Ingo Schwarze (schwarze@) writes in about fresh developments in mandoc(1):
During EuroBSDCon 2018 in Bucuresti, Adam Kalisz suggested to add
a table of contents near the top of the HTML output of mandoc,
and i just implemented and committed that.
Contributed by
rueda
on
from the Romania-Oriented-Presentations dept.
EuroBSDcon 2018
is now over, and slides for OpenBSD-related presentations are now available
from the
usual place.
As always, there's some great reading there (especially for those of us
who were unable to attend the conference).
Unfortunately, there will not be any video this year.
Fresh from the just concluded n2k18 hackathon comes this report from Ken Westerback
(krw@),
who writes:
How to travel from Dresden to Usti nad Labem for free!
No drama flying to Dresden, from which a train would take me to n2k18's
home in Usti nad Labem. Other than being puzzled that it costs less to
fly YYZ -> FRA -> DRS than it costs to fly YYZ -> FRA.
In a
shortseriesofcommits,
Carlos Cardenas (ccardenas@) added support for
qcow2
image support to vmd(8).
[This builds on an
earlier commit
adding support for pluggable disk backends.]
The code was written by Ori Bernstein, who posted his diffs (thread 1, thread 2) to the tech@openbsd.org mailing list in August.
Contributed by
rueda
on
from the all-your-benchmarks-are-belong-to-us dept.
In a
message to tech@,
Theo de Raadt (deraadt@)
gives an update on the state-of-play regarding processor vulnerabilities:
Two recently disclosed hardware bugs affected Intel cpus:
- TLBleed
- T1TF (the name "Foreshadow" refers to 1 of 3 aspects of this
bug, more aspects are surely on the way)
Solving these bugs requires new cpu microcode, a coding workaround,
*AND* the disabling of SMT / Hyperthreading.
Theo de Raadt (deraadt@) has
committed
a diff to mitigate the
"Intel L1TF screwup" for the amd64 platform we reported on earlier:
From: Theo de Raadt (elided)
Date: Tue, 21 Aug 2018 13:04:41 -0600 (MDT)
To: source-changes@openbsd.org
Subject: CVS: cvs.openbsd.org: src
CVSROOT: /cvs
Module name: src
Changes by: deraadt@cvs.openbsd.org 2018/08/21 13:04:41
Modified files:
sys/arch/amd64/amd64: identcpu.c vmm.c vmm_support.S
sys/arch/amd64/include: cpu.h specialreg.h vmmvar.h
Log message:
Perform mitigations for Intel L1TF screwup. There are three options:
(1) Future cpus which don't have the bug, (2) cpu's with microcode
containing a L1D flush operation, (3) stuffing the L1D cache with fresh
data and expiring old content. This stuffing loop is complicated and
interesting, no details on the mitigation have been released by Intel so
Mike and I studied other systems for inspiration. Replacement algorithm
for the L1D is described in the tlbleed paper. We use a 64K PA-linear
region filled with trapsleds (in case there is L1D->L1I data movement).
The TLBs covering the region are loaded first, because TLB loading
apparently flows through the D cache. Before performing vmlaunch or
vmresume, the cachelines covering the guest registers are also flushed.
with mlarkin, additional testing by pd, handy comments from the
kettenis and guenther peanuts
Contributed by
Paul 'WEiRD' de Weerd
on
from the the gift that keeps on giving dept.
Theo de Raadt (deraadt@)
posted to the tech@ mailing list with some background on how the latest discovered Intel CPU
issues relate to OpenBSD.
Date: Wed, 15 Aug 2018 00:31:16 -0600
From: Theo de Raadt [elided]
To: tech@openbsd.org
Subject: CVE-2018-3615, CVE-2018-3620, CVE-2018-3646
These 3 issues all relate to a bug in Intel cpus
The cpu will speculatively honour invalid PTE against data in the
on-core L1 cache. Memory disclosure occurs into the wrong context.
These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together
are the currently public artifacts of this one bug.
We are constantly on the lookout for stories of how you put OpenBSD to work.
Please submit any informative articles on how OpenBSD is helping your company.
