the exit structure provided by the kernel. This saves an MMU translation,
and sometimes complex address computation (eg SIB).
Drop the GVA field, it is not useful to virtualizers.
* Decode AND/OR/XOR from Group1.
* Sign-extend the immediates and displacements in 64bit mode.
* Fix the storage of {read,write}_guest_memory, now that we batch certain
IO operations we can copy more than 8 bytes, and shit hits the fan.
* Remove the CR4_PSE check in the 64bit MMU. This bit is actually ignored
in long mode, and some systems (like FreeBSD) don't set it.
Kernel driver:
* Don't take an extra (unneeded) reference to the UAO.
* Provide npc for HLT. I'm not really happy with it right now, will
likely be revisited.
* Add the INT_SHADOW, INT_WINDOW_EXIT and NMI_WINDOW_EXIT states. Provide
them in the exitstate too.
* Don't take the TPR into account when processing INTs. The virtualizer
can do that itself (Qemu already does).
* Provide a hypervisor signature in CPUID, and hide SVM.
* Ignore certain MSRs. One special case is MSR_NB_CFG in which we set
NB_CFG_INITAPICCPUIDLO. Allow reads of MSR_TSC.
* If the LWP has pending signals or softints, leave, rather than waiting
for a rescheduling to happen later. This reduces interrupt processing
time in the guest (Qemu sends a signal to the thread, and now we leave
right away). This could be improved even more by sending an actual IPI
to the CPU, but I'll see later.
Libnvmm:
* Fix the MMU translation of large pages, we need to add the lower bits
too.
* Change the IO and Mem structures to take a pointer rather than a
static array. This provides more flexibility.
* Batch together the str+rep IO transactions. We do one big memory
read/write, and then send the IO commands to the hypervisor all at
once. This considerably increases performance.
* Decode MOVZX.
With these changes in place, Qemu+NVMM works. I can install NetBSD 8.0
in a VM with multiple VCPUs, connect to the network, etc.
Also verify that dwin->cury >= begy (ditto for x), i.e. for pads make
sure that the current position is after the beginning of the displayed
portion. While here refactor the checks for better readability.
We should probably combine the y and x checks b/c if one of them is
not in the range, the current position as a whole is not in the range
and it doesn't make sense to pick and set just the y or just the x
part of it.
maxy is an absolute value and should not be adjusted for begy when we
check also absolute cury. Note that this change does not affect
calculations for normal windows as for them we always pass zero for
begy. Ditto for x.
is needed on certain AMD CPUs (like mine): the segment base of OUTS can be
overridden, and it is wrong to just assume DS.
We fetch the instruction and look at the prefixes if any to determine the
correct segment.
Briefly:
São Tomé and Príncipe switches from +01 to +00 on 2019-01-01.
Changes to future timestamps
Due to a change in government, São Tomé and Príncipe switches back
from +01 to +00 on 2019-01-01 at 02:00. (Thanks to Vadim
Nasardinov and Michael Deckers.)
Release 2018h - 2018-12-23 17:59:32 -0800
Briefly:
Qyzylorda, Kazakhstan moved from +06 to +05 on 2018-12-21.
New zone Asia/Qostanay because Qostanay, Kazakhstan didn't move.
Metlakatla, Alaska observes PST this winter only.
Guess Morocco will continue to adjust clocks around Ramadan.
Add predictions for Iran from 2038 through 2090.
Changes to future timestamps
Guess that Morocco will continue to fall back just before and
spring forward just after Ramadan, the practice since 2012.
(Thanks to Maamar Abdelkader.) This means Morocco will observe
negative DST during Ramadan in main and vanguard formats, and in
rearguard format it stays in the +00 timezone and observes
ordinary DST in all months other than Ramadan. As before, extend
this guesswork to the year 2037. As a consequence, Morocco is
scheduled to observe three DST transitions in some Gregorian years
(e.g., 2033) due to the mismatch between the Gregorian and Islamic
calendars.
