floating point state leakage can be observed on AMD Zen/Zen+ (Zen 1)
This was discovered by the Rootsec research group at the CISPA Helmholtz
Center for Information Security. Rootsec named the problem
Floating Point Divider State Sampling (FP-DSS).
Do AMD's suggested mitigation, setting a chicken bit in an MSR.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7053.htmlhttps://roots.ec/blog/fpdss/
ok deraadt@ brynet@
Stop cleaning gem artifacts
Bulk builds have seen occasional failures building
textproc/ruby-commonmarker, which is the only reverse dependency. I'm
not positive the cleaning of gem artifacts is the cause of the failure,
though I suspect it is.
Discussed with naddy@
Prevent buffer overflow by checking the correct counter.
An attacker on the same layer 2 network can send rogue router
advertisements, potentially crashing slaacd.
from Maurice Hieronymus (mhi AT mailbox.org), thanks!
from florian@; OK deraadt
this is errata/7.7/039_slaacd.patch.sig
Prevent buffer overflow by checking the correct counter.
An attacker on the same layer 2 network can send rogue router
advertisements, potentially crashing slaacd.
from Maurice Hieronymus (mhi AT mailbox.org), thanks!
from florian@; OK deraadt
this is errata/7.8/033_slaacd.patch.sig
The parking mutex uses data structures on the stack and expects CPUs to be
able to modify that data for other CPUs. Unfortunately on some sparc64
systems (sun4u systems that don't use Fujitsu SPARC64 CPUs) use a trick
where the interrupt stack is mapped using a fixed alias on each CPU. This
means a CPU can only access its own interrupt stack. Fix this by using
the "real" address of the interrupt stack. We still need the fixed alias
though to find our own "struct cpu_info" on these systems. So on
MULTIPROCESSOR kernel we need to use another locked TLB entry.
tested by bluhm@, claudio@, tb@, jca@, dlg@
ok dlg@, jca@
Copy SpacemiT K1 device trees onto the miniroot. With this, installs
should just work on the supported boards. Make sure you install with a
network connection such that fw_update can put the device trees into
your new install as well. Document that "make release" now needs the
riscv64-spacemit-dtb firmware installed.
ok deraadt@, jca@
Don't let malicious or confused scsi tape devices cause reading or writing
outside a mode sense/select buffer.
Original diff from Stanislav Fort of aisle.com with additional paranoia for
negative values.
Tweaks and ok from kettenis@
Revert last commit, rev. 1.446.
The change introduced a regression where sockets get stuck in FIN_WAIT_2
and LAST_ACK.
Noticed by anton@ since regress/sys/net/pflow fails.
