| Commit message (Collapse) | Author | Files | Lines |
|---|
|
deletion
|
|
have expand work on the appropriate string
|
|
|
|
- handle protection fault on iret properly
- handle NMI
- actually enable U-K in pmap_switch()
from hshoexer@; input guenther@; OK mlarkin@ deraadt@
|
|
Ok gsoares@
|
|
Ok martijn@, florian@, benno@
|
|
fallthrough. Avoids unnecessary jmp instructions in the middle
of functions and makes disassembly nicer to read.
ok guenther@ mlarkin@ deraadt@
|
|
against the VM list.
|
|
|
|
|
|
|
|
- try to avoid muddling "reserved words" and "keywords"
ok gilles
|
|
|
|
Remove them to make the code simpler.
OK deraadt@ gsoares@
|
|
Globally anycasted 6to4 has outlived its usefulness.
Operational discussion: http://seclists.org/nanog/2018/Jun/268
OK deraadt@
|
|
indefinitely and cannot be interrupted or killed. This is consistent
with how VFS system calls should behave. If the file system becomes
unresponsive then the only sane solution is for the user to kill the
file system daemon.
Implementing the equivalent of nfs -osoft or -ointr to either timeout
or allow the blocking FUSE operation to be interrupted can be considered
in a future patch.
ok mpi@
|
|
implementations. Rely on the VFS layer to do the checking.
OK mpi@, helg@
|
|
to make crfree() and crhold() MP-safe. Make crhold() a proper function.
Put the definition into file kern_prot.c to constrain the need of the
<sys/atomic.h> header.
While there, adjust the IPL of ucred_pool to avoid lock order problems
with the kernel lock (pointed out by kettenis@).
OK mpi@
|
|
removing unused uvmexp fields. Reduces number of lines as well.
|
|
This also fixes the _url functions that was previously #ifdef'ed out.
OK claudio@
|
|
only uses that
|
|
|
|
it in the piglet during unhibernate. Missed this block during the previous
commit. We'll panic, which will likely just reboot the machine, but that's
better than trashing a chunk and causing mystery errors later.
|
|
Prevent a panic now that some syscall are running unlocked.
Found the hardway by Gregor Best.
|
|
original retguard data to the piglet and bcopys it back in place
immediately before resuming via the ACPI Sx trampoline.
ok deraadt, guenther, tested by many.
|
|
ok deraadt@
|
|
to detect smt cores. As there's no "smt id" on these like there is on Intel
parts, check against other already-id'd cpus to detect which are additional
smt threads on a core.
jmatthew noticed some unusual (non-contiguous) numbering on an single
socket EPYC 7551p but there's no indication that the actual ID numbers
need to be sequential.
"As long as we treat ci_core_id as just a number, that shouldn't be an
issue" and OK kettenis@
ref: 54945 rev 1.14 - PPR for AMD Family 17h Models 00h-0Fh
|
|
|
|
For example:
location match "/page/(%d+)/.*" {
request rewrite "/static/index.php?id=%1&$QUERY_STRING"
}
Requested by many.
Ok benno@
|
|
@define-tag sthg
|
|
the compiler is probably better at unrolling loops.
style nit fcambus
OK phessler
|
|
we can probably get away without doing it if no tags exist (to do later)
|
|
|
|
which involved doing a write_option_db() call at a different point in
bind_lease().
However one of the parameters was in a variable that was also used for
iterating a TAILQ so this did not have the intended contents (it was
always NULL at the end of TAILQ_FOREACH*, resulting in a null deref
when dhclient -L is used).
Fix by using a new temporary variable. ok krw@
|
|
|
|
|
|
These syscalls can now be executed w/o the KERNEL_LOCK() depending on
the kind of socket.
The current solution uses a single global mutex to serialize access to,
and reference count, 'struct file'.
ok visa@, kettenis@
|
|
This is required to run network syscall mostly without the KERNEL_LOCK().
ok visa@, kettenis@ as part of a larger diff.
|
|
|
|
|
|
so let the handle do the heavy lifting of plist loading all the
time (this is also what tag solver will need)
|
|
able to use it.
|
|
inputs & ok visa@
|
|
|
|
|
|
From Ondrej Zary
e88640adf6fe0709466f814a26753d78184a598c in linux 4.4.y/4.4.136
b3fb22733ae61050f8d10a1d6a8af176c5c5db1a in mainline linux
|
|
unusedNN.
Missing man page bits pointed out by
jmc@. Ports source scan by sthen@.
ok deraadt@ guenther@
|
|
|
|
TLBs and L1 caches between threads. This can make cache timing
attacks a lot easier and we strongly suspect that this will make
several spectre-class bugs exploitable. Especially on Intel's SMT
implementation which is better known as Hypter-threading. We really
should not run different security domains on different processor
threads of the same core. Unfortunately changing our scheduler to
take this into account is far from trivial. Since many modern
machines no longer provide the ability to disable Hyper-threading in
the BIOS setup, provide a way to disable the use of additional
processor threads in our scheduler. And since we suspect there are
serious risks, we disable them by default. This can be controlled
through a new hw.smt sysctl. For now this only works on Intel CPUs
when running OpenBSD/amd64. But we're planning to extend this feature
to CPUs from other vendors and other hardware architectures.
Note that SMT doesn't necessarily have a posive effect on performance;
it highly depends on the workload. In all likelyhood it will actually
slow down most workloads if you have a CPU with more than two cores.
ok deraadt@
|
|
OK jca
|
espie
visa
bluhm
rob
mortimer
mlarkin
jmc
kettenis
claudio
job
helg
krw
reyk
mpi
kevlo
sthen
deraadt
florian
jsg
kn