SecBSD/src
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sync with OpenBSD -current

Browse Source
This commit is contained in:
purplerain 2024-09-27 02:23:51 +00:00
parent 7281bb8ec6
commit f5f5616f9d
Signed by: purplerain
GPG Key ID: F42C07F07E2E35B7
18 changed files with 207 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
regress/usr.bin/ssh/cfginclude.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cfginclude.sh,v 1.4 2024/09/03 05:58:56 djm Exp $ # $OpenBSD: cfginclude.sh,v 1.5 2024/09/27 01:05:54 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="config include" tid="config include"
@ -10,7 +10,7 @@ cat > $OBJ/ssh_config.i << _EOF
Match host a Match host a
Hostname aa Hostname aa
Match host b # comment Match host=b # comment
Hostname bb Hostname bb
Include $OBJ/ssh_config.i.* Include $OBJ/ssh_config.i.*
@ -18,7 +18,7 @@ Match host c
Include $OBJ/ssh_config.i.* Include $OBJ/ssh_config.i.*
Hostname cc Hostname cc
Match host m Match host=m !user xxxyfake
Include $OBJ/ssh_config.i.* # comment Include $OBJ/ssh_config.i.* # comment
Host d Host d
@ -41,7 +41,7 @@ Match host xxxxxx
_EOF _EOF
cat > $OBJ/ssh_config.i.1 << _EOF cat > $OBJ/ssh_config.i.1 << _EOF
Match host a Match host=a
Hostname aaa Hostname aaa
Match host b Match host b
@ -64,10 +64,10 @@ cat > $OBJ/ssh_config.i.2 << _EOF
Match host a Match host a
Hostname aaaa Hostname aaaa
Match host b Match host=b !user blahblahfake
Hostname bbbb Hostname bbbb
Match host c Match host=c
Hostname cccc Hostname cccc
Host d Host d
@ -142,7 +142,7 @@ trial a aa
# cleanup # cleanup
rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out rm -f $OBJ/ssh_config.i $OBJ/ssh_config.i.* $OBJ/ssh_config.out
# $OpenBSD: cfginclude.sh,v 1.4 2024/09/03 05:58:56 djm Exp $ # $OpenBSD: cfginclude.sh,v 1.5 2024/09/27 01:05:54 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="config include" tid="config include"

68
regress/usr.bin/ssh/cfgmatch.sh
View File

@ -1,4 +1,4 @@
# $OpenBSD: cfgmatch.sh,v 1.13 2021/06/08 06:52:43 djm Exp $ # $OpenBSD: cfgmatch.sh,v 1.14 2024/09/27 01:05:54 djm Exp $
# Placed in the Public Domain. # Placed in the Public Domain.
tid="sshd_config match" tid="sshd_config match"
@ -26,7 +26,7 @@ start_client()
kill $client_pid kill $client_pid
fatal "timeout waiting for background ssh" fatal "timeout waiting for background ssh"
fi fi
done done
} }
stop_client() stop_client()
@ -119,40 +119,42 @@ stop_client
# requires knowledge of actual group memberships user running the test). # requires knowledge of actual group memberships user running the test).
params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \ params="user:user:u1 host:host:h1 address:addr:1.2.3.4 \
localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1" localaddress:laddr:5.6.7.8 rdomain:rdomain:rdom1"
cp $OBJ/sshd_proxy_bak $OBJ/sshd_config for separator in " " "=" ; do
echo 'Banner /nomatch' >>$OBJ/sshd_config cp $OBJ/sshd_proxy_bak $OBJ/sshd_config
for i in $params; do echo 'Banner /nomatch' >>$OBJ/sshd_config
config=`echo $i | cut -f1 -d:` for i in $params; do
criteria=`echo $i | cut -f2 -d:` config=`echo $i | cut -f1 -d:`
value=`echo $i | cut -f3 -d:` criteria=`echo $i | cut -f2 -d:`
cat >>$OBJ/sshd_config <<EOD value=`echo $i | cut -f3 -d:`
Match $config $value cat >>$OBJ/sshd_config <<EOD
Banner /$value Match ${config}${separator}${value}
Banner /$value
EOD EOD
done done
${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \ ${SUDO} ${SSHD} -f $OBJ/sshd_config -T >/dev/null || \
fail "validate config for w/out spec" fail "validate config for w/out spec"
# Test matching each criteria. # Test matching each criteria.
for i in $params; do for i in $params; do
testcriteria=`echo $i | cut -f2 -d:` testcriteria=`echo $i | cut -f2 -d:`
expected=/`echo $i | cut -f3 -d:` expected=/`echo $i | cut -f3 -d:`
spec="" spec=""
for j in $params; do for j in $params; do
config=`echo $j | cut -f1 -d:` config=`echo $j | cut -f1 -d:`
criteria=`echo $j | cut -f2 -d:` criteria=`echo $j | cut -f2 -d:`
value=`echo $j | cut -f3 -d:` value=`echo $j | cut -f3 -d:`
if [ "$criteria" = "$testcriteria" ]; then if [ "$criteria" = "$testcriteria" ]; then
spec="$criteria=$value,$spec" spec="$criteria=$value,$spec"
else else
spec="$criteria=1$value,$spec" spec="$criteria=1$value,$spec"
fi
done
trace "test spec $spec"
result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
awk '$1=="banner"{print $2}'`
if [ "$result" != "$expected" ]; then
fail "match $config expected $expected got $result"
fi fi
done done
trace "test spec $spec"
result=`${SUDO} ${SSHD} -f $OBJ/sshd_config -T -C "$spec" | \
awk '$1=="banner"{print $2}'`
if [ "$result" != "$expected" ]; then
fail "match $config expected $expected got $result"
fi
done done

