OpenBSD src changes summary for 2017-10-03 ==========================================
sys/arch/amd64/amd64 sys/conf sys/dev/pci == sys =============================================================== 01/01 == http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/sys arch/amd64/amd64 ~ fpu.c ~ locore.S ~ trap.c > The xrstor instruction will fault if the provided xstate data, which > is under userspace control via sigreturn, fails various consistency > checks. Rather than trying to replicate the CPU's hardwired checks > in C code, handle it like iretq: check in trap() whether a fault > is from the problem instruction and handle it there. > CPU behavior and the potential issue pointed out on Linux kernel-hardening > ok mikeb@ deraadt@ (guenther@) ~ trap.c > Nested xrstor handled leaks a kernel address into sigval, but potential > user address is unavailable so use 0 instead, since the typical cases > are coredump or handing to a SIGBUS handler which cannot recover. > Issue observed by bluhm > ok bluhm, mlarkin, guenther said "Foo!" (deraadt@) ~ fpu.c ~ locore.S ~ trap.c TAGGED OPENBSD_6_0 > The xrstor instruction will fault if the provided xstate data, which > is under userspace control via sigreturn, fails various consistency > checks. Rather than trying to replicate the CPU's hardwired checks > in C code, handle it like iretq: check in trap() whether a fault > is from the problem instruction and handle it there. > CPU behavior and the potential issue pointed out on Linux kernel-hardening > ok mikeb@ deraadt@ > OpenBSD 6.0 errata 044 (bluhm@) ~ fpu.c ~ locore.S ~ trap.c TAGGED OPENBSD_6_1 > The xrstor instruction will fault if the provided xstate data, which > is under userspace control via sigreturn, fails various consistency > checks. Rather than trying to replicate the CPU's hardwired checks > in C code, handle it like iretq: check in trap() whether a fault > is from the problem instruction and handle it there. > CPU behavior and the potential issue pointed out on Linux kernel-hardening > ok mikeb@ deraadt@ > OpenBSD 6.1 errata 030 (bluhm@) conf ~ param.c > work around config(8) modifying bss, using __attribute__ > ((section(".data"))). > From yasuoka. > I really want this fixed in a different way after release is finished. > (deraadt@) dev/pci ~ if_msk.c > Disable msi on the Yukon 88E8036 and 88E8053 as it triggers watchdog > timeouts > rendering the network unusable. > tested by myself > committing on behalf of jsg@ > ok deraadt@ (ajacoutot@) =============================================================================== _______________________________________________ odc mailing list [email protected] http://www.squish.net/mailman/listinfo/odc
