diff --git a/regress/usr.bin/ssh/cfginclude.sh b/regress/usr.bin/ssh/cfginclude.sh index d442cdd6e..97fd816f9 100644 --- a/regress/usr.bin/ssh/cfginclude.sh +++ b/regress/usr.bin/ssh/cfginclude.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfginclude.sh,v 1.4 2024/09/03 05:58:56 djm Exp $ +# $OpenBSD: cfginclude.sh,v 1.5 2024/09/27 01:05:54 djm Exp $ # Placed in the Public Domain. tid="config include" @@ -10,7 +10,7 @@ cat > $OBJ/ssh_config.i << _EOF Match host a Hostname aa -Match host b # comment +Match host=b # comment Hostname bb Include $OBJ/ssh_config.i.* @@ -18,7 +18,7 @@ Match host c Include $OBJ/ssh_config.i.* Hostname cc -Match host m +Match host=m !user xxxyfake Include $OBJ/ssh_config.i.* # comment Host d @@ -41,7 +41,7 @@ Match host xxxxxx _EOF cat > $OBJ/ssh_config.i.1 << _EOF -Match host a +Match host=a Hostname aaa Match host b @@ -64,10 +64,10 @@ cat > $OBJ/ssh_config.i.2 << _EOF Match host a Hostname aaaa -Match host b +Match host=b !user blahblahfake Hostname bbbb -Match host c +Match host=c Hostname cccc Host d @@ -142,7 +142,7 @@ trial a aa # cleanup rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out -# $OpenBSD: cfginclude.sh,v 1.4 2024/09/03 05:58:56 djm Exp $ +# $OpenBSD: cfginclude.sh,v 1.5 2024/09/27 01:05:54 djm Exp $ # Placed in the Public Domain. tid="config include" diff --git a/regress/usr.bin/ssh/cfgmatch.sh b/regress/usr.bin/ssh/cfgmatch.sh index 05a666855..2737a5f97 100644 --- a/regress/usr.bin/ssh/cfgmatch.sh +++ b/regress/usr.bin/ssh/cfgmatch.sh @@ -1,4 +1,4 @@ -# $OpenBSD: cfgmatch.sh,v 1.13 2021/06/08 06:52:43 djm Exp $ +# $OpenBSD: cfgmatch.sh,v 1.14 2024/09/27 01:05:54 djm Exp $ # Placed in the Public Domain. tid="sshd_config match" @@ -26,7 +26,7 @@ start_client() kill $client_pid fatal "timeout waiting for background ssh" fi - done + done } stop_client() @@ -119,40 +119,42 @@ stop_client # requires knowledge of actual group memberships user running the test). params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \ localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1" -cp $OBJ/sshd_proxy_bak $OBJ/sshd_config -echo 'Banner /nomatch' >>$OBJ/sshd_config -for i in $params; do - config=`echo $i | cut -f1 -d:` - criteria=`echo $i | cut -f2 -d:` - value=`echo $i | cut -f3 -d:` - cat >>$OBJ/sshd_config </dev/null || \ + fail "validate config for w/out spec" -# Test matching each criteria. -for i in $params; do - testcriteria=`echo $i | cut -f2 -d:` - expected=/`echo $i | cut -f3 -d:` - spec="" - for j in $params; do - config=`echo $j | cut -f1 -d:` - criteria=`echo $j | cut -f2 -d:` - value=`echo $j | cut -f3 -d:` - if [ "$criteria" = "$testcriteria" ]; then - spec="$criteria=$value,$spec" - else - spec="$criteria=1$value,$spec" + # Test matching each criteria. + for i in $params; do + testcriteria=`echo $i | cut -f2 -d:` + expected=/`echo $i | cut -f3 -d:` + spec="" + for j in $params; do + config=`echo $j | cut -f1 -d:` + criteria=`echo $j | cut -f2 -d:` + value=`echo $j | cut -f3 -d:` + if [ "$criteria" = "$testcriteria" ]; then + spec="$criteria=$value,$spec" + else + spec="$criteria=1$value,$spec" + fi + done + trace "test spec $spec" + result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \ + awk '$1=="banner"{print $2}'` + if [ "$result" != "$expected" ]; then + fail "match $config expected $expected got $result" fi done - trace "test spec $spec" - result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \ - awk '$1=="banner"{print $2}'` - if [ "$result" != "$expected" ]; then - fail "match $config expected $expected got $result" - fi done diff --git a/regress/usr.bin/ssh/servcfginclude.sh b/regress/usr.bin/ssh/servcfginclude.sh index 518a703d1..f67c3caac 100644 --- a/regress/usr.bin/ssh/servcfginclude.sh +++ b/regress/usr.bin/ssh/servcfginclude.sh @@ -4,14 +4,14 @@ tid="server config include" cat > $OBJ/sshd_config.i << _EOF HostKey $OBJ/host.ssh-ed25519 -Match host a +Match host=a Banner /aa Match host b Banner /bb Include $OBJ/sshd_config.i.* # comment -Match host c +Match host=c Include $OBJ/sshd_config.i.* # comment Banner /cc @@ -25,7 +25,7 @@ Match Host e Banner /ee Include $OBJ/sshd_config.i.* -Match Host f +Match Host=f Include $OBJ/sshd_config.i.* Banner /ff @@ -47,13 +47,13 @@ Match host b Match host c Banner /ccc -Match Host d +Match Host=d Banner /ddd Match Host e Banner /eee -Match Host f +Match Host=f Banner /fff _EOF @@ -61,13 +61,13 @@ cat > $OBJ/sshd_config.i.2 << _EOF Match host a Banner /aaaa -Match host b +Match host=b Banner /bbbb Match host c # comment Banner /cccc -Match Host d +Match Host=d Banner /dddd Match Host e diff --git a/regress/usr.sbin/bgpd/integrationtests/maxattr.sh b/regress/usr.sbin/bgpd/integrationtests/maxattr.sh index 693ae3479..b55d51a8a 100644 --- a/regress/usr.sbin/bgpd/integrationtests/maxattr.sh +++ b/regress/usr.sbin/bgpd/integrationtests/maxattr.sh @@ -1,5 +1,5 @@ #!/bin/ksh -# $OpenBSD: maxattr.sh,v 1.2 2024/09/25 15:38:39 claudio Exp $ +# $OpenBSD: maxattr.sh,v 1.3 2024/09/26 08:12:30 claudio Exp $ set -e @@ -73,8 +73,6 @@ ifconfig ${PAIR1} patch ${PAIR2} ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 -tcpdump -s 2000 -w /tmp/bgp.pcap -i ${PAIR1} & - echo run bgpds route -T ${RDOMAIN1} exec ${BGPD} \ -v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain1.conf diff --git a/share/man/man4/nvme.4 b/share/man/man4/nvme.4 index a934d0c66..137534b49 100644 --- a/share/man/man4/nvme.4 +++ b/share/man/man4/nvme.4 @@ -1,4 +1,4 @@ -.\" $OpenBSD: nvme.4,v 1.3 2021/05/28 04:49:44 dlg Exp $ +.\" $OpenBSD: nvme.4,v 1.4 2024/09/26 06:10:34 jmc Exp $ .\" .\" Copyright (c) 2016 David Gwynne .\" @@ -14,7 +14,7 @@ .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" -.Dd $Mdocdate: May 28 2021 $ +.Dd $Mdocdate: September 26 2024 $ .Dt NVME 4 .Os .Sh NAME @@ -33,6 +33,11 @@ Non-Volatile Memory Host Controller Interface specification. Although the NVMe specification provides its own command set, the .Nm driver provides access to the storage via a SCSI translation layer. +.Pp +Sensor values are made available through the +.Va hw.sensors +.Xr sysctl 8 +interface. .Sh SEE ALSO .Xr aplns 4 , .Xr intro 4 , diff --git a/sys/arch/amd64/amd64/cpu.c b/sys/arch/amd64/amd64/cpu.c index 0d0c02be7..265afdc7c 100644 --- a/sys/arch/amd64/amd64/cpu.c +++ b/sys/arch/amd64/amd64/cpu.c @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.c,v 1.192 2024/08/08 07:02:38 kettenis Exp $ */ +/* $OpenBSD: cpu.c,v 1.193 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */ /*- @@ -889,8 +889,10 @@ cpu_init(struct cpu_info *ci) void cpu_init_vmm(struct cpu_info *ci) { + uint64_t msr; + /* - * Allocate a per-cpu VMXON region for VMX CPUs + * Detect VMX specific features and initialize VMX-related state. */ if (ci->ci_vmm_flags & CI_VMM_VMX) { ci->ci_vmxon_region = (struct vmxon_region *)malloc(PAGE_SIZE, @@ -898,8 +900,17 @@ cpu_init_vmm(struct cpu_info *ci) if (!pmap_extract(pmap_kernel(), (vaddr_t)ci->ci_vmxon_region, &ci->ci_vmxon_region_pa)) panic("Can't locate VMXON region in phys mem"); + ci->ci_vmcs_pa = VMX_VMCS_PA_CLEAR; rw_init(&ci->ci_vmcs_lock, "vmcslock"); + + msr = rdmsr(IA32_VMX_EPT_VPID_CAP); + if (msr & IA32_EPT_VPID_CAP_INVEPT_CONTEXT) + ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode = + IA32_VMX_INVEPT_SINGLE_CTX; + else + ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode = + IA32_VMX_INVEPT_GLOBAL_CTX; } } #endif /* NVMM > 0 */ diff --git a/sys/arch/amd64/amd64/lapic.c b/sys/arch/amd64/amd64/lapic.c index 82c4eca46..14c62bfd7 100644 --- a/sys/arch/amd64/amd64/lapic.c +++ b/sys/arch/amd64/amd64/lapic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: lapic.c,v 1.72 2024/04/03 02:01:21 guenther Exp $ */ +/* $OpenBSD: lapic.c,v 1.73 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: lapic.c,v 1.2 2003/05/08 01:04:35 fvdl Exp $ */ /*- @@ -56,6 +56,7 @@ #include "ioapic.h" #include "xen.h" #include "hyperv.h" +#include "vmm.h" #if NIOAPIC > 0 #include @@ -368,7 +369,11 @@ lapic_boot_init(paddr_t lapic_base) idt_vec_set(LAPIC_IPI_INVLPG, Xipi_invlpg_pcid); idt_vec_set(LAPIC_IPI_INVLRANGE, Xipi_invlrange_pcid); } -#endif +#if NVMM > 0 + idt_allocmap[LAPIC_IPI_INVEPT] = 1; + idt_vec_set(LAPIC_IPI_INVEPT, Xipi_invept); +#endif /* NVMM > 0 */ +#endif /* MULTIPROCESSOR */ idt_allocmap[LAPIC_SPURIOUS_VECTOR] = 1; idt_vec_set(LAPIC_SPURIOUS_VECTOR, Xintrspurious); diff --git a/sys/arch/amd64/amd64/pmap.c b/sys/arch/amd64/amd64/pmap.c index cf699b04f..ceef0b25b 100644 --- a/sys/arch/amd64/amd64/pmap.c +++ b/sys/arch/amd64/amd64/pmap.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.c,v 1.174 2024/09/20 02:00:46 jsg Exp $ */ +/* $OpenBSD: pmap.c,v 1.176 2024/09/26 21:55:42 dv Exp $ */ /* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */ /* @@ -338,6 +338,7 @@ void pmap_do_remove(struct pmap *, vaddr_t, vaddr_t, int); void pmap_remove_ept(struct pmap *, vaddr_t, vaddr_t); void pmap_do_remove_ept(struct pmap *, vaddr_t); int pmap_enter_ept(struct pmap *, vaddr_t, paddr_t, vm_prot_t); +void pmap_shootept(struct pmap *, int); #endif /* NVMM > 0 */ int pmap_remove_pte(struct pmap *, struct vm_page *, pt_entry_t *, vaddr_t, int, struct pv_entry **); @@ -387,7 +388,11 @@ pmap_is_curpmap(struct pmap *pmap) static inline int pmap_is_active(struct pmap *pmap, struct cpu_info *ci) { - return pmap == pmap_kernel() || pmap == ci->ci_proc_pmap; + return (pmap == pmap_kernel() || pmap == ci->ci_proc_pmap +#if NVMM > 0 + || (pmap_is_ept(pmap) && pmap == ci->ci_ept_pmap) +#endif /* NVMM > 