OpenBSD cvs log

created	2018-12-27T19:40:23Z
begin	2018-07-12T00:00:00Z
end	2018-07-13T00:00:00Z
path	src/sys
commits	14

date	2018-07-12T01:23:38Z
author	cheloha
files	src/sys/kern/kern_pledge.c	log	diff	annotate
	src/sys/kern/kern_sched.c	log	diff	annotate
	src/sys/kern/kern_sysctl.c	log	diff	annotate
	src/sys/sys/proc.h	log	diff	annotate
	src/sys/sys/sched.h	log	diff	annotate
	src/sys/sys/sysctl.h	log	diff	annotate
message	Add hw.ncpuonline to count the number of online CPUs. The introduction of hw.smt means that logical CPUs can be disabled after boot and prior to suspend/resume. If hw.smt=0 (the default), there needs to be a way to count the number of hardware threads available on the system at any given time. So, import HW_NCPUONLINE/hw.ncpuonline from NetBSD and document it. hw.ncpu becomes equal to the number of CPUs given to sched_init_cpu() during boot, while hw.ncpuonline is equal to the number of CPUs available to the scheduler in the cpuset "sched_all_cpus". Set_SC_NPROCESSORS_ONLN equal to this new sysctl and keep _SC_NPROCESSORS_CONF equal to hw.ncpu. This is preferable to adding a new sysctl to count the number of configured CPUs and keeping hw.ncpu equal to the number of online CPUs because such a change would break software in the ecosystem that relies on HW_NCPU/hw.ncpu to measure CPU usage and the like. Such software in base includes top(1), systat(1), and snmpd(8), and perhaps others. We don't need additional locking to count the cardinality of a cpuset in this case because the only interfaces that can modify said cardinality are sysctl(2) and ioctl(2), both of which are under the KERNEL_LOCK. Software using HW_NCPU/hw.ncpu to determine optimal parallism will need to be updated to use HW_NCPUONLINE/hw.ncpuonline. Until then, such software may perform suboptimally. However, most changes will be similar to the change included here for libcxx's std::thread:hardware_concurrency(): using HW_NCPUONLINE in lieu of HW_NCPU should be sufficient for determining optimal parallelism for most software if the change to _SC_NPROCESSORS_ONLN is insufficient. Prompted by deraadt. Discussed at length with kettenis, deraadt, and sthen. Lots of patch tweaks from kettenis. ok kettenis, "proceed" deraadt

date	2018-07-12T10:15:44Z
author	mlarkin
files	src/sys/arch/amd64/amd64/vmm.c	log	diff	annotate
files	src/sys/arch/amd64/include/vmmvar.h	log	diff	annotate
message	vmm(8)/vmm(4): send a copy of the guest register state to vmd on exit, avoiding multiple readregs ioctls back to vmm in case register content is needed subsequently. ok phessler

date	2018-07-12T10:16:41Z
author	mlarkin
files	src/sys/arch/amd64/amd64/vmm.c	log	diff	annotate
message	zap a blank line

date	2018-07-12T12:46:00Z
author	fcambus
files	src/sys/arch/amd64/conf/files.amd64	log	diff	annotate
message	Stop building rasops4 on amd64. It was pulled in for efifb, but it is extremely unlikely an EFI system supporting only 4-bit color depth (16 colors) exists. Even if it existed though, on SMALL_KERNEL rasops4_putchar() simply returns EAGAIN so it would not be possible to install the system. For the record, we do not build rasops4 on i386 or on any of our other platforms either. OK kettenis@, mpi@

date	2018-07-12T12:47:57Z
author	fcambus
files	src/sys/arch/amd64/amd64/efifb.c	log	diff	annotate
message	Remove cases for 1-bit and 4-bit color depths in efifb_ioctl(), as we basically can't run in those modes. OK kettenis@

