This passes smoke test on my Sandy Bridge laptop (X220).

Sounds good to me. When bringing back i386 EFI we should start from (and end with) a shared bootinfo.c

Sounds good to me with the testing that was done.

In the commit message we can reference this quote from https://www.amd.com/en/corporate/speculative-execution:

We believe AMD processors are not susceptible due to our use of privilege level protections within paging architecture and no mitigation is required.

Should we add a comment and perhaps a reference to lib/msun?

Looks good to me, but needs someone with a doc commit bit to approve.

Committed in rS328083

If the root cause is addressed by D13942 we could abandon this change, even though I think it doesn't hurt to have this in.

This reverts rS88450, but the commit message there unfortunately states exactly what was done but not why.

Does stdint.h define all of the types needed here (i.e., is sys/types.h now redundant)?

Came from rS305841.

LGTM. I wonder if we should have a tiny comment that says we use -n for broader portability (since the -h is documented in the man page as the canonical option).

I think this is fine. Do you want to handle the case in ​link_elf_link_preload too?

Committed in rS328011 (which incorrectly referenced D13573)

FWIW I have disabled SUJ by default in the installer, in rS327890, until the underlying issue with SUJ + CG checksums is addressed.

Also graphics/OpenEXR and lang/fsharp on i386.

For the ports infrastructure security-check thing we should just switch to readelf instead.

See also PR 225110

rebase

In D13812#289967, @lattera-gmail.com wrote:

I would be happy to test on my SoftIron OverDrive 1000. I'll start on that today.

This passed a buildworld + buildkernel smoketest on my AMD Threadripper system. I didn't pay very close attention to the time to complete. It's somewhat slower compared to an unpatched kernel.

Committed in rS327783

See also D13813 for a few open comments on the man page

First round of cleanup from bjk

Thanks for the extensive comments! I'll address the grammatical ones before commit. The "valid values" questions etc. probably require more research and will be in a followup.

• Connect to Makefile
• document -z text, -z notext
• use .Dv for tags

ThunderX is not vulnerable to CVE-2017-5715, CVE-2017-5753, or CVE-2017-5754.

• add . at end of descriptions
• wrap
• expand -o output argument
• use .Fn for _exit function markup

While reviewing I found that ld does not support --output=path. We may find more of these, and will submit all of them upstream at the end of this.

It doesn't follow our normal deprecation policy but given that lint (when it builds) is not usable anyhow I think it's acceptable. We need to ensure that it is noted in the release notes though.

Rafael I'd be happy for this to go upstream as well after editing.

https://bugs.freebsd.org/223892

Err rS327526

Hi @worldofzak_gmail.com, sorry I didn't reference the followup commit here. This should have been fixed by rS326992

Out of curiosity why are there NUL bytes in the first place?