OpenBSD cvs log

created	2023-08-05T05:00:33Z
begin	2023-07-31T00:00:00Z
end	2023-08-01T00:00:00Z
path	src/sys
commits	8

date	2023-07-31T01:33:57Z
author	guenther
files	src/sys/arch/amd64/amd64/codepatch.c	log	diff	annotate
files	src/sys/arch/amd64/include/codepatch.h	log	diff	annotate
message	The replacement code passed to codepatch_replace() can usefully be const. suggested by bluhm@

date	2023-07-31T04:01:07Z
author	guenther
files	src/sys/arch/amd64/amd64/cpu.c	log	diff	annotate
	src/sys/arch/amd64/amd64/locore.S	log	diff	annotate
	src/sys/arch/amd64/amd64/vector.S	log	diff	annotate
	src/sys/arch/amd64/conf/Makefile.amd64	log	diff	annotate
	src/sys/arch/amd64/include/codepatch.h	log	diff	annotate
message	On CPUs with eIBRS ("enhanced Indirect Branch Restricted Speculation") or IBT enabled the kernel, the hardware should the attacks which retpolines were created to prevent. In those cases, retpolines should be a net negative for security as they are an indirect branch gadget. They're also slower. * use -mretpoline-external-thunk to give us control of the code used for indirect branches * default to using a retpoline as before, but marks it and the other ASM kernel retpolines for code patching * if the CPU has eIBRS, then enable it * if the CPU has eIBRS or IBT, then codepatch the three different retpolines to just indirect jumps make clean && make config required after this ok kettenis@

date	2023-07-31T09:00:43Z
author	kettenis
files	src/sys/dev/fdt/axppmic.c	log	diff	annotate
files	src/sys/dev/fdt/files.fdt	log	diff	annotate
message	Make the RSB interface optional such that we can use this driver in kernels without the sxirsb(4) driver. ok uaa@

date	2023-07-31T11:13:09Z
author	dlg
files	src/sys/net/if_pfsync.c	log	diff	annotate
files	src/sys/net/pf.c	log	diff	annotate
message	don't let pfsync send an insert message for a state pfsync just inserted sthen@ upgraded and ended up with a lot of pfsync traffic which was mostly made up of the two firewalls telling each other to insert the same state over and over again. this has each of the paths that insert states (actual pf, ioctls, and pfsync) identify themselves so pfsync can enter them into its own state machine in the right place. when pfsync inserts a state into pf, it knows it should just swallow the state silently without sending out another insert for it. ok sthen@ sashan@

date	2023-07-31T11:13:10Z
author	dlg
files	src/sys/net/if_pfsync.h	log	diff	annotate
message	don't let pfsync send an insert message for a state pfsync just inserted sthen@ upgraded and ended up with a lot of pfsync traffic which was mostly made up of the two firewalls telling each other to insert the same state over and over again. this has each of the paths that insert states (actual pf, ioctls, and pfsync) identify themselves so pfsync can enter them into its own state machine in the right place. when pfsync inserts a state into pf, it knows it should just swallow the state silently without sending out another insert for it. ok sthen@ sashan@

date	2023-07-31T12:00:07Z
author	tobhe
files	src/sys/arch/macppc/dev/onyx.c	log	diff	annotate
message	Implement audio input source selection. from jon at elytron dot openbsd dot amsterdam feedback and ok miod@

date	2023-07-31T12:23:35Z
author	kettenis
files	src/sys/dev/fdt/axppmic.c	log	diff	annotate
message	Add AXP15060 support. ok uaa@

date	2023-07-31T17:10:31Z
author	bluhm
files	src/sys/arch/i386/i386/codepatch.c	log	diff	annotate
files	src/sys/arch/i386/include/codepatch.h	log	diff	annotate
message	Mark code parameter of codepatch_replace() constant also on i386. OK guenther@