Module Name: src Committed By: sevan Date: Fri Apr 26 21:40:33 UTC 2019
Modified Files: src/sys/arch/acorn32/conf: GENERIC src/sys/arch/alpha/conf: GENERIC src/sys/arch/amd64/conf: GENERIC src/sys/arch/amiga/conf: GENERIC src/sys/arch/amigappc/conf: GENERIC src/sys/arch/arc/conf: GENERIC src/sys/arch/bebox/conf: GENERIC src/sys/arch/cats/conf: GENERIC src/sys/arch/cesfic/conf: GENERIC src/sys/arch/cobalt/conf: GENERIC src/sys/arch/evbarm/conf: GENERIC.common src/sys/arch/evbmips/conf: ADM5120 ADM5120-NB ADM5120-USB ALCHEMY AP30 CI20 CPMBR1400 DB120 ERLITE GDIUM LOONGSON MALTA MERAKI RB153 RB433UAH SBMIPS XLSATX ZYXELKX src/sys/arch/evbppc/conf: EV64260 EXPLORA451 MPC8536DS MPC8548CDS OPENBLOCKS200 OPENBLOCKS266 OPENBLOCKS600 P2020DS P2020RDB PMPPC RB800 RB850GX2 TWRP1025 src/sys/arch/evbsh3/conf: AP_MS104_SH4 T_SH7706LAN T_SH7706LSR src/sys/arch/ews4800mips/conf: GENERIC src/sys/arch/hp300/conf: GENERIC src/sys/arch/hpcarm/conf: IPAQ JORNADA720 WZERO3 src/sys/arch/hpcmips/conf: GENERIC src/sys/arch/hpcsh/conf: GENERIC src/sys/arch/hppa/conf: GENERIC src/sys/arch/i386/conf: GENERIC src/sys/arch/ibmnws/conf: GENERIC src/sys/arch/iyonix/conf: GENERIC src/sys/arch/landisk/conf: GENERIC src/sys/arch/mac68k/conf: GENERIC src/sys/arch/macppc/conf: GENERIC src/sys/arch/mipsco/conf: GENERIC src/sys/arch/mmeye/conf: GENERIC src/sys/arch/netwinder/conf: GENERIC src/sys/arch/news68k/conf: GENERIC src/sys/arch/newsmips/conf: GENERIC src/sys/arch/next68k/conf: GENERIC src/sys/arch/ofppc/conf: GENERIC src/sys/arch/pmax/conf: GENERIC src/sys/arch/prep/conf: GENERIC src/sys/arch/rs6000/conf: GENERIC src/sys/arch/sandpoint/conf: GENERIC src/sys/arch/sbmips/conf: GENERIC src/sys/arch/sgimips/conf: GENERIC32_IP12 GENERIC32_IP2x GENERIC32_IP3x src/sys/arch/shark/conf: GENERIC src/sys/arch/sparc/conf: GENERIC src/sys/arch/sparc64/conf: GENERIC src/sys/arch/vax/conf: GENERIC Log Message: Enable BUFQ_PRIOCSCAN, CARP, Veriexec by default in GENERIC kernel configs. On ports without a GENERIC kernel config enable in individul files, e.g evbmips. Omit on: atari, dreamcast, emips, epoc32, evbppc/VIRTEX*, ia64, luna68x, mvme68k, mvmeppc, playstation2, riscv, sun2, sun3, x68k, zaurus due to resource constraints or port infancy. To generate a diff of this commit: cvs rdiff -u -r1.128 -r1.129 src/sys/arch/acorn32/conf/GENERIC cvs rdiff -u -r1.393 -r1.394 src/sys/arch/alpha/conf/GENERIC cvs rdiff -u -r1.525 -r1.526 src/sys/arch/amd64/conf/GENERIC cvs rdiff -u -r1.323 -r1.324 src/sys/arch/amiga/conf/GENERIC cvs rdiff -u -r1.36 -r1.37 src/sys/arch/amigappc/conf/GENERIC cvs rdiff -u -r1.192 -r1.193 src/sys/arch/arc/conf/GENERIC cvs rdiff -u -r1.159 -r1.160 src/sys/arch/bebox/conf/GENERIC cvs rdiff -u -r1.172 -r1.173 src/sys/arch/cats/conf/GENERIC cvs rdiff -u -r1.71 -r1.72 src/sys/arch/cesfic/conf/GENERIC cvs rdiff -u -r1.161 -r1.162 src/sys/arch/cobalt/conf/GENERIC cvs rdiff -u -r1.32 -r1.33 src/sys/arch/evbarm/conf/GENERIC.common cvs rdiff -u -r1.27 -r1.28 src/sys/arch/evbmips/conf/ADM5120 \ src/sys/arch/evbmips/conf/ADM5120-USB src/sys/arch/evbmips/conf/CI20 cvs rdiff -u -r1.25 -r1.26 src/sys/arch/evbmips/conf/ADM5120-NB cvs rdiff -u -r1.66 -r1.67 src/sys/arch/evbmips/conf/ALCHEMY cvs rdiff -u -r1.38 -r1.39 src/sys/arch/evbmips/conf/AP30 cvs rdiff -u -r1.30 -r1.31 src/sys/arch/evbmips/conf/CPMBR1400 cvs rdiff -u -r1.21 -r1.22 src/sys/arch/evbmips/conf/DB120 cvs rdiff -u -r1.22 -r1.23 src/sys/arch/evbmips/conf/ERLITE \ src/sys/arch/evbmips/conf/RB153 cvs rdiff -u -r1.35 -r1.36 src/sys/arch/evbmips/conf/GDIUM cvs rdiff -u -r1.41 -r1.42 src/sys/arch/evbmips/conf/LOONGSON cvs rdiff -u -r1.95 -r1.96 src/sys/arch/evbmips/conf/MALTA cvs rdiff -u -r1.32 -r1.33 src/sys/arch/evbmips/conf/MERAKI cvs rdiff -u -r1.18 -r1.19 src/sys/arch/evbmips/conf/RB433UAH cvs rdiff -u -r1.8 -r1.9 src/sys/arch/evbmips/conf/SBMIPS cvs rdiff -u -r1.28 -r1.29 src/sys/arch/evbmips/conf/XLSATX cvs rdiff -u -r1.15 -r1.16 src/sys/arch/evbmips/conf/ZYXELKX cvs rdiff -u -r1.72 -r1.73 src/sys/arch/evbppc/conf/EV64260 cvs rdiff -u -r1.63 -r1.64 src/sys/arch/evbppc/conf/EXPLORA451 cvs rdiff -u -r1.27 -r1.28 src/sys/arch/evbppc/conf/MPC8536DS cvs rdiff -u -r1.26 -r1.27 src/sys/arch/evbppc/conf/MPC8548CDS \ src/sys/arch/evbppc/conf/OPENBLOCKS600 src/sys/arch/evbppc/conf/TWRP1025 cvs rdiff -u -r1.47 -r1.48 src/sys/arch/evbppc/conf/OPENBLOCKS200 cvs rdiff -u -r1.74 -r1.75 src/sys/arch/evbppc/conf/OPENBLOCKS266 cvs rdiff -u -r1.30 -r1.31 src/sys/arch/evbppc/conf/P2020DS \ src/sys/arch/evbppc/conf/P2020RDB cvs rdiff -u -r1.49 -r1.50 src/sys/arch/evbppc/conf/PMPPC cvs rdiff -u -r1.36 -r1.37 src/sys/arch/evbppc/conf/RB800 cvs rdiff -u -r1.5 -r1.6 src/sys/arch/evbppc/conf/RB850GX2 cvs rdiff -u -r1.11 -r1.12 src/sys/arch/evbsh3/conf/AP_MS104_SH4 cvs rdiff -u -r1.14 -r1.15 src/sys/arch/evbsh3/conf/T_SH7706LAN cvs rdiff -u -r1.16 -r1.17 src/sys/arch/evbsh3/conf/T_SH7706LSR cvs rdiff -u -r1.57 -r1.58 src/sys/arch/ews4800mips/conf/GENERIC cvs rdiff -u -r1.202 -r1.203 src/sys/arch/hp300/conf/GENERIC cvs rdiff -u -r1.81 -r1.82 src/sys/arch/hpcarm/conf/IPAQ cvs rdiff -u -r1.102 -r1.103 src/sys/arch/hpcarm/conf/JORNADA720 cvs rdiff -u -r1.48 -r1.49 src/sys/arch/hpcarm/conf/WZERO3 cvs rdiff -u -r1.239 -r1.240 src/sys/arch/hpcmips/conf/GENERIC cvs rdiff -u -r1.111 -r1.112 src/sys/arch/hpcsh/conf/GENERIC cvs rdiff -u -r1.26 -r1.27 src/sys/arch/hppa/conf/GENERIC cvs rdiff -u -r1.1204 -r1.1205 src/sys/arch/i386/conf/GENERIC cvs rdiff -u -r1.53 -r1.54 src/sys/arch/ibmnws/conf/GENERIC cvs rdiff -u -r1.106 -r1.107 src/sys/arch/iyonix/conf/GENERIC cvs rdiff -u -r1.62 -r1.63 src/sys/arch/landisk/conf/GENERIC cvs rdiff -u -r1.227 -r1.228 src/sys/arch/mac68k/conf/GENERIC cvs rdiff -u -r1.353 -r1.354 src/sys/arch/macppc/conf/GENERIC cvs rdiff -u -r1.93 -r1.94 src/sys/arch/mipsco/conf/GENERIC cvs rdiff -u -r1.125 -r1.126 src/sys/arch/mmeye/conf/GENERIC cvs rdiff -u -r1.136 -r1.137 src/sys/arch/netwinder/conf/GENERIC cvs rdiff -u -r1.132 -r1.133 src/sys/arch/news68k/conf/GENERIC cvs rdiff -u -r1.136 -r1.137 src/sys/arch/newsmips/conf/GENERIC cvs rdiff -u -r1.147 -r1.148 src/sys/arch/next68k/conf/GENERIC cvs rdiff -u -r1.169 -r1.170 src/sys/arch/ofppc/conf/GENERIC cvs rdiff -u -r1.198 -r1.199 src/sys/arch/pmax/conf/GENERIC cvs rdiff -u -r1.188 -r1.189 src/sys/arch/prep/conf/GENERIC cvs rdiff -u -r1.40 -r1.41 src/sys/arch/rs6000/conf/GENERIC cvs rdiff -u -r1.101 -r1.102 src/sys/arch/sandpoint/conf/GENERIC cvs rdiff -u -r1.107 -r1.108 src/sys/arch/sbmips/conf/GENERIC cvs rdiff -u -r1.34 -r1.35 src/sys/arch/sgimips/conf/GENERIC32_IP12 cvs rdiff -u -r1.115 -r1.116 src/sys/arch/sgimips/conf/GENERIC32_IP2x cvs rdiff -u -r1.124 -r1.125 src/sys/arch/sgimips/conf/GENERIC32_IP3x cvs rdiff -u -r1.132 -r1.133 src/sys/arch/shark/conf/GENERIC cvs rdiff -u -r1.265 -r1.266 src/sys/arch/sparc/conf/GENERIC cvs rdiff -u -r1.214 -r1.215 src/sys/arch/sparc64/conf/GENERIC cvs rdiff -u -r1.209 -r1.210 src/sys/arch/vax/conf/GENERIC Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/arch/acorn32/conf/GENERIC diff -u src/sys/arch/acorn32/conf/GENERIC:1.128 src/sys/arch/acorn32/conf/GENERIC:1.129 --- src/sys/arch/acorn32/conf/GENERIC:1.128 Sat Apr 13 08:22:58 2019 +++ src/sys/arch/acorn32/conf/GENERIC Fri Apr 26 21:40:28 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.128 2019/04/13 08:22:58 isaki Exp $ +# $NetBSD: GENERIC,v 1.129 2019/04/26 21:40:28 sevan Exp $ # # GENERIC --- NetBSD/acorn32 complete configuration # @@ -22,7 +22,7 @@ include "arch/acorn32/conf/std.acorn32" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.128 $" +#ident "GENERIC-$Revision: 1.129 $" # estimated number of users maxusers 32 @@ -131,7 +131,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Development and Debugging options @@ -285,7 +285,7 @@ ne* at podulebus? # NE2000 clone cards pseudo-device loop # network loopback pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device sl # CSLIP pseudo-device ppp # PPP pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -328,18 +328,7 @@ pseudo-device putter # for puffs and p pseudo-device accf_data # "dataready" accept filter pseudo-device accf_http # "httpready" accept filter -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" # If the standard modes don't work for your monitor, you can specify # a RISC-OS-format monitor definition file and a list of modes here. Index: src/sys/arch/alpha/conf/GENERIC diff -u src/sys/arch/alpha/conf/GENERIC:1.393 src/sys/arch/alpha/conf/GENERIC:1.394 --- src/sys/arch/alpha/conf/GENERIC:1.393 Sat Apr 13 08:22:58 2019 +++ src/sys/arch/alpha/conf/GENERIC Fri Apr 26 21:40:28 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.393 2019/04/13 08:22:58 isaki Exp $ +# $NetBSD: GENERIC,v 1.394 2019/04/26 21:40:28 sevan Exp $ # # This machine description file is used to generate the default NetBSD # kernel. @@ -19,7 +19,7 @@ include "arch/alpha/conf/std.alpha" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "GENERIC-$Revision: 1.393 $" +ident "GENERIC-$Revision: 1.394 $" maxusers 32 @@ -51,7 +51,7 @@ options NTP # kernel PLL for NTP # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # Cheap kernel consistency checks @@ -707,7 +707,7 @@ pseudo-device crypto # /dev/crypto de pseudo-device swcrypto # software crypto implementation pseudo-device bpfilter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device ccd pseudo-device cgd # cryptographic disk devices pseudo-device raid # RAIDframe disk driver @@ -757,21 +757,7 @@ pseudo-device bcsp # BlueCore Serial P pseudo-device btuart # Bluetooth HCI UART (H4) pseudo-device putter # for puffs and pud -#options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_MPROTECT=0 # PaX mprotect(2) restrictions options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/amd64/conf/GENERIC diff -u src/sys/arch/amd64/conf/GENERIC:1.525 src/sys/arch/amd64/conf/GENERIC:1.526 --- src/sys/arch/amd64/conf/GENERIC:1.525 Thu Apr 25 03:53:11 2019 +++ src/sys/arch/amd64/conf/GENERIC Fri Apr 26 21:40:28 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.525 2019/04/25 03:53:11 msaitoh Exp $ +# $NetBSD: GENERIC,v 1.526 2019/04/26 21:40:28 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/amd64/conf/std.amd64" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.525 $" +#ident "GENERIC-$Revision: 1.526 $" maxusers 64 # estimated number of users @@ -1133,7 +1133,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device mpls # MPLS pseudo-interface pseudo-device ppp # Point-to-Point Protocol @@ -1196,21 +1196,7 @@ pseudo-device pad # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -options FILEASSOC # fileassoc(9) - needed by Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_SEGVGUARD=0 # PaX Segmentation fault guard options PAX_MPROTECT=1 # PaX mprotect(2) restrictions Index: src/sys/arch/amiga/conf/GENERIC diff -u src/sys/arch/amiga/conf/GENERIC:1.323 