| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
This way, it is not available for use in ROP attacks. This diff puts the
codepatching code into a separate section and unmaps that section after boot.
In the future, the memory could potentially be reused but that would require
larger changes.
ok pguenther@
|
|
ok claudio@, jca@
|
|
With this it gets a bit easier to parse MRT update messages in bgpctl.
OK benno@ phessler@
|
|
|
|
|
|
Prompted by, tweak & OK jmc
|
|
support a domain services protocol.
|
|
Make sure all of the crypto options the AP announces matches what we
would configure. While here, don't switch if the user has specified
a specific BSSID, and the new AP does not match.
OK stsp@
|
|
|
|
ok deraadt@
|
|
|
|
spotted by kevlo
|
|
- remove some duplication between them
- document -join
- sort
ok phessler
|
|
each testcase
|
|
(as far as valgrind can spot anyway)
|
|
awareness of problems. when it is off, development cycles are faster.
let's do the faster cycle for a little while.
discussion with naddy
|
|
|
|
ok phessler@ henning@
|
|
sensors, mark us unsynced again. ok reyk krw, pt out / discussion / help naddy
|
|
|
|
same functions as auto-allocation. parse_sizespec()
and apply_unit(). No intentional functional
change.
Looked good to tb@
|
|
normal people and is more efficient to boot.
The only intentional functional change was to use mergesort()
instead of heapsort() so that partitions with the same offset
retain their order in the emitted verbiage.
Looked good to tb@, ok kn@
|
|
OK phessler, benno, claudio
|
|
an attribute of an address is changed.
For now it's used when IPv6 duplicate address detection finishes.
With this slaacd(8) can find out if a configured address is not
duplicated without the need to poll.
OK phessler, benno, claudio
|
|
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
|
earlier for amd64
|
|
|
|
I committed the manpage but accidentally forgot the main.c part.
OK ccardenas@
|
|
Add a function to determine the size of a machine description.
|
|
OK mpi@, OK henning@, OK jca@
|
|
place and GS.base was horked on return. Also, the frame passed to ddb
didn't have the %rbp<-->tf_err swap, which would have confused backtraces.
Now if we can just come up with a way to automate testing the NMI handler
with qemu...
|
|
OK @bluhm, OK @otto, OK @guenther
|
|
traps so that the "mov %rax,%cr3" is followed by an infinite loop
which is avoided because the mapping of the code being executed is
changed. This means the sysretq/iretq isn't even present in that
flow of instructions in the kernel mapping, so userspace code can't
be speculatively reached on the kernel mapping and totally eliminates
the conditional jump over the the %cr3 change that supported CPUs
without the Meltdown vulnerability. The return paths were probably
vulnerable to Spectre v1 (and v1.1/1.2) style attacks, speculatively
executing user code post-system-call with the kernel mappings, thus
creating cache/TLB/etc side-effects.
Would like to apply this technique to the interrupt stubs too, but
I'm hitting a bug in clang's assembler which misaligns the code and
symbols.
While here, when on a CPU not vulnerable to Meltdown, codepatch out
the unnecessary bits in cpu_switchto().
Inspiration from sf@, refined over dinner with theo
ok mlarkin@ deraadt@
|
|
breaking the output lines earlier with the 'l' command is intentional
|
|
small quirk from tb@
ok phessler@
|
|
basically can't run in those modes.
OK kettenis@
|
|
It was pulled in for efifb, but it is extremely unlikely an EFI system
supporting only 4-bit color depth (16 colors) exists. Even if it existed
though, on SMALL_KERNEL rasops4_putchar() simply returns EAGAIN so it
would not be possible to install the system.
For the record, we do not build rasops4 on i386 or on any of our other
platforms either.
OK kettenis@, mpi@
|
|
the replaced string:
replacing foo with bar turns
foo
Foo
FOO
into
bar
Bar
BAR
OK phessler, benno
|
|
|
|
the referenced interface is down or in state backup. This is especially
useful on a carp cluster to ensure all traffic goes to the carp master.
ok friehm@ jca@
|
|
This introduces new grammar and the -t optional in vmctl start.
(For now, only root can create VM instances; but it is planned to allow
users to create their own VMs based on permissions and quota.)
OK ccardenas@ mlarkin@ jmc@
|
|
|
|
|
|
avoiding multiple readregs ioctls back to vmm in case register content
is needed subsequently.
ok phessler
|
|
|
|
|
|
|
|
This recycles the _btd uid/gid that have been removed in 2013.
Discussed in the hackroom.
|
