ pseudo-device wsfont
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-#options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
#options PAX_ASLR=0 # PaX Address Space Layout Randomization
Index: src/sys/arch/cats/conf/GENERIC
diff -u src/sys/arch/cats/conf/GENERIC:1.172 src/sys/arch/cats/conf/GENERIC:1.173
--- src/sys/arch/cats/conf/GENERIC:1.172 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/cats/conf/GENERIC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.172 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: GENERIC,v 1.173 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC machine description file
#
@@ -40,7 +40,7 @@ options NTP # NTP phase/frequency lock
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# CPU options
@@ -536,7 +536,7 @@ pseudo-device putter # for puffs and p
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -574,15 +574,4 @@ pseudo-device wsmux
pseudo-device wsfont
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/cesfic/conf/GENERIC
diff -u src/sys/arch/cesfic/conf/GENERIC:1.71 src/sys/arch/cesfic/conf/GENERIC:1.72
--- src/sys/arch/cesfic/conf/GENERIC:1.71 Thu Mar 14 16:59:09 2019
+++ src/sys/arch/cesfic/conf/GENERIC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.71 2019/03/14 16:59:09 thorpej Exp $
+# $NetBSD: GENERIC,v 1.72 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC machine description file
#
@@ -39,7 +39,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
include "conf/compat_netbsd09.config"
@@ -121,7 +121,7 @@ pseudo-device pty # pseudo ptys
#pseudo-device ppp # PPP network interfaces
#pseudo-device pppoe # PPP over Ethernet (RFC 2516)
#pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device bridge # simple inter-network bridging
#options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too
#pseudo-device vnd # vnode pseudo-disks
@@ -133,15 +133,4 @@ pseudo-device loop # loopback network
pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/cobalt/conf/GENERIC
diff -u src/sys/arch/cobalt/conf/GENERIC:1.161 src/sys/arch/cobalt/conf/GENERIC:1.162
--- src/sys/arch/cobalt/conf/GENERIC:1.161 Wed Dec 12 06:29:36 2018
+++ src/sys/arch/cobalt/conf/GENERIC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.161 2018/12/12 06:29:36 maxv Exp $
+# $NetBSD: GENERIC,v 1.162 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/cobalt/conf/std.cobalt"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.161 $"
+#ident "GENERIC-$Revision: 1.162 $"
maxusers 32
@@ -39,7 +39,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Debugging options
options DIAGNOSTIC # extra kernel sanity checking
@@ -311,7 +311,7 @@ pseudo-device vnd # disk-like interfa
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -349,15 +349,4 @@ pseudo-device nsmb # experimental - S
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/evbarm/conf/GENERIC.common
diff -u src/sys/arch/evbarm/conf/GENERIC.common:1.32 src/sys/arch/evbarm/conf/GENERIC.common:1.33
--- src/sys/arch/evbarm/conf/GENERIC.common:1.32 Wed Dec 26 19:54:09 2018
+++ src/sys/arch/evbarm/conf/GENERIC.common Fri Apr 26 21:40:29 2019
@@ -1,5 +1,5 @@
#
-# $NetBSD: GENERIC.common,v 1.32 2018/12/26 19:54:09 skrll Exp $
+# $NetBSD: GENERIC.common,v 1.33 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC evbarm kernel config (template)
#
@@ -133,6 +133,7 @@ pseudo-device drvctl # driver control
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
pseudo-device bridge # simple inter-network bridging
pseudo-device vlan # IEEE 802.1q encapsulation
@@ -152,21 +153,7 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device lockstat # lock profiling
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
Index: src/sys/arch/evbmips/conf/ADM5120
diff -u src/sys/arch/evbmips/conf/ADM5120:1.27 src/sys/arch/evbmips/conf/ADM5120:1.28
--- src/sys/arch/evbmips/conf/ADM5120:1.27 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/ADM5120 Fri Apr 26 21:40:29 2019
@@ -1,11 +1,11 @@
-# $NetBSD: ADM5120,v 1.27 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: ADM5120,v 1.28 2019/04/26 21:40:29 sevan Exp $
#
# Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500,
# DBAu1000 and DBAu1500 evaluation boards.
include "arch/evbmips/conf/std.adm5120"
-#ident "GENERIC-$Revision: 1.27 $"
+#ident "GENERIC-$Revision: 1.28 $"
maxusers 32
@@ -109,6 +109,7 @@ cpu0 at mainbus?
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -133,3 +134,5 @@ uart* at obio? addr ?
admsw* at obio? addr ?
#admflash* at obio? addr ?
#options VND_COMPRESSION
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/ADM5120-USB
diff -u src/sys/arch/evbmips/conf/ADM5120-USB:1.27 src/sys/arch/evbmips/conf/ADM5120-USB:1.28
--- src/sys/arch/evbmips/conf/ADM5120-USB:1.27 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/ADM5120-USB Fri Apr 26 21:40:29 2019
@@ -1,11 +1,11 @@
-# $NetBSD: ADM5120-USB,v 1.27 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: ADM5120-USB,v 1.28 2019/04/26 21:40:29 sevan Exp $
#
# Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500,
# DBAu1000 and DBAu1500 evaluation boards.
include "arch/evbmips/conf/std.adm5120"
-#ident "GENERIC-$Revision: 1.27 $"
+#ident "GENERIC-$Revision: 1.28 $"
maxusers 32
@@ -109,6 +109,7 @@ cpu0 at mainbus?
# Network pseudo-devices
#pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -151,3 +152,4 @@ options MSGBUFSIZE=65536
scsibus* at scsi?
sd* at scsibus? target ? lun ? # SCSI disk drives
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/CI20
diff -u src/sys/arch/evbmips/conf/CI20:1.27 src/sys/arch/evbmips/conf/CI20:1.28
--- src/sys/arch/evbmips/conf/CI20:1.27 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/CI20 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CI20,v 1.27 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: CI20,v 1.28 2019/04/26 21:40:29 sevan Exp $
#
# MIPS Creator CI20
#
@@ -7,7 +7,7 @@ include "arch/evbmips/conf/std.ingenic"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "CI20-$Revision: 1.27 $"
+#ident "CI20-$Revision: 1.28 $"
maxusers 32
@@ -247,6 +247,7 @@ jzrng0 at apbus0
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -270,6 +271,7 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+include "dev/veriexec.config"
cinclude "arch/evbmips/conf/CI20.local"
Index: src/sys/arch/evbmips/conf/ADM5120-NB
diff -u src/sys/arch/evbmips/conf/ADM5120-NB:1.25 src/sys/arch/evbmips/conf/ADM5120-NB:1.26
--- src/sys/arch/evbmips/conf/ADM5120-NB:1.25 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/ADM5120-NB Fri Apr 26 21:40:29 2019
@@ -1,11 +1,11 @@
-# $NetBSD: ADM5120-NB,v 1.25 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: ADM5120-NB,v 1.26 2019/04/26 21:40:29 sevan Exp $
#
# Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500,
# DBAu1000 and DBAu1500 evaluation boards.
include "arch/evbmips/conf/std.adm5120"
-#ident "GENERIC-$Revision: 1.25 $"
+#ident "GENERIC-$Revision: 1.26 $"
maxusers 32
@@ -133,6 +133,7 @@ cpu0 at mainbus?
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -158,3 +159,5 @@ uart* at obio? addr ?
admsw* at obio? addr ?
#admflash* at obio? addr ?
