| Age | Commit message (Collapse) | Author |
|---|
|
Add a function to determine the size of a machine description.
|
|
OK mpi@, OK henning@, OK jca@
|
|
place and GS.base was horked on return. Also, the frame passed to ddb
didn't have the %rbp<-->tf_err swap, which would have confused backtraces.
Now if we can just come up with a way to automate testing the NMI handler
with qemu...
|
|
OK @bluhm, OK @otto, OK @guenther
|
|
traps so that the "mov %rax,%cr3" is followed by an infinite loop
which is avoided because the mapping of the code being executed is
changed. This means the sysretq/iretq isn't even present in that
flow of instructions in the kernel mapping, so userspace code can't
be speculatively reached on the kernel mapping and totally eliminates
the conditional jump over the the %cr3 change that supported CPUs
without the Meltdown vulnerability. The return paths were probably
vulnerable to Spectre v1 (and v1.1/1.2) style attacks, speculatively
executing user code post-system-call with the kernel mappings, thus
creating cache/TLB/etc side-effects.
Would like to apply this technique to the interrupt stubs too, but
I'm hitting a bug in clang's assembler which misaligns the code and
symbols.
While here, when on a CPU not vulnerable to Meltdown, codepatch out
the unnecessary bits in cpu_switchto().
Inspiration from sf@, refined over dinner with theo
ok mlarkin@ deraadt@
|
|
breaking the output lines earlier with the 'l' command is intentional
|
|
small quirk from tb@
ok phessler@
|
|
basically can't run in those modes.
OK kettenis@
|
|
It was pulled in for efifb, but it is extremely unlikely an EFI system
supporting only 4-bit color depth (16 colors) exists. Even if it existed
though, on SMALL_KERNEL rasops4_putchar() simply returns EAGAIN so it
would not be possible to install the system.
For the record, we do not build rasops4 on i386 or on any of our other
platforms either.
OK kettenis@, mpi@
|
|
the replaced string:
replacing foo with bar turns
foo
Foo
FOO
into
bar
Bar
BAR
OK phessler, benno
|
|
|
|
the referenced interface is down or in state backup. This is especially
useful on a carp cluster to ensure all traffic goes to the carp master.
ok friehm@ jca@
|
|
This introduces new grammar and the -t optional in vmctl start.
(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)
OK ccardenas@ mlarkin@ jmc@
|
|
|
|
|
|
avoiding multiple readregs ioctls back to vmm in case register content
is needed subsequently.
ok phessler
|
|
|
|
|
|
|
|
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.
|
|
device, do it when invoked with '-v'.
While here recycle '-d' to specify a specific device node, like pcidump(8)
does.
ok jca@, sthen@
|
|
|
|
ok henning
|
|
|
|
The introduction of hw.smt means that logical CPUs can be disabled
after boot and prior to suspend/resume. If hw.smt=0 (the default),
there needs to be a way to count the number of hardware threads
available on the system at any given time.
So, import HW_NCPUONLINE/hw.ncpuonline from NetBSD and document it.
hw.ncpu becomes equal to the number of CPUs given to sched_init_cpu()
during boot, while hw.ncpuonline is equal to the number of CPUs available
to the scheduler in the cpuset "sched_all_cpus". Set_SC_NPROCESSORS_ONLN
equal to this new sysctl and keep _SC_NPROCESSORS_CONF equal to hw.ncpu.
This is preferable to adding a new sysctl to count the number of
configured CPUs and keeping hw.ncpu equal to the number of online
CPUs because such a change would break software in the ecosystem
that relies on HW_NCPU/hw.ncpu to measure CPU usage and the like.
Such software in base includes top(1), systat(1), and snmpd(8),
and perhaps others.
We don't need additional locking to count the cardinality of a cpuset
in this case because the only interfaces that can modify said cardinality
are sysctl(2) and ioctl(2), both of which are under the KERNEL_LOCK.
Software using HW_NCPU/hw.ncpu to determine optimal parallism will need
to be updated to use HW_NCPUONLINE/hw.ncpuonline. Until then, such software
may perform suboptimally. However, most changes will be similar to the
change included here for libcxx's std::thread:hardware_concurrency():
using HW_NCPUONLINE in lieu of HW_NCPU should be sufficient for determining
optimal parallelism for most software if the change to _SC_NPROCESSORS_ONLN
is insufficient.
Prompted by deraadt. Discussed at length with kettenis, deraadt, and sthen.
Lots of patch tweaks from kettenis.
ok kettenis, "proceed" deraadt
|
|
to running VMs (at least for OpenBSD ones), but the stop routine for system
daemons is not usually called at shutdown.
Earlier version with just "vmd stop" ok reyk@ kn@, ajacoutot@ reminded me
to hide the contextless "vmd(ok)" text which looks bad, I did so and wrapped
it with a "stopping VMs" message (it can take some time, especially when you
have multiple VMs, so better to have some clear feedback).
|
|
|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
ok claudio henning
|
|
|
|
route6d is not realy using it anyway.
OK henning@
|
|
will be fixed soon and then linked to the build
|
|
This allows a system to remember which ESSIDs it wants to connect to, any
relevant security configuration, and switch to it when the network we are
currently connected to is no longer available.
Works when connecting and switching between WPA2/WPA1/WEP/clear encryptions.
example hostname.if:
join home wpakey password
join work wpakey mekmitasdigoat
join open-lounge
join cafe wpakey cafe2018
join "wepnetwork" nwkey "12345"
dhcp
inet6 autoconf
up
OK stsp@ reyk@
and enthusiasm from every hackroom I've been in for the last 3 years
|
|
|
|
|
|
|
|
to the process, it is made pending at the main thread. There it
could hang forever. So also check the main thread for signal
delivery. This workaround fixes hung tests in posixtestsuite. The
proper solution would be to split pending signals for process and
threads.
input visa@; OK guenther@
|
|
most other attrs into the hash as well). At the same time use the full
64 bit of SipHash in various places.
Tested by and OK benno@ phessler@
|
|
|
|
|
|
|
|
on alpha and amd64.
No objection from jmc@.
OK deraadt@, sthen@
|
|
console at 115200 baud.
ok deraadt
|
|
pf.conf(5) states that queues attach to actual interfaces only, yet the
following parses:
# echo queue eq on egress bandwidth 1G default | pfctl -f-
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
# echo queue rq on rdomain 0 bandwidth 1G default | pfctl -vf-
queue rq bandwidth 1G default
# pfctl -sq
pfctl: DIOCGETQSTATS: Bad file descriptor
On rdomains, ifa_exists() returns NULL.
On interface groups, ifa_exists() returns non-NULL but af is never set
to AF_LINK.
OK henning sashan
|
|
ok mlarkin@
|
|
`mount -uo async,nosoftdep /mnt' would set "async" but keep "softdep"
untouched on a read/write mount.
OK deraadt krw beck bluhm
|
|
Still probably not optimal but less bad.
|
|
the config.
RFC 4861, 6.2.5:
[...] the router SHOULD transmit one or more (but not more than
MAX_FINAL_RTR_ADVERTISEMENTS) final multicast Router Advertisements on
the interface with a Router Lifetime field of zero.
|
|
|
|
|