The table of exact transitions for Iranian DST has been extended.
It formerly cut off before the year 2038 in a nod to 32-bit time_t.
It now cuts off before 2091 as there is doubt about how the Persian
calendar will treat 2091. This change predicts DST transitions in
2038-9, 2042-3, and 2046-7 to occur one day later than previously
predicted. As before, post-cutoff transitions are approximated.
Changes to past and future timestamps
Qyzylorda (aka Kyzylorda) oblast in Kazakhstan moved from +06 to
+05 on 2018-12-21. This is a zone split as Qostanay (aka
Kostanay) did not switch, so create a zone Asia/Qostanay.
Metlakatla moved from Alaska to Pacific standard time on 2018-11-04.
It did not change clocks that day and remains on -08 this winter.
(Thanks to Ryan Stanley.) It will revert to the usual Alaska
rules next spring, so this change affects only timestamps
from 2018-11-04 through 2019-03-10.
Change to past timestamps
Kwajalein's 1993-08-20 transition from -12 to +12 was at 24:00,
not 00:00. I transcribed the time incorrectly from Shanks.
(Thanks to Phake Nick.)
Nauru's 1979 transition was on 02-10 at 02:00, not 05-01 at 00:00.
(Thanks to Phake Nick.)
Guam observed DST irregularly from 1959 through 1977.
(Thanks to Phake Nick.)
Hong Kong observed DST in 1941 starting 06-15 (not 04-01), then on
10-01 changed standard time to +08:30 (not +08). Its transition
back to +08 after WWII was on 1945-09-15, not the previous day.
Its 1904-10-30 change took effect at 01:00 +08 (not 00:00 LMT).
(Thanks to Phake Nick, Steve Allen, and Joseph Myers.) Also,
its 1952 fallback was on 11-02 (not 10-25).
This release contains many changes to timestamps before 1946 due
to Japanese possession or occupation of Pacific/Chuuk,
Pacific/Guam, Pacific/Kosrae, Pacific/Kwajalein, Pacific/Majuro,
Pacific/Nauru, Pacific/Palau, and Pacific/Pohnpei.
(Thanks to Phake Nick.)
Assume that the Spanish East Indies was like the Philippines and
observed American time until the end of 1844. This affects
Pacific/Chuuk, Pacific/Kosrae, Pacific/Palau, and Pacific/Pohnpei.
Changes to past tm_isdst flags
For the recent Morocco change, the tm_isdst flag should be 1 from
2018-10-27 00:00 to 2018-10-28 03:00. (Thanks to Michael Deckers.)
Give a URL to the official decree. (Thanks to Matt Johnson.)
* Change the Assist API. Rather than passing callbacks in each call, the
callbacks are now registered beforehand. Then change the I/O Assist to
fetch MMIO data via the Mem callback. This allows a guest to perform an
I/O string operation on a memory that is itself an MMIO.
* Introduce two new functions internal to libnvmm, read_guest_memory and
write_guest_memory. They can handle mapped memory, MMIO memory and
cross-page transactions.
* Allow nvmm_gva_to_gpa and nvmm_gpa_to_hva to take non-page-aligned
addresses. This simplifies a lot of things.
* Support the MOVS instruction, and add a test for it. This instruction
is special, in that it takes two implicit memory operands. In
particular, it means that the two buffers can both be in MMIO memory,
and we handle this case.
* Fix gross copy-pasto in nvmm_hva_unmap. Also fix a few things here and
there.
Until now, the "owner" of the memory was the guest, and by calling
nvmm_gpa_map(), the virtualizer was creating a view towards the guest
memory.
Qemu expects the contrary: it wants the owner to be the virtualizer, and
nvmm_gpa_map should just create a view from the guest towards the
virtualizer's address space. Under this scheme, it is legal to have two
GPAs that point to the same HVA.
Introduce nvmm_hva_map() and nvmm_hva_unmap(), that map/unamp the HVA into
a dedicated UOBJ. Change nvmm_gpa_map() and nvmm_gpa_unmap() to just
perform an enter into the desired UOBJ.