14
regress/usr.bin/ssh/servcfginclude.sh
View File

@ -4,14 +4,14 @@ tid="server config include"
cat > $OBJ/sshd_config.i << _EOF cat > $OBJ/sshd_config.i << _EOF
HostKey $OBJ/host.ssh-ed25519 HostKey $OBJ/host.ssh-ed25519
Match host a Match host=a
Banner /aa Banner /aa
Match host b Match host b
Banner /bb Banner /bb
Include $OBJ/sshd_config.i.* # comment Include $OBJ/sshd_config.i.* # comment
Match host c Match host=c
Include $OBJ/sshd_config.i.* # comment Include $OBJ/sshd_config.i.* # comment
Banner /cc Banner /cc
@ -25,7 +25,7 @@ Match Host e
Banner /ee Banner /ee
Include $OBJ/sshd_config.i.* Include $OBJ/sshd_config.i.*
Match Host f Match Host=f
Include $OBJ/sshd_config.i.* Include $OBJ/sshd_config.i.*
Banner /ff Banner /ff
@ -47,13 +47,13 @@ Match host b
Match host c Match host c
Banner /ccc Banner /ccc
Match Host d Match Host=d
Banner /ddd Banner /ddd
Match Host e Match Host e
Banner /eee Banner /eee
Match Host f Match Host=f
Banner /fff Banner /fff
_EOF _EOF
@ -61,13 +61,13 @@ cat > $OBJ/sshd_config.i.2 << _EOF
Match host a Match host a
Banner /aaaa Banner /aaaa
Match host b Match host=b
Banner /bbbb Banner /bbbb
Match host c # comment Match host c # comment
Banner /cccc Banner /cccc
Match Host d Match Host=d
Banner /dddd Banner /dddd
Match Host e Match Host e

4
regress/usr.sbin/bgpd/integrationtests/maxattr.sh
View File

@ -1,5 +1,5 @@
#!/bin/ksh #!/bin/ksh
# $OpenBSD: maxattr.sh,v 1.2 2024/09/25 15:38:39 claudio Exp $ # $OpenBSD: maxattr.sh,v 1.3 2024/09/26 08:12:30 claudio Exp $
set -e set -e
@ -73,8 +73,6 @@ ifconfig ${PAIR1} patch ${PAIR2}
ifconfig lo${RDOMAIN1} inet 127.0.0.1/8 ifconfig lo${RDOMAIN1} inet 127.0.0.1/8
ifconfig lo${RDOMAIN2} inet 127.0.0.1/8 ifconfig lo${RDOMAIN2} inet 127.0.0.1/8
tcpdump -s 2000 -w /tmp/bgp.pcap -i ${PAIR1} &
echo run bgpds echo run bgpds
route -T ${RDOMAIN1} exec ${BGPD} \ route -T ${RDOMAIN1} exec ${BGPD} \
-v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain1.conf -v -f ${BGPDCONFIGDIR}/bgpd.maxattr.rdomain1.conf

9
share/man/man4/nvme.4
View File

@ -1,4 +1,4 @@
.\" $OpenBSD: nvme.4,v 1.3 2021/05/28 04:49:44 dlg Exp $ .\" $OpenBSD: nvme.4,v 1.4 2024/09/26 06:10:34 jmc Exp $
.\" .\"
.\" Copyright (c) 2016 David Gwynne <dlg@openbsd.org> .\" Copyright (c) 2016 David Gwynne <dlg@openbsd.org>
.\" .\"
@ -14,7 +14,7 @@
.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
.\" .\"
.Dd $Mdocdate: May 28 2021 $ .Dd $Mdocdate: September 26 2024 $
.Dt NVME 4 .Dt NVME 4
.Os .Os
.Sh NAME .Sh NAME
@ -33,6 +33,11 @@ Non-Volatile Memory Host Controller Interface specification.
Although the NVMe specification provides its own command set, the Although the NVMe specification provides its own command set, the
.Nm .Nm
driver provides access to the storage via a SCSI translation layer. driver provides access to the storage via a SCSI translation layer.
.Pp
Sensor values are made available through the
.Va hw.sensors
.Xr sysctl 8
interface.
.Sh SEE ALSO .Sh SEE ALSO
.Xr aplns 4 , .Xr aplns 4 ,
.Xr intro 4 , .Xr intro 4 ,

