| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
Make struct syscall_args visible to userspace compilation environment
from machine/proc.h, consistently on all architectures.
(cherry picked from commit 06d5fa0600b92e97e90e41785ef10f641bdec89f)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
328166,328177,328199,328202,328205,328468,328470,328624,328625,328627,
328628,329214,329297,329365:
Meltdown mitigation by PTI, PCID optimization of PTI, and kernel use of IBRS
for some mitigations of Spectre.
Tested by: emaste, Arshan Khanifar <arshankhanifar@gmail.com>
Discussed with: jkim
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 6dd025b40ee6870bea6ba670f30dcf684edc3f6c)
|
| | |
| |
| |
| |
| |
| |
| | |
Enumerate and print Intel CPU features for Speculative Execution Side
Channel Mitigations.
(cherry picked from commit f607d3f37dbe011b8b06a6dbcd1345c4c852b1f4)
|
| | |
| |
| |
| |
| |
| | |
x86: Decode AMD "Extended Feature Extensions ID EBX" bits.
(cherry picked from commit 5d6b85eb27654d9d704c4c9808eced42d040840e)
|
| | |
| |
| |
| |
| |
| | |
Add CR4.SMAP control bit.
(cherry picked from commit e0589cb396337b99d04e160c8b192ea298b623a1)
|
| | |
| |
| |
| |
| |
| |
| | |
Add missed AVX512VL (128 and 256 bit vector length) extension
identification bit.
(cherry picked from commit 67e50e43299002bef26a498b82129fa9dd48f9a6)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Lower the amd64 shared page, which contains the signal trampoline,
from the top of user memory to one page lower on machines with the
Ryzen (AMD Family 17h) CPU. This pushes ps_strings and the stack
down by one page as well. On Ryzen there is some sort of interaction
between code running at the top of user memory address space and
interrupts that can cause FreeBSD to either hang or silently reset.
This sounds similar to the problem found with DragonFly BSD that
was fixed with this commit:
https://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/b48dd28447fc8ef62fbc963accd301557fd9ac20
but our signal trampoline location was already lower than the address
that DragonFly moved their signal trampoline to. It also does not
appear to be related to SMT as described here:
https://www.phoronix.com/forums/forum/hardware/processors-memory/955368-some-ryzen-linux-users-are-facing-issues-with-heavy-compilation-loads?p=955498#post955498
"Hi, Matt Dillon here. Yes, I did find what I believe to be a
hardware issue with Ryzen related to concurrent operations. In a
nutshell, for any given hyperthread pair, if one hyperthread is
in a cpu-bound loop of any kind (can be in user mode), and the
other hyperthread is returning from an interrupt via IRETQ, the
hyperthread issuing the IRETQ can stall indefinitely until the
other hyperthread with the cpu-bound loop pauses (aka HLT until
next interrupt). After this situation occurs, the system appears
to destabilize. The situation does not occur if the cpu-bound
loop is on a different core than the core doing the IRETQ. The
%rip the IRETQ returns to (e.g. userland %rip address) matters a
*LOT*. The problem occurs more often with high %rip addresses
such as near the top of the user stack, which is where DragonFly's
signal trampoline traditionally resides. So a user program taking
a signal on one thread while another thread is cpu-bound can cause
this behavior. Changing the location of the signal trampoline
makes it more difficult to reproduce the problem. I have not
been because the able to completely mitigate it. When a cpu-thread
stalls in this manner it appears to stall INSIDE the microcode
for IRETQ. It doesn't make it to the return pc, and the cpu thread
cannot take any IPIs or other hardware interrupts while in this
state."
since the system instability has been observed on FreeBSD with SMT
disabled. Interrupts to appear to play a factor since running a
signal-intensive process on the first CPU core, which handles most
of the interrupts on my machine, is far more likely to trigger the
problem than running such a process on any other core.
Also lower sv_maxuser to prevent a malicious user from using mmap()
to load and execute code in the top page of user memory that was made
available when the shared page was moved down.
Make the same changes to the 64-bit Linux emulator.