With this change in place, all the mapping-related problems in Qemu+NVMM
are fixed.
- Fix the I/O Assist, for INS* it is RDI and not RSI, and the register
gets updated regardless of the REP prefix.
- Fill in the Mem Assist. We decode and emulate certain instructions,
and pass a mem descriptor to the callback to handle the transaction.
The disassembler could use some polishing, and there are still a
few instructions missing; but basically it works.
This causes e.g. "ssh nosuchname" to print "No address associated with
hostname", which is correct, rather than "hostname nor servname
provided, or not known", which is not.
and smallkern, there is little interest installing them by default,
rather they can be downloaded from www. It's better this way.
While here add NVMM(4) in "SEE ALSO".
While libgcc adapts its float128 data structure to the endianness of
the architecture, the softfloat code in libc didn't. With both of
them handling the same values, softfloat must follow the toolchain.
OK: riastradh
The original implementation in OpenBSD returns "invalid" and avoids reading
the input string. The replaced behavior was interpreting the input string
ignoring the invalid arguments.
hrs@ says that
(cbp >= MB_LEN_MAX) condition is necessary for checking invalid
byte sequences. If malicious input was given, libedit would read
byte sequences forever.
hrs@ says that wctomb(3) has an internal shift state,
if wctomb(3) is called outside of libedit,
the internal state can be changed and causes miscalculate multibyte size.
So in this part, wcrtomb(3) should be used.
wcrtomb(3) requires that shift state is given in the argument.
We always initialize the shift state in ct_enc_width() to keep independent
from outside of libedit.
functions. Express both old and new functions to manipulate
attributes using those functions. Check that the the new API's opts
argument (reserved by the standard for future use) is NULL and error
out if not (like getcchar/setcchar). No functional change intended.
We still try to mainain the ability to build our curses with
!HAVE_WCHAR, but it doesn't make sense to provide stubs for new wide
API functions that just error out when !HAVE_WCHAR. Any code that
only uses old API (and can work with !HAVE_WCHAR curses) doesn't use
those new functions. The code that uses new API obviosly cannot work
when all the new API is stubbed out.
So the plan is to drop the stubs. This commit does that for files
that are not even compiled with !HAVE_WCHAR (not only those stubs are
useless, they were not even there to begin with).
Same object code is generated for the normal HAVE_WCHAR case. Nothing
is even recompiled for !HAVE_WCHAR.
Ok by blymn@ jdc@ roy@
noted by agc@. These _nvmm_area_add/delete functions don't make a lot of
sense right now and will likely be rewritten to match the behavior
expected by Qemu; but still fix for the time being.
Also fix a collision check while here.
it's the old background characters that need to be updated, not spaces.
While here, simplify and also fix the bug introduced in 1.20 (that
lost the default color) - actually use the results of wbkgdset().
Looks like we don't have any of wide curses stuff documented, so this
seems to be a good place to start. Needs more exposition on wide
attr_t and how it's related to non-wide chtype, etc, etc.
I have to admit I have no idea what's going on here, but HAVE_WCHAR
code here inverted the sense of linecmp and cellcmp checks w.r.t the
!HAVE_WCHAR variant just above it. Cf. also all other similar #ifdefs
in this file.
Found through source code inspection, not really tested.
The PUFFS reclaim operation had a race condition with lookups: we could
be asked to lookup a node, then to reclaim it before lookup completion.
At lookup completion, we would then create a leaked node.
Enter the PUFFS reclaim2 operation, which features a nlookup argument.
That let us count how many lookups are pending and avoid the above
described scenario. It also makes the codes simplier.
software to effortlessly create and manage virtual machines via NVMM.
It is mostly complete, only nvmm_assist_mem needs to be filled -- I have
a draft for that, but it needs some more care. This Mem Assist should
not be needed when emulating a system in x2apic mode, so theoretically
the current form of libnvmm is sufficient to emulate a whole class of
systems.