#options VND_COMPRESSION
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/ALCHEMY
diff -u src/sys/arch/evbmips/conf/ALCHEMY:1.66 src/sys/arch/evbmips/conf/ALCHEMY:1.67
--- src/sys/arch/evbmips/conf/ALCHEMY:1.66 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/evbmips/conf/ALCHEMY Fri Apr 26 21:40:29 2019
@@ -1,11 +1,11 @@
-# $NetBSD: ALCHEMY,v 1.66 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: ALCHEMY,v 1.67 2019/04/26 21:40:29 sevan Exp $
#
# Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500,
# DBAu1000 and DBAu1500 evaluation boards.
include "arch/evbmips/conf/std.alchemy"
-#ident "ALCHEMY-$Revision: 1.66 $"
+#ident "ALCHEMY-$Revision: 1.67 $"
maxusers 32
@@ -232,6 +232,7 @@ pseudo-device vnd # disk-like interfa
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -256,3 +257,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/AP30
diff -u src/sys/arch/evbmips/conf/AP30:1.38 src/sys/arch/evbmips/conf/AP30:1.39
--- src/sys/arch/evbmips/conf/AP30:1.38 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/AP30 Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: AP30,v 1.38 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: AP30,v 1.39 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.atheros"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "AP30-$Revision: 1.38 $"
+#ident "AP30-$Revision: 1.39 $"
maxusers 32
@@ -165,6 +165,7 @@ ukphy* at mii? phy ? # generic unknown
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -187,3 +188,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/CPMBR1400
diff -u src/sys/arch/evbmips/conf/CPMBR1400:1.30 src/sys/arch/evbmips/conf/CPMBR1400:1.31
--- src/sys/arch/evbmips/conf/CPMBR1400:1.30 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/CPMBR1400 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: CPMBR1400,v 1.30 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: CPMBR1400,v 1.31 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.rasoc"
@@ -221,6 +221,7 @@ ukphy* at mii? phy ? # generic unknown
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device bridge # simple inter-network bridging
pseudo-device loop # network loopback
pseudo-device tap # virtual Ethernet
@@ -232,3 +233,5 @@ pseudo-device vlan # 802.1q
pseudo-device pty # pseudo-terminals
pseudo-device clockctl # /dev/clockctl - user control of clock subsystem
pseudo-device ksyms # /dev/ksyms - kernel symbols
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/DB120
diff -u src/sys/arch/evbmips/conf/DB120:1.21 src/sys/arch/evbmips/conf/DB120:1.22
--- src/sys/arch/evbmips/conf/DB120:1.21 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/DB120 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: DB120,v 1.21 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: DB120,v 1.22 2019/04/26 21:40:29 sevan Exp $
#
# Qualcomm Atheros AR9344 DB120 evaluation board.
#
@@ -7,7 +7,7 @@ include "arch/evbmips/conf/std.atheros"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "DB120-$Revision: 1.21 $"
+#ident "DB120-$Revision: 1.22 $"
maxusers 32
@@ -185,6 +185,7 @@ sd* at scsibus? target ? lun ?
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -207,3 +208,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/ERLITE
diff -u src/sys/arch/evbmips/conf/ERLITE:1.22 src/sys/arch/evbmips/conf/ERLITE:1.23
--- src/sys/arch/evbmips/conf/ERLITE:1.22 Wed Apr 10 15:19:09 2019
+++ src/sys/arch/evbmips/conf/ERLITE Fri Apr 26 21:40:29 2019
@@ -1,11 +1,11 @@
-# $NetBSD: ERLITE,v 1.22 2019/04/10 15:19:09 roy Exp $
+# $NetBSD: ERLITE,v 1.23 2019/04/26 21:40:29 sevan Exp $
include "arch/mips/conf/std.octeon"
include "arch/evbmips/conf/files.octeon"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "ERLITE-$Revision: 1.22 $"
+#ident "ERLITE-$Revision: 1.23 $"
maxusers 32
@@ -149,6 +149,7 @@ ukphy* at mii? phy ? # generic unknown
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -174,5 +175,7 @@ pseudo-device drvctl # driver control
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+include "dev/veriexec.config"
+
cinclude "arch/evbmips/conf/ERLITE.local"
Index: src/sys/arch/evbmips/conf/RB153
diff -u src/sys/arch/evbmips/conf/RB153:1.22 src/sys/arch/evbmips/conf/RB153:1.23
--- src/sys/arch/evbmips/conf/RB153:1.22 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/RB153 Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: RB153,v 1.22 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: RB153,v 1.23 2019/04/26 21:40:29 sevan Exp $
#
# Example kernel config for the RouterBOARD 153.
include "arch/evbmips/conf/std.adm5120"
-#ident "RB153-$Revision: 1.22 $"
+#ident "RB153-$Revision: 1.23 $"
maxusers 32
@@ -105,6 +105,7 @@ cpu0 at mainbus?
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -159,3 +160,5 @@ options IPSELSRC
#options WDC_EXTIO_DEBUG
#options EXTIO_DEBUG
#options ATADEBUG
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/GDIUM
diff -u src/sys/arch/evbmips/conf/GDIUM:1.35 src/sys/arch/evbmips/conf/GDIUM:1.36
--- src/sys/arch/evbmips/conf/GDIUM:1.35 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/GDIUM Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GDIUM,v 1.35 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: GDIUM,v 1.36 2019/04/26 21:40:29 sevan Exp $
#
# GDIUM machine description file
#
@@ -22,7 +22,7 @@ include "arch/evbmips/conf/std.gdium"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GDIUM-$Revision: 1.35 $"
+#ident "GDIUM-$Revision: 1.36 $"
maxusers 16
@@ -227,7 +227,7 @@ pseudo-device ppp # serial-line IP por
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device pty # pseudo-terminals
pseudo-device bpfilter # packet filter ports
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device vnd # virtual disk ick
@@ -265,15 +265,4 @@ pseudo-device bridge
pseudo-device agr # IEEE 802.3ad link aggregation
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/LOONGSON
diff -u src/sys/arch/evbmips/conf/LOONGSON:1.41 src/sys/arch/evbmips/conf/LOONGSON:1.42
--- src/sys/arch/evbmips/conf/LOONGSON:1.41 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/LOONGSON Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: LOONGSON,v 1.41 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: LOONGSON,v 1.42 2019/04/26 21:40:29 sevan Exp $
#
# LOONGSON machine description file
#
@@ -22,7 +22,7 @@ include "arch/evbmips/conf/std.loongson
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "LOONGSON-$Revision: 1.41 $"
+#ident "LOONGSON-$Revision: 1.42 $"
maxusers 16
@@ -262,7 +262,7 @@ pseudo-device ppp # serial-line IP por
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device pty # pseudo-terminals
pseudo-device bpfilter # packet filter ports
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device vnd # virtual disk ick
@@ -302,15 +302,4 @@ pseudo-device agr # IEEE 802.3ad link
pseudo-device ksyms # /dev/ksyms
pseudo-device drvctl # driver control
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/MALTA
diff -u src/sys/arch/evbmips/conf/MALTA:1.95 src/sys/arch/evbmips/conf/MALTA:1.96
--- src/sys/arch/evbmips/conf/MALTA:1.95 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/evbmips/conf/MALTA Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: MALTA,v 1.95 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: MALTA,v 1.96 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.malta"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "MALTA-$Revision: 1.95 $"
+#ident "MALTA-$Revision: 1.96 $"
maxusers 32
@@ -296,6 +296,7 @@ pseudo-device vnd # disk-like interfa
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
pseudo-device npf # NPF packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -319,3 +320,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/MERAKI
diff -u src/sys/arch/evbmips/conf/MERAKI:1.32 src/sys/arch/evbmips/conf/MERAKI:1.33
--- src/sys/arch/evbmips/conf/MERAKI:1.32 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/MERAKI Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: MERAKI,v 1.32 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: MERAKI,v 1.33 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.meraki"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "MERAKI-$Revision: 1.32 $"
+#ident "MERAKI-$Revision: 1.33 $"
maxusers 32
@@ -172,6 +172,7 @@ ukphy* at mii? phy ? # generic unknown
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -194,3 +195,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/RB433UAH
diff -u src/sys/arch/evbmips/conf/RB433UAH:1.18 src/sys/arch/evbmips/conf/RB433UAH:1.19
--- src/sys/arch/evbmips/conf/RB433UAH:1.18 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/RB433UAH Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: RB433UAH,v 1.18 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: RB433UAH,v 1.19 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.atheros"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "RB433UAH-$Revision: 1.18 $"
+#ident "RB433UAH-$Revision: 1.19 $"
maxusers 32
@@ -175,6 +175,7 @@ sd* at scsibus? target ? lun ?
