| Age | Commit message (Collapse) | Author |
|---|
|
to stop speculation. This seems to be necessary when the branch
predictor hits the ret for the first time. In their white paper
to mitigate speculation attacks, AMD's retpoline example has an
explicit lfence. Adjust our retpoline assembly macro in the kernel.
OK guenther@ mortimer@ deraadt@
|
|
were added to rsync. from0 is one of those and really not needed.
OK job@
|
|
ok tb@
|
|
Found by job@
|
|
Clang uses runtime libraries for some advanced features like
sanitizers. Different systems have different preferences about file
placement. OpenBSD with this change would use this name for ASan:
/usr/lib/clang/11.1.0/lib/libclang_rt.asan.a
So far, no libraries are shipped, only their eventual location is chosen.
Discussed with deraadt@ and kettenis@, OK mortimer@
|
|
serial drivers.
ok patrick@
|
|
these options should be set globally (sysctl) when running regress as opposed to having
individual tests set it, barring a few specific exceptions.
ok bluhm@
|
|
|
|
a partition to avoid /var overflow issues
ok benno beck
|
|
order on success for both the legacy and the new verifier, This avoids
problems as seen in perl's regression tests for some of the crazy things
net:ssleay does.
This is currently marked as expected to fail, it will be expected to
succeed after a forthcoming commit from me.
|
|
OK tb@
|
|
|
|
Match bpftrace behavior.
|
|
|
|
|
|
various reasons but not in a consistent way and don't always clean
up, so add that and switch the tests that do that over.
|
|
"make tags" needs "make links" to have tags available in subdirectories and
netinet6 has been missing all the time.
OK tb
|
|
multiple programs also in bsd.regress.mk for consistency.
OK anton@
|
|
device into D3 and do a hot-resume if possible. Otherwise we need to clean
up the resources to allow complete HW re-initialization to take place.
|
|
|
|
from Brad originally
|
|
|
|
not considered initialized anymore.
|
|
a suspend/resume cycle, the values are set to a sane default.
|
|
by a suspend/resume cycle, the pointers are set to a sane default.
|
|
|
|
Do not abuse "dhcp" to say "DHCP and SLAAC".
unwind.conf(5) does so but unwindctl(8) does not; in fact, the latter
already has `status autoconf' to
Show nameservers learned from dhclient(8), dhcpleased(8) or slaacd(8).
Adjust unwind's config manual and internal code accordingly; still accept
the old keyword but do not document it.
hostname.if(5) already advises for `inet[6] autoconf' instead of `dhcp' and
other related daemons don't abuse the word "dhcp" like unwind does.
Feedback sthen
OK florian
|
|
fix a stale comment.
Found by mortimer with clang 13's -Wunused-but-set-variable.
ok beck
|
|
|
|
On Intel VMX hosts, when a guest migrates cpus, VMCS state needs
to be flushed to physical memory before being reloaded on the new
cpu. This diff adds a new ipi to allow a guest resuming on a new
cpu to signal to the old that it needs to vmclear.
To better surface the potential race conditions, unlock the kernel
after handling the ioctl to vmm and simplify the run loops for both
vmx and svm. This requires a new vcpu lock.
Tested by some on tech@. "go for it" @mlarkin
|
|
delay func. Otherwise simply delay for a second to calibrate the LAPIC.
Install the lapic delay func only if we were using the i8254 before as
delay func.
Discussed with the hackroom
ok kettenis@
|
|
a working delay func ready before the first occurence of delay(). This is
necessary on Hyper-V Gen 2 VMs where we don't use the TSC.
Discussed with the hackroom
ok kettenis@
|
|
we're still using the i8254 for that. On Hyper-V Gen 2 VMs there is no
i8254 we can trust, so we need some kind of fallback, especially if there
is no TSC either.
Discussed with the hackroom
ok kettenis@
|
|
|
|
|
|
ok patrick@
|
|
ok patrick@
|
|
|
|
the TSC for delays even if there is a skew between the TSCs of the cores
as this doesn't matter for delay(9).
Gets rid of te unreasonable clock speed reports on Intel Tiget Lake CPUs
where the i8254 behaves in weird ways.
ok patrick@, deraadt@, mlarkin@
|
|
ok mlarkin
|
|
From Alex Wilson, Thanks!
|
|
In normal TLS, it is possible for record fragments to be sent that contain
one byte of alert or handshake message payload. In this case we have to
read and collate multiple message fragments before we can decide what to
do with the record.
However, in the case of DTLS, one record is effectively one packet and
while it is possible to send handshake messages across multiple
records/packets, the minimum payload is the DTLS handshake message header
(plus one byte of data if the handshake message has a payload) - without
this, there is insufficient information available to be able to reassemble
the handshake message. Likewise, splitting an alert across multiple DTLS
records simply does not work, as we have no way of knowing if we're
collating the same alert or two different alerts that we lost half of each
from (unfortunately, these details are not really specified in the DTLS
RFC).
This means that for DTLS we can expect to receive a full alert message
(a whole two bytes) or a handshake record with at least the handshake
message header (12 bytes). If we receive messages with less than these
lengths we discard them and carry on (which is what the DTLS code already
does).
Remove all of the pointless fragment handling code from DTLS, while also
fixing an issue where one case used rr->data instead of the handshake
fragment.
ok inoguchi@ tb@
|
|
Found by mpi@ and gnezdo@
ok gnezdo@
|
|
consistently.
OK benno@
|
|
ok inoguchi@ tb@ (as part of a larger diff)
|
|
|
|
|
|
ok patrick@
|
|
|
|
|