Generally speaking, there are so many modes in x86 that it is difficult
to handle each corner case without introducing a ton of checks that just
slow down the common-case execution. Currently we check a limited number
of things; we may add more checks in the future if they turn out to be
needed, but that's rather low priority.
Libnvmm is compiled and installed only on amd64. A man page (reviewed by
wiz@) is provided.
For some reason, fabs lives in libc, not in libm, and our tests now
detect when fabs or fabsl is missing from libm. For those ports that
sometimes have long double and sometimes don't, make it conditional.
Still missing: fabs _and_ fabsl on ia64. Need help from an itanium
wizard! Other portmasters: Please take a look and see if I missed
any ports that might have long double where this alias will not work.
Similarly, when hardware NaN propagation is available, disable
default-NaN substitution.
This enables IEEE 754 semantics on any hardware that supports it by
default. Programs that want flush-to-zero or default-NaN substitution
can enable them explicitly.
ok ryo@
The x87 hardware uses a bad approximation to pi for argument
reduction, and consequently yields bad answers for inputs near pi or
pi/2.
Tweak one tanf test whose doubly rounded output is a little too far
from the correct answer on the doubly rounded input.
internal _kvm_*err() functions aren't called, stack garbage is
not reported as an error string.
call _kvm_err() if _kvm_kvatop() fails. now the above is not
triggered anymore :-)
receive overflow errors re-instating the default behavior to
silently ignore them as before 2018-03-19.
- Introduce a new kern.sooptions sysctl to control the default
behavior of socket options. Setting this to 0x4000 (SO_RERROR),
turns on receive overflow error reporting for all sockets.
- Change dhcpcd to turn on SO_RERROR on all its sockets.
As discussed in tech-net.
Changes to code
When generating TZif files with leap seconds, zic no longer uses a
format that trips up older 32-bit clients, fixing a bug introduced
in 2018f. (Reported by Daniel Fischer.) Also, the zic workaround
for QTBUG-53071 now also works for TZif files with leap seconds.
The translator to rearguard format now rewrites the line
"Rule Japan 1948 1951 - Sep Sat>=8 25:00 0 S" to
"Rule Japan 1948 1951 - Sep Sun>=9 1:00 0 S".
This caters to zic before 2007 and to Oracle TZUpdater 2.2.0
and earlier. (Reported by Christos Zoulas.)
Changes to documentation
tzfile.5 has new sections on interoperability issues.
documented in that manpage. With the letter salad used in curses
function names naming consistency is very important and this page was
the only one that didn't match.
Add mvinsch and mvwinsch links. Update xrefs in other man pages.
In re_fastputc(), set lastline to the new line, not the previous
line so it gets initialized properly. Fixes a crash in bc with
MALLOC_OPTIONS=UJ. OK deraadt@, committing on behalf of yasuoka@
Initialize "old" screen buffer lines before use; otherwise, they would
never get NUL-terminated and cause read buffer overruns.
This fixes for example segfaults in sftp(1) that could be triggered
by typing in an extremely long string (more than one line - the longer,
the likelier to crash), then hitting backspace once.
Problem reported and patch OK'ed by sthen@.
XXX: pullup-8
Changes to code
zic now always generates TZif files where time type 0 is used for
timestamps before the first transition. This simplifies the
reading of TZif files and should not affect behavior of existing
TZif readers because the same set of time types is used; only
their internal indexes may have changed. This affects only the
legacy zones EST5EDT, CST6CDT, MST7MDT, PST8PDT, CET, MET, and
EET, which previously used nonzero types for these timestamps.
Because of the type 0 change, zic no longer outputs a dummy
transition at time -2**59 (before the Big Bang), as clients should
no longer need this to handle historical timestamps correctly.
This reverts a change introduced in 2013d and shrinks most TZif
files by a few bytes.
zic now supports negative time-of-day in Rule and Leap lines, e.g.,
"Rule X min max - Apr lastSun -6:00 1:00 -" means the transition
occurs at 18:00 on the Saturday before the last Sunday in April.