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -197,3 +198,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/SBMIPS
diff -u src/sys/arch/evbmips/conf/SBMIPS:1.8 src/sys/arch/evbmips/conf/SBMIPS:1.9
--- src/sys/arch/evbmips/conf/SBMIPS:1.8 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/SBMIPS Fri Apr 26 21:40:29 2019
@@ -1,10 +1,10 @@
-# $NetBSD: SBMIPS,v 1.8 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: SBMIPS,v 1.9 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.sbmips"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.8 $"
+#ident "GENERIC-$Revision: 1.9 $"
#options LOCKDEBUG # XXX XXX XXX XXX
#options DEBUG # extra kernel debugging support
@@ -173,7 +173,7 @@ pseudo-device vnd # disk-like interfac
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -207,15 +207,4 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/XLSATX
diff -u src/sys/arch/evbmips/conf/XLSATX:1.28 src/sys/arch/evbmips/conf/XLSATX:1.29
--- src/sys/arch/evbmips/conf/XLSATX:1.28 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/XLSATX Fri Apr 26 21:40:29 2019
@@ -1,8 +1,8 @@
-# $NetBSD: XLSATX,v 1.28 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: XLSATX,v 1.29 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.rmixl"
-#ident "XLSATX-$Revision: 1.28 $"
+#ident "XLSATX-$Revision: 1.29 $"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
@@ -185,6 +185,7 @@ pseudo-device vnd # disk-like interfa
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -209,3 +210,5 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbmips/conf/ZYXELKX
diff -u src/sys/arch/evbmips/conf/ZYXELKX:1.15 src/sys/arch/evbmips/conf/ZYXELKX:1.16
--- src/sys/arch/evbmips/conf/ZYXELKX:1.15 Sun Dec 30 14:51:36 2018
+++ src/sys/arch/evbmips/conf/ZYXELKX Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: ZYXELKX,v 1.15 2018/12/30 14:51:36 sevan Exp $
+# $NetBSD: ZYXELKX,v 1.16 2019/04/26 21:40:29 sevan Exp $
include "arch/evbmips/conf/std.rasoc"
@@ -225,6 +225,7 @@ ukphy* at mii? phy ? # generic unknown
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device bridge # simple inter-network bridging
pseudo-device loop # network loopback
pseudo-device tap # virtual Ethernet
@@ -236,3 +237,5 @@ pseudo-device vlan # 802.1q
pseudo-device pty # pseudo-terminals
pseudo-device clockctl # /dev/clockctl - user control of clock subsystem
pseudo-device ksyms # /dev/ksyms - kernel symbols
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/EV64260
diff -u src/sys/arch/evbppc/conf/EV64260:1.72 src/sys/arch/evbppc/conf/EV64260:1.73
--- src/sys/arch/evbppc/conf/EV64260:1.72 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/EV64260 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: EV64260,v 1.72 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: EV64260,v 1.73 2019/04/26 21:40:29 sevan Exp $
#
# MVP -- Motorola's Multiprocessing Verification Platform
#
@@ -52,6 +52,11 @@ options SYSVSHM # System V shared memo
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -246,6 +251,7 @@ wd* at atabus? drive ? flags 0x0000
pseudo-device md # memory disk device
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device sl # Serial Line IP
@@ -261,3 +267,5 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device swdmover # softare dmover(9) back-end
pseudo-device dmoverio # /dev/dmover dmover(9) interface
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/EXPLORA451
diff -u src/sys/arch/evbppc/conf/EXPLORA451:1.63 src/sys/arch/evbppc/conf/EXPLORA451:1.64
--- src/sys/arch/evbppc/conf/EXPLORA451:1.63 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/EXPLORA451 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: EXPLORA451,v 1.63 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: EXPLORA451,v 1.64 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC -- everything that's currently supported
#
@@ -41,7 +41,7 @@ options USERCONF # userconf(4) support
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
options DIAGNOSTIC # expensive kernel consistency checks
@@ -152,6 +152,7 @@ pseudo-device putter # for puffs and p
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -184,3 +185,5 @@ pseudo-device nsmb # experimental - SM
# wscons pseudo-devices
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/MPC8536DS
diff -u src/sys/arch/evbppc/conf/MPC8536DS:1.27 src/sys/arch/evbppc/conf/MPC8536DS:1.28
--- src/sys/arch/evbppc/conf/MPC8536DS:1.27 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/MPC8536DS Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: MPC8536DS,v 1.27 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: MPC8536DS,v 1.28 2019/04/26 21:40:29 sevan Exp $
#
# MPC8536DS -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "MPC8536DS-$Revision: 1.27 $"
+ident "MPC8536DS-$Revision: 1.28 $"
maxusers 32
@@ -33,6 +33,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -205,9 +210,12 @@ makphy* at mii? phy ? # Marvell PHYs
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of disk subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device pty # pseudo-terminals
pseudo-device kttcp # kernel ttcp
pseudo-device vlan # 802.1Q VLANs
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/MPC8548CDS
diff -u src/sys/arch/evbppc/conf/MPC8548CDS:1.26 src/sys/arch/evbppc/conf/MPC8548CDS:1.27
--- src/sys/arch/evbppc/conf/MPC8548CDS:1.26 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/MPC8548CDS Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: MPC8548CDS,v 1.26 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: MPC8548CDS,v 1.27 2019/04/26 21:40:29 sevan Exp $
#
# MPC8548CDS -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "MPC8548CDS-$Revision: 1.26 $"
+ident "MPC8548CDS-$Revision: 1.27 $"
maxusers 32
@@ -35,6 +35,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -193,9 +198,12 @@ wd* at atabus? drive ?
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of drive subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device pty # pseudo-terminals
pseudo-device kttcp # kernel ttcp
pseudo-device vlan # 802.1Q VLANs
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/OPENBLOCKS600
diff -u src/sys/arch/evbppc/conf/OPENBLOCKS600:1.26 src/sys/arch/evbppc/conf/OPENBLOCKS600:1.27
--- src/sys/arch/evbppc/conf/OPENBLOCKS600:1.26 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/OPENBLOCKS600 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: OPENBLOCKS600,v 1.26 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: OPENBLOCKS600,v 1.27 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.obs600"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "OPENBLOCKS600-$Revision: 1.26 $"
+#ident "OPENBLOCKS600-$Revision: 1.27 $"
maxusers 32
@@ -31,6 +31,10 @@ options SYSVSHM # System V shared mem
#options UVMHIST
#options UVMHIST_PRINT
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
#
# Diagnostic/debugging support options
@@ -179,6 +183,7 @@ brgphy* at mii? phy ? # Broadcom BCM54
# network pseudo-devices
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -202,3 +207,5 @@ pseudo-device pty # pseudo-terminals
pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/TWRP1025
diff -u src/sys/arch/evbppc/conf/TWRP1025:1.26 src/sys/arch/evbppc/conf/TWRP1025:1.27
--- src/sys/arch/evbppc/conf/TWRP1025:1.26 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/TWRP1025 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: TWRP1025,v 1.26 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: TWRP1025,v 1.27 2019/04/26 21:40:29 sevan Exp $
#
# TWRP1025 -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "TWRP1025-$Revision: 1.26 $"
+ident "TWRP1025-$Revision: 1.27 $"
maxusers 32
@@ -35,6 +35,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -206,6 +211,7 @@ ld* at sdmmc?
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of drive subsystem
pseudo-device ksyms # /dev/ksyms
@@ -214,4 +220,6 @@ pseudo-device kttcp # kernel ttcp
pseudo-device vlan # 802.1Q VLANs
pseudo-device lockstat # lock profiling
+include "dev/veriexec.config"
+
cinclude "arch/evbppc/conf/TWRP1025.local"
Index: src/sys/arch/evbppc/conf/OPENBLOCKS200
diff -u src/sys/arch/evbppc/conf/OPENBLOCKS200:1.47 src/sys/arch/evbppc/conf/OPENBLOCKS200:1.48
--- src/sys/arch/evbppc/conf/OPENBLOCKS200:1.47 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/OPENBLOCKS200 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: OPENBLOCKS200,v 1.47 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: OPENBLOCKS200,v 1.48 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC -- everything that's currently supported
#
@@ -33,6 +33,11 @@ options SYSVSHM # System V shared memo
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -198,6 +203,7 @@ pseudo-device ccd # concatenated/strip
pseudo-device md # memory disk device
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device sl # Serial Line IP
@@ -213,3 +219,5 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device kttcp # kernel ttcp
pseudo-device putter # for puffs and pud
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/OPENBLOCKS266
diff -u src/sys/arch/evbppc/conf/OPENBLOCKS266:1.74 src/sys/arch/evbppc/conf/OPENBLOCKS266:1.75
--- src/sys/arch/evbppc/conf/OPENBLOCKS266:1.74 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/OPENBLOCKS266 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: OPENBLOCKS266,v 1.74 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: OPENBLOCKS266,v 1.75 2019/04/26 21:40:29 sevan Exp $
#
# GENERIC -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.obs266"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "OPENBLOCKS266-$Revision: 1.74 $"
+#ident "OPENBLOCKS266-$Revision: 1.75 $"
maxusers 32
@@ -32,6 +32,11 @@ options SYSVSHM # System V shared mem
#options UVMHIST_PRINT
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
#
# Diagnostic/debugging support options
#
@@ -176,6 +181,7 @@ options MIIVERBOSE # verbose PHY autoc
# network pseudo-devices
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -198,3 +204,5 @@ pseudo-device pty # pseudo-terminals
pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/P2020DS
diff -u src/sys/arch/evbppc/conf/P2020DS:1.30 src/sys/arch/evbppc/conf/P2020DS:1.31
--- src/sys/arch/evbppc/conf/P2020DS:1.30 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/P2020DS Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: P2020DS,v 1.30 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: P2020DS,v 1.31 2019/04/26 21:40:29 sevan Exp $
#
# P2020DS -- everything that's currently supported
#
@@ -8,7 +8,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "P2020DS-$Revision: 1.30 $"
+ident "P2020DS-$Revision: 1.31 $"
maxusers 32
@@ -40,6 +40,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -218,6 +223,7 @@ ukphy* at mii? phy ? # generic unknow
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of drive subsystem
pseudo-device ksyms # /dev/ksyms
@@ -226,3 +232,5 @@ pseudo-device kttcp # kernel ttcp
pseudo-device vlan # 802.1Q VLANs
pseudo-device putter # for puffs and pud
pseudo-device vnd # disk-like interface to files
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/P2020RDB
diff -u src/sys/arch/evbppc/conf/P2020RDB:1.30 src/sys/arch/evbppc/conf/P2020RDB:1.31
--- src/sys/arch/evbppc/conf/P2020RDB:1.30 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/P2020RDB Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: P2020RDB,v 1.30 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: P2020RDB,v 1.31 2019/04/26 21:40:29 sevan Exp $
#
# P2020RBD -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "P2020RBD-$Revision: 1.30 $"
+ident "P2020RBD-$Revision: 1.31 $"
maxusers 32
@@ -35,6 +35,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -206,6 +211,7 @@ sd* at scsibus? target ? lun ?