src/sys/arch/amiga/conf/GENERIC:1.324 --- src/sys/arch/amiga/conf/GENERIC:1.323 Sat Apr 13 08:26:14 2019 +++ src/sys/arch/amiga/conf/GENERIC Fri Apr 26 21:40:28 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.323 2019/04/13 08:26:14 isaki Exp $ +# $NetBSD: GENERIC,v 1.324 2019/04/26 21:40:28 sevan Exp $ # # This file was automatically created. # Changes will be lost when make is run in this directory. @@ -29,7 +29,7 @@ include "arch/amiga/conf/std.amiga" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.323 $" +#ident "GENERIC-$Revision: 1.324 $" makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk @@ -164,7 +164,7 @@ options NTP # NTP phase/frequency lock # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # # Misc. debugging options @@ -552,7 +552,7 @@ pseudo-device tun # network tunnel lin pseudo-device tap # virtual Ethernet #pseudo-device gre # generic L3 over IP tunnel pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) #pseudo-device faith # IPv[46] tcp relay translation i/f @@ -594,17 +594,6 @@ pseudo-device nsmb # experimental - SM pseudo-device bcsp # BlueCore Serial Protocol pseudo-device btuart # Bluetooth HCI UART (H4) -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" config netbsd root on ? type ? Index: src/sys/arch/amigappc/conf/GENERIC diff -u src/sys/arch/amigappc/conf/GENERIC:1.36 src/sys/arch/amigappc/conf/GENERIC:1.37 --- src/sys/arch/amigappc/conf/GENERIC:1.36 Sat Apr 13 08:22:58 2019 +++ src/sys/arch/amigappc/conf/GENERIC Fri Apr 26 21:40:28 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.36 2019/04/13 08:22:58 isaki Exp $ +# $NetBSD: GENERIC,v 1.37 2019/04/26 21:40:28 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/amigappc/conf/std.amigappc options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.36 $" +#ident "GENERIC-$Revision: 1.37 $" maxusers 8 @@ -58,7 +58,7 @@ options SYSVSEM # System V-like semaph # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # # Diagnostic/debugging support options @@ -392,7 +392,7 @@ pseudo-device tun # network tunnel lin pseudo-device tap # virtual Ethernet #pseudo-device gre # generic L3 over IP tunnel pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) #pseudo-device faith # IPv[46] tcp relay translation i/f @@ -431,18 +431,7 @@ options RAID_AUTOCONFIG # auto-configu pseudo-device ksyms # /dev/ksyms (kernel symbols) pseudo-device nsmb # experimental - SMB requester -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" # Kernel root file system and dump configuration config netbsd root on ? type ? Index: src/sys/arch/arc/conf/GENERIC diff -u src/sys/arch/arc/conf/GENERIC:1.192 src/sys/arch/arc/conf/GENERIC:1.193 --- src/sys/arch/arc/conf/GENERIC:1.192 Wed Dec 12 06:29:36 2018 +++ src/sys/arch/arc/conf/GENERIC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.192 2018/12/12 06:29:36 maxv Exp $ +# $NetBSD: GENERIC,v 1.193 2019/04/26 21:40:29 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/arc/conf/std.arc" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.192 $" +#ident "GENERIC-$Revision: 1.193 $" maxusers 32 # estimated number of users @@ -60,7 +60,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -445,7 +445,7 @@ pseudo-device putter # for puffs and p # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -482,15 +482,4 @@ pseudo-device clockctl # user control o #pseudo-device wsmux pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/bebox/conf/GENERIC diff -u src/sys/arch/bebox/conf/GENERIC:1.159 src/sys/arch/bebox/conf/GENERIC:1.160 --- src/sys/arch/bebox/conf/GENERIC:1.159 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/bebox/conf/GENERIC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.159 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: GENERIC,v 1.160 2019/04/26 21:40:29 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/bebox/conf/std.bebox" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.159 $" +#ident "GENERIC-$Revision: 1.160 $" maxusers 32 @@ -44,7 +44,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -272,7 +272,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -324,22 +324,7 @@ pseudo-device wsfont # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -#options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - - -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions #options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/cats/conf/GENERIC diff -u src/sys/arch/cats/conf/GENERIC:1.172 src/sys/arch/cats/conf/GENERIC:1.173 --- src/sys/arch/cats/conf/GENERIC:1.172 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/cats/conf/GENERIC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.172 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: GENERIC,v 1.173 2019/04/26 21:40:29 sevan Exp $ # # GENERIC machine description file # @@ -40,7 +40,7 @@ options NTP # NTP phase/frequency lock # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # CPU options @@ -536,7 +536,7 @@ pseudo-device putter # for puffs and p # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -574,15 +574,4 @@ pseudo-device wsmux pseudo-device wsfont pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/cesfic/conf/GENERIC diff -u src/sys/arch/cesfic/conf/GENERIC:1.71 src/sys/arch/cesfic/conf/GENERIC:1.72 --- src/sys/arch/cesfic/conf/GENERIC:1.71 Thu Mar 14 16:59:09 2019 +++ src/sys/arch/cesfic/conf/GENERIC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.71 2019/03/14 16:59:09 thorpej Exp $ +# $NetBSD: GENERIC,v 1.72 2019/04/26 21:40:29 sevan Exp $ # # GENERIC machine description file # @@ -39,7 +39,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN include "conf/compat_netbsd09.config" @@ -121,7 +121,7 @@ pseudo-device pty # pseudo ptys #pseudo-device ppp # PPP network interfaces #pseudo-device pppoe # PPP over Ethernet (RFC 2516) #pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device bridge # simple inter-network bridging #options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too #pseudo-device vnd # vnode pseudo-disks @@ -133,15 +133,4 @@ pseudo-device loop # loopback network pseudo-device clockctl # user control of clock subsystem pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/cobalt/conf/GENERIC diff -u src/sys/arch/cobalt/conf/GENERIC:1.161 src/sys/arch/cobalt/conf/GENERIC:1.162 --- src/sys/arch/cobalt/conf/GENERIC:1.161 Wed Dec 12 06:29:36 2018 +++ src/sys/arch/cobalt/conf/GENERIC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.161 2018/12/12 06:29:36 maxv Exp $ +# $NetBSD: GENERIC,v 1.162 2019/04/26 21:40:29 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/cobalt/conf/std.cobalt" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.161 $" +#ident "GENERIC-$Revision: 1.162 $" maxusers 32 @@ -39,7 +39,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Debugging options options DIAGNOSTIC # extra kernel sanity checking @@ -311,7 +311,7 @@ pseudo-device vnd # disk-like interfa # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -349,15 +349,4 @@ pseudo-device nsmb # experimental - S pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/evbarm/conf/GENERIC.common diff -u src/sys/arch/evbarm/conf/GENERIC.common:1.32 src/sys/arch/evbarm/conf/GENERIC.common:1.33 --- src/sys/arch/evbarm/conf/GENERIC.common:1.32 Wed Dec 26 19:54:09 2018 +++ src/sys/arch/evbarm/conf/GENERIC.common Fri Apr 26 21:40:29 2019 @@ -1,5 +1,5 @@ # -# $NetBSD: GENERIC.common,v 1.32 2018/12/26 19:54:09 skrll Exp $ +# $NetBSD: GENERIC.common,v 1.33 2019/04/26 21:40:29 sevan Exp $ # # GENERIC evbarm kernel config (template) # @@ -133,6 +133,7 @@ pseudo-device drvctl # driver control # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback pseudo-device bridge # simple inter-network bridging pseudo-device vlan # IEEE 802.1q encapsulation @@ -152,21 +153,7 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device lockstat # lock profiling -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_ASLR_DEBUG=1 # PaX ASLR debug options PAX_SEGVGUARD=0 # PaX Segmentation fault guard Index: src/sys/arch/evbmips/conf/ADM5120 diff -u src/sys/arch/evbmips/conf/ADM5120:1.27 src/sys/arch/evbmips/conf/ADM5120:1.28 --- src/sys/arch/evbmips/conf/ADM5120:1.27 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/ADM5120 Fri Apr 26 21:40:29 2019 @@ -1,11 +1,11 @@ -# $NetBSD: ADM5120,v 1.27 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: ADM5120,v 1.28 2019/04/26 21:40:29 sevan Exp $ # # Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500, # DBAu1000 and DBAu1500 evaluation boards. include "arch/evbmips/conf/std.adm5120" -#ident "GENERIC-$Revision: 1.27 $" +#ident "GENERIC-$Revision: 1.28 $" maxusers 32 @@ -109,6 +109,7 @@ cpu0 at mainbus? # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -133,3 +134,5 @@ uart* at obio? addr ? admsw* at obio? addr ? #admflash* at obio? addr ? #options VND_COMPRESSION + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/ADM5120-USB diff -u src/sys/arch/evbmips/conf/ADM5120-USB:1.27 src/sys/arch/evbmips/conf/ADM5120-USB:1.28 --- src/sys/arch/evbmips/conf/ADM5120-USB:1.27 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/ADM5120-USB Fri Apr 26 21:40:29 2019 @@ -1,11 +1,11 @@ -# $NetBSD: ADM5120-USB,v 1.27 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: ADM5120-USB,v 1.28 2019/04/26 21:40:29 sevan Exp $ # # Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500, # DBAu1000 and DBAu1500 evaluation boards. include "arch/evbmips/conf/std.adm5120" -#ident "GENERIC-$Revision: 1.27 $" +#ident "GENERIC-$Revision: 1.28 $" maxusers 32 @@ -109,6 +109,7 @@ cpu0 at mainbus? # Network pseudo-devices #pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -151,3 +152,4 @@ options MSGBUFSIZE=65536 scsibus* at scsi? sd* at scsibus? target ? lun ? # SCSI disk drives +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/CI20 diff -u src/sys/arch/evbmips/conf/CI20:1.27 src/sys/arch/evbmips/conf/CI20:1.28 --- src/sys/arch/evbmips/conf/CI20:1.27 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/CI20 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CI20,v 1.27 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: CI20,v 1.28 2019/04/26 21:40:29 sevan Exp $ # # MIPS Creator CI20 # @@ -7,7 +7,7 @@ include "arch/evbmips/conf/std.ingenic" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "CI20-$Revision: 1.27 $" +#ident "CI20-$Revision: 1.28 $" maxusers 32 @@ -247,6 +247,7 @@ jzrng0 at apbus0 # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -270,6 +271,7 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. +include "dev/veriexec.config" cinclude "arch/evbmips/conf/CI20.local" Index: src/sys/arch/evbmips/conf/ADM5120-NB diff -u src/sys/arch/evbmips/conf/ADM5120-NB:1.25 src/sys/arch/evbmips/conf/ADM5120-NB:1.26 --- src/sys/arch/evbmips/conf/ADM5120-NB:1.25 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/ADM5120-NB