This behavior was documented in 2018a but the code did not
entirely match the documentation.
localtime.c no longer requires at least one time type in TZif
files that lack transitions or have a POSIX-style TZ string. This
future-proofs the code against possible future extensions to the
format that would allow TZif files with POSIX-style TZ strings and
without transitions or time types.
A read-access subscript error in localtime.c has been fixed.
It could occur only in TZif files with timecnt == 0, something that
does not happen in practice now but could happen in future versions.
localtime.c no longer ignores TZif POSIX-style TZ strings that
specify only standard time. Instead, these TZ strings now
override the default time type for timestamps after the last
transition (or for all time stamps if there are no transitions),
just as DST strings specifying DST have always done.
leapseconds.awk now outputs "#updated" and "#expires" comments,
and supports leap seconds at the ends of months other than June
and December. (Inspired by suggestions from Chris Woodbury.)
Changes to documentation
New restrictions: A Rule name must start with a character that
is neither an ASCII digit nor "-" nor "+", and an unquoted name
should not use characters in the set "!$%&'()*,/:;<=>?@[\]^`{|}~".
The latter restriction makes room for future extensions (a
possibility noted by Tom Lane).
tzfile.5 now documents what time types apply before the first and
after the last transition, if any.
Documentation now uses the spelling "timezone" for a TZ setting
that determines timestamp history, and "time zone" for a
geographic region currently sharing the same standard time.
The name "TZif" is now used for the tz binary data format.
tz-link.htm now mentions the A0 TimeZone Migration utilities.
(Thanks to Aldrin Martoq for the link.)
The way BSD setvbuf works is not portable and should not be relied on.
This is only important if curses is started, stopped and started in the
same session which is how portable applications handle terminal resizing.
If auto margins are present, we need to turn them off or enter
an insert mode to "push" the character we want into the corner.
If pushing a wide character of greater than one cell, we need something
more than ich1, othewise the bottom right corner will remain blank.
Follow on fix for PR# 30978.
OK jdc@
This man-page first appeared before porting all the features to NetBSD and
actually Pad ones were never ported. Keeping it in the documentation is
misleading and actually caused bugs in handling of these functions in 3rd
party software.
This is a historical behaviour that needs fixing
If any terminal does scroll when drawing in the lowest right hand cell
of the terminal then an entry should be made in the terminfo database
(currently there is no standard code) to state that and define
__SCROLLWIN as before.
Fixes PR# 30978.
When creating stdscr, ensure it's placed and sized in accordance with
lines ripped off.
LINES is no longer adjusted for lines ripped off.
POSIX makes no mention that it should be adjusted.
Bottom lines are now placed correctly.
Lines ripped off are now displayed after calling initscr.
ok kamil@
Fixes PR #53635
- This conversion significantly simplifies the code and moves NPF to
a binary serialisation format (replacing the XML-like format).
- Fix some memory/reference leaks and possibly use-after-free bugs.
- Bump NPF_VERSION as this change makes libnpf incompatible with the
previous versions. Also, different serialisation format means NPF
connection/config saving and loading is not compatible with the
previous versions either.
Thanks to christos@ for extra testing.
Instead of testing each fgetc call for resize event, add the wrapper
__fgetc_resize to simplify the logic.
While here, ensure that get_wch uses the correct input stream which
may or may not be stdin.
there is no need to copy the path into the output buffer, it is already
there....
All this has to change to become compat with a forthcoming POSIX update.
Mark the old and new lines as dirty, so they will be refreshed upon next
call to getch(3)-like routine.
This also matches the ncurses behavior.
Reviewed by <roy>
A previous change fixed only keypad(,FALSE) scenarios.
Handle catching terminal resize in INKEY_NORM and INKEY_ASSEMBLING (in the
middle of assembling a key code from passed codes) as both accept keys with
fgetc(3) and both can be in theory interrupted with a resize.