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of disk subsystem
pseudo-device ksyms # /dev/ksyms
@@ -214,3 +220,5 @@ pseudo-device kttcp # kernel ttcp
pseudo-device vlan # 802.1Q VLANs
pseudo-device vnd # disk-like interface to files
pseudo-device putter # for puffs and pud
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/PMPPC
diff -u src/sys/arch/evbppc/conf/PMPPC:1.49 src/sys/arch/evbppc/conf/PMPPC:1.50
--- src/sys/arch/evbppc/conf/PMPPC:1.49 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/evbppc/conf/PMPPC Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: PMPPC,v 1.49 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: PMPPC,v 1.50 2019/04/26 21:40:29 sevan Exp $
#
# PMPPC
#
@@ -27,6 +27,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -422,6 +427,7 @@ pseudo-device vnd # disk-like interfac
#pseudo-device md # memory disk device
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device sl # Serial Line IP
@@ -441,3 +447,4 @@ pseudo-device ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/RB800
diff -u src/sys/arch/evbppc/conf/RB800:1.36 src/sys/arch/evbppc/conf/RB800:1.37
--- src/sys/arch/evbppc/conf/RB800:1.36 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/RB800 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: RB800,v 1.36 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: RB800,v 1.37 2019/04/26 21:40:29 sevan Exp $
#
# RB800 -- everything that's currently supported
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "RB800-$Revision: 1.36 $"
+ident "RB800-$Revision: 1.37 $"
maxusers 32
@@ -37,6 +37,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
#options VERBOSE_INITPPC
options DIAGNOSTIC # cheap kernel consistency checks
@@ -211,8 +216,11 @@ ukphy* at mii? phy ? # generic unknow
pseudo-device md # memory disk device
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of drive subsystem
pseudo-device ksyms # /dev/ksyms
pseudo-device pty # pseudo-terminals
pseudo-device kttcp # kernel ttcp
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbppc/conf/RB850GX2
diff -u src/sys/arch/evbppc/conf/RB850GX2:1.5 src/sys/arch/evbppc/conf/RB850GX2:1.6
--- src/sys/arch/evbppc/conf/RB850GX2:1.5 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbppc/conf/RB850GX2 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: RB850GX2,v 1.5 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: RB850GX2,v 1.6 2019/04/26 21:40:29 sevan Exp $
#
# RouterBOARD RB850Gx2
#
@@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-ident "RB850GX2-$Revision: 1.5 $"
+ident "RB850GX2-$Revision: 1.6 $"
maxusers 32
@@ -35,6 +35,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
options DIAGNOSTIC # cheap kernel consistency checks
options DEBUG # expensive debugging checks/support
@@ -141,6 +146,7 @@ iic* at diic?
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device clockctl # user control of clock subsystem
pseudo-device drvctl # user control of drive subsystem
pseudo-device ksyms # /dev/ksyms
@@ -148,3 +154,5 @@ pseudo-device pty # pseudo-terminals
pseudo-device vnd # disk-like interface to files
pseudo-device putter # for puffs and pud
pseudo-device lockstat # lock profiling
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbsh3/conf/AP_MS104_SH4
diff -u src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.11 src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.12
--- src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.11 Thu Sep 14 07:58:40 2017
+++ src/sys/arch/evbsh3/conf/AP_MS104_SH4 Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: AP_MS104_SH4,v 1.11 2017/09/14 07:58:40 mrg Exp $
+# $NetBSD: AP_MS104_SH4,v 1.12 2019/04/26 21:40:29 sevan Exp $
#
# Alpha project AP-MS104-SH4 config file
#
@@ -35,6 +35,11 @@ options SYSVSHM # System V-like memory
options USERCONF # userconf(4) support
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
options DIAGNOSTIC # expensive kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -109,6 +114,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
# miscellaneous pseudo-devices
@@ -118,3 +124,5 @@ pseudo-device ksyms # /dev/ksyms
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbsh3/conf/T_SH7706LAN
diff -u src/sys/arch/evbsh3/conf/T_SH7706LAN:1.14 src/sys/arch/evbsh3/conf/T_SH7706LAN:1.15
--- src/sys/arch/evbsh3/conf/T_SH7706LAN:1.14 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbsh3/conf/T_SH7706LAN Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: T_SH7706LAN,v 1.14 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: T_SH7706LAN,v 1.15 2019/04/26 21:40:29 sevan Exp $
#
# TAC T-SH7706LAN Rev.3 config file
#
@@ -29,6 +29,11 @@ options SYSVSHM # System V-like memory
options USERCONF # userconf(4) support
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
options DIAGNOSTIC # expensive kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -96,6 +101,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
@@ -106,3 +112,5 @@ pseudo-device ksyms # /dev/ksyms
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
+
+include "dev/veriexec.config"
Index: src/sys/arch/evbsh3/conf/T_SH7706LSR
diff -u src/sys/arch/evbsh3/conf/T_SH7706LSR:1.16 src/sys/arch/evbsh3/conf/T_SH7706LSR:1.17
--- src/sys/arch/evbsh3/conf/T_SH7706LSR:1.16 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/evbsh3/conf/T_SH7706LSR Fri Apr 26 21:40:29 2019
@@ -1,4 +1,4 @@
-# $NetBSD: T_SH7706LSR,v 1.16 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: T_SH7706LSR,v 1.17 2019/04/26 21:40:29 sevan Exp $
#
# TAC T-SH7706LSR Rev.1 config file
#
@@ -29,6 +29,11 @@ options SYSVSHM # System V-like memory
options USERCONF # userconf(4) support
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
options DIAGNOSTIC # expensive kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -97,6 +102,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
@@ -107,3 +113,5 @@ pseudo-device ksyms # /dev/ksyms
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
+
+include "dev/veriexec.config"
Index: src/sys/arch/ews4800mips/conf/GENERIC
diff -u src/sys/arch/ews4800mips/conf/GENERIC:1.57 src/sys/arch/ews4800mips/conf/GENERIC:1.58
--- src/sys/arch/ews4800mips/conf/GENERIC:1.57 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/ews4800mips/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.57 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: GENERIC,v 1.58 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
# This machine description file is used to generate the default NetBSD
@@ -25,7 +25,7 @@ include "arch/ews4800mips/conf/std.ews4
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.57 $"
+#ident "GENERIC-$Revision: 1.58 $"
maxusers 16
@@ -59,7 +59,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
@@ -228,7 +228,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # packet filter ports
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -267,14 +267,4 @@ pseudo-device ksyms # /dev/ksyms
# wscons pseudo-devices
pseudo-device wsmux
-# Veriexec
-
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/hp300/conf/GENERIC
diff -u src/sys/arch/hp300/conf/GENERIC:1.202 src/sys/arch/hp300/conf/GENERIC:1.203
--- src/sys/arch/hp300/conf/GENERIC:1.202 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/hp300/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.202 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: GENERIC,v 1.203 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/hp300/conf/std.hp300"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.202 $"
+#ident "GENERIC-$Revision: 1.203 $"
makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk
@@ -65,7 +65,7 @@ options MODULAR_DEFAULT_AUTOLOAD
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Debugging options
#options DIAGNOSTIC # Extra kernel sanity checks
@@ -291,7 +291,7 @@ pseudo-device bridge # simple inter-ne
#options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too
pseudo-device agr # IEEE 802.3ad link aggregation
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device faith # IPv[46] tcp relay translation i/f
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
@@ -322,15 +322,4 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/hpcarm/conf/IPAQ
diff -u src/sys/arch/hpcarm/conf/IPAQ:1.81 src/sys/arch/hpcarm/conf/IPAQ:1.82
--- src/sys/arch/hpcarm/conf/IPAQ:1.81 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/hpcarm/conf/IPAQ Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: IPAQ,v 1.81 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: IPAQ,v 1.82 2019/04/26 21:40:30 sevan Exp $
#
# iPAQ H3600 -- Windows-CE based PDA
#
@@ -91,6 +91,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