0 */ + ); } #endif @@ -416,7 +421,7 @@ pmap_map_ptes(struct pmap *pmap) { paddr_t cr3; - KASSERT(pmap->pm_type != PMAP_TYPE_EPT); + KASSERT(!pmap_is_ept(pmap)); /* the kernel's pmap is always accessible */ if (pmap == pmap_kernel()) @@ -1786,7 +1791,7 @@ void pmap_remove(struct pmap *pmap, vaddr_t sva, vaddr_t eva) { #if NVMM > 0 - if (pmap->pm_type == PMAP_TYPE_EPT) + if (pmap_is_ept(pmap)) pmap_remove_ept(pmap, sva, eva); else #endif /* NVMM > 0 */ @@ -2437,7 +2442,7 @@ pmap_convert(struct pmap *pmap, int mode) mtx_enter(&pmap->pm_mtx); pmap->pm_type = mode; - if (mode == PMAP_TYPE_EPT) { + if (pmap_is_ept(pmap)) { /* Clear PML4 */ pte = (pt_entry_t *)pmap->pm_pdir; memset(pte, 0, PAGE_SIZE); @@ -2455,7 +2460,6 @@ void pmap_remove_ept(struct pmap *pmap, vaddr_t sgpa, vaddr_t egpa) { vaddr_t v; - struct vmx_invept_descriptor vid; mtx_enter(&pmap->pm_mtx); @@ -2464,15 +2468,13 @@ pmap_remove_ept(struct pmap *pmap, vaddr_t sgpa, vaddr_t egpa) for (v = sgpa; v < egpa + PAGE_SIZE; v += PAGE_SIZE) pmap_do_remove_ept(pmap, v); - if (pmap->eptp != 0) { - memset(&vid, 0, sizeof(vid)); - vid.vid_eptp = pmap->eptp; - DPRINTF("%s: flushing EPT TLB for EPTP 0x%llx\n", __func__, - vid.vid_eptp); - invept(IA32_VMX_INVEPT_SINGLE_CTX, &vid); - } +#ifdef MULTIPROCESSOR + pmap_shootept(pmap, 1); +#endif /* MULTIPROCESSOR */ mtx_leave(&pmap->pm_mtx); + + pmap_tlb_shootwait(); } void @@ -2757,7 +2759,7 @@ pmap_enter(struct pmap *pmap, vaddr_t va, paddr_t pa, vm_prot_t prot, int flags) paddr_t scr3; #if NVMM > 0 - if (pmap->pm_type == PMAP_TYPE_EPT) + if (pmap_is_ept(pmap)) return pmap_enter_ept(pmap, va, pa, prot); #endif /* NVMM > 0 */ @@ -3215,6 +3217,12 @@ volatile vaddr_t tlb_shoot_addr1 __attribute__((section(".kudata"))); volatile vaddr_t tlb_shoot_addr2 __attribute__((section(".kudata"))); volatile int tlb_shoot_first_pcid __attribute__((section(".kudata"))); +#if NVMM > 0 +#include +volatile uint64_t ept_shoot_mode __attribute__((section(".kudata"))); +volatile struct vmx_invept_descriptor ept_shoot_vid + __attribute__((section(".kudata"))); +#endif /* NVMM > 0 */ /* Obtain the "lock" for TLB shooting */ static inline int @@ -3363,7 +3371,6 @@ pmap_tlb_shoottlb(struct pmap *pm, int shootself) if (wait) { int s = pmap_start_tlb_shoot(wait, __func__); - CPU_INFO_FOREACH(cii, ci) { if ((mask & (1ULL << ci->ci_cpuid)) == 0) continue; @@ -3384,6 +3391,56 @@ pmap_tlb_shoottlb(struct pmap *pm, int shootself) } } +#if NVMM > 0 +/* + * pmap_shootept: similar to pmap_tlb_shoottlb, but for remotely invalidating + * EPT using invept. + */ +void +pmap_shootept(struct pmap *pm, int shootself) +{ + struct cpu_info *ci, *self = curcpu(); + struct vmx_invept_descriptor vid; + CPU_INFO_ITERATOR cii; + long wait = 0; + u_int64_t mask = 0; + + KASSERT(pmap_is_ept(pm)); + + CPU_INFO_FOREACH(cii, ci) { + if (ci == self || !pmap_is_active(pm, ci) || + !(ci->ci_flags & CPUF_RUNNING) || + !