15
sys/arch/amd64/amd64/cpu.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.c,v 1.192 2024/08/08 07:02:38 kettenis Exp $ */ /* $OpenBSD: cpu.c,v 1.193 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */ /* $NetBSD: cpu.c,v 1.1 2003/04/26 18:39:26 fvdl Exp $ */
/*- /*-
@ -889,8 +889,10 @@ cpu_init(struct cpu_info *ci)
void void
cpu_init_vmm(struct cpu_info *ci) cpu_init_vmm(struct cpu_info *ci)
{ {
uint64_t msr;
/* /*
* Allocate a per-cpu VMXON region for VMX CPUs * Detect VMX specific features and initialize VMX-related state.
*/ */
if (ci->ci_vmm_flags & CI_VMM_VMX) { if (ci->ci_vmm_flags & CI_VMM_VMX) {
ci->ci_vmxon_region = (struct vmxon_region *)malloc(PAGE_SIZE, ci->ci_vmxon_region = (struct vmxon_region *)malloc(PAGE_SIZE,
@ -898,8 +900,17 @@ cpu_init_vmm(struct cpu_info *ci)
if (!pmap_extract(pmap_kernel(), (vaddr_t)ci->ci_vmxon_region, if (!pmap_extract(pmap_kernel(), (vaddr_t)ci->ci_vmxon_region,
&ci->ci_vmxon_region_pa)) &ci->ci_vmxon_region_pa))
panic("Can't locate VMXON region in phys mem"); panic("Can't locate VMXON region in phys mem");
ci->ci_vmcs_pa = VMX_VMCS_PA_CLEAR; ci->ci_vmcs_pa = VMX_VMCS_PA_CLEAR;
rw_init(&ci->ci_vmcs_lock, "vmcslock"); rw_init(&ci->ci_vmcs_lock, "vmcslock");
msr = rdmsr(IA32_VMX_EPT_VPID_CAP);
if (msr & IA32_EPT_VPID_CAP_INVEPT_CONTEXT)
ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode =
IA32_VMX_INVEPT_SINGLE_CTX;
else
ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode =
IA32_VMX_INVEPT_GLOBAL_CTX;
} }
} }
#endif /* NVMM > 0 */ #endif /* NVMM > 0 */

9
sys/arch/amd64/amd64/lapic.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: lapic.c,v 1.72 2024/04/03 02:01:21 guenther Exp $ */ /* $OpenBSD: lapic.c,v 1.73 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: lapic.c,v 1.2 2003/05/08 01:04:35 fvdl Exp $ */ /* $NetBSD: lapic.c,v 1.2 2003/05/08 01:04:35 fvdl Exp $ */
/*- /*-
@ -56,6 +56,7 @@
#include "ioapic.h" #include "ioapic.h"
#include "xen.h" #include "xen.h"
#include "hyperv.h" #include "hyperv.h"
#include "vmm.h"
#if NIOAPIC > 0 #if NIOAPIC > 0
#include <machine/i82093var.h> #include <machine/i82093var.h>
@ -368,7 +369,11 @@ lapic_boot_init(paddr_t lapic_base)
idt_vec_set(LAPIC_IPI_INVLPG, Xipi_invlpg_pcid); idt_vec_set(LAPIC_IPI_INVLPG, Xipi_invlpg_pcid);
idt_vec_set(LAPIC_IPI_INVLRANGE, Xipi_invlrange_pcid); idt_vec_set(LAPIC_IPI_INVLRANGE, Xipi_invlrange_pcid);
} }
#endif #if NVMM > 0
idt_allocmap[LAPIC_IPI_INVEPT] = 1;
idt_vec_set(LAPIC_IPI_INVEPT, Xipi_invept);
#endif /* NVMM > 0 */
#endif /* MULTIPROCESSOR */
idt_allocmap[LAPIC_SPURIOUS_VECTOR] = 1; idt_allocmap[LAPIC_SPURIOUS_VECTOR] = 1;
idt_vec_set(LAPIC_SPURIOUS_VECTOR, Xintrspurious); idt_vec_set(LAPIC_SPURIOUS_VECTOR, Xintrspurious);