Fri Apr 26 21:40:29 2019 @@ -1,11 +1,11 @@ -# $NetBSD: ADM5120-NB,v 1.25 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: ADM5120-NB,v 1.26 2019/04/26 21:40:29 sevan Exp $ # # Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500, # DBAu1000 and DBAu1500 evaluation boards. include "arch/evbmips/conf/std.adm5120" -#ident "GENERIC-$Revision: 1.25 $" +#ident "GENERIC-$Revision: 1.26 $" maxusers 32 @@ -133,6 +133,7 @@ cpu0 at mainbus? # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -158,3 +159,5 @@ uart* at obio? addr ? admsw* at obio? addr ? #admflash* at obio? addr ? #options VND_COMPRESSION + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/ALCHEMY diff -u src/sys/arch/evbmips/conf/ALCHEMY:1.66 src/sys/arch/evbmips/conf/ALCHEMY:1.67 --- src/sys/arch/evbmips/conf/ALCHEMY:1.66 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/evbmips/conf/ALCHEMY Fri Apr 26 21:40:29 2019 @@ -1,11 +1,11 @@ -# $NetBSD: ALCHEMY,v 1.66 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: ALCHEMY,v 1.67 2019/04/26 21:40:29 sevan Exp $ # # Kernel config for the Alchemy Semiconductor (AMD) PB1000, PB1500, # DBAu1000 and DBAu1500 evaluation boards. include "arch/evbmips/conf/std.alchemy" -#ident "ALCHEMY-$Revision: 1.66 $" +#ident "ALCHEMY-$Revision: 1.67 $" maxusers 32 @@ -232,6 +232,7 @@ pseudo-device vnd # disk-like interfa # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -256,3 +257,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/AP30 diff -u src/sys/arch/evbmips/conf/AP30:1.38 src/sys/arch/evbmips/conf/AP30:1.39 --- src/sys/arch/evbmips/conf/AP30:1.38 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/AP30 Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: AP30,v 1.38 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: AP30,v 1.39 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.atheros" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "AP30-$Revision: 1.38 $" +#ident "AP30-$Revision: 1.39 $" maxusers 32 @@ -165,6 +165,7 @@ ukphy* at mii? phy ? # generic unknown # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -187,3 +188,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/CPMBR1400 diff -u src/sys/arch/evbmips/conf/CPMBR1400:1.30 src/sys/arch/evbmips/conf/CPMBR1400:1.31 --- src/sys/arch/evbmips/conf/CPMBR1400:1.30 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/CPMBR1400 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: CPMBR1400,v 1.30 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: CPMBR1400,v 1.31 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.rasoc" @@ -221,6 +221,7 @@ ukphy* at mii? phy ? # generic unknown # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device bridge # simple inter-network bridging pseudo-device loop # network loopback pseudo-device tap # virtual Ethernet @@ -232,3 +233,5 @@ pseudo-device vlan # 802.1q pseudo-device pty # pseudo-terminals pseudo-device clockctl # /dev/clockctl - user control of clock subsystem pseudo-device ksyms # /dev/ksyms - kernel symbols + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/DB120 diff -u src/sys/arch/evbmips/conf/DB120:1.21 src/sys/arch/evbmips/conf/DB120:1.22 --- src/sys/arch/evbmips/conf/DB120:1.21 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/DB120 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: DB120,v 1.21 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: DB120,v 1.22 2019/04/26 21:40:29 sevan Exp $ # # Qualcomm Atheros AR9344 DB120 evaluation board. # @@ -7,7 +7,7 @@ include "arch/evbmips/conf/std.atheros" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "DB120-$Revision: 1.21 $" +#ident "DB120-$Revision: 1.22 $" maxusers 32 @@ -185,6 +185,7 @@ sd* at scsibus? target ? lun ? # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -207,3 +208,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/ERLITE diff -u src/sys/arch/evbmips/conf/ERLITE:1.22 src/sys/arch/evbmips/conf/ERLITE:1.23 --- src/sys/arch/evbmips/conf/ERLITE:1.22 Wed Apr 10 15:19:09 2019 +++ src/sys/arch/evbmips/conf/ERLITE Fri Apr 26 21:40:29 2019 @@ -1,11 +1,11 @@ -# $NetBSD: ERLITE,v 1.22 2019/04/10 15:19:09 roy Exp $ +# $NetBSD: ERLITE,v 1.23 2019/04/26 21:40:29 sevan Exp $ include "arch/mips/conf/std.octeon" include "arch/evbmips/conf/files.octeon" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "ERLITE-$Revision: 1.22 $" +#ident "ERLITE-$Revision: 1.23 $" maxusers 32 @@ -149,6 +149,7 @@ ukphy* at mii? phy ? # generic unknown # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -174,5 +175,7 @@ pseudo-device drvctl # driver control # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. +include "dev/veriexec.config" + cinclude "arch/evbmips/conf/ERLITE.local" Index: src/sys/arch/evbmips/conf/RB153 diff -u src/sys/arch/evbmips/conf/RB153:1.22 src/sys/arch/evbmips/conf/RB153:1.23 --- src/sys/arch/evbmips/conf/RB153:1.22 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/RB153 Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: RB153,v 1.22 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: RB153,v 1.23 2019/04/26 21:40:29 sevan Exp $ # # Example kernel config for the RouterBOARD 153. include "arch/evbmips/conf/std.adm5120" -#ident "RB153-$Revision: 1.22 $" +#ident "RB153-$Revision: 1.23 $" maxusers 32 @@ -105,6 +105,7 @@ cpu0 at mainbus? # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -159,3 +160,5 @@ options IPSELSRC #options WDC_EXTIO_DEBUG #options EXTIO_DEBUG #options ATADEBUG + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/GDIUM diff -u src/sys/arch/evbmips/conf/GDIUM:1.35 src/sys/arch/evbmips/conf/GDIUM:1.36 --- src/sys/arch/evbmips/conf/GDIUM:1.35 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/GDIUM Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GDIUM,v 1.35 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: GDIUM,v 1.36 2019/04/26 21:40:29 sevan Exp $ # # GDIUM machine description file # @@ -22,7 +22,7 @@ include "arch/evbmips/conf/std.gdium" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GDIUM-$Revision: 1.35 $" +#ident "GDIUM-$Revision: 1.36 $" maxusers 16 @@ -227,7 +227,7 @@ pseudo-device ppp # serial-line IP por pseudo-device pppoe # PPP over Ethernet (RFC 2516) pseudo-device pty # pseudo-terminals pseudo-device bpfilter # packet filter ports -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device vnd # virtual disk ick @@ -265,15 +265,4 @@ pseudo-device bridge pseudo-device agr # IEEE 802.3ad link aggregation pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/LOONGSON diff -u src/sys/arch/evbmips/conf/LOONGSON:1.41 src/sys/arch/evbmips/conf/LOONGSON:1.42 --- src/sys/arch/evbmips/conf/LOONGSON:1.41 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/LOONGSON Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: LOONGSON,v 1.41 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: LOONGSON,v 1.42 2019/04/26 21:40:29 sevan Exp $ # # LOONGSON machine description file # @@ -22,7 +22,7 @@ include "arch/evbmips/conf/std.loongson options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "LOONGSON-$Revision: 1.41 $" +#ident "LOONGSON-$Revision: 1.42 $" maxusers 16 @@ -262,7 +262,7 @@ pseudo-device ppp # serial-line IP por pseudo-device pppoe # PPP over Ethernet (RFC 2516) pseudo-device pty # pseudo-terminals pseudo-device bpfilter # packet filter ports -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device vnd # virtual disk ick @@ -302,15 +302,4 @@ pseudo-device agr # IEEE 802.3ad link pseudo-device ksyms # /dev/ksyms pseudo-device drvctl # driver control -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/MALTA diff -u src/sys/arch/evbmips/conf/MALTA:1.95 src/sys/arch/evbmips/conf/MALTA:1.96 --- src/sys/arch/evbmips/conf/MALTA:1.95 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/evbmips/conf/MALTA Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: MALTA,v 1.95 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: MALTA,v 1.96 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.malta" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "MALTA-$Revision: 1.95 $" +#ident "MALTA-$Revision: 1.96 $" maxusers 32 @@ -296,6 +296,7 @@ pseudo-device vnd # disk-like interfa # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter pseudo-device npf # NPF packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -319,3 +320,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/MERAKI diff -u src/sys/arch/evbmips/conf/MERAKI:1.32 src/sys/arch/evbmips/conf/MERAKI:1.33 --- src/sys/arch/evbmips/conf/MERAKI:1.32 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/MERAKI Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: MERAKI,v 1.32 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: MERAKI,v 1.33 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.meraki" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "MERAKI-$Revision: 1.32 $" +#ident "MERAKI-$Revision: 1.33 $" maxusers 32 @@ -172,6 +172,7 @@ ukphy* at mii? phy ? # generic unknown # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -194,3 +195,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/RB433UAH diff -u src/sys/arch/evbmips/conf/RB433UAH:1.18 src/sys/arch/evbmips/conf/RB433UAH:1.19 --- src/sys/arch/evbmips/conf/RB433UAH:1.18 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/RB433UAH Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: RB433UAH,v 1.18 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: RB433UAH,v 1.19 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.atheros" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "RB433UAH-$Revision: 1.18 $" +#ident "RB433UAH-$Revision: 1.19 $" maxusers 32 @@ -175,6 +175,7 @@ sd* at scsibus? target ? lun ? # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -197,3 +198,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/SBMIPS diff -u src/sys/arch/evbmips/conf/SBMIPS:1.8 src/sys/arch/evbmips/conf/SBMIPS:1.9 --- src/sys/arch/evbmips/conf/SBMIPS:1.8 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/SBMIPS Fri Apr 26 21:40:29 2019 @@ -1,10 +1,10 @@ -# $NetBSD: SBMIPS,v 1.8 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: SBMIPS,v 1.9 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.sbmips" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.8 $" +#ident "GENERIC-$Revision: 1.9 $" #options LOCKDEBUG # XXX XXX XXX XXX #options DEBUG # extra kernel debugging support @@ -173,7 +173,7 @@ pseudo-device vnd # disk-like interfac # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -207,15 +207,4 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/XLSATX diff -u src/sys/arch/evbmips/conf/XLSATX:1.28 src/sys/arch/evbmips/conf/XLSATX:1.29 --- src/sys/arch/evbmips/conf/XLSATX:1.28 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/XLSATX Fri Apr 26 21:40:29 2019 @@ -1,8 +1,8 @@ -# $NetBSD: XLSATX,v 1.28 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: XLSATX,v 1.29 