This passes smoke test on my Sandy Bridge laptop (X220).
Fri, Jan 19
Sounds good to me. When bringing back i386 EFI we should start from (and end with) a shared bootinfo.c
Thu, Jan 18
Sounds good to me with the testing that was done.
In the commit message we can reference this quote from https://www.amd.com/en/corporate/speculative-execution:
We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.
Should we add a comment and perhaps a reference to lib/msun?
Wed, Jan 17
Looks good to me, but needs someone with a doc commit bit to approve.
Tue, Jan 16
If the root cause is addressed by D13942 we could abandon this change, even though I think it doesn't hurt to have this in.
This reverts rS88450, but the commit message there unfortunately states exactly what was done but not why.
Does stdint.h define all of the types needed here (i.e., is sys/types.h now redundant)?
Came from rS305841.
LGTM. I wonder if we should have a tiny comment that says we use -n for broader portability (since the -h is documented in the man page as the canonical option).
I think this is fine. Do you want to handle the case in link_elf_link_preload too?
Mon, Jan 15
Sun, Jan 14
Sat, Jan 13
FWIW I have disabled SUJ by default in the installer, in rS327890, until the underlying issue with SUJ + CG checksums is addressed.
Fri, Jan 12
Also graphics/OpenEXR and lang/fsharp on i386.
For the ports infrastructure security-check thing we should just switch to readelf instead.
See also PR 225110
Thu, Jan 11
I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.
Wed, Jan 10
This passed a buildworld + buildkernel smoketest on my AMD Threadripper system. I didn't pay very close attention to the time to complete. It's somewhat slower compared to an unpatched kernel.
Committed in rS327783
See also D13813 for a few open comments on the man page
First round of cleanup from bjk
Thanks for the extensive comments! I'll address the grammatical ones before commit. The "valid values" questions etc. probably require more research and will be in a followup.
- Connect to Makefile
- document -z text, -z notext
- use .Dv for tags
Tue, Jan 9
ThunderX is not vulnerable to CVE-2017-5715, CVE-2017-5753, or CVE-2017-5754.
- add . at end of descriptions
- expand -o output argument
- use .Fn for _exit function markup
While reviewing I found that ld does not support --output=path. We may find more of these, and will submit all of them upstream at the end of this.
It doesn't follow our normal deprecation policy but given that lint (when it builds) is not usable anyhow I think it's acceptable. We need to ensure that it is noted in the release notes though.
Rafael I'd be happy for this to go upstream as well after editing.
Fri, Jan 5
Wed, Jan 3
Tue, Jan 2
Out of curiosity why are there NUL bytes in the first place?