Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
ok deraadt@
|
|
platforms.
From miod@
|
|
Feedback and OK jmc
|
|
OK mpi
|
|
ok deraadt@, mortimer@, visa@
|
|
and .data segments that have the X (executable) flag set when using lld.
This doesn't result in those sections being mapped executable in the bsd
kernel, but it does result in the X flag being set on those sections in
the final kernel binary, which confuses some scanning tools for (ROP)
gadgets.
Fix this by tweaking the generated gapdummy.c file that is used for
building gap.o. It now defines the .rodata section using inline asm.
This also fixes .data as it will inherit its flags from .rodata.
ok deraadt@, mortimer@
|
|
and .data segments that have the X (executable) flag set when using lld.
This doesn't result in those sections being mapped executable in the bsd
kernel, but it does result in the X flag being set on those sections in
the final kernel binary, which confuses some scanning tools for (ROP)
gadgets.
Fix this by tweaking the generated gapdummy.c file that is used for
building gap.o. It now defines the .rodata section using inline asm.
This also fixes .data as it will inherit its flags from .rodata.
ok deraadt@, mortimer@
|
|
we already do on arm64. Prevents using the framebuffer on the cubox-i as
regular memory for example.
|
|
method to let the ACPI implementation know what features we support.
|
|
LOADADDR(.text) is only available after the description of the text
section. Instead simply use ENTRY(start) like we do on amd64. The
bootloader strips the high bits from the entry point address already,
so using the virtual address as the entry point address works.
with/ok kettenis@
|
|
ok kettenis@
|
|
ok deraadt@, mlarkin@, visa@
|
|
ok guenther@ tb@ deraadt@
|
|
AMD CPUs. Avoids knocking out too many processor threads on for example
the AMD Ryzen Threadtipper 2990WX which apparently consists of 4 separate
dies with 8 cores each. Note that the "package" ID really is a "die" ID
here.
ok sthen@
|
|
|
|
|
|
ok patrick@, naddy@
|
|
ok patrick@, naddy@
|
|
have a PT_GNU_STACK segment and doesn't pad the bootblocks to a full page.
ok naddy@, help from guenther@
|
|
ok jsg@ phessler@ kettenis@ deraadt@
|
|
BOOTIA32.EFI works but BOOTX64.EFI unfortunately doesn't work yet.
ok patrick@
|
|
access instead of spinning forever. Fix a weird cast in related code while
I'm there.
ok visa@ deraadt@
|
|
the values, just try it and handle the #GP if it faults.
Problem reported by Maxime Villard (max(at)m00nbsd.net)
ok mlarkin@
|
|
as we do on arm and i386. Copied from arm.
If there are no MD byteswapping functions, MI macros are used.
These are wrapped by static inline functions to prevent multiple
evaluation of their argument. If there are MD functions, they are
used directly and therefore we must implicitly guarantee that they
are safe from multiple evaluation. Defining an MD function to an
MI macro breaks this promise.
ok deraadt@
|
|
This uses one PCID for kernel threads, one for the U+K tables of
normal processes, one for the matching U-K tables (when meltdown
in effect), and one for temporary mappings when poking other
processes. Some further tweaks are envisioned but this is good
enough to provide more separation and has (finally) been stable
under ports testing.
lots of ports testing and valid complaints from naddy@ and sthen@
feedback from mlarkin@ and sf@
|
|
Use inline functions instead of GNU C statement expressions, and
make them available to userland. With clues from guenther@.
ok guenther@ kettenis@
|
|
byteswapping code.
ok guenther@ kettenis@
This fixes a corner case triggered by the comms/hylafax port where
htons() can't be compiled in C++ code:
"Don't know how to handle indirect register inputs yet for constraint 'r'"
|
|
ok deraadt@
|
|
OK deraadt@ and kettenis@
|
|
|
|
we have spun out (to which there are consequences), we should spin longer.
The BSP really wants the APs to finish.
|
|
which speeds things up considerably compared to an uncached mapping.
ok deraadt@
|
|
Passes 'make release' build.
|
|
Tested by Christian Hammerschmidt.
|
|
|
|
like we already do for MWAIT/MONITOR. Also match Intel here by not
exposing the SVM capability to AMD guests.
Allows Linux guests to boot in vmd(8) on Ryzen CPUs.
ok mlarkin@
|
|
With and ok jsg@
|
|
For SVM machines, the LDT content remains set to that of the guest VM on
exit (as compared to Intel/VMX which resets the LDTR to 0). This fix
ensures the LDT is reset to 0 on SVM exits.
Leaving the LDT set to the guest's choice could allow a malicious process
to escalate its privileges with the help of a malicious VM that they
also are able to run on the machine.
This was reported by Maxime Villard; thanks!
|
|
|
|
4MB which is far too low especially when the platform is able to run MP.
New limits are, amd64 = 256M; arm64, mips64, sparc64 = 64M; alpha, arm,
hppa, i386, powerpc = 32M; m88k, sh = 8M
Still rather conservative numbers but much better than before. At least
some hangs of arm64 build boxes was caused by this.
OK kettenis@, visa@
|
|
ok visa@ jsg@ phessler@
|
|
include PROT_READ but not PROT_EXEC.
ok patrick@
|
|
|
|
avoid some TLB flushes by not reloading %cr3 when the value isn't changing.
original diff by and ok mlarkin@
|
|
not just pmap_kernel() and this CPUs pmap. Meanwhile, when mapping
another pmap's tables, order the locking so that we don't need IPIs
specific to the temp pmap.
tested in snaps for a bit
ok mlarkin@
|
|
armv7 and i386 with amd64.
ok guenther@
|