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.rmixl" -#ident "XLSATX-$Revision: 1.28 $" +#ident "XLSATX-$Revision: 1.29 $" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary @@ -185,6 +185,7 @@ pseudo-device vnd # disk-like interfa # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -209,3 +210,5 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. + +include "dev/veriexec.config" Index: src/sys/arch/evbmips/conf/ZYXELKX diff -u src/sys/arch/evbmips/conf/ZYXELKX:1.15 src/sys/arch/evbmips/conf/ZYXELKX:1.16 --- src/sys/arch/evbmips/conf/ZYXELKX:1.15 Sun Dec 30 14:51:36 2018 +++ src/sys/arch/evbmips/conf/ZYXELKX Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: ZYXELKX,v 1.15 2018/12/30 14:51:36 sevan Exp $ +# $NetBSD: ZYXELKX,v 1.16 2019/04/26 21:40:29 sevan Exp $ include "arch/evbmips/conf/std.rasoc" @@ -225,6 +225,7 @@ ukphy* at mii? phy ? # generic unknown # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device bridge # simple inter-network bridging pseudo-device loop # network loopback pseudo-device tap # virtual Ethernet @@ -236,3 +237,5 @@ pseudo-device vlan # 802.1q pseudo-device pty # pseudo-terminals pseudo-device clockctl # /dev/clockctl - user control of clock subsystem pseudo-device ksyms # /dev/ksyms - kernel symbols + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/EV64260 diff -u src/sys/arch/evbppc/conf/EV64260:1.72 src/sys/arch/evbppc/conf/EV64260:1.73 --- src/sys/arch/evbppc/conf/EV64260:1.72 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/EV64260 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: EV64260,v 1.72 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: EV64260,v 1.73 2019/04/26 21:40:29 sevan Exp $ # # MVP -- Motorola's Multiprocessing Verification Platform # @@ -52,6 +52,11 @@ options SYSVSHM # System V shared memo #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -246,6 +251,7 @@ wd* at atabus? drive ? flags 0x0000 pseudo-device md # memory disk device pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter #pseudo-device ppp # Point-to-Point Protocol #pseudo-device sl # Serial Line IP @@ -261,3 +267,5 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device swdmover # softare dmover(9) back-end pseudo-device dmoverio # /dev/dmover dmover(9) interface + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/EXPLORA451 diff -u src/sys/arch/evbppc/conf/EXPLORA451:1.63 src/sys/arch/evbppc/conf/EXPLORA451:1.64 --- src/sys/arch/evbppc/conf/EXPLORA451:1.63 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/EXPLORA451 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: EXPLORA451,v 1.63 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: EXPLORA451,v 1.64 2019/04/26 21:40:29 sevan Exp $ # # GENERIC -- everything that's currently supported # @@ -41,7 +41,7 @@ options USERCONF # userconf(4) support # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options options DIAGNOSTIC # expensive kernel consistency checks @@ -152,6 +152,7 @@ pseudo-device putter # for puffs and p # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -184,3 +185,5 @@ pseudo-device nsmb # experimental - SM # wscons pseudo-devices pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/MPC8536DS diff -u src/sys/arch/evbppc/conf/MPC8536DS:1.27 src/sys/arch/evbppc/conf/MPC8536DS:1.28 --- src/sys/arch/evbppc/conf/MPC8536DS:1.27 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/MPC8536DS Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: MPC8536DS,v 1.27 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: MPC8536DS,v 1.28 2019/04/26 21:40:29 sevan Exp $ # # MPC8536DS -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "MPC8536DS-$Revision: 1.27 $" +ident "MPC8536DS-$Revision: 1.28 $" maxusers 32 @@ -33,6 +33,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -205,9 +210,12 @@ makphy* at mii? phy ? # Marvell PHYs pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of disk subsystem pseudo-device ksyms # /dev/ksyms pseudo-device pty # pseudo-terminals pseudo-device kttcp # kernel ttcp pseudo-device vlan # 802.1Q VLANs + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/MPC8548CDS diff -u src/sys/arch/evbppc/conf/MPC8548CDS:1.26 src/sys/arch/evbppc/conf/MPC8548CDS:1.27 --- src/sys/arch/evbppc/conf/MPC8548CDS:1.26 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/MPC8548CDS Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: MPC8548CDS,v 1.26 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: MPC8548CDS,v 1.27 2019/04/26 21:40:29 sevan Exp $ # # MPC8548CDS -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "MPC8548CDS-$Revision: 1.26 $" +ident "MPC8548CDS-$Revision: 1.27 $" maxusers 32 @@ -35,6 +35,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -193,9 +198,12 @@ wd* at atabus? drive ? pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of drive subsystem pseudo-device ksyms # /dev/ksyms pseudo-device pty # pseudo-terminals pseudo-device kttcp # kernel ttcp pseudo-device vlan # 802.1Q VLANs + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/OPENBLOCKS600 diff -u src/sys/arch/evbppc/conf/OPENBLOCKS600:1.26 src/sys/arch/evbppc/conf/OPENBLOCKS600:1.27 --- src/sys/arch/evbppc/conf/OPENBLOCKS600:1.26 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/OPENBLOCKS600 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: OPENBLOCKS600,v 1.26 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: OPENBLOCKS600,v 1.27 2019/04/26 21:40:29 sevan Exp $ # # GENERIC -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.obs600" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "OPENBLOCKS600-$Revision: 1.26 $" +#ident "OPENBLOCKS600-$Revision: 1.27 $" maxusers 32 @@ -31,6 +31,10 @@ options SYSVSHM # System V shared mem #options UVMHIST #options UVMHIST_PRINT +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN # # Diagnostic/debugging support options @@ -179,6 +183,7 @@ brgphy* at mii? phy ? # Broadcom BCM54 # network pseudo-devices pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -202,3 +207,5 @@ pseudo-device pty # pseudo-terminals pseudo-device clockctl # user control of clock subsystem pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/TWRP1025 diff -u src/sys/arch/evbppc/conf/TWRP1025:1.26 src/sys/arch/evbppc/conf/TWRP1025:1.27 --- src/sys/arch/evbppc/conf/TWRP1025:1.26 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/TWRP1025 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: TWRP1025,v 1.26 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: TWRP1025,v 1.27 2019/04/26 21:40:29 sevan Exp $ # # TWRP1025 -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "TWRP1025-$Revision: 1.26 $" +ident "TWRP1025-$Revision: 1.27 $" maxusers 32 @@ -35,6 +35,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -206,6 +211,7 @@ ld* at sdmmc? pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of drive subsystem pseudo-device ksyms # /dev/ksyms @@ -214,4 +220,6 @@ pseudo-device kttcp # kernel ttcp pseudo-device vlan # 802.1Q VLANs pseudo-device lockstat # lock profiling +include "dev/veriexec.config" + cinclude "arch/evbppc/conf/TWRP1025.local" Index: src/sys/arch/evbppc/conf/OPENBLOCKS200 diff -u src/sys/arch/evbppc/conf/OPENBLOCKS200:1.47 src/sys/arch/evbppc/conf/OPENBLOCKS200:1.48 --- src/sys/arch/evbppc/conf/OPENBLOCKS200:1.47 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/OPENBLOCKS200 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: OPENBLOCKS200,v 1.47 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: OPENBLOCKS200,v 1.48 2019/04/26 21:40:29 sevan Exp $ # # GENERIC -- everything that's currently supported # @@ -33,6 +33,11 @@ options SYSVSHM # System V shared memo #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -198,6 +203,7 @@ pseudo-device ccd # concatenated/strip pseudo-device md # memory disk device pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device sl # Serial Line IP @@ -213,3 +219,5 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device kttcp # kernel ttcp pseudo-device putter # for puffs and pud + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/OPENBLOCKS266 diff -u src/sys/arch/evbppc/conf/OPENBLOCKS266:1.74 src/sys/arch/evbppc/conf/OPENBLOCKS266:1.75 --- src/sys/arch/evbppc/conf/OPENBLOCKS266:1.74 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/OPENBLOCKS266 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: OPENBLOCKS266,v 1.74 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: OPENBLOCKS266,v 1.75 2019/04/26 21:40:29 sevan Exp $ # # GENERIC -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.obs266" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "OPENBLOCKS266-$Revision: 1.74 $" +#ident "OPENBLOCKS266-$Revision: 1.75 $" maxusers 32 @@ -32,6 +32,11 @@ options SYSVSHM # System V shared mem #options UVMHIST_PRINT +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # # Diagnostic/debugging support options # @@ -176,6 +181,7 @@ options MIIVERBOSE # verbose PHY autoc # network pseudo-devices pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -198,3 +204,5 @@ pseudo-device pty # pseudo-terminals pseudo-device clockctl # user control of clock subsystem pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/P2020DS diff -u src/sys/arch/evbppc/conf/P2020DS:1.30 src/sys/arch/evbppc/conf/P2020DS:1.31 --- src/sys/arch/evbppc/conf/P2020DS:1.30 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/P2020DS Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: P2020DS,v 1.30 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: P2020DS,v 1.31 2019/04/26 21:40:29 sevan Exp $ # # P2020DS -- everything that's currently supported # @@ -8,7 +8,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "P2020DS-$Revision: 1.30 $" +ident "P2020DS-$Revision: 1.31 $" maxusers 32 @@ -40,6 +40,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -218,6 +223,7 @@ ukphy* at mii? phy ? # generic unknow pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of drive subsystem pseudo-device ksyms # /dev/ksyms @@ -226,3 +232,5 @@ pseudo-device kttcp # kernel ttcp pseudo-device vlan # 802.1Q VLANs pseudo-device putter # for puffs and pud pseudo-device vnd # disk-like interface to files + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/P2020RDB diff -u src/sys/arch/evbppc/conf/P2020RDB:1.30 src/sys/arch/evbppc/conf/P2020RDB:1.31 --- src/sys/arch/evbppc/conf/P2020RDB:1.30 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/P2020RDB Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: P2020RDB,v 1.30 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: P2020RDB,v 1.31 2019/04/26 21:40:29 sevan Exp $ # # P2020RBD -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "P2020RBD-$Revision: 1.30 $" +ident "P2020RBD-$Revision: 1.31 $" maxusers 32 @@ -35,6 +35,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -206,6 +211,7 @@ sd* at scsibus? target ? lun ? pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of disk subsystem pseudo-device ksyms # /dev/ksyms @@ -214,3 +220,5 @@ pseudo-device kttcp # kernel ttcp pseudo-device vlan # 802.1Q VLANs pseudo-device vnd # disk-like interface to files pseudo-device putter # for puffs and pud + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/PMPPC diff -u src/sys/arch/evbppc/conf/PMPPC:1.49 src/sys/arch/evbppc/conf/PMPPC:1.50 --- src/sys/arch/evbppc/conf/PMPPC:1.49 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/evbppc/conf/PMPPC Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: PMPPC,v 1.49 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: PMPPC,v 1.50 2019/04/26 21:40:29 sevan Exp $ # # PMPPC # @@ -27,6 +27,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -422,6 +427,7 @@ pseudo-device vnd # disk-like interfac #pseudo-device md # memory disk device pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device sl # Serial Line IP @@ -441,3 +447,4 @@ pseudo-device ksyms pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/RB800 diff -u src/sys/arch/evbppc/conf/RB800:1.36 src/sys/arch/evbppc/conf/RB800:1.37 --- src/sys/arch/evbppc/conf/RB800:1.36 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/RB800 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: RB800,v 1.36 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: RB800,v 1.37 2019/04/26 21:40:29 sevan Exp $ # # RB800 -- everything that's currently supported # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "RB800-$Revision: 1.36 $" +ident "RB800-$Revision: 1.37 $" maxusers 32 @@ -37,6 +37,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options #options VERBOSE_INITPPC options DIAGNOSTIC # cheap kernel consistency checks @@ -211,8 +216,11 @@ ukphy* at mii? phy ? # generic unknow pseudo-device md # memory disk device pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of drive subsystem pseudo-device ksyms # /dev/ksyms pseudo-device pty # pseudo-terminals pseudo-device kttcp # kernel ttcp + +include "dev/veriexec.config" Index: src/sys/arch/evbppc/conf/RB850GX2 diff -u src/sys/arch/evbppc/conf/RB850GX2:1.5 src/sys/arch/evbppc/conf/RB850GX2:1.6 --- src/sys/arch/evbppc/conf/RB850GX2:1.5 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbppc/conf/RB850GX2 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: RB850GX2,v 1.5 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: RB850GX2,v 1.6 2019/04/26 21:40:29 sevan Exp $ # # RouterBOARD RB850Gx2 # @@ -7,7 +7,7 @@ include "arch/evbppc/conf/std.mpc85xx" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -ident "RB850GX2-$Revision: 1.5 $" +ident "RB850GX2-$Revision: 1.6 $" maxusers 32 @@ -35,6 +35,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options options DIAGNOSTIC # cheap kernel consistency checks options DEBUG # expensive debugging checks/support @@ -141,6 +146,7 @@ iic* at diic? pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device clockctl # user control of clock subsystem pseudo-device drvctl # user control of drive subsystem pseudo-device ksyms # /dev/ksyms @@ -148,3 +154,5 @@ pseudo-device pty # pseudo-terminals pseudo-device vnd # disk-like interface to files pseudo-device putter # for puffs and pud pseudo-device lockstat # lock profiling + +include "dev/veriexec.config" Index: src/sys/arch/evbsh3/conf/AP_MS104_SH4 diff -u src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.11 src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.12 --- src/sys/arch/evbsh3/conf/AP_MS104_SH4:1.11 Thu Sep 14 07:58:40 2017 +++ src/sys/arch/evbsh3/conf/AP_MS104_SH4 Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: AP_MS104_SH4,v 1.11 2017/09/14 07:58:40 mrg Exp $ +# $NetBSD: AP_MS104_SH4,v 1.12 2019/04/26 21:40:29 sevan Exp $ # # Alpha project AP-MS104-SH4 config file # @@ -35,6 +35,11 @@ options SYSVSHM # System V-like memory options USERCONF # userconf(4) support #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options options DIAGNOSTIC # expensive kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -109,6 +114,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback # miscellaneous pseudo-devices @@ -118,3 +124,5 @@ pseudo-device ksyms # /dev/ksyms # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl + +include "dev/veriexec.config" Index: src/sys/arch/evbsh3/conf/T_SH7706LAN diff -u src/sys/arch/evbsh3/conf/T_SH7706LAN:1.14 src/sys/arch/evbsh3/conf/T_SH7706LAN:1.15 --- src/sys/arch/evbsh3/conf/T_SH7706LAN:1.14 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbsh3/conf/T_SH7706LAN Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: T_SH7706LAN,v 1.14 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: T_SH7706LAN,v 1.15 2019/04/26 21:40:29 sevan Exp $ # # TAC T-SH7706LAN Rev.3 config file # @@ -29,6 +29,11 @@ options SYSVSHM # System V-like memory options USERCONF # userconf(4) support #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options options DIAGNOSTIC # expensive kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -96,6 +101,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback @@ -106,3 +112,5 @@ pseudo-device ksyms # /dev/ksyms # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl + +include "dev/veriexec.config" Index: src/sys/arch/evbsh3/conf/T_SH7706LSR diff -u src/sys/arch/evbsh3/conf/T_SH7706LSR:1.16 src/sys/arch/evbsh3/conf/T_SH7706LSR:1.17 --- src/sys/arch/evbsh3/conf/T_SH7706LSR:1.16 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/evbsh3/conf/T_SH7706LSR Fri Apr 26 21:40:29 2019 @@ -1,4 +1,4 @@ -# $NetBSD: T_SH7706LSR,v 1.16 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: T_SH7706LSR,v 1.17 2019/04/26 21:40:29 sevan Exp $ # # TAC T-SH7706LSR Rev.1 config file # @@ -29,6 +29,11 @@ options SYSVSHM # System V-like memory options USERCONF # userconf(4) support #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options options DIAGNOSTIC # expensive kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -97,6 +102,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback @@ -107,3 +113,5 @@ pseudo-device ksyms # /dev/ksyms # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl + +include "dev/veriexec.config" Index: src/sys/arch/ews4800mips/conf/GENERIC diff -u src/sys/arch/ews4800mips/conf/GENERIC:1.57 src/sys/arch/ews4800mips/conf/GENERIC:1.58 --- src/sys/arch/ews4800mips/conf/GENERIC:1.57 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/ews4800mips/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.57 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: GENERIC,v 1.58 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # This machine description file is used to generate the default NetBSD @@ -25,7 +25,7 @@ include "arch/ews4800mips/conf/std.ews4 options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.57 $" +#ident "GENERIC-$Revision: 1.58 $" maxusers 16 @@ -59,7 +59,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks @@ -228,7 +228,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # packet filter ports -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -267,14 +267,4 @@ pseudo-device ksyms # /dev/ksyms # wscons pseudo-devices pseudo-device wsmux -# Veriexec - -# a pseudo device needed for veriexec -#pseudo-device veriexec - -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/hp300/conf/GENERIC diff -u src/sys/arch/hp300/conf/GENERIC:1.202 src/sys/arch/hp300/conf/GENERIC:1.203 --- src/sys/arch/hp300/conf/GENERIC:1.202 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/hp300/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.202 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: GENERIC,v 1.203 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/hp300/conf/std.hp300" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.202 $" +#ident "GENERIC-$Revision: 1.203 $" makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk @@ -65,7 +65,7 @@ options MODULAR_DEFAULT_AUTOLOAD # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Debugging options #options DIAGNOSTIC # Extra kernel sanity checks @@ -291,7 +291,7 @@ pseudo-device bridge # simple inter-ne #options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too pseudo-device agr # IEEE 802.3ad link aggregation pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device faith # IPv[46] tcp relay translation i/f #pseudo-device gre # generic L3 over IP tunnel pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) @@ -322,15 +322,4 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/hpcarm/conf/IPAQ diff -u src/sys/arch/hpcarm/conf/IPAQ:1.81 src/sys/arch/hpcarm/conf/IPAQ:1.82 --- src/sys/arch/hpcarm/conf/IPAQ:1.81 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/hpcarm/conf/IPAQ Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: IPAQ,v 1.81 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: IPAQ,v 1.82 2019/04/26 21:40:30 sevan Exp $ # # iPAQ H3600 -- Windows-CE based PDA # @@ -91,6 +91,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) #options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options #options BOOT_DUMP # Enable memorydump at boot @@ -171,6 +176,7 @@ wi* at pcmcia? function ? # Lucent Wave pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device sl # CSLIP pseudo-device ppp # PPP pseudo-device tun # network tunneling over tty @@ -195,3 +201,5 @@ pseudo-device biconsdev 1 # build-in co pseudo-device md # Ramdisk driver pseudo-device clockctl # user control of clock subsystem pseudo-device ksyms # /dev/ksyms + +include "dev/veriexec.config" Index: src/sys/arch/hpcarm/conf/JORNADA720 diff -u src/sys/arch/hpcarm/conf/JORNADA720:1.102 src/sys/arch/hpcarm/conf/JORNADA720:1.103 --- src/sys/arch/hpcarm/conf/JORNADA720:1.102 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/hpcarm/conf/JORNADA720 Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: JORNADA720,v 1.102 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: JORNADA720,v 1.103 2019/04/26 21:40:30 sevan Exp $ # # JORNADA -- Windows-CE based jornada 720 # @@ -7,7 +7,7 @@ include "arch/hpcarm/conf/std.sa11x0" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.102 $" +#ident "GENERIC-$Revision: 1.103 $" # estimated number of users maxusers 32 @@ -96,6 +96,11 @@ options USERCONF # userconf(4) support options NFS_BOOT_DHCP +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options #options BOOT_DUMP # Enable memorydump at boot @@ -255,6 +260,7 @@ apmdev0 at hpcapm0 # APM # Pseudo-devices pseudo-device loop # network loopback +pseudo-device carp # Common Address Redundancy Protocol pseudo-device bpfilter # packet filter pseudo-device sl # CSLIP pseudo-device ppp # PPP @@ -283,3 +289,5 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device bcsp # BlueCore Serial Protocol pseudo-device btuart # Bluetooth HCI UART (H4) + +include "dev/veriexec.config" Index: src/sys/arch/hpcarm/conf/WZERO3 diff -u src/sys/arch/hpcarm/conf/WZERO3:1.48 