87
sys/arch/amd64/amd64/pmap.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pmap.c,v 1.174 2024/09/20 02:00:46 jsg Exp $ */ /* $OpenBSD: pmap.c,v 1.176 2024/09/26 21:55:42 dv Exp $ */
/* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */ /* $NetBSD: pmap.c,v 1.3 2003/05/08 18:13:13 thorpej Exp $ */
/* /*
@ -338,6 +338,7 @@ void pmap_do_remove(struct pmap *, vaddr_t, vaddr_t, int);
void pmap_remove_ept(struct pmap *, vaddr_t, vaddr_t); void pmap_remove_ept(struct pmap *, vaddr_t, vaddr_t);
void pmap_do_remove_ept(struct pmap *, vaddr_t); void pmap_do_remove_ept(struct pmap *, vaddr_t);
int pmap_enter_ept(struct pmap *, vaddr_t, paddr_t, vm_prot_t); int pmap_enter_ept(struct pmap *, vaddr_t, paddr_t, vm_prot_t);
void pmap_shootept(struct pmap *, int);
#endif /* NVMM > 0 */ #endif /* NVMM > 0 */
int pmap_remove_pte(struct pmap *, struct vm_page *, pt_entry_t *, int pmap_remove_pte(struct pmap *, struct vm_page *, pt_entry_t *,
vaddr_t, int, struct pv_entry **); vaddr_t, int, struct pv_entry **);
@ -387,7 +388,11 @@ pmap_is_curpmap(struct pmap *pmap)
static inline int static inline int
pmap_is_active(struct pmap *pmap, struct cpu_info *ci) pmap_is_active(struct pmap *pmap, struct cpu_info *ci)
{ {
return pmap == pmap_kernel() || pmap == ci->ci_proc_pmap; return (pmap == pmap_kernel() || pmap == ci->ci_proc_pmap
#if NVMM > 0
|| (pmap_is_ept(pmap) && pmap == ci->ci_ept_pmap)
#endif /* NVMM > 0 */
);
} }
#endif #endif
@ -416,7 +421,7 @@ pmap_map_ptes(struct pmap *pmap)
{ {
paddr_t cr3; paddr_t cr3;
KASSERT(pmap->pm_type != PMAP_TYPE_EPT); KASSERT(!pmap_is_ept(pmap));
/* the kernel's pmap is always accessible */ /* the kernel's pmap is always accessible */
if (pmap == pmap_kernel()) if (pmap == pmap_kernel())
@ -1786,7 +1791,7 @@ void
pmap_remove(struct pmap *pmap, vaddr_t sva, vaddr_t eva) pmap_remove(struct pmap *pmap, vaddr_t sva, vaddr_t eva)
{ {
#if NVMM > 0 #if NVMM > 0
if (pmap->pm_type == PMAP_TYPE_EPT) if (pmap_is_ept(pmap))
pmap_remove_ept(pmap, sva, eva); pmap_remove_ept(pmap, sva, eva);
else else
#endif /* NVMM > 0 */ #endif /* NVMM > 0 */
@ -2437,7 +2442,7 @@ pmap_convert(struct pmap *pmap, int mode)
mtx_enter(&pmap->pm_mtx); mtx_enter(&pmap->pm_mtx);
pmap->pm_type = mode; pmap->pm_type = mode;
if (mode == PMAP_TYPE_EPT) { if (pmap_is_ept(pmap)) {
/* Clear PML4 */ /* Clear PML4 */
pte = (pt_entry_t *)pmap->pm_pdir; pte = (pt_entry_t *)pmap->pm_pdir;
memset(pte, 0, PAGE_SIZE); memset(pte, 0, PAGE_SIZE);
@ -2455,7 +2460,6 @@ void
pmap_remove_ept(struct pmap *pmap, vaddr_t sgpa, vaddr_t egpa) pmap_remove_ept(struct pmap *pmap, vaddr_t sgpa, vaddr_t egpa)
{ {
vaddr_t v; vaddr_t v;
struct vmx_invept_descriptor vid;
mtx_enter(&pmap->pm_mtx); mtx_enter(&pmap->pm_mtx);
@ -2464,15 +2468,13 @@ pmap_remove_ept(struct pmap *pmap, vaddr_t sgpa, vaddr_t egpa)
for (v = sgpa; v < egpa + PAGE_SIZE; v += PAGE_SIZE) for (v = sgpa; v < egpa + PAGE_SIZE; v += PAGE_SIZE)
pmap_do_remove_ept(pmap, v); pmap_do_remove_ept(pmap, v);
if (pmap->eptp != 0) { #ifdef MULTIPROCESSOR
memset(&vid, 0, sizeof(vid)); pmap_shootept(pmap, 1);
vid.vid_eptp = pmap->eptp; #endif /* MULTIPROCESSOR */
DPRINTF("%s: flushing EPT TLB for EPTP 0x%llx\n", __func__,
vid.vid_eptp);
invept(IA32_VMX_INVEPT_SINGLE_CTX, &vid);
}
mtx_leave(&pmap->pm_mtx); mtx_leave(&pmap->pm_mtx);
pmap_tlb_shootwait();
} }
void void
@ -2757,7 +2759,7 @@ pmap_enter(struct pmap *pmap, vaddr_t va, paddr_t pa, vm_prot_t prot, int flags)
paddr_t scr3; paddr_t scr3;
#if NVMM > 0 #if NVMM > 0
if (pmap->pm_type == PMAP_TYPE_EPT) if (pmap_is_ept(pmap))
return pmap_enter_ept(pmap, va, pa, prot); return pmap_enter_ept(pmap, va, pa, prot);
#endif /* NVMM > 0 */ #endif /* NVMM > 0 */
@ -3215,6 +3217,12 @@ volatile vaddr_t tlb_shoot_addr1 __attribute__((section(".kudata")));
volatile vaddr_t tlb_shoot_addr2 __attribute__((section(".kudata"))); volatile vaddr_t tlb_shoot_addr2 __attribute__((section(".kudata")));
volatile int tlb_shoot_first_pcid __attribute__((section(".kudata"))); volatile int tlb_shoot_first_pcid __attribute__((section(".kudata")));
#if NVMM > 0
#include <amd64/vmmvar.h>
volatile uint64_t ept_shoot_mode __attribute__((section(".kudata")));
volatile struct vmx_invept_descriptor ept_shoot_vid
__attribute__((section(".kudata")));
#endif /* NVMM > 0 */
/* Obtain the "lock" for TLB shooting */ /* Obtain the "lock" for TLB shooting */
static inline int static inline int
@ -3363,7 +3371,6 @@ pmap_tlb_shoottlb(struct pmap *pm, int shootself)
if (wait) { if (wait) {
int s = pmap_start_tlb_shoot(wait, __func__); int s = pmap_start_tlb_shoot(wait, __func__);
CPU_INFO_FOREACH(cii, ci) { CPU_INFO_FOREACH(cii, ci) {
if ((mask & (1ULL << ci->ci_cpuid)) == 0) if ((mask & (1ULL << ci->ci_cpuid)) == 0)
continue; continue;
@ -3384,6 +3391,56 @@ pmap_tlb_shoottlb(struct pmap *pm, int shootself)
} }
} }
#if NVMM > 0
/*
* pmap_shootept: similar to pmap_tlb_shoottlb, but for remotely invalidating
* EPT using invept.
*/
void
pmap_shootept(struct pmap *pm, int shootself)
{
struct cpu_info *ci, *self = curcpu();
struct vmx_invept_descriptor vid;
CPU_INFO_ITERATOR cii;
long wait = 0;
u_int64_t mask = 0;
KASSERT(pmap_is_ept(pm));
CPU_INFO_FOREACH(cii, ci) {
if (ci == self || !pmap_is_active(pm, ci) ||
!(ci->ci_flags & CPUF_RUNNING) ||
!(ci->ci_flags & CPUF_VMM))
continue;
mask |= (1ULL << ci->ci_cpuid);
wait++;
}
if (wait) {
int s = pmap_start_tlb_shoot(wait, __func__);
ept_shoot_mode = self->ci_vmm_cap.vcc_vmx.vmx_invept_mode;
ept_shoot_vid.vid_eptp = pm->eptp;
ept_shoot_vid.vid_reserved = 0;
CPU_INFO_FOREACH(cii, ci) {
if ((mask & (1ULL << ci->ci_cpuid)) == 0)
continue;
if (x86_fast_ipi(ci, LAPIC_IPI_INVEPT) != 0)
panic("%s: ipi failed", __func__);
}
splx(s);
}
if (shootself && (self->ci_flags & CPUF_VMM)) {
vid.vid_eptp = pm->eptp;
vid.vid_reserved = 0;
invept(self->ci_vmm_cap.vcc_vmx.vmx_invept_mode, &vid);
}
}
#endif /* NVMM > 0 */
void void
pmap_tlb_shootwait(void) pmap_tlb_shootwait(void)
{ {