(ci->ci_flags & CPUF_VMM)) + continue; + mask |= (1ULL << ci->ci_cpuid); + wait++; + } + + if (wait) { + int s = pmap_start_tlb_shoot(wait, __func__); + + ept_shoot_mode = self->ci_vmm_cap.vcc_vmx.vmx_invept_mode; + ept_shoot_vid.vid_eptp = pm->eptp; + ept_shoot_vid.vid_reserved = 0; + + CPU_INFO_FOREACH(cii, ci) { + if ((mask & (1ULL << ci->ci_cpuid)) == 0) + continue; + if (x86_fast_ipi(ci, LAPIC_IPI_INVEPT) != 0) + panic("%s: ipi failed", __func__); + } + + splx(s); + } + + if (shootself && (self->ci_flags & CPUF_VMM)) { + vid.vid_eptp = pm->eptp; + vid.vid_reserved = 0; + invept(self->ci_vmm_cap.vcc_vmx.vmx_invept_mode, &vid); + } +} +#endif /* NVMM > 0 */ + void pmap_tlb_shootwait(void) { diff --git a/sys/arch/amd64/amd64/vector.S b/sys/arch/amd64/amd64/vector.S index c51f872f0..3befb31ef 100644 --- a/sys/arch/amd64/amd64/vector.S +++ b/sys/arch/amd64/amd64/vector.S @@ -1,4 +1,4 @@ -/* $OpenBSD: vector.S,v 1.96 2024/07/21 16:19:25 deraadt Exp $ */ +/* $OpenBSD: vector.S,v 1.97 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $ */ /* @@ -83,6 +83,7 @@ #include "assym.h" #include "xen.h" #include "hyperv.h" +#include "vmm.h" /*****************************************************************************/ @@ -601,6 +602,27 @@ IDTVEC(ipi_invltlb) iretq END(Xipi_invltlb) +#if NVMM > 0 +/* Invalidate VMX EPT */ +IDTVEC(ipi_invept) + pushq %rax + pushq %rdx + + ioapic_asm_ack() + + movq $ept_shoot_vid, %rax + movq ept_shoot_mode, %rdx + invept (%rax), %rdx + + lock + decq tlb_shoot_wait + + popq %rdx + popq %rax + iretq +END(Xipi_invept) +#endif /* NVMM > 0 */ + /* invalidate a single page, no PCIDs version */ IDTVEC(ipi_invlpg) pushq %rax diff --git a/sys/arch/amd64/amd64/vmm_machdep.c b/sys/arch/amd64/amd64/vmm_machdep.c index c9a0531a6..7c898fb55 100644 --- a/sys/arch/amd64/amd64/vmm_machdep.c +++ b/sys/arch/amd64/amd64/vmm_machdep.c @@ -1,4 +1,4 @@ -/* $OpenBSD: vmm_machdep.c,v 1.37 2024/09/21 04:36:28 mlarkin Exp $ */ +/* $OpenBSD: vmm_machdep.c,v 1.38 2024/09/26 13:18:25 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -2673,11 +2673,6 @@ vcpu_init_vmx(struct vcpu *vcpu) ret = EINVAL; goto exit; } - if (msr & IA32_EPT_VPID_CAP_INVEPT_CONTEXT) - vcpu->vc_vmx_invept_op = IA32_VMX_INVEPT_SINGLE_CTX; - else - vcpu->vc_vmx_invept_op = IA32_VMX_INVEPT_GLOBAL_CTX; - if (msr & IA32_EPT_VPID_CAP_WB) { /* WB cache type supported */ eptp |= IA32_EPT_PAGING_CACHE_TYPE_WB; @@ -3736,10 +3731,15 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp) ci = curcpu(); vcpu->vc_last_pcpu = ci; + /* We're now using this vcpu's EPT pmap on this cpu. */ + atomic_swap_ptr(&ci->ci_ept_pmap, + vcpu->vc_parent->vm_map->pmap); + /* Invalidate EPT cache. */ vid_ept.vid_reserved = 0; vid_ept.vid_eptp = vcpu->vc_parent->vm_map->pmap->eptp; - if (invept(vcpu->vc_vmx_invept_op, &vid_ept)) { + if (invept(ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode, + &vid_ept)) { printf("%s: invept\n", __func__); return (EINVAL); } diff --git a/sys/arch/amd64/include/cpu.h b/sys/arch/amd64/include/cpu.h index ca198b24a..34ba78776 100644 --- a/sys/arch/amd64/include/cpu.h +++ b/sys/arch/amd64/include/cpu.h @@ -1,4 +1,4 @@ -/* $OpenBSD: cpu.h,v 1.176 2024/08/27 09:16:03 bluhm Exp $ */ +/* $OpenBSD: cpu.h,v 1.177 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */ /*- @@ -75,6 +75,7 @@ struct vmx { uint32_t vmx_cr3_tgt_count; uint64_t vmx_vm_func; uint8_t vmx_has_l1_flush_msr; + uint64_t