David Leadbeater (dgl@) posted to ports@ a message, entitled Pledge changes in 7.9-beta, which explains the consequences for porters of the recent pledge(2)/unveil(2) changes in -current (and, to some extent, 7.8). Whilst targeted at porters, it provides a good overview for anyone interested in the changes.

The message reads:

OpenBSD's PF packet filter has long supported HFSC traffic shaping with the queue rules in pf.conf(5). However, an internal 32-bit limitation in the HFSC service curve structure (struct hfsc_sc) meant that bandwidth values were silently capped at approximately 4.29 Gbps, ” the maximum value of a u_int ".

With 10G, 25G, and 100G network interfaces now commonplace, OpenBSD devs making huge progress unlocking the kernel for SMP, and adding drivers for cards supporting some of these speeds, this limitation started to get in the way. Configuring bandwidth 10G on a queue would silently wrap around, producing incorrect and unpredictable scheduling behaviour.

A new patch widens the bandwidth fields in the kernel's HFSC scheduler from 32-bit to 64-bit integers, removing this bottleneck entirely. The diff also fixes a pre-existing display bug in pftop(1) where bandwidth values above 4 Gbps would be shown incorrectly.

In a move that would have gone unnoticed by most but will be appreciated by OpenBSD/amd64 laptop users, Mark Kettenis (kettenis@) committed support for delayed hibernation with the new machdep.hibernatedelay sysctl

The commit message reads,

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Mark Kettenis <<ettenis () cvs ! openbsd ! org>
Date:       2026-03-11 16:18:42

CVSROOT:	/cvs
Module name:	src
Changes by:	kettenis@cvs.openbsd.org	2026/03/11 10:18:42

It's that time of the year again. With the following commit, Theo de Raadt (deraadt@) changed the version of the OpenBSD development branch to 7.9-beta:

CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/03/10 20:27:20

Modified files:
	sys/conf       : newvers.sh 
	sys/sys        : param.h 
	etc/root       : root.mail 
	share/mk       : sys.mk 
	sys/arch/macppc/stand/tbxidata: bsd.tbxi 
	usr.bin/signify: signify.1 

Log message:
move to 7.9-beta

7.9-beta snapshots can be expected on the OpenBSD mirrors soon.

As always, this change should encourage testing and donation!

In an unusually extensive commit, Jonathan Gray (jsg@) has upgraded the drm(4) (Direct Rendering Manager) subsystem in OpenBSD-current.

Coming at this point in the development cycle, this foreshadows what will be in the upcoming OpenBSD 7.9 release (yes, we're aware that link does not work yet).

Also worth noting is Jonathan's note in the commit message,

Thanks to the OpenBSD Foundation for sponsoring this work.

Please take this as a reminder that the OpenBSD Foundation supports important work on our favorite operating system and that supporting them will help future development of all kinds.

You may have heard already that a fourth edition of The Book of PF was on the way.

It is now shipping, and when author and undeadly.org co-editor Peter Hansteen finally got his author copies, he wrote a blog post titled The Book of PF, 4th Edition: It's Here, It's Real.

Like Peter says in the article, we would like to encourage readers who can afford it, to support the OpenBSD project.

And there are pictures, of the book and the resident philosopher.

Some readers will be aware that Miod Vallat (miod@) has been chronicling some of the more challenging parts of OpenBSD development in his OpenBSD stories collection for a while now.

The latest entry is the full OpenBSD on SGI: a rollercoaster story, which is also available in six parts,

A missed opportunity, 1988-1998
Individual efforts, 200-2004
The blowfish awakens, 2004-2006
Tinkering on big iron, 2007-2008
Hardware galore, 2009
The last challenges, 2010-2021

for those of us who like to take it in as smaller chunks, or all articles as one file.

It's a story some thirty years in the making and telling. Enjoy!

A long standing and somewhat odd conflict between two OpenBSD security mechanisms, pledge(2) and unveil(2) has been resolved by eliminating the tmppath promise from what pledge(2) offers.

The commit by Theo de Raadt (deraadt@) comes with an explanation in the commit message, which reads

List:       openbsd-cvs
Subject:    CVS: cvs.openbsd.org: src
From:       Theo de Raadt <deraadt () cvs ! openbsd ! org>
Date:       2026-02-26 7:42:26
CVSROOT:	/cvs
Module name:	src
Changes by:	deraadt@cvs.openbsd.org	2026/02/26 00:42:26

Modified files:
	sys/sys        : pledge.h 
	sys/kern       : kern_pledge.c 
	lib/libc/sys   : pledge.2 

Log message:
pledge "tmppath" goes away because it sucks.  The history is kind of
sad:  unveil(2) was invented by Bob Beck and myself because a couple
of us struggled and couldn't expand the "tmppath" mechanism to general use.

Dave Voutila (dv@) has continued his work on moving vmd(8) to a multi-process model. (Undeadly first reported on this in 2023.) This time the virtio scsi device has been converted to a subprocess:

CVSROOT:	/cvs
Module name:	src
Changes by:	dv@cvs.openbsd.org	2026/02/22 15:54:54

Modified files:
	usr.sbin/vmd   : vioscsi.c virtio.c virtio.h vmd.c vmd.h 

Log message:
vmd(8): convert virtio scsi device to a subprocess.

Break the virtio scsi device (used as a cd-rom drive) into a
subprocess like the virtio block and network devices. This leaves
only the entropy device (viornd) and vmmci device running in-process
with the vcpus.

ok mlarkin@