PR: 219399
Reported by: nbe@renzel.net
Reviewed by: kib
Reviewed by: dchagin (previous version)
Tested by: nbe@renzel.net (earlier version)
Differential Revision: https://reviews.freebsd.org/D11780
(cherry picked from commit 4571a19dd885caa3f20979daa951df05cb5664a2)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
hyperv/vmbus: Add tunable to pin/unpin event tasks.
Event tasks are pinned to their respective CPU by default, in the same
fashion as they were.
Unpin the event tasks by setting hw.vmbus.pin_evttask to 0, if certain
CPUs serve special purpose.
Sponsored by: Microsoft
(cherry picked from commit 9cb4809ce143d4b9253bda2ec391079de7ea3f2c)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
hyperv: Update copyright for the files changed in 2017
Sponsored by: Microsoft
Differential Revision: https://reviews.freebsd.org/D11982
(cherry picked from commit 328ea10b1ddf12368a3066bc7dd116be91caebde)
|
| | |
| |
| |
| |
| |
| | |
When re-evaluating cpu_features, also re-print CPU identification.
(cherry picked from commit a45f231a74f8f3d3b71d7ad8ad8f074f4be92812)
|
| | |
| |
| |
| |
| |
| | |
Make it possible to re-evaluate cpu_features.
(cherry picked from commit a586b974f77aedb619baf0454435fa4016339161)
|
| | |
| |
| |
| |
| |
| | |
Update cpucontrol(8).
(cherry picked from commit 51ddd328af49581520049112d546d25d53076eb7)
|
| | |
| |
| |
| |
| |
| |
| | |
Remove confusion in the line explaining syntax of the msr read.
Specify words order in the display.
(cherry picked from commit cbc40b66c16c4ca23c09b88029930fb5c88a5dfe)
|
| | |
| |
| |
| |
| |
| |
| | |
Allow to disable default microcode updates search path with the new
'-n' option.
(cherry picked from commit ea3420cd5630af68a7faa4bff6a89f03d0c32022)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
amd64: annotate the syscall return address check with __predict_false
before:
0xffffffff80b03ebb <+2059>: mov 0x460(%r14),%rax
0xffffffff80b03ec2 <+2066>: mov 0x98(%rax),%rax
0xffffffff80b03ec9 <+2073>: shr $0x2f,%rax
0xffffffff80b03ecd <+2077>: je 0xffffffff80b03edd <amd64_syscall+2093>
0xffffffff80b03ecf <+2079>: mov 0x3f8(%r14),%rax
0xffffffff80b03ed6 <+2086>: orl $0x1,0xc8(%rax)
0xffffffff80b03edd <+2093>: add $0xf8,%rsp
after:
0xffffffff80b03ebb <+2059>: mov 0x460(%r14),%rax
0xffffffff80b03ec2 <+2066>: mov 0x98(%rax),%rax
0xffffffff80b03ec9 <+2073>: shr $0x2f,%rax
0xffffffff80b03ecd <+2077>: jne 0xffffffff80b03eef <amd64_syscall+2111>
0xffffffff80b03ecf <+2079>: add $0xf8,%rsp
(cherry picked from commit 4ebdf0a463e767672045047ec82c75bf545e9a7c)
|
| | |
| |
| |
| |
| |
| | |
Simplify amd64 trap().
(cherry picked from commit f6bf98be8850c6fe2e961827d4e4a796e49605b8)
|
| | |
| |
| |
| |
| |
| |
| | |
Do not call trapsignal() after handling usermode fault or interrupt,
when a signal is not intended to be sent.
(cherry picked from commit 7e1281f6411ce375304d8fa398e1b21508ee0a44)
|
| | |
| |
| |
| |
| |
| | |
Trim excessive 'extern' and remove unused declaration.
(cherry picked from commit d7178de0c53b8d9071c4f70bf5a36cd673a3d997)
|
| | |
| |
| |
| |
| |
| | |
Use ANSI C declaration for trap_pfault(). Style.
(cherry picked from commit 835f94b17c388359d5c9337a6878f594c9b204d5)
|
| | |
| |
| |
| |
| |
| | |
Style.
(cherry picked from commit f04468c1b791e0af4267e1fb8e9302a4a52acb87)
|
| | |
| |
| |
| |
| |
| |
| | |
Move struct syscall_args syscall arguments parameters container into
struct thread.
