The GNU GDB Debugger and NetBSD (Part 1)
The NetBSD team of developers maintains two copies of GDB:
- One in the base-system with a stack of local patches.
- One in pkgsrc with mostly build fix patches.
The process of maintaining a modern version (GPLv3) of GDB in basesystem is tainted with a constant extra cost. The NetBSD developers need to rebase the stack of local patches for the newer releases of the debugger and resurrect the support. The GDB project is under an active development and in active refactoring of the code, that was originally written in C, to C++.
Unfortunately we cannot abandon the local basesystem patches and rely on a pristine version as there is lack of feature parity in the pkgsrc version of GDB: no threading support, not operational support for most targets, no fork/vfork/etc events support, no auxv reading support on 64-bit kernels, no proper support of signals, single step etc.
Additionally there are extra GDB patches stored in pkgsrc-wip (created by me last year), that implement the gdbserver support for NetBSD/amd64. gdbserver is a GDB version that makes it possible to remotely debug other programs even across different Operating Systems and CPUs. This code has still not been merged into the mainline base-system version. This month, I have discovered that support needs to be reworked, as the preexisting source code directory hierarchy was rearranged.
Unless otherwise specified all the following changes were upstreamed to the mainstream GDB repository. According to the GDB schedule, the GDB10 branch point is planned on 2020-05-15 with release on 2020-06-05. It's a challenge to see how much the GDB support can be improved by then for NetBSD![Read More] [0 comments]
Extending support for the NetBSD-7 branch
Typically, some time after releasing a new NetBSD major version (such as NetBSD 9.0), we will announce the end-of-life of the N-2 branch, in this case NetBSD-7.
We've decided to hold off on doing that to ensure our users don't feel rushed to perform a major version update on any remote machines, possibly needing to reach the machine if anything goes wrong.
Security fixes will still be made to the NetBSD-7 branch.
We hope you're all safe. Stay home.
[1 comment]
NetBSD 8.2 is available!
The third release in the NetBSD-8 is now available.
This release includes all the security fixes in NetBSD-8 up until this point, and other fixes deemed important for stability.
Some highlights include:
- x86: fixed regression in booting old CPUs
- x86: Hyper-V Gen.2 VM framebuffer support
- httpd(8): fixed various security issues
- ixg(4): various fixes / improvements
- x86 efiboot: add tftp support, fix issues on machines with many memory segments, improve graphics mode logic to work on more machines.
- Various kernel memory info leaks fixes
- Update expat to 2.2.8
- Fix ryzen USB issues and support xHCI version 3.10.
- Accept root device specification as NAME=label.
- Add multiboot 2 support to x86 bootloaders.
- Fix for CVE-2019-9506: 'Key Negotiation of Bluetooth' attack.
- nouveau: limit the supported devices and fix firmware loading.
- radeon: fix loading of the TAHITI VCE firmware.
- named(8): stop using obsolete dnssec-lookaside.
You can download binaries of NetBSD 8.2 from our Fastly-provided CDN.
For more details refer to the CHANGES-8.2 file.
Please note that we are looking for donations again, see Fundraising 2020.
Enjoy!
Maya
[1 comment]
Accomplishment of porting ptrace(2) test scenarios
This month I have finished porting ptrace(2) tests from other Operating Systems. I have determined which test scenarios were missing, compared to FreeBSD and Linux, and integrated them into the ATF framework. I have skipped some of the tests as the interesting behavior was already covered in existing tests (sometimes indirectly) or tools (like picotrace), or the NetBSD kernel exhibits different behavior.[Read More] [0 comments]
Towards backtracing through signal trampolines and fresh libc++
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support, porting to i386.
During the last month, I've finally managed to create proper reproducers (and tests) for the remaining concurrent signal delivery problems. I have started working on backtracing through signal trampolines, and prepared a libc++ update.
[Read More] [0 comments]
NetBSD 9.0 available!
Six months after the start of the release engineering process, NetBSD 9.0 is now available.
The NetBSD 9.0 release comes with many new features and lots of improvements over the NetBSD 8.1 release...
[Read More] [5 comments]
Fundraising 2020
Fundraising drive 2020: trying to raise $50,000 for more funded development projects to fix itching issues.
[Read More] [2 comments]
Approaching the end of work on ptrace(2)
This is one of my last reports on enhancements on
ptrace(2)
and the surrounding code.
This month I complete a set of older pending tasks.[Read More]
[0 comments]
LLDB now works on i386
Upstream describes LLDB as a next generation, high-performance debugger. It is built on top of LLVM/Clang toolchain, and features great integration with it. At the moment, it primarily supports debugging C, C++ and ObjC code, and there is interest in extending it to more languages.
In February 2019, I have started working on LLDB, as contracted by the NetBSD Foundation. So far I've been working on reenabling continuous integration, squashing bugs, improving NetBSD core file support, extending NetBSD's ptrace interface to cover more register types and fix compat32 issues, fixing watchpoint and threading support.
