| Age | Commit message (Collapse) | Author |
|---|
|
* Replace unnecessary use of db_get_value() with direct access of
f_retaddr. The trace function assumes that the chain of frames
is good in terms of alignment and content.
* Replace the for loop with a while loop and drop the check
"frame != NULL" from the loop condition. The check is redundant with
the "!INKERNEL(frame)" condition. The code already assumes that the
initial frame is valid.
* Stop iteration if f_retaddr is a non-kernel address in order to
not save a user address at the end of the trace. This additionally
fixes a kernel crash that would happen if the user thread had
a broken frame pointer.
OK mpi@
|
|
|
|
no words or punctation were modified.
|
|
comparison instructions and switch statements are being traced. This mode will
be used during fuzzing to generate even more coverage. The same mode is also
supported by FreeBSD and Linux.
Thanks to jmc@ for improving the manual bits.
ok bluhm@ visa@
|
|
By default, nothing changes -- shutdown is initiated. But allows turning
power button into a sleep button if desired.
(grudging) ok from a few parties
|
|
We will still be able to run i386 guests on amd64 vmm.
Reasons to delete i386 vmm:
- Been broken for a while, almost no one complained.
- Had been falling out of sync from amd64 while it worked.
- If your machine has vmx, you most probably can run amd64, so why not run that?
ok deraadt@ mlarkin@
|
|
The code in pci_init_extents() accidently passed M_NOWAIT which is
EX_FAST and does no harm. Replace it with EX_NOWAIT.
from Christian Ludwig; OK kettenis@
|
|
|
|
for booting using large (64k) blocksize filesystems. ok tedu@
|
|
Otherwise we end up keeping file descriptor and inode related buffers
around, that are unnecessarily consuming memory.
ok deraadt@ patrick@
|
|
ok deraadt@
|
|
including cpu.h machine/intr.h etc without first including param.h when
MULTIPROCESSOR is defined.
ok visa@
|
|
This improves timekeeping on KVM guests as it runs much better than
the virtualized acpihpet or acpitimer timecounters and the invtsc is
not always available.
Many thanks to Janne Johansson, landry@, and benno@ for testing amd64/i386.
OK mlarkin@ phessler@
|
|
and .data segments that have the X (executable) flag set when using lld.
This doesn't result in those sections being mapped executable in the bsd
kernel, but it does result in the X flag being set on those sections in
the final kernel binary, which confuses some scanning tools for (ROP)
gadgets.
Fix this by tweaking the generated gapdummy.c file that is used for
building gap.o. It now defines the .rodata section using inline asm.
This also fixes .data as it will inherit its flags from .rodata.
ok deraadt@, mortimer@
|
|
LOADADDR(.text) is only available after the description of the text
section. Instead simply use ENTRY(start) like we do on amd64. The
bootloader strips the high bits from the entry point address already,
so using the virtual address as the entry point address works.
with/ok kettenis@
|
|
ok kettenis@
|
|
ok deraadt@, mlarkin@, visa@
|
|
have a PT_GNU_STACK segment and doesn't pad the bootblocks to a full page.
ok naddy@, help from guenther@
|
|
ok jsg@ phessler@ kettenis@ deraadt@
|
|
Use inline functions instead of GNU C statement expressions, and
make them available to userland. With clues from guenther@.
ok guenther@ kettenis@
|
|
armv7 and i386 with amd64.
ok guenther@
|
|
though amd only provides public redistributable updates for >= family 10h.
|
|
|
|
OK anton@ deraadt@ kettenis@ mpi@
|
|
being committed now so we can work on the rest in-tree.
ok mlarkin@
|
|
|
|
ok deraadt@, krw@, jca@
|
|
ok deraadt@
|
|
discussed with deraadt@ bluhm@ and sthen@
|
|
ok deraadt@ mlarkin@
|
|
Based on a submisison from Jan Klemkow.
|
|
pseudo-device, get rid of the option. Enabling kcov now requires the following
line to be added to the kernel config:
pseudo-device kcov 1
This is how pseudo devices are enabled in general. A side-effect of this change
is that dev/kcov.c will no longer be compiled by default.
Prodded by deraadt@; ok mpi@ visa@
|
|
move printing of ecxfeatures bits to match amd64
|
|
|
|
OK deraadt@ mpi@
|
|
|
|
with the syzkaller kernel fuzzer. So far, 8 distinct panics have been found and
fixed. This effort will continue.
kcov is limited to architectures using Clang as their default compiler and is
not enabled by default.
With help from mpi@, thanks!
ok kettenis@ mpi@ visa@
|
|
for now as amd64/i386 firmware still caters for legacy OSes that only
support a single PCI segment.
ok patrick@
|
|
'Deep Dive: CPUID Enumeration and Architectural MSRs'
ok deraadt@
|
|
|
|
Historically, the softraid crypto support in the boot loaders has only
given one attempt to provide the correct passphrase. There were a
few reasons for this, including the fact that pkcs5_pbkdf2() allows an
empty passphrase and that returning EPERM allowed for another attempt.
With the event of KARL and the need for bsd.booted with hibernate resumption,
this becomes much more of an issue - if you get the passphrase wrong you
fail to resume. There are also other situations like using /etc/boot.conf
to switch serial console, but an incorrect passphrase results in the config
not being read. Also, bcrypt_pbkdf() does not permit empty passphrases.
This reworks the softraid crypto support in the boot loaders so that it
loops requesting a valid passphrase until one is provided, or an empty
passphrase is entered (at which point it will abort).
ok mortimer@ tb@
|
|
Documented in 'Speculative Execution Side Channel Mitigations'
revision 2.0.
|
|
adapters.
"go ahead commit it" deraadt@
|
|
we don't need to uncondtionally set it.
Worksaround a suspected bug in newer Linux KVM, which may trigger a
#GP fault on writes to this MSR.
ok mlarkin@
|
|
remove the MD API.
ok deraadt@
|
|
Add "Mitigation G-2" per AMD's Whitepaper "Software Techniques for
Managing Speculation on AMD Processors"
By setting MSR C001_1029[1]=1, LFENCE becomes a dispatch serializing
instruction.
ok deraadt@
|
|
|
|
earlier for amd64
|
|
console at 115200 baud.
ok deraadt
|
|
ok mlarkin@
|