#options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
#options BOOT_DUMP # Enable memorydump at boot
@@ -171,6 +176,7 @@ wi* at pcmcia? function ? # Lucent Wave
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device sl # CSLIP
pseudo-device ppp # PPP
pseudo-device tun # network tunneling over tty
@@ -195,3 +201,5 @@ pseudo-device biconsdev 1 # build-in co
pseudo-device md # Ramdisk driver
pseudo-device clockctl # user control of clock subsystem
pseudo-device ksyms # /dev/ksyms
+
+include "dev/veriexec.config"
Index: src/sys/arch/hpcarm/conf/JORNADA720
diff -u src/sys/arch/hpcarm/conf/JORNADA720:1.102 src/sys/arch/hpcarm/conf/JORNADA720:1.103
--- src/sys/arch/hpcarm/conf/JORNADA720:1.102 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/hpcarm/conf/JORNADA720 Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: JORNADA720,v 1.102 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: JORNADA720,v 1.103 2019/04/26 21:40:30 sevan Exp $
#
# JORNADA -- Windows-CE based jornada 720
#
@@ -7,7 +7,7 @@ include "arch/hpcarm/conf/std.sa11x0"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.102 $"
+#ident "GENERIC-$Revision: 1.103 $"
# estimated number of users
maxusers 32
@@ -96,6 +96,11 @@ options USERCONF # userconf(4) support
options NFS_BOOT_DHCP
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
#options BOOT_DUMP # Enable memorydump at boot
@@ -255,6 +260,7 @@ apmdev0 at hpcapm0 # APM
# Pseudo-devices
pseudo-device loop # network loopback
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device bpfilter # packet filter
pseudo-device sl # CSLIP
pseudo-device ppp # PPP
@@ -283,3 +289,5 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device bcsp # BlueCore Serial Protocol
pseudo-device btuart # Bluetooth HCI UART (H4)
+
+include "dev/veriexec.config"
Index: src/sys/arch/hpcarm/conf/WZERO3
diff -u src/sys/arch/hpcarm/conf/WZERO3:1.48 src/sys/arch/hpcarm/conf/WZERO3:1.49
--- src/sys/arch/hpcarm/conf/WZERO3:1.48 Wed Feb 6 11:58:31 2019
+++ src/sys/arch/hpcarm/conf/WZERO3 Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: WZERO3,v 1.48 2019/02/06 11:58:31 rin Exp $
+# $NetBSD: WZERO3,v 1.49 2019/04/26 21:40:30 sevan Exp $
#
# WZERO3 -- Sharp Windows Mobile 5 based PDA
#
@@ -8,7 +8,7 @@ include "arch/hpcarm/conf/files.wzero3"
#options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.48 $"
+#ident "GENERIC-$Revision: 1.49 $"
# estimated number of users
maxusers 32
@@ -122,6 +122,11 @@ options WS_KERNEL_FG=WSCOL_GREEN
options FONT_VT220L8x16
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
#options VERBOSE_INIT_ARM
@@ -273,6 +278,7 @@ ugen* at uhub? port ?
# Pseudo-devices
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device sl # CSLIP
pseudo-device ppp # PPP
pseudo-device tun # network tunneling over tty
@@ -305,3 +311,5 @@ pseudo-device putter # for puffs and p
# wscons pseudo-devices
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
+
+include "dev/veriexec.config"
Index: src/sys/arch/hpcmips/conf/GENERIC
diff -u src/sys/arch/hpcmips/conf/GENERIC:1.239 src/sys/arch/hpcmips/conf/GENERIC:1.240
--- src/sys/arch/hpcmips/conf/GENERIC:1.239 Sat Apr 13 08:22:59 2019
+++ src/sys/arch/hpcmips/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.239 2019/04/13 08:22:59 isaki Exp $
+# $NetBSD: GENERIC,v 1.240 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -24,7 +24,7 @@ include "arch/hpcmips/conf/std.hpcmips.
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.239 $"
+#ident "GENERIC-$Revision: 1.240 $"
maxusers 16
@@ -37,6 +37,11 @@ options VR4131 # NEC VR4131
options TX392X # Toshiba TX3922
options KLOADER
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Standard system options
options DDB # in-kernel debugger
#options DDB_ONPANIC=0 # don't enter debugger on panic
@@ -660,7 +665,7 @@ pseudo-device ppp # serial-line IP por
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device pty # pseudo-terminals
pseudo-device bpfilter # packet filter ports
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device vnd # virtual disk ick
@@ -700,15 +705,4 @@ pseudo-device bridge
pseudo-device agr # IEEE 802.3ad link aggregation
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/hpcsh/conf/GENERIC
diff -u src/sys/arch/hpcsh/conf/GENERIC:1.111 src/sys/arch/hpcsh/conf/GENERIC:1.112
--- src/sys/arch/hpcsh/conf/GENERIC:1.111 Wed Aug 1 20:04:11 2018
+++ src/sys/arch/hpcsh/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.111 2018/08/01 20:04:11 maxv Exp $
+# $NetBSD: GENERIC,v 1.112 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -84,6 +84,11 @@ options SYSCTL_INCLUDE_DESCR # Include
#options BUFQ_READPRIO
#options BUFQ_PRIOCSCAN
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -341,7 +346,7 @@ pseudo-device fss # file system snapsh
pseudo-device loop # network loopback
pseudo-device ppp # serial-line IP ports
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
#
@@ -369,15 +374,4 @@ pseudo-device wsmux # mouse & keyboard
#pseudo-device hpf1275a # HP F1275A external keyboard
#wskbd* at hpf1275a? mux 1
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/hppa/conf/GENERIC
diff -u src/sys/arch/hppa/conf/GENERIC:1.26 src/sys/arch/hppa/conf/GENERIC:1.27
--- src/sys/arch/hppa/conf/GENERIC:1.26 Mon Apr 15 20:38:18 2019
+++ src/sys/arch/hppa/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.26 2019/04/15 20:38:18 skrll Exp $
+# $NetBSD: GENERIC,v 1.27 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -23,7 +23,7 @@ include "arch/hppa/conf/std.hppa"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
-#ident "GENERIC-$Revision: 1.26 $"
+#ident "GENERIC-$Revision: 1.27 $"
maxusers 32 # estimated number of users
@@ -62,7 +62,7 @@ options USERCONF # userconf(4) support
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
@@ -722,7 +722,7 @@ pseudo-device putter # for puffs and p
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -764,15 +764,4 @@ pseudo-device ksyms # /dev/ksyms
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/i386/conf/GENERIC
diff -u src/sys/arch/i386/conf/GENERIC:1.1204 src/sys/arch/i386/conf/GENERIC:1.1205
--- src/sys/arch/i386/conf/GENERIC:1.1204 Fri Mar 1 12:23:10 2019
+++ src/sys/arch/i386/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.1204 2019/03/01 12:23:10 nonaka Exp $
+# $NetBSD: GENERIC,v 1.1205 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/i386/conf/std.i386"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.1204 $"
+#ident "GENERIC-$Revision: 1.1205 $"
maxusers 64 # estimated number of users
@@ -1471,7 +1471,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#pseudo-device mpls # MPLS pseudo-interface
pseudo-device ppp # Point-to-Point Protocol
@@ -1530,19 +1530,7 @@ pseudo-device cmos
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
Index: src/sys/arch/ibmnws/conf/GENERIC
diff -u src/sys/arch/ibmnws/conf/GENERIC:1.53 src/sys/arch/ibmnws/conf/GENERIC:1.54
--- src/sys/arch/ibmnws/conf/GENERIC:1.53 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/ibmnws/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.53 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.54 2019/04/26 21:40:30 sevan Exp $
#
#
@@ -20,6 +20,11 @@ options MEMORY_DISK_RBFLAGS=RB_SINGLE #
maxusers 8
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
options DDB
# Compatibility options
@@ -279,7 +284,7 @@ pseudo-device md # memory disk device
# network pseudo-devices
pseudo-device bpfilter # network tap
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device loop # network loopback
#
@@ -294,15 +299,4 @@ pseudo-device ksyms
pseudo-device clockctl
pseudo-device drvctl # user control of drive subsystem
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/iyonix/conf/GENERIC
diff -u src/sys/arch/iyonix/conf/GENERIC:1.106 src/sys/arch/iyonix/conf/GENERIC:1.107
--- src/sys/arch/iyonix/conf/GENERIC:1.106 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/iyonix/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.106 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.107 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/iyonix/conf/std.iyonix"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.106 $"
+#ident "GENERIC-$Revision: 1.107 $"
maxusers 32 # estimated number of users
@@ -72,7 +72,7 @@ options USERCONF # userconf(4) support
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
@@ -370,7 +370,7 @@ pseudo-device fss # file system snapsh
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -407,18 +407,6 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
-#options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