(cherry picked from commit 985b26c6741218c134a15526fd32b736bd73fa8a)
|
| | |
| |
| |
| |
| |
| | |
Move the hardware setup for fast syscalls into a common function.
(cherry picked from commit ee52c56e9fd3893f553479a1119972766e1bf10d)
|
| | |
| |
| |
| |
| |
| | |
Consistently ensure that we do not load MXCSR with reserved bits set.
(cherry picked from commit efc00b570d58b8aa0cdb85811e73e607a9f69022)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Split identify_cpu() into two functions for amd64 as we do for i386. This
reduces diff between amd64 and i386. Also, it fixes a regression introduced
in r322076, i.e., identify_hypervisor() failed to identify some hypervisors.
This function assumes cpu_feature2 is already initialized.
Reported by: dexuan
Tested by: dexuan
(cherry picked from commit 173ac9160e83a9396d44938ef9789b6e62e48e70)
|
| | |
| |
| |
| |
| |
| | |
Detect hypervisor early so that we set lower hz on it.
(cherry picked from commit 1a04c4c6be5d589d138e45c2000dea4c9e4e2408)
|
| | |
| |
| |
| |
| |
| | |
Rename COMMON_TSS_RSP0 to TSS_RSP0.
(cherry picked from commit 18a2f90a6ea9bb9ba24aa12792dd50864d7fe8c7)
|
| | |
| |
| |
| |
| |
| | |
Update comment.
(cherry picked from commit 5596db6a009420f7f1e764cc67d15e03ecb75601)
|
| | |
| |
| |
| |
| |
| | |
amd64: drop q suffix from rd[fg]sbase for gas compatibility
(cherry picked from commit c78f11f66bbfbc66d4b5ed31a9dc66831eacdf19)
|
| | |
| |
| |
| |
| |
| | |
Make WRFSBASE and WRGSBASE instructions functional.
(cherry picked from commit b1a7a7418e73251aad628dc4f9418e550a9fd3d7)
|
| | |
| |
| |
| |
| |
| | |
This will also help to reduce the number of builds.
(cherry picked from commit 20ce526291ecaeb5e30155ceaa6cec6e49e78dec)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
fine when a lot of different flows to be ciphered/deciphered are involved.
However, when a software crypto driver is used, there are
situations where we could benefit from making crypto(9) multi threaded:
- a single flow is to be ciphered: only one thread is used to cipher it,
- a single ESP flow is to be deciphered: only one thread is used to
decipher it.
The idea here is to call crypto(9) using a new mode (CRYPTO_F_ASYNC) to
dispatch the crypto jobs on multiple threads, if the underlying crypto
driver is working in synchronous mode.
Another flag is added (CRYPTO_F_ASYNC_KEEPORDER) to make crypto(9)
dispatch the crypto jobs in the order they are received (an additional
queue/thread is used), so that the packets are reinjected in the network
using the same order they were posted.
A new sysctl net.inet.ipsec.async_crypto can be used to activate
this new behavior (disabled by default).
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae, jmg, jhb
Differential Revision: https://reviews.freebsd.org/D10680
Sponsored by: Stormshield
(cherry picked from commit fbc9da5dbe50b72a335de7a27b6834fba8ee3cf0)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fix a vulnerability in IPsec-IPv6-AH, that allows an attacker to remotely
crash the kernel with a single packet.
In this loop we need to increment 'ad' by two, because the length field
of the option header does not count the size of the option header itself.
If the length is zero, then 'count' is incremented by zero, and there's
an infinite loop. Beyond that, this code was written with the assumption
that since the IPv6 packet already went through the generic IPv6 option
parser, several fields are guaranteed to be valid; but this assumption
does not hold because of the missing '+2', and there's as a result a
triggerable buffer overflow (write zeros after the end of the mbuf,
potentially to the next mbuf in memory since it's a pool).
Add the missing '+2', this place will be reinforced in separate commits.