The original NetBSD port of LLDB was focused on amd64 only. In January, I have extended it to support i386 executables. This includes both 32-bit builds of LLDB (running natively on i386 kernel or via compat32) and debugging 32-bit programs from 64-bit LLDB.
[Read More] [1 comment]
Second (final) release candidate for NetBSD 9.0 available!
Six months after the start of the release engineering process for 9.0, the second (and most likely final) release candidate is now available.
The NetBSD 9.0 release comes with many new features and lots of improvements over the NetBSD 8.1 release...
[Read More] [4 comments]
Improving the ptrace(2) API and preparing for LLVM-10.0
This month I have improved the NetBSD
ptrace(2)
API, removing one legacy
interface with a few flaws and replacing it with two new calls with new
features, and removing technical debt.
As LLVM 10.0 is branching now soon (Jan 15th 2020), I worked on proper support of the LLVM features for NetBSD 9.0 (today RC1) and NetBSD HEAD (future 10.0).[Read More] [0 comments]
GSoC 2019 Final Report: Incorporating the memory-hard Argon2 hashing scheme into NetBSD
Introduction
We successfully incorporated the Argon2 reference implementation into NetBSD/amd64 for our 2019 Google Summer of Coding project. We introduced our project here and provided some hints on how to select parameters here. For our final report, we will provide an overview of what changes were made to complete the project.
Incorporating the Argon2 Reference Implementation
The Argon2 reference implementation, available here, is available under both the Creative Commons CC0 1.0 and the Apache Public License 2.0. To import the reference implementation into src/external, we chose to use the Apache 2.0 license for this project.During our initial phase 1, we focused on building the libargon2 library and integrating the functionality into the existing password management framework via libcrypt. Toward this end, we imported the reference implementation and created the "glue" to incorporate the changes into /usr/src/external/apache. The reference implementation is found in
m2$ ls /usr/src/external/apache2/argon2 Makefile dist lib usr.bin
_MKVARS.yes= \ ... MKARGON2 \ ...
.if (defined(MKARGON2) && ${MKARGON2} != "no") SUBDIR+= argon2 .endif
/usr/bin/argon2 /usr/lib/libargon2.a /usr/lib/libargon2.so /usr/lib/libargon2.so.1 /usr/lib/libargon2.so.1.0
.if (defined(MKARGON2) && ${MKARGON2} != "no") HAVE_ARGON2=1 .endif
.if defined(HAVE_ARGON2) SRCS+= crypt-argon2.c CFLAGS+= -DHAVE_ARGON2 -I../../external/apache2/argon2/dist/phc-winner -argon2/include/ LDADD+= -largon2 .endif
Having completed the backend support, we pull Argon2 into userland tools, such as pwhash(1), in the same way as above
.if ( defined(MKARGON2) && ${MKARGON2} != "no" ) CPPFLAGS+= -DHAVE_ARGON2 .endif
m2# pwhash -A argon2id password $argon2id$v=19$m=4096,t=3,p=1$.SJJCiU575MDnA8s$+pjT4JsF2eLNQuLPEyhRA5LCFG QWAKsksIPl5ewTWNY
m1# grep -A1 testuser /etc/passwd.conf testuser: localcipher = argon2i,t=6,m=4096,p=1
m1# passwd testuser Changing password for testuser. New Password: Retype New Password: m1# grep testuser /etc/master.passwd testuser:$argon2i$v=19$m=4096,t=6,p=1$PDd65qr6JU0Pfnpr$8YOMYcwINuKHoxIV8Q0FJHG+ RP82xtmAuGep26brilU:1001:100::0:0::/home/testuser:/sbin/nologin
Testing
The argon2(1) binary allows us to easily validate parameters and encoding. This is most useful during performance testing, see here. With argon2(1), we can specify our parameterized values and evaluate both the resulting encoding and timing.m2# echo -n password|argon2 somesalt -id -p 3 -m 8 Type: Argon2id Iterations: 3 Memory: 256 KiB Parallelism: 3 Hash: 97f773f68715d27272490d3d2e74a2a9b06a5bca759b71eab7c02be8a453bfb9 Encoded: $argon2id$v=19$m=256,t=3,p=3$c29tZXNhbHQ$l/dz9ocV0nJySQ09LnSiqb BqW8p1m3Hqt8Ar6KRTv7k 0.000 seconds Verification ok
/usr/src/tests/usr.bin/argon2 tp: t_argon2_v10_hash tp: t_argon2_v10_verify tp: t_argon2_v13_hash tp: t_argon2_v13_verify cd /usr/src/tests/usr.bin/argon2 atf-run info: atf.version, Automated Testing Framework 0.20 (atf-0.20) info: tests.root, /usr/src/tests/usr.bin/argon2 .. tc-so:Executing command [ /bin/sh -c echo -n password | \ argon2 somesalt -v 13 -t 2 -m 8 -p 1 -r ] tc-end: 1567497383.571791, argon2_v13_t2_m8_p1, passed ...