24
sys/arch/amd64/amd64/vector.S
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vector.S,v 1.96 2024/07/21 16:19:25 deraadt Exp $ */ /* $OpenBSD: vector.S,v 1.97 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $ */ /* $NetBSD: vector.S,v 1.5 2004/06/28 09:13:11 fvdl Exp $ */
/* /*
@ -83,6 +83,7 @@
#include "assym.h" #include "assym.h"
#include "xen.h" #include "xen.h"
#include "hyperv.h" #include "hyperv.h"
#include "vmm.h"
/*****************************************************************************/ /*****************************************************************************/
@ -601,6 +602,27 @@ IDTVEC(ipi_invltlb)
iretq iretq
END(Xipi_invltlb) END(Xipi_invltlb)
#if NVMM > 0
/* Invalidate VMX EPT */
IDTVEC(ipi_invept)
pushq %rax
pushq %rdx
ioapic_asm_ack()
movq $ept_shoot_vid, %rax
movq ept_shoot_mode, %rdx
invept (%rax), %rdx
lock
decq tlb_shoot_wait
popq %rdx
popq %rax
iretq
END(Xipi_invept)
#endif /* NVMM > 0 */
/* invalidate a single page, no PCIDs version */ /* invalidate a single page, no PCIDs version */
IDTVEC(ipi_invlpg) IDTVEC(ipi_invlpg)
pushq %rax pushq %rax