Index: src/sys/arch/landisk/conf/GENERIC
diff -u src/sys/arch/landisk/conf/GENERIC:1.62 src/sys/arch/landisk/conf/GENERIC:1.63
--- src/sys/arch/landisk/conf/GENERIC:1.62 Wed Feb 6 11:58:31 2019
+++ src/sys/arch/landisk/conf/GENERIC Fri Apr 26 21:40:30 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.62 2019/02/06 11:58:31 rin Exp $
+# $NetBSD: GENERIC,v 1.63 2019/04/26 21:40:30 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/landisk/conf/std.landisk"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.62 $"
+#ident "GENERIC-$Revision: 1.63 $"
maxusers 16 # estimated number of users
@@ -68,7 +68,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -431,6 +431,7 @@ options VND_COMPRESSION # compressed v
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -467,19 +468,7 @@ pseudo-device nsmb # experimental - SM
pseudo-device wsmux # mouse & keyboard multiplexor
#pseudo-device wsfont
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
Index: src/sys/arch/mac68k/conf/GENERIC
diff -u src/sys/arch/mac68k/conf/GENERIC:1.227 src/sys/arch/mac68k/conf/GENERIC:1.228
--- src/sys/arch/mac68k/conf/GENERIC:1.227 Wed Dec 19 13:57:48 2018
+++ src/sys/arch/mac68k/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.227 2018/12/19 13:57:48 maxv Exp $
+# $NetBSD: GENERIC,v 1.228 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/mac68k/conf/std.mac68k"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.227 $"
+#ident "GENERIC-$Revision: 1.228 $"
makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk
@@ -61,7 +61,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -303,7 +303,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -338,15 +338,4 @@ pseudo-device swwdog # software watchd
#options RND_COM # use "com" randomness as well (BROKEN)
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/macppc/conf/GENERIC
diff -u src/sys/arch/macppc/conf/GENERIC:1.353 src/sys/arch/macppc/conf/GENERIC:1.354
--- src/sys/arch/macppc/conf/GENERIC:1.353 Wed Apr 10 00:49:49 2019
+++ src/sys/arch/macppc/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.353 2019/04/10 00:49:49 sevan Exp $
+# $NetBSD: GENERIC,v 1.354 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/macppc/conf/std.macppc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.353 $"
+#ident "GENERIC-$Revision: 1.354 $"
maxusers 32
@@ -674,19 +674,6 @@ pseudo-device btuart # Bluetooth HCI U
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-options FILEASSOC # fileassoc(9) - needed by Veriexec
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
Index: src/sys/arch/mipsco/conf/GENERIC
diff -u src/sys/arch/mipsco/conf/GENERIC:1.93 src/sys/arch/mipsco/conf/GENERIC:1.94
--- src/sys/arch/mipsco/conf/GENERIC:1.93 Wed Aug 1 20:04:12 2018
+++ src/sys/arch/mipsco/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.93 2018/08/01 20:04:12 maxv Exp $
+# $NetBSD: GENERIC,v 1.94 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -40,7 +40,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Debugging options
options DDB # kernel dynamic debugger
@@ -154,7 +154,7 @@ pseudo-device tun # Network "tunnel" d
pseudo-device tap # virtual Ethernet
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device bpfilter # Berkeley Packet Filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device vnd # disk-like interface to files
#options VND_COMPRESSION # compressed vnd(4)
#pseudo-device ccd # concatenated and striped disks
@@ -181,15 +181,4 @@ pseudo-device clockctl # user control o
#options RND_COM # use "com" randomness as well (BROKEN)
pseudo-device ksyms # /dev/ksyms
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/mmeye/conf/GENERIC
diff -u src/sys/arch/mmeye/conf/GENERIC:1.125 src/sys/arch/mmeye/conf/GENERIC:1.126
--- src/sys/arch/mmeye/conf/GENERIC:1.125 Wed Aug 1 20:04:12 2018
+++ src/sys/arch/mmeye/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.125 2018/08/01 20:04:12 maxv Exp $
+# $NetBSD: GENERIC,v 1.126 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/mmeye/conf/std.mmeye"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.125 $"
+#ident "GENERIC-$Revision: 1.126 $"
maxusers 16 # estimated number of users
@@ -54,6 +54,11 @@ options USERCONF # userconf(4) support
#options PIPE_SOCKETPAIR # smaller, but slower pipe(2)
options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -192,7 +197,7 @@ pseudo-device fss # file system snapsh
pseudo-device vnd # disk-like interface to files
#options VND_COMPRESSION # compressed vnd(4)
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -222,15 +227,4 @@ pseudo-device putter # for puffs and p
#options MEMORY_DISK_SERVER=0 # no userspace memory disk support
#options MEMORY_DISK_ROOT_SIZE=3074 # size of memory disk, in blocks
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/netwinder/conf/GENERIC
diff -u src/sys/arch/netwinder/conf/GENERIC:1.136 src/sys/arch/netwinder/conf/GENERIC:1.137
--- src/sys/arch/netwinder/conf/GENERIC:1.136 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/netwinder/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.136 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.137 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -34,7 +34,7 @@ options RTC_OFFSET=0 # hardware clock i
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# CPU options
@@ -274,7 +274,7 @@ pseudo-device fss # file system snapsh
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device bridge # simple inter-network bridging
#options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too
@@ -296,15 +296,4 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
#pseudo-device wsfont
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/news68k/conf/GENERIC
diff -u src/sys/arch/news68k/conf/GENERIC:1.132 src/sys/arch/news68k/conf/GENERIC:1.133
--- src/sys/arch/news68k/conf/GENERIC:1.132 Wed Dec 19 13:57:49 2018
+++ src/sys/arch/news68k/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.132 2018/12/19 13:57:49 maxv Exp $
+# $NetBSD: GENERIC,v 1.133 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/news68k/conf/std.news68k"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.132 $"
+#ident "GENERIC-$Revision: 1.133 $"
makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk
@@ -50,7 +50,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Debugging options
#options DIAGNOSTIC # extra kernel sanity checking
@@ -235,7 +235,7 @@ pseudo-device tun # Network "tunnel" d
pseudo-device tap # virtual Ethernet
pseudo-device gre # generic L3 over IP tunnel
pseudo-device bpfilter # Berkeley Packet Filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device strip # Starmode Radio IP (Metricom)
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
@@ -250,15 +250,4 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/newsmips/conf/GENERIC
diff -u src/sys/arch/newsmips/conf/GENERIC:1.136 src/sys/arch/newsmips/conf/GENERIC:1.137
--- src/sys/arch/newsmips/conf/GENERIC:1.136 Sun Oct 14 00:10:11 2018
+++ src/sys/arch/newsmips/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.136 2018/10/14 00:10:11 tsutsui Exp $
+# $NetBSD: GENERIC,v 1.137 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/newsmips/conf/std.newsmip
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.136 $"
+#ident "GENERIC-$Revision: 1.137 $"
maxusers 16
@@ -46,7 +46,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Debugging options
options DDB # kernel dynamic debugger
@@ -196,7 +196,7 @@ pseudo-device tun # Network "tunnel" d
pseudo-device tap # virtual Ethernet
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device bpfilter # Berkeley Packet Filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
#pseudo-device faith # IPv[46] tcp relay translation i/f
pseudo-device stf # 6to4 IPv6 over IPv4 encapsulation
@@ -224,15 +224,4 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/next68k/conf/GENERIC
diff -u src/sys/arch/next68k/conf/GENERIC:1.147 src/sys/arch/next68k/conf/GENERIC:1.148
--- src/sys/arch/next68k/conf/GENERIC:1.147 Wed Dec 19 13:57:49 2018
+++ src/sys/arch/next68k/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.147 2018/12/19 13:57:49 maxv Exp $
+# $NetBSD: GENERIC,v 1.148 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/next68k/conf/std.next68k"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.147 $"
+#ident "GENERIC-$Revision: 1.148 $"
makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk
@@ -47,7 +47,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
#options DEBUG # kernel debugging code
#options DIAGNOSTIC # extra kernel sanity checking
@@ -218,7 +218,7 @@ pseudo-device accf_http # "httpready"
