| Age | Commit message (Collapse) | Author |
|---|
|
defer their creation to later, so that they are owned by BUILDUSER.
This eliminates the last root-owned files in obj/ from 'make build'.
In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc
to avoid creating bogus symlinks on all other archs.
joint work with & ok natano, "let's try it" deraadt
|
|
1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie
pointed out, that if the file existed, make wouldn't be reading this
file, so the check is superflous. Less clutter.
2) Unconditionally define the 'clean' and 'cleandir' targets, also when
obj doesn't exist. This changes the behaviour of 'make clean' to be
successful (doing nothing) without obj@ or obj/.
ok tb millert deraadt
|
|
Further improve vmm's security model by restricting pledged vmm
processes to only do VMM_IOC_ ioctls on their associated VM (these
ioctls are _RUN, _RESETCPU, _INTR, _READREGS, or _WRITEREGS at
present). The vmm monitor (parent) process or any non-pledged
processes can still do ioctls on any VM. For example, a VM can only
terminate itself but vmctl or the monitor can terminate any VM.
This prevents reachover into other VMs: while escaping from a VM to
the host side (eg. through a bug in virtio etc.) pledge already kept
the attacker in a pledged and privsep'ed process, but now it also
prevents vmm ioctls on "other VMs".
OK mlarkin@
|
|
reference to eddep in the kernel Makefile I could find is in 4.3BSD,
released some 30 years ago.
ok tb millert
|
|
1. Include ioctls needed for pledge support (to be used with the upcoming
i386 vmd diff)
2. Don't assume we can enter an IA32e mode guest on entry when the host
doesn't have unrestricted guest capability
3. Don't enable PAE in the guest CR4 when launching on hosts without
unrestricted guest capability (vmd does not set up PAE bootstrap page
tables)
4. Don't use a bitfield for the MSR bitmap index (same fix as just committed
for amd64)
5. Store and restore EFER properly on exit to ensure that the host NXE
is recovered on exit
|
|
|
|
ok mlarkin
|
|
ok deraadt@
|
|
i386 hosts are limited to running only i386 guests, even if the underlying
hardware supports amd64. This is a restriction I hope to lift moving forward,
but for now please don't report problems running amd64 guests on i386 hosts.
This was a straightforward port of the in-tree amd64 code plus the old rotted
tree I had from last year for i386 support. Changes included converting 64-bit
VMREAD/VMWRITE ops to 2x32-bit ops, and fixing treatment of the TSS, which
differs on i386.
ok deraadt@
|
|
|
|
ok natano
|
|
|
|
if srctree is not rooted at /usr/src]. As a result, stock GENERIC & RAMDISK
kernels are commited to the tree, to ensure the src tree can be "readonly"
during builds, with all writes occuring inside the obj space. config -b
options are handled by ../Makefile.inc. The canonical new way to configure
one of these kernels is:
% cd /sys/arch/amd64/compile/GENERIC.MP
% doas make obj
% make config
% make
% doas cp obj/bsd /bsd
The build infrastructure will use this new mechanism in a de-escalation
way using BUILDUSER.
Much help from natano and tb.
|
|
soon be.
|
|
|
|
Same thought from kettenis@, ok krw@ phessler@ millert@
|
|
Build testing assistance from deraadt@
|
|
Problem noted by Sami (sami.tikkanen (at) haxaa.net)
ok deraadt@
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
ok patrick@ (for armv7), deraadt@
|
|
|
|
|
|
Based on a diff from djm@
|
|
Currently, if a buffer crosses a 64KB boundary, a bounce buffer is
allocated, however it is assumed that this new buffer does not cross the
64KB boundary. In the case of i386 fdboot, it just so happens that (due to
the size of fdboot and heap allocations) UFS gets allocated a 4KB buffer
that crosses a 64KB boundary, then biosd_io() allocates a bounce buffer,
which also crosses a 64KB boundary. At this point the BIOS gets grumpy and
refuses to read from the disk.
Further clean up to come from tom@.
|
|
|
|
ok mpi@
|
|
ok kettenis, deraadt
|
|
vm_page structs go into three trees, uvm_objtree, uvm_pmr_addr, and
uvm_pmr_size. all these have been moved to RBT code.
this should give us a decent chunk of code space back.
|
|
this tree is interesting because it uses all the red black tree
features, specifically the augment callback thats called on tree
topology changes, and it poisons and checks entries as theyre removed
from and inserted back into the tree respectively.
ok stefan@
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
as discussed with jsing@ it's easier this way to ensure people have
bootblocks capable of loading the section
|
|
|
|
|
|
|
|
will allow us to bring in a MI softraid.{c,h} in lib/libsa.
|
|
sr_crypto_pbkdf (since it is useable for more than just pkcs5_pbkdf2) and
embed a struct sr_crypto_genkdf within it, rather than redeclaring the same
fields. Rename SR_CRYPTOKDFT_PBKDF2 to SR_CRYPTOKDFT_PCKS5_PBKDF2 and add
SR_CRYPTOKDFT_BCRYPT_PBKDF for upcoming changes.
|
|
|
|
pointed out by guenther@
|
|
ok jsg@ (who spotted the powerpc straggler too) millert@
|
|
ok deraadt@ guenther@
|
|
|
|
|
|
order to make room for llvm. er, the llvm makefiles. er, some of them.
|
|
there by accident) where it hasn't seen much use...
|
|
This fixes the problem that long-running machines which were not
shut down properly would reboot with a badly offset system time.
hints and ok kettenis@
|
|
on a guess how much memory a typical machine has. If the value is
too high, users may run out of kernel memory. Then we will have
to adjust this again.
OK claudio@ deraadt@
|
|
|
|
cookie becomes readonly, spraying over it in KVA becomes more difficult.
amd64 version from guenther, i386 version by myself
ok guenther kettenis
|
|
|
|
ok deraadt@ yasuoka@ reyk@
|