14
sys/arch/amd64/amd64/vmm_machdep.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmm_machdep.c,v 1.37 2024/09/21 04:36:28 mlarkin Exp $ */ /* $OpenBSD: vmm_machdep.c,v 1.38 2024/09/26 13:18:25 dv Exp $ */
/* /*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org> * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
* *
@ -2673,11 +2673,6 @@ vcpu_init_vmx(struct vcpu *vcpu)
ret = EINVAL; ret = EINVAL;
goto exit; goto exit;
} }
if (msr & IA32_EPT_VPID_CAP_INVEPT_CONTEXT)
vcpu->vc_vmx_invept_op = IA32_VMX_INVEPT_SINGLE_CTX;
else
vcpu->vc_vmx_invept_op = IA32_VMX_INVEPT_GLOBAL_CTX;
if (msr & IA32_EPT_VPID_CAP_WB) { if (msr & IA32_EPT_VPID_CAP_WB) {
/* WB cache type supported */ /* WB cache type supported */
eptp |= IA32_EPT_PAGING_CACHE_TYPE_WB; eptp |= IA32_EPT_PAGING_CACHE_TYPE_WB;
@ -3736,10 +3731,15 @@ vcpu_run_vmx(struct vcpu *vcpu, struct vm_run_params *vrp)
ci = curcpu(); ci = curcpu();
vcpu->vc_last_pcpu = ci; vcpu->vc_last_pcpu = ci;
/* We're now using this vcpu's EPT pmap on this cpu. */
atomic_swap_ptr(&ci->ci_ept_pmap,
vcpu->vc_parent->vm_map->pmap);
/* Invalidate EPT cache. */ /* Invalidate EPT cache. */
vid_ept.vid_reserved = 0; vid_ept.vid_reserved = 0;
vid_ept.vid_eptp = vcpu->vc_parent->vm_map->pmap->eptp; vid_ept.vid_eptp = vcpu->vc_parent->vm_map->pmap->eptp;
if (invept(vcpu->vc_vmx_invept_op, &vid_ept)) { if (invept(ci->ci_vmm_cap.vcc_vmx.vmx_invept_mode,
&vid_ept)) {
printf("%s: invept\n", __func__); printf("%s: invept\n", __func__);
return (EINVAL); return (EINVAL);
} }

11
sys/arch/amd64/include/cpu.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: cpu.h,v 1.176 2024/08/27 09:16:03 bluhm Exp $ */ /* $OpenBSD: cpu.h,v 1.177 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */ /* $NetBSD: cpu.h,v 1.1 2003/04/26 18:39:39 fvdl Exp $ */
/*- /*-
@ -75,6 +75,7 @@ struct vmx {
uint32_t vmx_cr3_tgt_count; uint32_t vmx_cr3_tgt_count;
uint64_t vmx_vm_func; uint64_t vmx_vm_func;
uint8_t vmx_has_l1_flush_msr; uint8_t vmx_has_l1_flush_msr;
uint64_t vmx_invept_mode;
}; };
/* /*
@ -237,12 +238,12 @@ struct cpu_info {
union vmm_cpu_cap ci_vmm_cap; union vmm_cpu_cap ci_vmm_cap;
paddr_t ci_vmxon_region_pa; paddr_t ci_vmxon_region_pa;
struct vmxon_region *ci_vmxon_region; struct vmxon_region *ci_vmxon_region;
struct vcpu *ci_guest_vcpu; /* [o] last vcpu resumed */
char ci_panicbuf[512];
paddr_t ci_vmcs_pa; paddr_t ci_vmcs_pa;
struct rwlock ci_vmcs_lock; struct rwlock ci_vmcs_lock;
struct pmap *ci_ept_pmap; /* [o] last used EPT pmap */
struct vcpu *ci_guest_vcpu; /* [o] last vcpu resumed */
char ci_panicbuf[512];
struct clockqueue ci_queue; struct clockqueue ci_queue;
}; };

