Some new intel machines have a new 3rd tier of cpus called LP-E which are
E-core (Atom) without L3 cache. These cpus are Lethargic, and it sucks
when processes migrate to them.
This introduces sysctl hw.blockcpu= which takes a sequence of 4 letters.
S (for SMT), P (regular performance cpu), E (efficient cpu) generally
80% to 50% as fast), and L (lethargic cpu) which are even slower.
By setting this, you can select cpus to kick out of the scheduler. The
default is SL.
The hw.smt sysctl remains for now but we will eventually delete it.
hw.smt changes and follows hw.blockcpu=S.
ok kettenis mlarkin
Fix an off-by-one error in the X.509 verifier depth checking.
In x509_verify_build_chains(), ensure that we check the current depth
against max_depth prior to turning it into a legacy-style depth index.
Additionally, add a guard to x509_verify_chain_append() so that we avoid
exceeding the maximum certs per chain, even if we fail to handle this
correctly elsewhere. Also prevent the legacy callback from being able
to override the maximum verification depth.
The current off-by-one allows for a 4 byte overwrite to occur on heap
allocated memory - this will likely trigger a crash on OpenBSD (but may
go unnoticed elsewhere). This is only reachable if a TLS client is talking
to a malicious server or if a TLS server has client certificate
verification enabled - in both cases the verification depth also needs to
be set to the maximum allowed value of 32.
It is worth noting that many TLS clients/servers set the maximum
verification depth to a value that is much less than the default. A libtls
client or server uses a default depth of 6 and is not impacted in this
[6 lines not shown]
Update prometheus to the last LTS release (3.5.1)
This drops two patches which are unneeded. First the Makefile workaround
to skip the asset build step is unneeded, instead use
PREBUILT_ASSETS_STATIC_DIR. Second drop the compress_assets.sh diff
and replace it with a BDEP on shell/bash -- too much bashism there.
Update the patch-mmap_openbsd to work with 3.5.1 and extend it to also
cover the chunks and head chunks. This should fix a frequent panic seen
when head chunks are rotated.
Note: all of this is an ugly workaround because OpenBSD lacks a unified
view between mmap and read/write calls.
Some help and testing done by Alvar Penning (post at 0x21.biz)
OK sthen@
update to rspamd-4.0.0
this probably won't affect most users, but:
"Action required for per-user Bayes with Redis sharding: Jump Hash has
been replaced with Ring Hash (Ketama). Run rspamadm statistics_dump
migrate after upgrading or accept temporary accuracy loss as data is
re-learned. Single Redis server setups are not affected."
Reorganize structure of key_code so that it can be built directly by
bitshifts rather than a load of huge switches, from Dane Jensen in
GitHub issue 4953.
access ida under spltty()
ida is accessed from both process and interrupt contexts.
The interrupt context use occurs when a fence is hardware signaled:
dma_fence_signal -> amdgpu_pasid_free_cb -> ida_free -> idr_remove
linux currently uses an xarray with XA_FLAGS_LOCK_IRQ for ida, which
blocks interrupts when locked
This change was prompted by protection faults such as:
idr_tree_SPLAY+0x58
idr_alloc+0xb1
amdgpu_pasid_alloc+0x5d
amdgpu_driver_open_kms+0xac
drm_file_alloc+0x245
drmopen+0x12c
seen with 6.12 and 6.18 drm
[5 lines not shown]
import ports/sysutils/cpuid-tycho, ok tb
"cpuid" dumps results from the x86 CPUID instruction, and decodes
information from certain leaves.
NOTE: the code in this software to bind to a specific CPU is non functional
on OpenBSD; if you are trying to find information from different cores, you'll
need to run it multiple times until the process is scheduled on the core of
interest.