src/sys/arch/hpcarm/conf/WZERO3:1.49 --- src/sys/arch/hpcarm/conf/WZERO3:1.48 Wed Feb 6 11:58:31 2019 +++ src/sys/arch/hpcarm/conf/WZERO3 Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: WZERO3,v 1.48 2019/02/06 11:58:31 rin Exp $ +# $NetBSD: WZERO3,v 1.49 2019/04/26 21:40:30 sevan Exp $ # # WZERO3 -- Sharp Windows Mobile 5 based PDA # @@ -8,7 +8,7 @@ include "arch/hpcarm/conf/files.wzero3" #options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.48 $" +#ident "GENERIC-$Revision: 1.49 $" # estimated number of users maxusers 32 @@ -122,6 +122,11 @@ options WS_KERNEL_FG=WSCOL_GREEN options FONT_VT220L8x16 +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options #options VERBOSE_INIT_ARM @@ -273,6 +278,7 @@ ugen* at uhub? port ? # Pseudo-devices pseudo-device loop # network loopback pseudo-device bpfilter # packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device sl # CSLIP pseudo-device ppp # PPP pseudo-device tun # network tunneling over tty @@ -305,3 +311,5 @@ pseudo-device putter # for puffs and p # wscons pseudo-devices pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont + +include "dev/veriexec.config" Index: src/sys/arch/hpcmips/conf/GENERIC diff -u src/sys/arch/hpcmips/conf/GENERIC:1.239 src/sys/arch/hpcmips/conf/GENERIC:1.240 --- src/sys/arch/hpcmips/conf/GENERIC:1.239 Sat Apr 13 08:22:59 2019 +++ src/sys/arch/hpcmips/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.239 2019/04/13 08:22:59 isaki Exp $ +# $NetBSD: GENERIC,v 1.240 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -24,7 +24,7 @@ include "arch/hpcmips/conf/std.hpcmips. options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.239 $" +#ident "GENERIC-$Revision: 1.240 $" maxusers 16 @@ -37,6 +37,11 @@ options VR4131 # NEC VR4131 options TX392X # Toshiba TX3922 options KLOADER +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Standard system options options DDB # in-kernel debugger #options DDB_ONPANIC=0 # don't enter debugger on panic @@ -660,7 +665,7 @@ pseudo-device ppp # serial-line IP por pseudo-device pppoe # PPP over Ethernet (RFC 2516) pseudo-device pty # pseudo-terminals pseudo-device bpfilter # packet filter ports -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device vnd # virtual disk ick @@ -700,15 +705,4 @@ pseudo-device bridge pseudo-device agr # IEEE 802.3ad link aggregation pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/hpcsh/conf/GENERIC diff -u src/sys/arch/hpcsh/conf/GENERIC:1.111 src/sys/arch/hpcsh/conf/GENERIC:1.112 --- src/sys/arch/hpcsh/conf/GENERIC:1.111 Wed Aug 1 20:04:11 2018 +++ src/sys/arch/hpcsh/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.111 2018/08/01 20:04:11 maxv Exp $ +# $NetBSD: GENERIC,v 1.112 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -84,6 +84,11 @@ options SYSCTL_INCLUDE_DESCR # Include #options BUFQ_READPRIO #options BUFQ_PRIOCSCAN +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -341,7 +346,7 @@ pseudo-device fss # file system snapsh pseudo-device loop # network loopback pseudo-device ppp # serial-line IP ports pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter # @@ -369,15 +374,4 @@ pseudo-device wsmux # mouse & keyboard #pseudo-device hpf1275a # HP F1275A external keyboard #wskbd* at hpf1275a? mux 1 -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/hppa/conf/GENERIC diff -u src/sys/arch/hppa/conf/GENERIC:1.26 src/sys/arch/hppa/conf/GENERIC:1.27 --- src/sys/arch/hppa/conf/GENERIC:1.26 Mon Apr 15 20:38:18 2019 +++ src/sys/arch/hppa/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.26 2019/04/15 20:38:18 skrll Exp $ +# $NetBSD: GENERIC,v 1.27 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -23,7 +23,7 @@ include "arch/hppa/conf/std.hppa" options INCLUDE_CONFIG_FILE # embed config file in kernel binary options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel -#ident "GENERIC-$Revision: 1.26 $" +#ident "GENERIC-$Revision: 1.27 $" maxusers 32 # estimated number of users @@ -62,7 +62,7 @@ options USERCONF # userconf(4) support # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks @@ -722,7 +722,7 @@ pseudo-device putter # for puffs and p # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -764,15 +764,4 @@ pseudo-device ksyms # /dev/ksyms # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/i386/conf/GENERIC diff -u src/sys/arch/i386/conf/GENERIC:1.1204 src/sys/arch/i386/conf/GENERIC:1.1205 --- src/sys/arch/i386/conf/GENERIC:1.1204 Fri Mar 1 12:23:10 2019 +++ src/sys/arch/i386/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.1204 2019/03/01 12:23:10 nonaka Exp $ +# $NetBSD: GENERIC,v 1.1205 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/i386/conf/std.i386" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.1204 $" +#ident "GENERIC-$Revision: 1.1205 $" maxusers 64 # estimated number of users @@ -1471,7 +1471,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback #pseudo-device mpls # MPLS pseudo-interface pseudo-device ppp # Point-to-Point Protocol @@ -1530,19 +1530,7 @@ pseudo-device cmos # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_ASLR_DEBUG=1 # PaX ASLR debug options PAX_SEGVGUARD=0 # PaX Segmentation fault guard Index: src/sys/arch/ibmnws/conf/GENERIC diff -u src/sys/arch/ibmnws/conf/GENERIC:1.53 src/sys/arch/ibmnws/conf/GENERIC:1.54 --- src/sys/arch/ibmnws/conf/GENERIC:1.53 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/ibmnws/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.53 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.54 2019/04/26 21:40:30 sevan Exp $ # # @@ -20,6 +20,11 @@ options MEMORY_DISK_RBFLAGS=RB_SINGLE # maxusers 8 +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + options DDB # Compatibility options @@ -279,7 +284,7 @@ pseudo-device md # memory disk device # network pseudo-devices pseudo-device bpfilter # network tap -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device loop # network loopback # @@ -294,15 +299,4 @@ pseudo-device ksyms pseudo-device clockctl pseudo-device drvctl # user control of drive subsystem -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/iyonix/conf/GENERIC diff -u src/sys/arch/iyonix/conf/GENERIC:1.106 src/sys/arch/iyonix/conf/GENERIC:1.107 --- src/sys/arch/iyonix/conf/GENERIC:1.106 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/iyonix/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.106 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.107 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/iyonix/conf/std.iyonix" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.106 $" +#ident "GENERIC-$Revision: 1.107 $" maxusers 32 # estimated number of users @@ -72,7 +72,7 @@ options USERCONF # userconf(4) support # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks @@ -370,7 +370,7 @@ pseudo-device fss # file system snapsh # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -407,18 +407,6 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont -#options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions Index: src/sys/arch/landisk/conf/GENERIC diff -u src/sys/arch/landisk/conf/GENERIC:1.62 src/sys/arch/landisk/conf/GENERIC:1.63 --- src/sys/arch/landisk/conf/GENERIC:1.62 Wed Feb 6 11:58:31 2019 +++ src/sys/arch/landisk/conf/GENERIC Fri Apr 26 21:40:30 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.62 2019/02/06 11:58:31 rin Exp $ +# $NetBSD: GENERIC,v 1.63 2019/04/26 21:40:30 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/landisk/conf/std.landisk" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.62 $" +#ident "GENERIC-$Revision: 1.63 $" maxusers 16 # estimated number of users @@ -68,7 +68,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -431,6 +431,7 @@ options VND_COMPRESSION # compressed v # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -467,19 +468,7 @@ pseudo-device nsmb # experimental - SM pseudo-device wsmux # mouse & keyboard multiplexor #pseudo-device wsfont -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_ASLR_DEBUG=1 # PaX ASLR debug options PAX_SEGVGUARD=0 # PaX Segmentation fault guard Index: src/sys/arch/mac68k/conf/GENERIC diff -u src/sys/arch/mac68k/conf/GENERIC:1.227 src/sys/arch/mac68k/conf/GENERIC:1.228 --- src/sys/arch/mac68k/conf/GENERIC:1.227 Wed Dec 19 13:57:48 2018 +++ src/sys/arch/mac68k/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.227 2018/12/19 13:57:48 maxv Exp $ +# $NetBSD: GENERIC,v 1.228 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/mac68k/conf/std.mac68k" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.227 $" +#ident "GENERIC-$Revision: 1.228 $" makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk @@ -61,7 +61,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -303,7 +303,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -338,15 +338,4 @@ pseudo-device swwdog # software watchd #options RND_COM # use "com" randomness as well (BROKEN) pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/macppc/conf/GENERIC diff -u src/sys/arch/macppc/conf/GENERIC:1.353 src/sys/arch/macppc/conf/GENERIC:1.354 --- src/sys/arch/macppc/conf/GENERIC:1.353 Wed Apr 10 00:49:49 2019 +++ src/sys/arch/macppc/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.353 2019/04/10 00:49:49 sevan Exp $ +# $NetBSD: GENERIC,v 1.354 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/macppc/conf/std.macppc" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.353 $" +#ident "GENERIC-$Revision: 1.354 $" maxusers 32 @@ -674,19 +674,6 @@ pseudo-device btuart # Bluetooth HCI U # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -options FILEASSOC # fileassoc(9) - needed by Veriexec - -# Veriexec -# -# a pseudo device needed for veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions Index: src/sys/arch/mipsco/conf/GENERIC diff -u src/sys/arch/mipsco/conf/GENERIC:1.93 src/sys/arch/mipsco/conf/GENERIC:1.94 --- src/sys/arch/mipsco/conf/GENERIC:1.93 Wed Aug 1 20:04:12 2018 +++ src/sys/arch/mipsco/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.93 2018/08/01 20:04:12 maxv Exp $ +# $NetBSD: GENERIC,v 1.94 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -40,7 +40,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Debugging options options DDB # kernel dynamic debugger @@ -154,7 +154,7 @@ pseudo-device tun # Network "tunnel" d pseudo-device tap # virtual Ethernet #pseudo-device gre # generic L3 over IP tunnel pseudo-device bpfilter # Berkeley Packet Filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device vnd # disk-like interface to files #options VND_COMPRESSION # compressed vnd(4) #pseudo-device ccd # concatenated and striped disks @@ -181,15 +181,4 @@ pseudo-device clockctl # user control o #options RND_COM # use "com" randomness as well (BROKEN) pseudo-device ksyms # /dev/ksyms -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/mmeye/conf/GENERIC diff -u src/sys/arch/mmeye/conf/GENERIC:1.125 