First round of GSoC reports

First round of GSoC reports are available in NetBSD blog:

Also an interesting read about fuzzers:

Write your own fuzzer for NetBSD kernel! [Part 1]

NetBSD 8.1 released

Today the NetBSD Project announced 8.1 release. It already follows the new release cycle without teeny releases and represents selected changes to improve stability and security plus some new enhancements and features. Main highlights include INTEL-SA-00233 (MDS) mitigation, various kernel data leak fixes, smtoff property to disable SMT explicitly in rc.conf(5), addition of mfii(4) and bwfm(4) drivers, DRM/KMS improvements, performance regression fix in tmpfs, updated dhcpcd(8) and httpd(8), fixes for sh(1), reproducible builds, network drivers, thread local storage (TLS) in position independent executables (PIE). All changes can be found here. Source and binaries can be downloaded from the project CDN or any other mirrors.

NetBSD 8.1 RC1 released

The NetBSD project released the first and possibly the only release candidate for 8.1 release. As usual this release represents a subset of selected security and stability fixes, additionally with some selected new drivers and enhancements. It has workarounds for the latest CPU vulnerabilities, rc.conf(5) has a new property to disable smt (Simultaneous Multi-Threading). dhcpcd(8) was updated to 7.2.2, along with httpd(8). Full list of changes can be found here. You can download it from NetBSD project CDN or any of the project mirrors.

GSoC 2019

The NetBSD project is participating in Google Summer of Code 2019 and projects for this year were announced:

Must admit that few projects are out of my knowledge area but some of them are really interesting I am planning to follow them closely. As an interesting fact Siddharth is participating for the second year in a row.

Some interesting developments on NetBSD

Since I didn’t write any news update for a while, lately some interesting developments were happening in few NetBSD areas which I would like to share.

Virtualization is one of these areas, it received few interesting updates recently. The first one is Intel HAXM hardware-accelerated support. You can also read an independently written how-to here. It works with Intel CPUs with VTx only. Another one is NetBSD Virtual Machine Monitor or NVVM. Initially it supported AMD CPUs only, but recently it was updated to support Intel CPUs too. You can read It is a good time to start testing them. Update: the developer recently added the detailed NVVM presentation article to the official NetBSD blog.

Another area was LLVM sanitizers and improved LLVM support (reports can be found in NetBSD blog here, here, here and here).

One more hot topic is RISC-V architecture recently. Especially, once WD released their SweRW core on GitHub. The NetBSD project developers started work on RISC-V support as well:

Finally, you can watch an interesting FOSDEM’19 video by Benny Siegert who provided more info on various updates.


irBSD 01.06.2019 v8 released

irBSD is a digital forensic suite for cryptography, penetration testing, data recovery, reverse engineering, privacy and other security tasks. It is based on NetBSD and uses ratpoison as default window manager. The project recently released 01.06.2019 v8 of the suite. You can download it from the irBSD sourceforge page.

NetBSD 7.2 released

The NetBSD team released the second feature update of the NetBSD 7 release branch on 29 of August, 2018. It contains security and bug fixes as well as new features and enhancements. Release notes can be found here, full is of changes here. Main highlights of the release are USB 3.0 support, enhancements to Linux emulation subsystem, Raspberry PI 3 support, iwm(4) driver for Intel Wireless 726x, 316x, 826x and 416x series added, various USB stability enhancements, bug fixes and stability improvements. You can download it from any of NetBSD mirrors. In case you can’t upgrade to NetBSD 8.0,  it is recommended to update to 7.2.

GSoC reports, release policy changes and end of life for 6.x

Following one month after NetBSD 8 release, the NetBSD team announced the end of life for NetBSD 6.x branches. They won’t receive any updates (including security patches) or support anymore. So, it’s time to upgrade if you haven’t done yet…

Release policy was changed as well starting 8.0 release. It will be no “teeny” bugfixes x.x.x (e.g. 6.0.1) branches anymore, only x.x (e.g. 8.0) update releases and they will contain both bug/security fixes as well as enhancements and new features that are deemed to be safe. This way the team expects to have more frequent releases, better long-term support and new features/enhancements to come to binary releases faster. Branches prior 8 are not affected by this policy though.

Last but not the least, Google Summer of Code 2018 coding period is over and you can read all the reports from the students:

GSoC 2018 Reports: Kernel Address Sanitizer, Part 1
GSoC 2018 report: Kernel Address Sanitizer, Part 2
GSoC 2018 Reports: Kernel Address Sanitizer, Part 3

GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 1
GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 2
GSoC 2018 Reports: Integrate libFuzzer with the Basesystem, Part 3

GSoC 2018 Reports: Kernel Undefined Behavior Sanitizer, Part 1

GSoC 2018 Reports: Configuration files versioning in pkgsrc, Part 1
GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 2: remote repositories (git and CVS)
GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 3: remote repositories (SVN and Mercurial)
GSoC 2018 Reports: Configuration files versioning in pkgsrc, part 4: configuration deployment, pkgtools and future improvements

Enable padlock and viadrm on NetBSD

In case you have a board with VIA CPU supporting padlock security engine and VIA (Chrome) integrated graphics,  NetBSD generic kernel doesn’t support them by default. Because of this, I was building the custom NetBSD kernel manually for many years by uncommenting one of these lines in GENERIC configuration:

#padlock0 at cpu0 # VIA PadLock

# DRMUMS drivers
#viadrmums* at drm?
or
#viadrm* at drm? # VIA DRM driver

* viadrmums driver is preferred over viadrm one, because it is newer and more stable  compared to viadrm.  Actually viadrm is already removed from the current branch, however it still available in NetBSD 8 release, thus may still confuse unaware users…

There is an easier option to load them though. Starting NetBSD 6 dynamic kernel modules were introduced in the system. This presentation has a nice introduction on how to use and develop them. Both padlock and viadrmums modules are already provided by the NetBSD. In order to load them these lines need to be added to /boot.cfg file:

# load padlock module
load=padlock
# load VIA DRM UMS driver and required dependencies
load=drmkms_linux
load=drmkms
load=drmkms_pci
load=viadrmums

If everything went OK, these (or similar) lines should be present  in system’s dmesg after reboot:

padlock0 at cpu0: VIA PadLock
padlock0: RNG ACE

viadrmums0 at vga0drm: Supports vblank timestamp caching Rev 2 (21.10.2013).

There is one small caveat though, prior NetBSD 8 release above configuration would still likely end up with “bootinfo too big” error during the boot process (if all mentioned modules are enabled at the same time and rndseed /var/db/entropy-file is used, which is default behavior). This was solved with the following commit (bootloader needs to be updated),  NetBSD 8 successfully loads all modules and boot process doesn’t fail. Custom kernel is not required anymore, it just takes few additional lines in the boot configuration file.

Personal NetBSD and other things blog