| Age | Commit message (Collapse) | Author |
|---|
|
The introduction of hw.smt means that logical CPUs can be disabled
after boot and prior to suspend/resume. If hw.smt=0 (the default),
there needs to be a way to count the number of hardware threads
available on the system at any given time.
So, import HW_NCPUONLINE/hw.ncpuonline from NetBSD and document it.
hw.ncpu becomes equal to the number of CPUs given to sched_init_cpu()
during boot, while hw.ncpuonline is equal to the number of CPUs available
to the scheduler in the cpuset "sched_all_cpus". Set_SC_NPROCESSORS_ONLN
equal to this new sysctl and keep _SC_NPROCESSORS_CONF equal to hw.ncpu.
This is preferable to adding a new sysctl to count the number of
configured CPUs and keeping hw.ncpu equal to the number of online
CPUs because such a change would break software in the ecosystem
that relies on HW_NCPU/hw.ncpu to measure CPU usage and the like.
Such software in base includes top(1), systat(1), and snmpd(8),
and perhaps others.
We don't need additional locking to count the cardinality of a cpuset
in this case because the only interfaces that can modify said cardinality
are sysctl(2) and ioctl(2), both of which are under the KERNEL_LOCK.
Software using HW_NCPU/hw.ncpu to determine optimal parallism will need
to be updated to use HW_NCPUONLINE/hw.ncpuonline. Until then, such software
may perform suboptimally. However, most changes will be similar to the
change included here for libcxx's std::thread:hardware_concurrency():
using HW_NCPUONLINE in lieu of HW_NCPU should be sufficient for determining
optimal parallelism for most software if the change to _SC_NPROCESSORS_ONLN
is insufficient.
Prompted by deraadt. Discussed at length with kettenis, deraadt, and sthen.
Lots of patch tweaks from kettenis.
ok kettenis, "proceed" deraadt
|
|
Makes it a tad easier to read through and compare with BN_swap_ct().
OK tb
|
|
const promise when processing it in the regex engine.
Minor tweak and OK schwarze@
|
|
ok beck on earlier version, markup help from Schwarze.
|
|
|
|
|
|
the EC module.
From Billy Brumley and his team, via
https://github.com/libressl-portable/openbsd/pull/94
With tweaks from jsing and me.
ok jsing
|
|
two bignums. It's saner and substantially less ugly than the existing
public BN_constantime_swap() function and will be used in forthcoming work
on constant time ECC code.
From Billy Brumley and his team. Thanks!
ok jsing
|
|
leftmost bits of a longer digest, according to FIPS 183-6, 6.4. Eliminate
a microoptimization that only converts the relevant part of the digest to
a bignum.
ok beck, jsing
|
|
ENTRY is a trapsled. Fix a few functions which fall-through into an ENTRY
macro. amd64 binaries now are free of double+-nop sequences (except for one
assember nit in aes-586.pl). Previous changes by guenther got us here.
ok mortimer kettenis
|
|
explicit about the servername argument of tls_connect_servername(3).
input & ok jsing, input & ok schwarze on earlier version
|
|
ok jsing, schwarze
|
|
a custom kernel for over 20 years.
testing mlarkin@
ok deraadt@ phessler@ jca@ matthieu@
|
|
|
|
|
|
|
|
|
|
From David Bern.
|
|
from OpenSSL, fixing many bugs and polishing many details
|
|
fixing an awkward wording noticed by tb@.
OK tb@
|
|
ok deraadt
|
|
|
|
|
|
|
|
OK kettenis@, guenther@
|
|
|
|
not replace any existing signal handlers. This makes it possible for
FUSE file systems to install their own signal handlers. Bug reported
by Bill Zissimopoulos.
ok mpi@
|
|
fuse_remove_signal_handlers(3).
ok mpi@
|
|
|
|
ok deraadt
|
|
ok deraadt
|
|
against (signed char) variable. Modern "genius" compilers simply
delete the code on unsigned char architectures, amazed they feel
lattitude to convert undefined local behaviour into much larger scope
undefined behaviour (glad to have faster but incorrect libcurses..)
ok millert
|
|
This lets other threads of the process modify the file descriptor
table even if the vn_open(9) call blocks.
The change has an effect on dup2(2) and dup3(2). If the new descriptor
is the same as the one reserved by an unfinished open(2), the system
call will fail with error EBUSY. The accept(2) system call already
behaves like this.
Issue pointed out by art@ via mpi@
Tested in a bulk build by ajacoutot@
OK mpi@
|
|
ok deraadt@
|
|
|
|
|
|
|
|
|
|
file system can access it unless the allow_other mount options is
specified. The allow_other mount option makes the file system
available to other users just like any other mounted file system.
ok mpi@
|
|
FUSE file system. fuse_get_context(3) will now return the correct
values.
ok mpi@
|
|
Convert __cerror to hidden visibility.
from miod@
|
|
|
|
the usual idiom. All the allocations are now handled inside conditionals as
is usually done in this part of the tree. Turn a few comments into actual
sentences and remove a few self-evident ones. Change outdated or cryptic
comments into more helpful annotations. In ecdsa_do_verify(), start
calculating only after properly truncating the message digest. More
consistent variable names: prefer 'order_bits' and 'point' over 'i' and
'tmp_point'.
ok jsing
|
|
an upcoming diff.
|
|
reduce the possibility of a side-channel attack leaking the private key.
Suggested by Keegan Ryan at NCC Group.
With input from and ok jsing
|
|
the possibility of a side-channel attack leaking the private key.
Suggested by Keegan Ryan at NCC Group.
With input from and ok tb@
|
|
Requested by and ok tb@
|
|
to occur once and not be repeated if the signature generation has to be
repeated.
ok tb@
|
|
In the very unlikely case where we have to repeat the signature generation,
the DSA_SIG return value has already been allocated. This will either
result in a leak when we allocate again on the next iteration, or it
will give a false success (with missing signature values) if any error
occurs on the next iteration.
ok tb@
|
|
ok beck@ tb@
|