src/sys/arch/mmeye/conf/GENERIC:1.126 --- src/sys/arch/mmeye/conf/GENERIC:1.125 Wed Aug 1 20:04:12 2018 +++ src/sys/arch/mmeye/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.125 2018/08/01 20:04:12 maxv Exp $ +# $NetBSD: GENERIC,v 1.126 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/mmeye/conf/std.mmeye" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.125 $" +#ident "GENERIC-$Revision: 1.126 $" maxusers 16 # estimated number of users @@ -54,6 +54,11 @@ options USERCONF # userconf(4) support #options PIPE_SOCKETPAIR # smaller, but slower pipe(2) options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -192,7 +197,7 @@ pseudo-device fss # file system snapsh pseudo-device vnd # disk-like interface to files #options VND_COMPRESSION # compressed vnd(4) pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -222,15 +227,4 @@ pseudo-device putter # for puffs and p #options MEMORY_DISK_SERVER=0 # no userspace memory disk support #options MEMORY_DISK_ROOT_SIZE=3074 # size of memory disk, in blocks -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/netwinder/conf/GENERIC diff -u src/sys/arch/netwinder/conf/GENERIC:1.136 src/sys/arch/netwinder/conf/GENERIC:1.137 --- src/sys/arch/netwinder/conf/GENERIC:1.136 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/netwinder/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.136 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.137 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -34,7 +34,7 @@ options RTC_OFFSET=0 # hardware clock i # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # CPU options @@ -274,7 +274,7 @@ pseudo-device fss # file system snapsh # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) pseudo-device bridge # simple inter-network bridging #options BRIDGE_IPF # bridge uses IP/IPv6 pfil hooks too @@ -296,15 +296,4 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor #pseudo-device wsfont -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/news68k/conf/GENERIC diff -u src/sys/arch/news68k/conf/GENERIC:1.132 src/sys/arch/news68k/conf/GENERIC:1.133 --- src/sys/arch/news68k/conf/GENERIC:1.132 Wed Dec 19 13:57:49 2018 +++ src/sys/arch/news68k/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.132 2018/12/19 13:57:49 maxv Exp $ +# $NetBSD: GENERIC,v 1.133 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/news68k/conf/std.news68k" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.132 $" +#ident "GENERIC-$Revision: 1.133 $" makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk @@ -50,7 +50,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Debugging options #options DIAGNOSTIC # extra kernel sanity checking @@ -235,7 +235,7 @@ pseudo-device tun # Network "tunnel" d pseudo-device tap # virtual Ethernet pseudo-device gre # generic L3 over IP tunnel pseudo-device bpfilter # Berkeley Packet Filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device strip # Starmode Radio IP (Metricom) pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) @@ -250,15 +250,4 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/newsmips/conf/GENERIC diff -u src/sys/arch/newsmips/conf/GENERIC:1.136 src/sys/arch/newsmips/conf/GENERIC:1.137 --- src/sys/arch/newsmips/conf/GENERIC:1.136 Sun Oct 14 00:10:11 2018 +++ src/sys/arch/newsmips/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.136 2018/10/14 00:10:11 tsutsui Exp $ +# $NetBSD: GENERIC,v 1.137 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/newsmips/conf/std.newsmip options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.136 $" +#ident "GENERIC-$Revision: 1.137 $" maxusers 16 @@ -46,7 +46,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Debugging options options DDB # kernel dynamic debugger @@ -196,7 +196,7 @@ pseudo-device tun # Network "tunnel" d pseudo-device tap # virtual Ethernet #pseudo-device gre # generic L3 over IP tunnel pseudo-device bpfilter # Berkeley Packet Filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) #pseudo-device faith # IPv[46] tcp relay translation i/f pseudo-device stf # 6to4 IPv6 over IPv4 encapsulation @@ -224,15 +224,4 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/next68k/conf/GENERIC diff -u src/sys/arch/next68k/conf/GENERIC:1.147 src/sys/arch/next68k/conf/GENERIC:1.148 --- src/sys/arch/next68k/conf/GENERIC:1.147 Wed Dec 19 13:57:49 2018 +++ src/sys/arch/next68k/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.147 2018/12/19 13:57:49 maxv Exp $ +# $NetBSD: GENERIC,v 1.148 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/next68k/conf/std.next68k" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.147 $" +#ident "GENERIC-$Revision: 1.148 $" makeoptions COPTS="-O2 -fno-reorder-blocks" # see share/mk/sys.mk @@ -47,7 +47,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN #options DEBUG # kernel debugging code #options DIAGNOSTIC # extra kernel sanity checking @@ -218,7 +218,7 @@ pseudo-device accf_http # "httpready" # Misc. pseudo-device loop # network loopback pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device sl # CSLIP pseudo-device ppp # PPP pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -254,15 +254,4 @@ pseudo-device clockctl # user control o pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/ofppc/conf/GENERIC diff -u src/sys/arch/ofppc/conf/GENERIC:1.169 src/sys/arch/ofppc/conf/GENERIC:1.170 --- src/sys/arch/ofppc/conf/GENERIC:1.169 Wed Feb 6 11:58:31 2019 +++ src/sys/arch/ofppc/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.169 2019/02/06 11:58:31 rin Exp $ +# $NetBSD: GENERIC,v 1.170 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/ofppc/conf/std.ofppc" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.169 $" +#ident "GENERIC-$Revision: 1.170 $" maxusers 32 @@ -48,6 +48,11 @@ options USERCONF # userconf(4) support options SYSCTL_INCLUDE_DESCR # Include sysctl descriptions in kernel options RDB_PART # Rigid Disk Block partition support +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks #options DEBUG # expensive debugging checks/support @@ -413,7 +418,7 @@ pseudo-device fss # file system snapsh pseudo-device md # memory disk device pseudo-device loop # network loopback pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -438,15 +443,4 @@ pseudo-device putter # for puffs and p # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/pmax/conf/GENERIC diff -u src/sys/arch/pmax/conf/GENERIC:1.198 src/sys/arch/pmax/conf/GENERIC:1.199 --- src/sys/arch/pmax/conf/GENERIC:1.198 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/pmax/conf/GENERIC Fri Apr 26 21:40:31 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.198 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.199 2019/04/26 21:40:31 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/pmax/conf/std.pmax" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.198 $" +#ident "GENERIC-$Revision: 1.199 $" maxusers 64 @@ -65,7 +65,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN #options SCSIVERBOSE # Verbose SCSI errors #options TCVERBOSE # recognize "unknown" TC devices @@ -272,7 +272,7 @@ pseudo-device ppp # serial-line IP po pseudo-device pppoe # PPP over Ethernet (RFC 2516) pseudo-device pty # pseudo-terminals pseudo-device bpfilter # packet filter ports -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter #pseudo-device gre # generic L3 over IP tunnel pseudo-device gif # IPv[46] over IPv[46] tunnel (RFC1933) @@ -306,19 +306,7 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsfont # wsfont control device pseudo-device wsmux # wsmux control device -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_ASLR_DEBUG=1 # PaX ASLR debug options PAX_SEGVGUARD=0 # PaX Segmentation fault guard Index: src/sys/arch/prep/conf/GENERIC diff -u src/sys/arch/prep/conf/GENERIC:1.188 src/sys/arch/prep/conf/GENERIC:1.189 --- src/sys/arch/prep/conf/GENERIC:1.188 Wed Feb 6 11:58:32 2019 +++ src/sys/arch/prep/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.188 2019/02/06 11:58:32 rin Exp $ +# $NetBSD: GENERIC,v 1.189 2019/04/26 21:40:32 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/prep/conf/std.prep" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.188 $" +#ident "GENERIC-$Revision: 1.189 $" maxusers 32 @@ -49,7 +49,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -536,7 +536,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device loop # network loopback pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -572,18 +572,4 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/rs6000/conf/GENERIC diff -u src/sys/arch/rs6000/conf/GENERIC:1.40 src/sys/arch/rs6000/conf/GENERIC:1.41 --- src/sys/arch/rs6000/conf/GENERIC:1.40 Wed Aug 1 20:04:13 2018 +++ src/sys/arch/rs6000/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.40 2018/08/01 20:04:13 maxv Exp $ +# $NetBSD: GENERIC,v 1.41 2019/04/26 21:40:32 sevan Exp $ # # GENERIC machine description file # @@ -24,7 +24,7 @@ options INCLUDE_CONFIG_FILE # embed con #makeoptions COPTS="-O2 -mno-powerpc -mno-power" # wheeee -#ident "GENERIC-$Revision: 1.40 $" +#ident "GENERIC-$Revision: 1.41 $" maxusers 32 @@ -54,7 +54,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -217,7 +217,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device loop # network loopback pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device ppp # Point-to-Point Protocol pseudo-device pppoe # PPP over Ethernet (RFC 2516) @@ -252,16 +252,4 @@ pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor pseudo-device wsfont -# Veriexec -#options VERIFIED_EXEC -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/sandpoint/conf/GENERIC diff -u src/sys/arch/sandpoint/conf/GENERIC:1.101 src/sys/arch/sandpoint/conf/GENERIC:1.102 --- src/sys/arch/sandpoint/conf/GENERIC:1.101 Tue Oct 23 19:58:52 2018 +++ src/sys/arch/sandpoint/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.101 2018/10/23 19:58:52 jdolecek Exp $ +# $NetBSD: GENERIC,v 1.102 2019/04/26 21:40:32 sevan Exp $ # # machine description file for GENERIC NAS # @@ -22,7 +22,7 @@ include "arch/sandpoint/conf/std.sandpo options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.101 $" +#ident "GENERIC-$Revision: 1.102 $" maxusers 32 @@ -48,7 +48,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # cheap kernel consistency checks @@ -298,7 +298,7 @@ pseudo-device vnd # network pseudo-devices pseudo-device loop pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device ppp # Point-to-Point Protocol #pseudo-device pppoe # PPP over Ethernet (RFC 2516) #pseudo-device npf # NPF packet filter @@ -334,18 +334,7 @@ pseudo-device ksyms # /dev/ksyms # userland interface to drivers, including autoconf and properties retrieval pseudo-device drvctl -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions #options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/sbmips/conf/GENERIC diff -u src/sys/arch/sbmips/conf/GENERIC:1.107 