# Misc.
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device sl # CSLIP
pseudo-device ppp # PPP
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -254,15 +254,4 @@ pseudo-device clockctl # user control o
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/ofppc/conf/GENERIC
diff -u src/sys/arch/ofppc/conf/GENERIC:1.169 src/sys/arch/ofppc/conf/GENERIC:1.170
--- src/sys/arch/ofppc/conf/GENERIC:1.169 Wed Feb 6 11:58:31 2019
+++ src/sys/arch/ofppc/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.169 2019/02/06 11:58:31 rin Exp $
+# $NetBSD: GENERIC,v 1.170 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/ofppc/conf/std.ofppc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.169 $"
+#ident "GENERIC-$Revision: 1.170 $"
maxusers 32
@@ -48,6 +48,11 @@ options USERCONF # userconf(4) support
options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel
options RDB_PART # Rigid Disk Block partition support
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
#options DEBUG # expensive debugging checks/support
@@ -413,7 +418,7 @@ pseudo-device fss # file system snapsh
pseudo-device md # memory disk device
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -438,15 +443,4 @@ pseudo-device putter # for puffs and p
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/pmax/conf/GENERIC
diff -u src/sys/arch/pmax/conf/GENERIC:1.198 src/sys/arch/pmax/conf/GENERIC:1.199
--- src/sys/arch/pmax/conf/GENERIC:1.198 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/pmax/conf/GENERIC Fri Apr 26 21:40:31 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.198 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.199 2019/04/26 21:40:31 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/pmax/conf/std.pmax"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.198 $"
+#ident "GENERIC-$Revision: 1.199 $"
maxusers 64
@@ -65,7 +65,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
#options SCSIVERBOSE # Verbose SCSI errors
#options TCVERBOSE # recognize "unknown" TC devices
@@ -272,7 +272,7 @@ pseudo-device ppp # serial-line IP po
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
pseudo-device pty # pseudo-terminals
pseudo-device bpfilter # packet filter ports
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
#pseudo-device gre # generic L3 over IP tunnel
pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933)
@@ -306,19 +306,7 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsfont # wsfont control device
pseudo-device wsmux # wsmux control device
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
Index: src/sys/arch/prep/conf/GENERIC
diff -u src/sys/arch/prep/conf/GENERIC:1.188 src/sys/arch/prep/conf/GENERIC:1.189
--- src/sys/arch/prep/conf/GENERIC:1.188 Wed Feb 6 11:58:32 2019
+++ src/sys/arch/prep/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.188 2019/02/06 11:58:32 rin Exp $
+# $NetBSD: GENERIC,v 1.189 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/prep/conf/std.prep"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.188 $"
+#ident "GENERIC-$Revision: 1.189 $"
maxusers 32
@@ -49,7 +49,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -536,7 +536,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device loop # network loopback
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -572,18 +572,4 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/rs6000/conf/GENERIC
diff -u src/sys/arch/rs6000/conf/GENERIC:1.40 src/sys/arch/rs6000/conf/GENERIC:1.41
--- src/sys/arch/rs6000/conf/GENERIC:1.40 Wed Aug 1 20:04:13 2018
+++ src/sys/arch/rs6000/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.40 2018/08/01 20:04:13 maxv Exp $
+# $NetBSD: GENERIC,v 1.41 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC machine description file
#
@@ -24,7 +24,7 @@ options INCLUDE_CONFIG_FILE # embed con
#makeoptions COPTS="-O2 -mno-powerpc -mno-power" # wheeee
-#ident "GENERIC-$Revision: 1.40 $"
+#ident "GENERIC-$Revision: 1.41 $"
maxusers 32
@@ -54,7 +54,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -217,7 +217,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device loop # network loopback
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device ppp # Point-to-Point Protocol
pseudo-device pppoe # PPP over Ethernet (RFC 2516)
@@ -252,16 +252,4 @@ pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
pseudo-device wsfont
-# Veriexec
-#options VERIFIED_EXEC
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/sandpoint/conf/GENERIC
diff -u src/sys/arch/sandpoint/conf/GENERIC:1.101 src/sys/arch/sandpoint/conf/GENERIC:1.102
--- src/sys/arch/sandpoint/conf/GENERIC:1.101 Tue Oct 23 19:58:52 2018
+++ src/sys/arch/sandpoint/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.101 2018/10/23 19:58:52 jdolecek Exp $
+# $NetBSD: GENERIC,v 1.102 2019/04/26 21:40:32 sevan Exp $
#
# machine description file for GENERIC NAS
#
@@ -22,7 +22,7 @@ include "arch/sandpoint/conf/std.sandpo
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.101 $"
+#ident "GENERIC-$Revision: 1.102 $"
maxusers 32
@@ -48,7 +48,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # cheap kernel consistency checks
@@ -298,7 +298,7 @@ pseudo-device vnd
# network pseudo-devices
pseudo-device loop
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device ppp # Point-to-Point Protocol
#pseudo-device pppoe # PPP over Ethernet (RFC 2516)
#pseudo-device npf # NPF packet filter
@@ -334,18 +334,7 @@ pseudo-device ksyms # /dev/ksyms
# userland interface to drivers, including autoconf and properties retrieval
pseudo-device drvctl
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
#options PAX_ASLR=0 # PaX Address Space Layout Randomization
Index: src/sys/arch/sbmips/conf/GENERIC
diff -u src/sys/arch/sbmips/conf/GENERIC:1.107 src/sys/arch/sbmips/conf/GENERIC:1.108
--- src/sys/arch/sbmips/conf/GENERIC:1.107 Tue Oct 23 19:58:53 2018
+++ src/sys/arch/sbmips/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,10 +1,10 @@
-# $NetBSD: GENERIC,v 1.107 2018/10/23 19:58:53 jdolecek Exp $
+# $NetBSD: GENERIC,v 1.108 2019/04/26 21:40:32 sevan Exp $
include "arch/sbmips/conf/std.sbmips"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.107 $"
+#ident "GENERIC-$Revision: 1.108 $"
#options LOCKDEBUG # XXX XXX XXX XXX
#options DEBUG # extra kernel debugging support
@@ -23,6 +23,11 @@ options SYSVSEM # System V semaphores
options SYSVSHM # System V shared memory
#options NTP # network time protocol
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Debugging options
#options DIAGNOSTIC # extra kernel sanity checking
#options DEBUG # extra kernel debugging support
@@ -166,7 +171,7 @@ pseudo-device vnd # disk-like interfac
# Network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -200,15 +205,4 @@ pseudo-device ksyms # /dev/ksyms
# A pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/sgimips/conf/GENERIC32_IP12
diff -u src/sys/arch/sgimips/conf/GENERIC32_IP12:1.34 src/sys/arch/sgimips/conf/GENERIC32_IP12:1.35
--- src/sys/arch/sgimips/conf/GENERIC32_IP12:1.34 Wed Aug 1 20:04:14 2018
+++ src/sys/arch/sgimips/conf/GENERIC32_IP12 Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC32_IP12,v 1.34 2018/08/01 20:04:14 maxv Exp $
+# $NetBSD: GENERIC32_IP12,v 1.35 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC32_IP12 machine description file
#
@@ -32,7 +32,7 @@ makeoptions TEXTADDR=0x80002000 # entry
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC32-IP2x-$Revision: 1.34 $"
+#ident "GENERIC32-IP2x-$Revision: 1.35 $"
maxusers 32
@@ -62,7 +62,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
@@ -237,7 +237,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
#pseudo-device ppp # Point-to-Point Protocol
@@ -267,15 +267,4 @@ pseudo-device wsfont
# a pseudo device needed for Coda # also needs CODA (above)
#pseudo-device vcoda # coda minicache <-> venus comm.
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/sgimips/conf/GENERIC32_IP2x
diff -u src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.115 src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.116
--- src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.115 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/sgimips/conf/GENERIC32_IP2x Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC32_IP2x,v 1.115 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC32_IP2x,v 1.116 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC32_IP2x machine description file
#
@@ -29,7 +29,7 @@ makeoptions TEXTADDR=0x88069000 # entry
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC32-IP2x-$Revision: 1.115 $"
+#ident "GENERIC32-IP2x-$Revision: 1.116 $"
maxusers 32
@@ -62,7 +62,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Diagnostic/debugging support options
#options DIAGNOSTIC # expensive kernel consistency checks
@@ -284,7 +284,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -316,15 +316,4 @@ pseudo-device putter # for puffs and p
# a pseudo device needed for Coda # also needs CODA (above)
pseudo-device vcoda # coda minicache <-> venus comm.