8
sys/arch/amd64/include/i82489var.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: i82489var.h,v 1.19 2024/06/09 03:12:59 jsg Exp $ */ /* $OpenBSD: i82489var.h,v 1.20 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: i82489var.h,v 1.1 2003/02/26 21:26:10 fvdl Exp $ */ /* $NetBSD: i82489var.h,v 1.1 2003/02/26 21:26:10 fvdl Exp $ */
/*- /*-
@ -33,6 +33,8 @@
#ifndef _MACHINE_I82489VAR_H_ #ifndef _MACHINE_I82489VAR_H_
#define _MACHINE_I82489VAR_H_ #define _MACHINE_I82489VAR_H_
#include "vmm.h"
/* /*
* Software definitions belonging to Local APIC driver. * Software definitions belonging to Local APIC driver.
*/ */
@ -70,6 +72,7 @@ extern void Xresume_lapic_ipi(void);
#define LAPIC_IPI_INVLTLB (LAPIC_IPI_OFFSET + 0) #define LAPIC_IPI_INVLTLB (LAPIC_IPI_OFFSET + 0)
#define LAPIC_IPI_INVLPG (LAPIC_IPI_OFFSET + 1) #define LAPIC_IPI_INVLPG (LAPIC_IPI_OFFSET + 1)
#define LAPIC_IPI_INVLRANGE (LAPIC_IPI_OFFSET + 2) #define LAPIC_IPI_INVLRANGE (LAPIC_IPI_OFFSET + 2)
#define LAPIC_IPI_INVEPT (LAPIC_IPI_OFFSET + 3)
extern void Xipi_invltlb(void); extern void Xipi_invltlb(void);
extern void Xipi_invltlb_pcid(void); extern void Xipi_invltlb_pcid(void);
@ -77,6 +80,9 @@ extern void Xipi_invlpg(void);
extern void Xipi_invlpg_pcid(void); extern void Xipi_invlpg_pcid(void);
extern void Xipi_invlrange(void); extern void Xipi_invlrange(void);
extern void Xipi_invlrange_pcid(void); extern void Xipi_invlrange_pcid(void);
#if NVMM > 0
extern void Xipi_invept(void);
#endif /* NVMM > 0 */
/* /*
* Vector used for local apic timer interrupts. * Vector used for local apic timer interrupts.

3
sys/arch/amd64/include/pmap.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pmap.h,v 1.89 2024/07/09 19:11:06 bluhm Exp $ */ /* $OpenBSD: pmap.h,v 1.90 2024/09/26 13:18:25 dv Exp $ */
/* $NetBSD: pmap.h,v 1.1 2003/04/26 18:39:46 fvdl Exp $ */ /* $NetBSD: pmap.h,v 1.1 2003/04/26 18:39:46 fvdl Exp $ */
/* /*
@ -293,6 +293,7 @@ LIST_HEAD(pmap_head, pmap); /* struct pmap_head: head of a pmap list */
#define PMAP_TYPE_EPT 2 #define PMAP_TYPE_EPT 2
#define PMAP_TYPE_RVI 3 #define PMAP_TYPE_RVI 3
#define pmap_nested(pm) ((pm)->pm_type != PMAP_TYPE_NORMAL) #define pmap_nested(pm) ((pm)->pm_type != PMAP_TYPE_NORMAL)
#define pmap_is_ept(pm) ((pm)->pm_type == PMAP_TYPE_EPT)
struct pmap { struct pmap {
struct mutex pm_mtx; struct mutex pm_mtx;

3
sys/arch/amd64/include/vmmvar.h
View File

@ -1,4 +1,4 @@
/* $OpenBSD: vmmvar.h,v 1.106 2024/09/21 04:36:28 mlarkin Exp $ */ /* $OpenBSD: vmmvar.h,v 1.107 2024/09/26 13:18:25 dv Exp $ */
/* /*
* Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org> * Copyright (c) 2014 Mike Larkin <mlarkin@openbsd.org>
* *
@ -879,7 +879,6 @@ struct vcpu {
uint32_t vc_vmx_vmcs_state; /* [a] */ uint32_t vc_vmx_vmcs_state; /* [a] */
#define VMCS_CLEARED 0 #define VMCS_CLEARED 0
#define VMCS_LAUNCHED 1 #define VMCS_LAUNCHED 1
uint64_t vc_vmx_invept_op;
/* SVM only (all requiring [v]) */ /* SVM only (all requiring [v]) */
vaddr_t vc_svm_hsa_va; vaddr_t vc_svm_hsa_va;