src/sys/arch/sbmips/conf/GENERIC:1.108 --- src/sys/arch/sbmips/conf/GENERIC:1.107 Tue Oct 23 19:58:53 2018 +++ src/sys/arch/sbmips/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,10 +1,10 @@ -# $NetBSD: GENERIC,v 1.107 2018/10/23 19:58:53 jdolecek Exp $ +# $NetBSD: GENERIC,v 1.108 2019/04/26 21:40:32 sevan Exp $ include "arch/sbmips/conf/std.sbmips" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.107 $" +#ident "GENERIC-$Revision: 1.108 $" #options LOCKDEBUG # XXX XXX XXX XXX #options DEBUG # extra kernel debugging support @@ -23,6 +23,11 @@ options SYSVSEM # System V semaphores options SYSVSHM # System V shared memory #options NTP # network time protocol +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Debugging options #options DIAGNOSTIC # extra kernel sanity checking #options DEBUG # extra kernel debugging support @@ -166,7 +171,7 @@ pseudo-device vnd # disk-like interfac # Network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -200,15 +205,4 @@ pseudo-device ksyms # /dev/ksyms # A pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/sgimips/conf/GENERIC32_IP12 diff -u src/sys/arch/sgimips/conf/GENERIC32_IP12:1.34 src/sys/arch/sgimips/conf/GENERIC32_IP12:1.35 --- src/sys/arch/sgimips/conf/GENERIC32_IP12:1.34 Wed Aug 1 20:04:14 2018 +++ src/sys/arch/sgimips/conf/GENERIC32_IP12 Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC32_IP12,v 1.34 2018/08/01 20:04:14 maxv Exp $ +# $NetBSD: GENERIC32_IP12,v 1.35 2019/04/26 21:40:32 sevan Exp $ # # GENERIC32_IP12 machine description file # @@ -32,7 +32,7 @@ makeoptions TEXTADDR=0x80002000 # entry options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC32-IP2x-$Revision: 1.34 $" +#ident "GENERIC32-IP2x-$Revision: 1.35 $" maxusers 32 @@ -62,7 +62,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks @@ -237,7 +237,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback #pseudo-device ppp # Point-to-Point Protocol @@ -267,15 +267,4 @@ pseudo-device wsfont # a pseudo device needed for Coda # also needs CODA (above) #pseudo-device vcoda # coda minicache <-> venus comm. -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/sgimips/conf/GENERIC32_IP2x diff -u src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.115 src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.116 --- src/sys/arch/sgimips/conf/GENERIC32_IP2x:1.115 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/sgimips/conf/GENERIC32_IP2x Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC32_IP2x,v 1.115 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC32_IP2x,v 1.116 2019/04/26 21:40:32 sevan Exp $ # # GENERIC32_IP2x machine description file # @@ -29,7 +29,7 @@ makeoptions TEXTADDR=0x88069000 # entry options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC32-IP2x-$Revision: 1.115 $" +#ident "GENERIC32-IP2x-$Revision: 1.116 $" maxusers 32 @@ -62,7 +62,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Diagnostic/debugging support options #options DIAGNOSTIC # expensive kernel consistency checks @@ -284,7 +284,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -316,15 +316,4 @@ pseudo-device putter # for puffs and p # a pseudo device needed for Coda # also needs CODA (above) pseudo-device vcoda # coda minicache <-> venus comm. -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/sgimips/conf/GENERIC32_IP3x diff -u src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.124 src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.125 --- src/sys/arch/sgimips/conf/GENERIC32_IP3x:1.124 Sat Mar 23 17:44:49 2019 +++ src/sys/arch/sgimips/conf/GENERIC32_IP3x Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC32_IP3x,v 1.124 2019/03/23 17:44:49 sevan Exp $ +# $NetBSD: GENERIC32_IP3x,v 1.125 2019/04/26 21:40:32 sevan Exp $ # # GENERIC32_IP3x machine description file # @@ -28,7 +28,7 @@ makeoptions TEXTADDR="0x80069000" # entr options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC32_IP3x-$Revision: 1.124 $" +#ident "GENERIC32_IP3x-$Revision: 1.125 $" maxusers 32 @@ -324,7 +324,7 @@ pseudo-device vnd # disk-like interfac # network pseudo-devices pseudo-device bpfilter # Berkeley packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter pseudo-device loop # network loopback pseudo-device ppp # Point-to-Point Protocol @@ -360,15 +360,4 @@ pseudo-device drvctl # a pseudo device needed for Coda # also needs CODA (above) pseudo-device vcoda # coda minicache <-> venus comm. -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" Index: src/sys/arch/shark/conf/GENERIC diff -u src/sys/arch/shark/conf/GENERIC:1.132 src/sys/arch/shark/conf/GENERIC:1.133 --- src/sys/arch/shark/conf/GENERIC:1.132 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/shark/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.132 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.133 2019/04/26 21:40:32 sevan Exp $ # # Generic Shark configuration. # @@ -7,7 +7,7 @@ include "arch/shark/conf/std.shark" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.132 $" +#ident "GENERIC-$Revision: 1.133 $" # estimated number of users maxusers 32 @@ -134,6 +134,11 @@ options SYSCTL_INCLUDE_DESCR # Include options MODULAR # new style module(7) framework options MODULAR_DEFAULT_AUTOLOAD +# Alternate buffer queue strategies for better responsiveness under high +# disk I/O load. +#options BUFQ_READPRIO +options BUFQ_PRIOCSCAN + # Development and Debugging options #options ARM700BUGTRACK # track the ARM700 swi bug @@ -275,7 +280,7 @@ pseudo-device accf_http # "httpready" pseudo-device loop # network loopback pseudo-device bpfilter # packet filter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol #pseudo-device sl # CSLIP #pseudo-device ppp # PPP #pseudo-device tun # network tunneling over tty @@ -303,18 +308,7 @@ pseudo-device wsfont pseudo-device ksyms # /dev/ksyms pseudo-device putter # for puffs and pud -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" options PAX_MPROTECT=0 # PaX mprotect(2) restrictions options PAX_ASLR=0 # PaX Address Space Layout Randomization Index: src/sys/arch/sparc/conf/GENERIC diff -u src/sys/arch/sparc/conf/GENERIC:1.265 src/sys/arch/sparc/conf/GENERIC:1.266 --- src/sys/arch/sparc/conf/GENERIC:1.265 Sat Apr 13 08:23:00 2019 +++ src/sys/arch/sparc/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.265 2019/04/13 08:23:00 isaki Exp $ +# $NetBSD: GENERIC,v 1.266 2019/04/26 21:40:32 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/sparc/conf/std.sparc" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.265 $" +#ident "GENERIC-$Revision: 1.266 $" maxusers 32 @@ -88,7 +88,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN ## NFS boot options; tries DHCP/BOOTP then BOOTPARAM options NFS_BOOT_BOOTPARAM @@ -577,7 +577,7 @@ pseudo-device tap # virtual Ethernet ## interface that allows selective examining of incoming packets. pseudo-device bpfilter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter @@ -714,21 +714,7 @@ pseudo-device wsmux # mouse and keyboa pseudo-device wsfont pseudo-device putter # for puffs and pud -#options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config" #options PAX_MPROTECT=0 # PaX mprotect(2) restrictions # (for static binaries only for now) Index: src/sys/arch/sparc64/conf/GENERIC diff -u src/sys/arch/sparc64/conf/GENERIC:1.214 src/sys/arch/sparc64/conf/GENERIC:1.215 --- src/sys/arch/sparc64/conf/GENERIC:1.214 Wed Feb 6 11:58:32 2019 +++ src/sys/arch/sparc64/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.214 2019/02/06 11:58:32 rin Exp $ +# $NetBSD: GENERIC,v 1.215 2019/04/26 21:40:32 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/sparc64/conf/std.sparc64" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.214 $" +#ident "GENERIC-$Revision: 1.215 $" maxusers 64 @@ -66,7 +66,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN ## NFS boot options; tries DHCP/BOOTP then BOOTPARAM options NFS_BOOT_BOOTPARAM @@ -716,8 +716,7 @@ pseudo-device gre # generic L3 over IP ## interface that allows selective examining of incoming packets. pseudo-device bpfilter -# Common Address Redundancy Protocol -#pseudo-device carp +pseudo-device carp # Common Address Redundancy Protocol ## IEEE 802.1q encapsulation pseudo-device vlan @@ -978,28 +977,14 @@ pseudo-device fss # file system snapsh pseudo-device lockstat # lock profiling pseudo-device putter # for puffs and pud -options FILEASSOC # fileassoc(9) - required for Veriexec - # and PAX_SEGVGUARD - -# Veriexec -# -# a pseudo device needed for veriexec -pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -options VERIFIED_EXEC_FP_SHA256 -options VERIFIED_EXEC_FP_SHA384 -options VERIFIED_EXEC_FP_SHA512 - # a pseudo device needed for SMBFS pseudo-device nsmb # experimental - SMB requester # drvctl - needed to show device dictionary via drvctl(8) pseudo-device drvctl +include "dev/veriexec.config" + options PAX_ASLR_DEBUG=1 # PaX ASLR debug options PAX_SEGVGUARD=0 # PaX Segmentation fault guard # XXX: there is no PLT format for sparc64 that cooperates with Index: src/sys/arch/vax/conf/GENERIC diff -u src/sys/arch/vax/conf/GENERIC:1.209 src/sys/arch/vax/conf/GENERIC:1.210 --- src/sys/arch/vax/conf/GENERIC:1.209 Sat Apr 13 08:23:01 2019 +++ src/sys/arch/vax/conf/GENERIC Fri Apr 26 21:40:32 2019 @@ -1,4 +1,4 @@ -# $NetBSD: GENERIC,v 1.209 2019/04/13 08:23:01 isaki Exp $ +# $NetBSD: GENERIC,v 1.210 2019/04/26 21:40:32 sevan Exp $ # # GENERIC machine description file # @@ -22,7 +22,7 @@ include "arch/vax/conf/std.vax" options INCLUDE_CONFIG_FILE # embed config file in kernel binary -#ident "GENERIC-$Revision: 1.209 $" +#ident "GENERIC-$Revision: 1.210 $" # Here are all different supported CPU types listed. #options VAX8800 # VAX 8500, 8530, 8550, 8700, 8800 @@ -142,7 +142,7 @@ options SYSCTL_INCLUDE_DESCR # Include # Alternate buffer queue strategies for better responsiveness under high # disk I/O load. #options BUFQ_READPRIO -#options BUFQ_PRIOCSCAN +options BUFQ_PRIOCSCAN # Kernel(s) to compile config netbsd root on ? type ? @@ -287,7 +287,7 @@ pseudo-device accf_http # "httpready" pseudo-device loop pseudo-device pty # pseudo-terminals pseudo-device bpfilter -#pseudo-device carp # Common Address Redundancy Protocol +pseudo-device carp # Common Address Redundancy Protocol pseudo-device npf # NPF packet filter #pseudo-device sl pseudo-device ppp @@ -323,15 +323,4 @@ pseudo-device drvctl # user control of pseudo-device ksyms # /dev/ksyms pseudo-device wsmux # mouse & keyboard multiplexor -# Veriexec -# -# a pseudo device needed for veriexec -#pseudo-device veriexec -# -# Uncomment the fingerprint methods below that are desired. Note that -# removing fingerprint methods will have almost no impact on the kernel -# code size. -# -#options VERIFIED_EXEC_FP_SHA256 -#options VERIFIED_EXEC_FP_SHA384 -#options VERIFIED_EXEC_FP_SHA512 +include "dev/veriexec.config"