- User Since
- Jun 4 2014, 7:07 AM (287 w, 2 d)
Thu, Dec 5
Mon, Dec 2
Thu, Nov 28
Wed, Nov 27
Tue, Nov 26
Mon, Nov 25
Sun, Nov 24
Sat, Nov 23
Fri, Nov 22
Mon, Nov 18
Minor request, if the MSR_OP_LOCAL/SCHED/RENDEVOUS opcodes are mutually exclusive from each other then don't make them be bitfield definitions, just have them be sequential numbers.
This looks great. My only complaint is using the name "tweak", I think it's too casual and poorly descriptive. Maybe x86_program_msr_smp()?
Sat, Nov 16
Fri, Nov 15
Move taa into its own sysctl node, machdep.mitigations.taa.(enable|state)
Move the sysctls and tunables to the new machdep.mitigations
tree. Rename the code in accordance, and rename the sysctls
themselves to have neutral wording.
Address several comments
My suggestion is to move ssb, mds, tsx, and probably others from _hw to something like _hw.x86.mitigations. Then rename each with a name that's not enable or disable. We would still have compat OIDs, and I think that the values could remain the same. That's work for a future time, though.
Add some bootverbose messages for when things don't behave.
Track MDS state and synchronize more closely with it.
Remove an unncessary XXX comment
Forgot to set the TSX MSR on all CPUs, not just the one that's currently
Complete the TAA mitigation. Code is tested with and without the
microcode update. Has not been tested to see if it actually stops
the POC attacks.
Thu, Nov 14
Wed, Nov 13
Tue, Nov 12
Mon, Nov 11
Oct 28 2019
Oct 23 2019
Oct 13 2019
Oct 12 2019
Oct 9 2019
The patch works as advertised right now. A couple of observations for my case:
Sep 23 2019
Sep 9 2019
Sep 6 2019
Sep 4 2019
Sep 3 2019
Jul 24 2019
He's out for a few more weeks. It's on my radar, but I've been busy with other things.
Jul 23 2019
Jul 20 2019
Jul 15 2019
Jul 12 2019
Switch to using sizeof() inplace of prescribing VM_MAX_SUFFIXLEN
Fix and expand comments, add a compile time assert for safety.
Pad the buffer length in the sysctl handlers to the null terminator.
Jul 11 2019
Jun 24 2019
Jun 21 2019
Just tested with TruOS/Trident from a May 2019 kernel, and it's getting ECAPMODE. Maybe the problems with Capsicum aren't worked out yet. I'll look some more at it.
Jun 20 2019
Overall this looks very good, but error handoff in pvscsi_process_completion() is not correct. Generally if you're going to return a status that isn't CAM_REQ_CMP, you need to do the following before calling xpt_done():
Jun 19 2019
Jun 12 2019
May 27 2019
May 17 2019
May 1 2019
Apr 30 2019
I'm a bit lost on where the thread on sysctl_wire_old_buffer() is going. I'm fine with the code as-is, recommend not removing the call unless Mark advises otherwise.