PR lib/53615
Under the condition of MKLIBCSANITIZER==yes link ubsan.c into libc.
This is a clean-room reimplementation from scratch of the Undefined
Behavior runtime called micro-UBSan (or uBSan - user-UBSan).
Do not change the signedness bit with a left shift operation.
Cast to unsigned integer to prevent this.
ftok.c:56:10, left shift of 123456789 by 24 places cannot be represented in type 'int'
ftok.c:56:10, left shift of 4160 by 24 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Do not change the signedness bit with a left shift operation.
Switch to unsigned integer to prevent this in the LAST_FRAG symbol.
xdr_rec.c:559:39, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:572:26, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:573:25, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:632:37, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:711:32, left shift of 1 by 31 places cannot be represented in type 'int'
xdr_rec.c:722:28, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
Change the type of shifted value to unsigned to prevent altering the
signedness bit.
jemalloc.c:1707:14, left shift of 1 by 31 places cannot be represented in type 'int'
jemalloc.c:1724:15, left shift of 1 by 31 places cannot be represented in type 'int'
jemalloc.c:1840:28, left shift of 1 by 31 places cannot be represented in type 'int'
Detected with micro-UBSan in the user mode.
These changes should make no practical effect - but because external
data is being examined, it would be possible to contrive a situation
(perhaps) where uninit'd vars could actually be used (unless the format
has been checked elsewhere earlier - I did not look ... we have to
appease gcc anyway).
Joerg: Please review (& fix)
The basic glue works with mininal changes for other architectures as
well, but those require linker changes first to avoid leaking dynamic
relocations into the binary.
This change:
* Removes "options PERFCTRS", the associated includes, and the associated
ifdefs. In doing so, it removes several XXXSMPs in the MI code, which is
good.
* Removes the PMC code of ARM XSCALE.
* Removes all the pmc.h files. They were all empty, except for ARM XSCALE.
* Reorders the x86 PMC code not to rely on the legacy pmc.h file. The
definitions are put in sysarch.h.
* Removes the kern/sys_pmc.c file, and along with it, the sys_pmc_control
and sys_pmc_get_info syscalls. They are marked as OBSOL in kern,
netbsd32 and rump.
* Removes the pmc_evid_t and pmc_ctr_t types.
* Removes all the associated man pages. The sets are marked as obsolete.
support for only one ARM CPU. It used to have x86 support, but it was broken
and I removed it. The legacy PMC interface will be removed from the kernel
too. Sent on tech-kern@ yesterday, thorpej was fine.
The pt variable's elements are used after the end of the pt scope.
A move of pt to outer scope fixes this.
Detected with MKSANITIZER/ASan with tmux(1), a forkpty(3) user.
If a string is empty or contains only white characters, the algorithm of
removal of white characters at the end of the passed string will read
buffer at index -1 and keep iterating backward.
Detected with MKSANITIZER/ASan when executing passwd(1).
The sanitizers are designed to use pristine OS versions of these libraries,
install interceptors for public symbols in them and link with them in every
sanitized executable.
Having unmodified base libraries (c, m, rt, pthread) also makes the system
usable with programs linking with them and without sanitization, as there
are no fatal issues during the resolving of missing symbols.
The remaining libraries like libutil, libintl etc are prebuilt with
sanitization and all their users in the MKSANITIZER=yes distribution are
required to use the same sanitizer.
libc and libpthread are already marked with the NOSANITIZER flag.
Unportable left shift reported with MKSANITIZER=yes USE_SANITIZER=undefined:
# nm /usr/lib/libc.so|grep sanit
/public/src.git/lib/libc/citrus/modules/citrus_mapper_std.c:173:8: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Sponsored by <The NetBSD Foundation>
this changes the upstream vendor from OpenSolaris to FreeBSD,
and this version is based on FreeBSD svn r315983.
in addition to the 10 years of improvements from upstream,
this version also has these NetBSD-specific enhancements:
- dtrace FBT probes can now be placed in kernel modules.
- ZFS now supports mmap().
christos