vmx_invept_mode; }; /* @@ -237,12 +238,12 @@ struct cpu_info { union vmm_cpu_cap ci_vmm_cap; paddr_t ci_vmxon_region_pa; struct vmxon_region *ci_vmxon_region; - struct vcpu *ci_guest_vcpu; /* [o] last vcpu resumed */ - - char ci_panicbuf[512]; - paddr_t ci_vmcs_pa; struct rwlock ci_vmcs_lock; + struct pmap *ci_ept_pmap; /* [o] last used EPT pmap */ + struct vcpu *ci_guest_vcpu; /* [o] last vcpu resumed */ + + char ci_panicbuf[512]; struct clockqueue ci_queue; }; diff --git a/sys/arch/amd64/include/i82489var.h b/sys/arch/amd64/include/i82489var.h index 61840dd38..4f32f9f95 100644 --- a/sys/arch/amd64/include/i82489var.h +++ b/sys/arch/amd64/include/i82489var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: i82489var.h,v 1.19 2024/06/09 03:12:59 jsg Exp $ */ +/* $OpenBSD: i82489var.h,v 1.20 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: i82489var.h,v 1.1 2003/02/26 21:26:10 fvdl Exp $ */ /*- @@ -33,6 +33,8 @@ #ifndef _MACHINE_I82489VAR_H_ #define _MACHINE_I82489VAR_H_ +#include "vmm.h" + /* * Software definitions belonging to Local APIC driver. */ @@ -70,6 +72,7 @@ extern void Xresume_lapic_ipi(void); #define LAPIC_IPI_INVLTLB (LAPIC_IPI_OFFSET + 0) #define LAPIC_IPI_INVLPG (LAPIC_IPI_OFFSET + 1) #define LAPIC_IPI_INVLRANGE (LAPIC_IPI_OFFSET + 2) +#define LAPIC_IPI_INVEPT (LAPIC_IPI_OFFSET + 3) extern void Xipi_invltlb(void); extern void Xipi_invltlb_pcid(void); @@ -77,6 +80,9 @@ extern void Xipi_invlpg(void); extern void Xipi_invlpg_pcid(void); extern void Xipi_invlrange(void); extern void Xipi_invlrange_pcid(void); +#if NVMM > 0 +extern void Xipi_invept(void); +#endif /* NVMM > 0 */ /* * Vector used for local apic timer interrupts. diff --git a/sys/arch/amd64/include/pmap.h b/sys/arch/amd64/include/pmap.h index 40808ff41..c0495badc 100644 --- a/sys/arch/amd64/include/pmap.h +++ b/sys/arch/amd64/include/pmap.h @@ -1,4 +1,4 @@ -/* $OpenBSD: pmap.h,v 1.89 2024/07/09 19:11:06 bluhm Exp $ */ +/* $OpenBSD: pmap.h,v 1.90 2024/09/26 13:18:25 dv Exp $ */ /* $NetBSD: pmap.h,v 1.1 2003/04/26 18:39:46 fvdl Exp $ */ /* @@ -293,6 +293,7 @@ LIST_HEAD(pmap_head, pmap); /* struct pmap_head: head of a pmap list */ #define PMAP_TYPE_EPT 2 #define PMAP_TYPE_RVI 3 #define pmap_nested(pm) ((pm)->pm_type != PMAP_TYPE_NORMAL) +#define pmap_is_ept(pm) ((pm)->pm_type == PMAP_TYPE_EPT) struct pmap { struct mutex pm_mtx; diff --git a/sys/arch/amd64/include/vmmvar.h b/sys/arch/amd64/include/vmmvar.h index c607c1d66..6bc63d5ae 100644 --- a/sys/arch/amd64/include/vmmvar.h +++ b/sys/arch/amd64/include/vmmvar.h @@ -1,4 +1,4 @@ -/* $OpenBSD: vmmvar.h,v 1.106 2024/09/21 04:36:28 mlarkin Exp $ */ +/* $OpenBSD: vmmvar.h,v 1.107 2024/09/26 13:18:25 dv Exp $ */ /* * Copyright (c) 2014 Mike Larkin * @@ -879,7 +879,6 @@ struct vcpu { uint32_t vc_vmx_vmcs_state; /* [a] */ #define VMCS_CLEARED 0 #define VMCS_LAUNCHED 1 - uint64_t vc_vmx_invept_op; /* SVM only (all requiring [v]) */ vaddr_t vc_svm_hsa_va; diff --git a/sys/arch/amd64/stand/libsa/mdrandom.c b/sys/arch/amd64/stand/libsa/mdrandom.c index 3917fcfe3..c29d23378 100644 --- a/sys/arch/amd64/stand/libsa/mdrandom.c +++ b/sys/arch/amd64/stand/libsa/mdrandom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mdrandom.c,v 1.3 2020/06/19 15:00:45 naddy Exp $ */ +/* $OpenBSD: mdrandom.c,v 1.4 2024/09/26 10:12:02 jsg Exp $ */ /* * Copyright (c) 2020 Theo de Raadt @@ -17,7 +17,6 @@ */ #include -#include #include #include "libsa.h" diff --git a/sys/arch/i386/stand/libsa/mdrandom.c b/sys/arch/i386/stand/libsa/mdrandom.c index 15c81b08b..c50b38dab 100644 --- a/sys/arch/i386/stand/libsa/mdrandom.c +++ b/sys/arch/i386/stand/libsa/mdrandom.c @@ -1,4 +1,4 @@ -/* $OpenBSD: mdrandom.c,v 1.3 2020/06/19 15:00:45 naddy Exp $ */ +/* $OpenBSD: mdrandom.c,v 1.4 2024/09/26 10:12:02 jsg Exp $ */ /* * Copyright (c) 2020 Theo de Raadt @@ -17,7 +17,6 @@ */ #include -#include #include #include "libsa.h" diff --git a/sys/net/pipex.c b/sys/net/pipex.c index 9878fdc3b..4135ebe80 100644 --- a/sys/net/pipex.c +++ b/sys/net/pipex.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pipex.c,v 1.155 2024/07/26 15:45:31 yasuoka Exp $ */ +/* $OpenBSD: pipex.c,v 1.156 2024/09/27 00:38:49 yasuoka Exp $ */ /*- * Copyright (c) 2009 Internet Initiative Japan Inc. @@ -2031,7 +2031,8 @@ pipex_l2tp_input(struct mbuf *m0, int off0, struct pipex_session *session, mtx_enter(&session->pxs_mtx); l2tp_session = &session->proto.l2tp; - if (l2tp_session->ipsecflowinfo != ipsecflowinfo) { + if (l2tp_session->ipsecflowinfo > 0 && + l2tp_session->ipsecflowinfo != ipsecflowinfo) { pipex_session_log(session, LOG_DEBUG, "received message is %s", (ipsecflowinfo != 0)? "from invalid ipsec flow" : diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 3ba4355a9..48716af2f 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: readconf.c,v 1.391 2024/09/25 01:24:04 djm Exp $ */ +/* $OpenBSD: readconf.c,v 1.392 2024/09/26 23:55:08 djm Exp $ */ /* * Author: Tatu Ylonen * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland @@ -687,7 +687,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, struct passwd *pw, const char *host_arg, const char *original_host, int final_pass, int *want_final_pass, const char *filename, int linenum) { - char *arg, *oattrib, *attrib = NULL, *cmd, *host, *criteria; + char *arg, *oattrib = NULL, *attrib = NULL, *cmd, *host, *criteria; const char *ruser; int r, this_result, result = 1, attributes = 0, negate; @@ -708,8 +708,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, debug2("checking match for '%s' host %s originally %s", full_line, host, original_host); - while ((oattrib = argv_next(acp, avp)) != NULL) { - attrib = xstrdup(oattrib); + while ((attrib = argv_next(acp, avp)) != NULL) { + attrib = oattrib = xstrdup(attrib); /* Terminate on comment */ if (*attrib == '#') { argv_consume(acp); @@ -848,8 +848,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, criteria == NULL ? "" : criteria, criteria == NULL ? "" : "\""); free(criteria); - free(attrib); - attrib = NULL; + free(oattrib); + oattrib = attrib = NULL; } if (attributes == 0) { error("One or more attributes required for Match"); @@ -859,7 +859,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp, out: if (result != -1) debug2("match %sfound", result ? "" : "not "); - free(attrib); + free(oattrib); free(host); return result; }