| Age | Commit message (Collapse) | Author |
|---|
|
|
|
Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.
With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.
This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).
ok mortimer@ tb@
|
|
Documented in 'Speculative Execution Side Channel Mitigations'
revision 2.0.
|
|
adapters.
"go ahead commit it" deraadt@
|
|
we don't need to uncondtionally set it.
Worksaround a suspected bug in newer Linux KVM, which may trigger a
#GP fault on writes to this MSR.
ok mlarkin@
|
|
remove the MD API.
ok deraadt@
|
|
Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for
Managing Speculation on AMD Processors"
By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing
instruction.
ok deraadt@
|
|
|
|
earlier for amd64
|
|
console at 115200 baud.
ok deraadt
|
|
ok mlarkin@
|
|
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
|
|
a custom kernel for over 20 years.
testing mlarkin@
ok deraadt@ phessler@ jca@ matthieu@
|
|
Requested by brad@
Tested by fcambus@
ok stsp@
|
|
acpimcfg(4) to call an MD initialization functions that sets up a tag for
PCI ECAM.
ok guenther@, mlarkin@, krw@
|
|
ok brynet
|
|
|
|
(previous comment was wrong, or outdated)
|
|
ok guenther@, deraadt@
|
|
this in the acpi(4) suspend/resume code paths.
ok deraadt@
|
|
ok deraadt@
|
|
- handle protection fault on iret properly
- handle NMI
- actually enable U-K in pmap_switch()
from hshoexer@; input guenther@; OK mlarkin@ deraadt@
|
|
original retguard data to the piglet and bcopys it back in place
immediately before resuming via the ACPI Sx trampoline.
ok deraadt, guenther, tested by many.
|
|
It is no longer needed after the trap frame %ebp cleanup.
OK hshoexer@
|
|
is pretty silly. Nuke the if's.
ok millert@
|
|
behave like a real call frame, thus vastly simplifying the ddb back
trace logic.
from hshoexer@; initially from guenther@; OK deraadt@
|
|
|
|
pointer behind.
Pointed out by visa@, thanks!
OK visa@
|
|
Requested by deraadt@
|
|
variable.
While there, remove TODO about bitching. We haven't felt the need to bitch
since the driver was commited, and we do not bitch in aesni_setup() either.
OK visa@
|
|
- name gdt explicitly in struct cpu_info_full
- identfiy ARCH_CAPABILITIES_RDCL_NO and print in identifycpu()
- in pmap.c build U-K table, handle PG_G accordingly
- in pmap_switch() do not unmap the kernel, yet; but all pieces
are in place
- pmapae.c: on boostrap transfer pmap to pmapae tables, build
U-K table and wire it, handle PG_G
from hshoexer@; OK mlarkin@
|
|
|
|
gates now. Interrupts for dna, fpu, and f00f_redirect were not
properly enabled. Thus npxintr() tried to get the kernel lock with
interrupts disabled causing a deadlock in pmap_tlb_shootwait().
Enable interrupts for dna, fpu, and f00f_redirect. dna and fpu
leave the kernel directly, thus they have to disable interrupts
again; f00f_redirect goes through calltrap which will enable
interrupts.
from hshoexer@; OK mlarkin@
|
|
OK guenther@
|
|
from mlarkin@
|
|
|
|
this gets rid of the source annotation which doesn't really add
anything other than adding complexitiy. randomess is generally
good enough that the few extra bits that the source type would
add are not worth it.
ok mikeb@ deraadt@
|
|
verified md5 sum on amd64
ok mlarkin@
|
|
therefore all other x86 cpus must pay the performance price of the
hazard workaround until Skylake disappears from the ecosystem eventually
like 486. This returns your cpu's performance to pre-inflated performance.
ok mlarkin guenther
|
|
noticed by deraadt@ and mlarkin@
|
|
OK mlarkin@
|
|
ok guenther, jmc, tom, millert, deraadt
|
|
the brk area anyway.
- Use a larger hint bound to spread the allocations more for the 32-bit case
- Simplified the overy abstracted brs/stack allocator and switch of
guard pages for the brk case. This allows i386 some extra space,
depending on memory usage patterns.
- Reduce brk area on i386 to give the rnd space more room
ok stefan@ sthen@
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
- provide struct cpu_info_full
- prepare K-U sections
- reorganize interrupt, trap, syscall entry to use K-U trampoline
- prepare pmap for entering special mappings, the mappings are not
setup yet
This code will already trigger performance issues. We do more tlb
flushes, but we do not unmap the kernel yet. The latter
will be needed to prevent Meltdown.
from hshoexer@; input guenther@; OK mlarkin@ deraadt@
|
|
to make it compile when enabled.
from hshoexer@
|
|
arguments for /sbin/init.
For CPU 0 identifycpu() originally got called twice, once very early
from cpu_startup(), then again from cpu_attach(). Now we call
identifycpu() only from cpu_attach() with CPUF_PRIMARY set. So
make sure, that for CPU 0 nothing is skipped. Otherwise, cpu_info
might have different features set for CPU 0 than for all other CPUs.
This is similar to what amd64 does.
from hshoexer@; reported and fix tested by Emilio Perea; OK mlarkin@
|
|
Switching from per PCB TSS to per CPU TSS broke kvm86 calls to the BIOS.
This change fixes the issues.
from hshoexer@; reported and tested by semarie@; OK deraadt@
|
|
- provide a cpu_softc for cpu_attach() etc.
- replace per PCB TSS with per CPU TSS
The first change prepares for cpu_info being embedded in a
cpu_full_info. Therefore during autoconf/cpu_attach we hand down
a softc.
The second change removes the per PCB TSS. We now have one TSS per
CPU, thus in cpu_switchto() we only have to patch the ring 0 stack
pointer instead of loading a new TSS. This also allows for cleaning
up the GDT, so we only have a single slot for the TSS.
from hshoexer@; OK deraadt@
|
|
access support. This fixes machines where the AML doesn't check whether
support for this OperationRegion type has been registered by the OS.
ok mlarkin@
|