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/sgimips/conf/GENERIC32_IP3x
diff -u src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.124 src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.125
--- src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.124 Sat Mar 23 17:44:49 2019
+++ src/sys/arch/sgimips/conf/GENERIC32_IP3x Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC32_IP3x,v 1.124 2019/03/23 17:44:49 sevan Exp $
+# $NetBSD: GENERIC32_IP3x,v 1.125 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC32_IP3x machine description file
#
@@ -28,7 +28,7 @@ makeoptions TEXTADDR="0x80069000" # entr
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC32_IP3x-$Revision: 1.124 $"
+#ident "GENERIC32_IP3x-$Revision: 1.125 $"
maxusers 32
@@ -324,7 +324,7 @@ pseudo-device vnd # disk-like interfac
# network pseudo-devices
pseudo-device bpfilter # Berkeley packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
pseudo-device loop # network loopback
pseudo-device ppp # Point-to-Point Protocol
@@ -360,15 +360,4 @@ pseudo-device drvctl
# a pseudo device needed for Coda # also needs CODA (above)
pseudo-device vcoda # coda minicache <-> venus comm.
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
Index: src/sys/arch/shark/conf/GENERIC
diff -u src/sys/arch/shark/conf/GENERIC:1.132 src/sys/arch/shark/conf/GENERIC:1.133
--- src/sys/arch/shark/conf/GENERIC:1.132 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/shark/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.132 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.133 2019/04/26 21:40:32 sevan Exp $
#
# Generic Shark configuration.
#
@@ -7,7 +7,7 @@ include "arch/shark/conf/std.shark"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.132 $"
+#ident "GENERIC-$Revision: 1.133 $"
# estimated number of users
maxusers 32
@@ -134,6 +134,11 @@ options SYSCTL_INCLUDE_DESCR # Include
options MODULAR # new style module(7) framework
options MODULAR_DEFAULT_AUTOLOAD
+# Alternate buffer queue strategies for better responsiveness under high
+# disk I/O load.
+#options BUFQ_READPRIO
+options BUFQ_PRIOCSCAN
+
# Development and Debugging options
#options ARM700BUGTRACK # track the ARM700 swi bug
@@ -275,7 +280,7 @@ pseudo-device accf_http # "httpready"
pseudo-device loop # network loopback
pseudo-device bpfilter # packet filter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
#pseudo-device sl # CSLIP
#pseudo-device ppp # PPP
#pseudo-device tun # network tunneling over tty
@@ -303,18 +308,7 @@ pseudo-device wsfont
pseudo-device ksyms # /dev/ksyms
pseudo-device putter # for puffs and pud
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
options PAX_ASLR=0 # PaX Address Space Layout Randomization
Index: src/sys/arch/sparc/conf/GENERIC
diff -u src/sys/arch/sparc/conf/GENERIC:1.265 src/sys/arch/sparc/conf/GENERIC:1.266
--- src/sys/arch/sparc/conf/GENERIC:1.265 Sat Apr 13 08:23:00 2019
+++ src/sys/arch/sparc/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.265 2019/04/13 08:23:00 isaki Exp $
+# $NetBSD: GENERIC,v 1.266 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/sparc/conf/std.sparc"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.265 $"
+#ident "GENERIC-$Revision: 1.266 $"
maxusers 32
@@ -88,7 +88,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
## NFS boot options; tries DHCP/BOOTP then BOOTPARAM
options NFS_BOOT_BOOTPARAM
@@ -577,7 +577,7 @@ pseudo-device tap # virtual Ethernet
## interface that allows selective examining of incoming packets.
pseudo-device bpfilter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
@@ -714,21 +714,7 @@ pseudo-device wsmux # mouse and keyboa
pseudo-device wsfont
pseudo-device putter # for puffs and pud
-#options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
#options PAX_MPROTECT=0 # PaX mprotect(2) restrictions
# (for static binaries only for now)
Index: src/sys/arch/sparc64/conf/GENERIC
diff -u src/sys/arch/sparc64/conf/GENERIC:1.214 src/sys/arch/sparc64/conf/GENERIC:1.215
--- src/sys/arch/sparc64/conf/GENERIC:1.214 Wed Feb 6 11:58:32 2019
+++ src/sys/arch/sparc64/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.214 2019/02/06 11:58:32 rin Exp $
+# $NetBSD: GENERIC,v 1.215 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/sparc64/conf/std.sparc64"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.214 $"
+#ident "GENERIC-$Revision: 1.215 $"
maxusers 64
@@ -66,7 +66,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
## NFS boot options; tries DHCP/BOOTP then BOOTPARAM
options NFS_BOOT_BOOTPARAM
@@ -716,8 +716,7 @@ pseudo-device gre # generic L3 over IP
## interface that allows selective examining of incoming packets.
pseudo-device bpfilter
-# Common Address Redundancy Protocol
-#pseudo-device carp
+pseudo-device carp # Common Address Redundancy Protocol
## IEEE 802.1q encapsulation
pseudo-device vlan
@@ -978,28 +977,14 @@ pseudo-device fss # file system snapsh
pseudo-device lockstat # lock profiling
pseudo-device putter # for puffs and pud
-options FILEASSOC # fileassoc(9) - required for Veriexec
- # and PAX_SEGVGUARD
-
-# Veriexec
-#
-# a pseudo device needed for veriexec
-pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-options VERIFIED_EXEC_FP_SHA256
-options VERIFIED_EXEC_FP_SHA384
-options VERIFIED_EXEC_FP_SHA512
-
# a pseudo device needed for SMBFS
pseudo-device nsmb # experimental - SMB requester
# drvctl - needed to show device dictionary via drvctl(8)
pseudo-device drvctl
+include "dev/veriexec.config"
+
options PAX_ASLR_DEBUG=1 # PaX ASLR debug
options PAX_SEGVGUARD=0 # PaX Segmentation fault guard
# XXX: there is no PLT format for sparc64 that cooperates with
Index: src/sys/arch/vax/conf/GENERIC
diff -u src/sys/arch/vax/conf/GENERIC:1.209 src/sys/arch/vax/conf/GENERIC:1.210
--- src/sys/arch/vax/conf/GENERIC:1.209 Sat Apr 13 08:23:01 2019
+++ src/sys/arch/vax/conf/GENERIC Fri Apr 26 21:40:32 2019
@@ -1,4 +1,4 @@
-# $NetBSD: GENERIC,v 1.209 2019/04/13 08:23:01 isaki Exp $
+# $NetBSD: GENERIC,v 1.210 2019/04/26 21:40:32 sevan Exp $
#
# GENERIC machine description file
#
@@ -22,7 +22,7 @@ include "arch/vax/conf/std.vax"
options INCLUDE_CONFIG_FILE # embed config file in kernel binary
-#ident "GENERIC-$Revision: 1.209 $"
+#ident "GENERIC-$Revision: 1.210 $"
# Here are all different supported CPU types listed.
#options VAX8800 # VAX 8500, 8530, 8550, 8700, 8800
@@ -142,7 +142,7 @@ options SYSCTL_INCLUDE_DESCR # Include
# Alternate buffer queue strategies for better responsiveness under high
# disk I/O load.
#options BUFQ_READPRIO
-#options BUFQ_PRIOCSCAN
+options BUFQ_PRIOCSCAN
# Kernel(s) to compile
config netbsd root on ? type ?
@@ -287,7 +287,7 @@ pseudo-device accf_http # "httpready"
pseudo-device loop
pseudo-device pty # pseudo-terminals
pseudo-device bpfilter
-#pseudo-device carp # Common Address Redundancy Protocol
+pseudo-device carp # Common Address Redundancy Protocol
pseudo-device npf # NPF packet filter
#pseudo-device sl
pseudo-device ppp
@@ -323,15 +323,4 @@ pseudo-device drvctl # user control of
pseudo-device ksyms # /dev/ksyms
pseudo-device wsmux # mouse & keyboard multiplexor
-# Veriexec
-#
-# a pseudo device needed for veriexec
-#pseudo-device veriexec
-#
-# Uncomment the fingerprint methods below that are desired. Note that
-# removing fingerprint methods will have almost no impact on the kernel
-# code size.
-#
-#options VERIFIED_EXEC_FP_SHA256
-#options VERIFIED_EXEC_FP_SHA384
-#options VERIFIED_EXEC_FP_SHA512
+include "dev/veriexec.config"