date	2018-07-12T14:11:11Z
author	guenther
files	src/sys/arch/amd64/amd64/cpu.c	log	diff	annotate
	src/sys/arch/amd64/amd64/identcpu.c	log	diff	annotate
	src/sys/arch/amd64/amd64/locore.S	log	diff	annotate
	src/sys/arch/amd64/amd64/machdep.c	log	diff	annotate
	src/sys/arch/amd64/amd64/pmap.c	log	diff	annotate
	src/sys/arch/amd64/amd64/vector.S	log	diff	annotate
	src/sys/arch/amd64/conf/ld.script	log	diff	annotate
	src/sys/arch/amd64/include/asm.h	log	diff	annotate
	src/sys/arch/amd64/include/codepatch.h	log	diff	annotate
message	Reorganize the Meltdown entry and exit trampolines for syscall and traps so that the "mov %rax,%cr3" is followed by an infinite loop which is avoided because the mapping of the code being executed is changed. This means the sysretq/iretq isn't even present in that flow of instructions in the kernel mapping, so userspace code can't be speculatively reached on the kernel mapping and totally eliminates the conditional jump over the the %cr3 change that supported CPUs without the Meltdown vulnerability. The return paths were probably vulnerable to Spectre v1 (and v1.1/1.2) style attacks, speculatively executing user code post-system-call with the kernel mappings, thus creating cache/TLB/etc side-effects. Would like to apply this technique to the interrupt stubs too, but I'm hitting a bug in clang's assembler which misaligns the code and symbols. While here, when on a CPU not vulnerable to Meltdown, codepatch out the unnecessary bits in cpu_switchto(). Inspiration from sf@, refined over dinner with theo ok mlarkin@ deraadt@

date	2018-07-12T14:22:54Z
author	sashan
files	src/sys/sys/queue.h	log	diff	annotate
message	- introducing _Q_INVALID to sys/queue.h OK @bluhm, OK @otto, OK @guenther

date	2018-07-12T14:24:54Z
author	guenther
files	src/sys/arch/amd64/amd64/vector.S	log	diff	annotate
message	Unbreak the nmi handler (again): I placed INTR_CLEAR_GPRS in the wrong place and GS.base was horked on return. Also, the frame passed to ddb didn't have the %rbp<-->tf_err swap, which would have confused backtraces. Now if we can just come up with a way to automate testing the NMI handler with qemu...

date	2018-07-12T14:28:07Z
author	sashan
files	src/sys/net/pf.c	log	diff	annotate
message	trade few 'goto unlock: for 'break' in pf_test() OK mpi@, OK henning@, OK jca@

date	2018-07-12T15:13:33Z
author	mlarkin
files	src/sys/arch/amd64/include/vmmvar.h	log	diff	annotate
message	zap an extra newline

date	2018-07-12T15:48:02Z
author	mlarkin
files	src/sys/arch/i386/i386/vmm.c	log	diff	annotate
files	src/sys/arch/i386/include/vmmvar.h	log	diff	annotate
message	unbreak i386 build, thanks to pd@ for noticing. Same diff as I committed earlier for amd64

date	2018-07-12T15:51:50Z
author	mpi
files	src/sys/netinet/ip_ah.c	log	diff	annotate
	src/sys/netinet/ip_esp.c	log	diff	annotate
	src/sys/netinet/ip_ipcomp.c	log	diff	annotate
	src/sys/netinet/ip_ipsp.h	log	diff	annotate
	src/sys/netinet/ip_output.c	log	diff	annotate
	src/sys/netinet/ipsec_output.c	log	diff	annotate
	src/sys/netinet6/ip6_output.c	log	diff	annotate
message	Introduce ipsec_output_cb() to merge duplicate code and account for dropped packets in the output path. While here fix a memory leak when compression is not needed w/ IPcomp. ok markus@

date	2018-07-12T16:07:35Z
author	florian
files	src/sys/net/route.h	log	diff	annotate
files	src/sys/netinet6/nd6_nbr.c	log	diff	annotate
message	Introduce RTM_CHGADDRATTR to inform userland on the route socket when an attribute of an address is changed. For now it's used when IPv6 duplicate address detection finishes. With this slaacd(8) can find out if a configured address is not duplicated without the need to poll. OK phessler, benno, claudio

date	2018-07-12T22:09:04Z
author	deraadt
files	src/sys/arch/amd64/conf/GENERIC.MP	log	diff	annotate
message	we will be toggling witness on/off a few times. when it is on, it raises awareness of problems. when it is off, development cycles are faster. let's do the faster cycle for a little while. discussion with naddy