Reported by: Maxime Villard <maxv at NetBSD.org>
MFC after: 1 week
(cherry picked from commit 9ecab3344c44c55487bb485b82bcc6d5e839a7e3)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
fix pointer/offset mistakes in handling of IPv4 options
Reported by: Maxime Villard <maxv at NetBSD.org>
MFC after: 1 week
(cherry picked from commit 733b094ecd54f727d08d8b4ac02aaca48db98ba7)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Do better cleaning in key_destroy() for VIMAGE case.
SPDB was cleaned using TAILQ_CONCAT() instead of calling key_unlink()
for each SP, thus we need to properly clean lists in each bucket of
V_sphashtbl to avoid panic in hashdestroy() when INVARIANTS is enabled.
Do the same for V_acqaddrhashtbl and V_acqseqhashtbl.
When we are called in DEFAULT_VNET, destroy also all global locks and
drain key_timer callout.
Reported by: kp
Tested by: kp
(cherry picked from commit 0925361361d574d82f00033397972226eb5cac13)
|
| | |
| |
| |
| |
| |
| | |
Ticket #4909.
(cherry picked from commit 070fe5761940aede4ba68e28afd494effb2ec38e)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Fixes a crash when dummynet is used with pfsync.
Ticket #4310
(cherry picked from commit 92b0a4e58e8a89eb6be7714dcd59b30fd0615352)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
building it.
lint(1) is required on the host build system to build lint(1) libraries, and
it is no longer available on FreeBSD 12. This prevents using a 12 or later
host to build an 11 or earlier system, which causes problems for building
jails and using poudriere. The problem could be fixed by treating lint as a
bootstrap tool when building on 12+, but that just adds complexity and build
time to build a broken tool that virtually nobody uses anymore.
This is a direct commit to 11-stable because lint no longer exists in later
branches.
PR: 223892
Relnotes: yes
Differential Revision: https://reviews.freebsd.org/D13799
(cherry picked from commit 5fb1dbc1862d5ddd058d22fe18063e6c71aeb7bc)
|
| | |
| |
| |
| | |
(cherry picked from commit 1c60fc3254be72a0dbc7e9eac10e3cfa89256bad)
|
| | |
| |
| |
| | |
(cherry picked from commit 7c38f306bf908e1358fe19a70c5bdc9ad4422c85)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This reduces the chances of breaking the connectivity on boot by overwritting the loader defaults.
The driver already take care of the important bits, so just keep the other settings.
(cherry picked from commit e162742501ad6bab132ac149b7e9af3866819b78)
|
| | |
| |
| |
| |
| |
| |
| |
| | |
mode.
While the switch is going to use the SMI Address and SMI Address + 1, this does not mean that the base address cannot use odd addresses.
(cherry picked from commit f9569de3680bf62814fe84959e65e275e302531e)
|
| | |
| |
| |
| | |
(cherry picked from commit 2331af834543e4d99749c33e4ed1873d0ef339b9)
|
| | |
| |
| |
| |
| |
| | |
Tested on: PLCC-B
(cherry picked from commit 2678ace480c7e28c1233206cfa2df7628a2d8c07)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Make the driver build without FDT (and load settings from hints).
Tested on PLCC-B.
(cherry picked from commit 7d73c4b1509b5a64fe90eb9d81c2f3c1e4f05ff1)
(cherry picked from commit 041d83e86f89901a0d8bcc5b19a9f407360a2302)
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Don't call kresolv_list() if using netstat on live kernel
kresolve_list() is calling many kldsym(2). Removing that call on when collecting
stats for the running kernel improves the startup time and CPU usage.
Submitted by: Nikita Kozlov (nikita.kozlov@blade-group.com)
Reviewed by: cem
Sponsored by: blade
Differential Revision: https://reviews.freebsd.org/D12151
(cherry picked from commit aa98cc7cdb93fdc3a50701017b337926acf32e58)
|
| | |
| |
| |
| | |
(cherry picked from commit 6587859bafe535c201f1aee6ea9d54e2a49b37fc)
|
| |\ \
| |/ |
|
| | |
| |
| |
| |
| |
| |
| | |
Approved by: so
Security: CVE-2017-3737
Security: CVE-2017-3738
Security: FreeBSD-SA-17:12.openssl
|
