Add vmctl send and vmctl receive

Contributed by phessler on Sun Jul 16 18:49:30 2017 (GMT) from the move-along-nothing-to-see-here dept. As we see from the commit message, new developer Pratik Vyas (pd@) adds the ability to do paused VM migrations for VMM. Mike Larkin also writes on Twitter: #OpenBSD vmctl(8) : vmctl send myvm | ssh mlarkin@somewhere.com vmctl receive Yes, it's that easy. Ed: this is *paused* migrations, not live migrations.

OpenBSD and the modern laptop

Contributed by pitrh on Mon Jul 10 22:28:33 2017 (GMT) from the greybeards go modern dept. Over at his blog, Undeadly co-editor Peter Hansteen describes the experience of installing OpenBSD-current on a new laptop. The article, OpenBSD and the modern laptop, goes into some detail on the install procedure, and hits only minor snags even when using modern and recent additions such as UEFI boot. The conclusion is that OpenBSD is well suited for laptop and desktop use, and things tend to just work. On the other hand, we strongly suggest Peter posted the article before the contents of his home directory had actually been completely transferred. He's such a packrat.

[ 0 comments ] (flat) (expanded)

Request for testing: https://beta.undeadly.org/

Contributed by rueda on Tue Jul 04 12:20:17 2017 (GMT) from the better-late-than-never or shut-up-and-code dept. TL;DR - A modernised version of Undeadly is available for testing at <https://beta.undeadly.org/>. Broken features of the current site have been fixed, removed, or replaced. The new software supports - and, where appropriate, requires - HTTPS. Testing, contributions, and constructive feedback would be appreciated. An effort to modernise the Undeadly software was initiated in response to the article Undeadly and HTTPS. This has resulted in substantially reworked software which is now available for public testing. Note that this is not the completely new system which is (arguably) needed. Read more...

[ 40 comments 12d10:06 ago ] (flat) (expanded)

Ted Unangst on notable recent changes in OpenBSD

Contributed by rueda on Fri Jul 21 04:11:08 2017 (GMT) from the the-saga-continues dept. The flak reports by Ted Unangst (tedu@) continue with part 624. Update - part 625

[ 1 comment 1d2:33 ago ] (flat) (expanded)

Kernel relinking status from Theo de Raadt

Contributed by pitrh on Wed Jul 05 05:03:58 2017 (GMT) from the all tomorrows random gaps dept. As you may have heard (and as was mentioned in an earlier article), on recent OpenBSD snapshots we have KARL, which means that the kernel is relinked so each boot comes with a new kernel where all .o files are linked in random order and with random offsets. Theo de Raadt summarized the status in a message to the tech@ mailing list, subject kernel relinking as follows: 5 weeks ago at d2k17 I started work on randomized kernels. I've been having conversations with other developers for nearly 5 years on the topic... but never got off to a good start, probably because I was trying to pawn the work off on others. Read more...

[ 10 comments 10d23:37 ago ] (flat) (expanded)

On the Insecurity of TIOCSTI

Contributed by brynet on Sat Jul 01 12:54:03 2017 (GMT) from the de-fanging dept. Theo de Raadt (deraadt@) provided some history on the insecurity of TIOCSTI [simulate typed input on terminal], with a proposal to disable it on OpenBSD: [...] there's always been the risk that a program manages to retain tty association beyond it's intended lifetime, and then it can perform injections with TIOCSTI. So I've always wanted to get rid of TIOCSTI. I consider it the most dangerous tty ioctl. [...] This appears related to a discussion thread that came up on oss-security@, and how Linux has steadfast rejected proposals to remove it. http://www.openwall.com/lists/oss-security/2017/06/03/9 Theo has already committed his change to disable TIOCSTI, which now returns EIO [input/output error]. Due to risks known for decades, TIOCSTI now performs no action, and simply returns EIO. The base system has been cleaned of TIOCSTI uses [...] This was made possible by changes made to csh/mailx in base by Anton Lindqvist (anton@). I (brynet@), also committed a change recently to ksh removing an unnecessary call.

[ 0 comments ] (flat) (expanded)

BSDCan 2017 - Trip report double-p

Contributed by pitrh on Thu Jun 29 16:39:59 2017 (GMT) from the of goats and pufferfish dept. The OpenBSD presence at the just concluded BSDCan was quite strong, and here is the first trip report, from Phillipp Buehler: Prologue Most overheard in Tokyo was "see you in Ottawaaaaah", so with additional "personal item" being Groff I returned home to plan the trip to BSDCan. Dan was very helpful with getting all the preparations (immigration handling), thanks for that. Before I could start, I had to fix something: the handling of the goat. With a nicely created harness, I could just hang it along my backpack. Read more...

[ 4 comments 21d7:32 ago ] (flat) (expanded)

d2k17 hackathon report: Martin Pieuchot on moving the network stack out of the big lock

Contributed by pitrh on Thu Jun 29 09:39:23 2017 (GMT) from the forward me unlocked dept. Our next report from the d2k17 hackathon comes from Martin Pieuchot, who writes: Hackathons are generally good to start or finish something, at Starnberg I managed to do both. I came to unlock the forwarding path and thanks to the multiple reviews from bluhm@, sashan@ and claudio@ it happened! It started as a boring hackathon because I had to review and fix all the abuses of splnet() in pseudo drivers but then it went very smoothly. I still haven't seen a bug report about the unlock and Hrvoje Popovski even reported a 20% forwarding performance increase. Then I started discussing and planning the next big step with claudio@ and bluhm@. How to unlock the socket layer? Well it's happening! During the hackathon Claudio sent some diffs to start unlocking pfkey and routing sockets and since then I started working on TCP receive side. In the meantime I had to commit my futex(2) based mutex and condition variable implementations for our libpthread. This improves the performance of threaded applications a lot, which means most of ports. I also did some cleanups to help towards having MI mutex and kernel lock implementations. This should allow all our archs to benefit from the lock instrumentations visa@ and jmatthew@ are working on. Finally I committed some ddb(4) cleanups, mostly CTF related. Thanks to mpf@ and genua for organizing this hackathon! Thanks for the report, Martin! It is worth noting that most, if not all, of the code mentioned here is already doing good work in recent snapshots.

[ 0 comments ] (flat) (expanded)

d2k17 Hackathon Report: Alexander Bluhm on Network Stack Improvements and more

Contributed by rueda on Wed Jun 28 07:49:16 2017 (GMT) from the ref-ac-to-ring dept. Alexander Bluhm (bluhm@) wrote in with a hackathon report: As usual hackathons are a great time to get things commited. All the other developers are around, you can discuss ideas and get code reviewed quickly. To move towards network input without big kernel lock, I have looked at the protocol functions and refactored them. Especially IP-in-IP input that is used for IPsec tunnel mode needed some love. I have fixed several bugs and have a diff ready that avoids one additional queuing of the packets. This work had to be coordinated with mpi@, who removed the kernel big lock from the forwarding path. Read more...

[ 0 comments ] (flat) (expanded)