3
sys/arch/amd64/stand/libsa/mdrandom.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mdrandom.c,v 1.3 2020/06/19 15:00:45 naddy Exp $ */ /* $OpenBSD: mdrandom.c,v 1.4 2024/09/26 10:12:02 jsg Exp $ */
/* /*
* Copyright (c) 2020 Theo de Raadt * Copyright (c) 2020 Theo de Raadt
@ -17,7 +17,6 @@
*/ */
#include <sys/param.h> #include <sys/param.h>
#include <machine/psl.h>
#include <machine/specialreg.h> #include <machine/specialreg.h>
#include "libsa.h" #include "libsa.h"

3
sys/arch/i386/stand/libsa/mdrandom.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: mdrandom.c,v 1.3 2020/06/19 15:00:45 naddy Exp $ */ /* $OpenBSD: mdrandom.c,v 1.4 2024/09/26 10:12:02 jsg Exp $ */
/* /*
* Copyright (c) 2020 Theo de Raadt * Copyright (c) 2020 Theo de Raadt
@ -17,7 +17,6 @@
*/ */
#include <sys/param.h> #include <sys/param.h>
#include <machine/psl.h>
#include <machine/specialreg.h> #include <machine/specialreg.h>
#include "libsa.h" #include "libsa.h"

5
sys/net/pipex.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: pipex.c,v 1.155 2024/07/26 15:45:31 yasuoka Exp $ */ /* $OpenBSD: pipex.c,v 1.156 2024/09/27 00:38:49 yasuoka Exp $ */
/*- /*-
* Copyright (c) 2009 Internet Initiative Japan Inc. * Copyright (c) 2009 Internet Initiative Japan Inc.
@ -2031,7 +2031,8 @@ pipex_l2tp_input(struct mbuf *m0, int off0, struct pipex_session *session,
mtx_enter(&session->pxs_mtx); mtx_enter(&session->pxs_mtx);
l2tp_session = &session->proto.l2tp; l2tp_session = &session->proto.l2tp;
if (l2tp_session->ipsecflowinfo != ipsecflowinfo) { if (l2tp_session->ipsecflowinfo > 0 &&
l2tp_session->ipsecflowinfo != ipsecflowinfo) {
pipex_session_log(session, LOG_DEBUG, pipex_session_log(session, LOG_DEBUG,
"received message is %s", "received message is %s",
(ipsecflowinfo != 0)? "from invalid ipsec flow" : (ipsecflowinfo != 0)? "from invalid ipsec flow" :

14
usr.bin/ssh/readconf.c
View File

@ -1,4 +1,4 @@
/* $OpenBSD: readconf.c,v 1.391 2024/09/25 01:24:04 djm Exp $ */ /* $OpenBSD: readconf.c,v 1.392 2024/09/26 23:55:08 djm Exp $ */
/* /*
* Author: Tatu Ylonen <ylo@cs.hut.fi> * Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@ -687,7 +687,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
struct passwd *pw, const char *host_arg, const char *original_host, struct passwd *pw, const char *host_arg, const char *original_host,
int final_pass, int *want_final_pass, const char *filename, int linenum) int final_pass, int *want_final_pass, const char *filename, int linenum)
{ {
char *arg, *oattrib, *attrib = NULL, *cmd, *host, *criteria; char *arg, *oattrib = NULL, *attrib = NULL, *cmd, *host, *criteria;
const char *ruser; const char *ruser;
int r, this_result, result = 1, attributes = 0, negate; int r, this_result, result = 1, attributes = 0, negate;
@ -708,8 +708,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
debug2("checking match for '%s' host %s originally %s", debug2("checking match for '%s' host %s originally %s",
full_line, host, original_host); full_line, host, original_host);
while ((oattrib = argv_next(acp, avp)) != NULL) { while ((attrib = argv_next(acp, avp)) != NULL) {
attrib = xstrdup(oattrib); attrib = oattrib = xstrdup(attrib);
/* Terminate on comment */ /* Terminate on comment */
if (*attrib == '#') { if (*attrib == '#') {
argv_consume(acp); argv_consume(acp);
@ -848,8 +848,8 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
criteria == NULL ? "" : criteria, criteria == NULL ? "" : criteria,
criteria == NULL ? "" : "\""); criteria == NULL ? "" : "\"");
free(criteria); free(criteria);
free(attrib); free(oattrib);
attrib = NULL; oattrib = attrib = NULL;
} }
if (attributes == 0) { if (attributes == 0) {
error("One or more attributes required for Match"); error("One or more attributes required for Match");
@ -859,7 +859,7 @@ match_cfg_line(Options *options, const char *full_line, int *acp, char ***avp,
out: out:
if (result != -1) if (result != -1)
debug2("match %sfound", result ? "" : "not "); debug2("match %sfound", result ? "" : "not ");
free(attrib); free(oattrib);
free(host); free(host);
return result; return result;
} }