mitigate AMD Zen-2 operation cache corruption
On Zen 2, the operation cache can be used to change instructions
of a different privilege level.
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html
The mitigation is setting a chicken bit in an MSR. This is not documented
publicly, even in the security bulletin. The value comes from a patch
submitted to Linux by AMD employees.
ok deraadt@ brynet@
Limit the maximum value of shminfo.shmseg to prevent `size' overflow in
sys_shmat(). The default value of 128 is safe, but overflow could happen
on 32 bits machine while the value of shminfo.shmseg was raised too high.
Discussed with deraadt.
Add const void *data to attr_optadd()
Doing this requires that attr_alloc() and attr_lookup() also use const.
For attr_alloc() this is no problem but attr_lookup() is a bit more tricky
since the data field in sturct attr is deliberatly not const.
So instead use CH_LOCATE and a new attr_match() function to do the lookup
with a helper type that uses const.
OK tb@
Introduce ch_ext a struct holding the table an meta data pointers for
the extendible hash.
Doing this removes the need for handling two arrays in resize operations
and also keeps the two pointers together. The code becomes simpler and
with some reshuffling ch_table_resize() is now less problematic.
The initial allocation of the extendible table is increased from one entry
to two.
OK tb@
In the disklabel check for specific fields with value 0, and return
early before trying to check for a byte-swapped label. This avoids
a /0 in the byte-swapped partition check.
ok krw, also discussed with krw
Do not fatal in pt_fill() instead return an error object that can never exist.
pt_fill() is in some cases used by semi-trusted content (e.g. from
bgpctl). The fatalx calls in that function are therefor a problem.
This alters pt_fill to instead return a pt_entry object that can not
exist in the tree. This error object is simply initalised with 0xff.
Also if the prefixlen is too large for the address family just clip it down
to the maximum (with a log message).
In pt_add(), the only place a pt_fill() object would be added to the tree,
check if the returned object is valid. There it is ok to fatal (at least
for now) since the code previous to pt_add() should validate the prefix.
Uniform some error messages and switch the prefixlen argument to u_int.
OK tb@
Return error on unhandled imsg types in the adj-rib-out case.
In rde_dump_ctx_new() the adj-rib-out case only covers some of the
possible imsg types rde_dump_ctx_new() can be called with. So ship back an
error instead of the fatalx() call.
OK tb@
Fix a couple of bugs in tty_draw_line: do not loop forever if orphan
padding appears, or if a wide character is trimmed at the right of the
region. Much help with testing from qingliu at alauda dot io in GitHub
issue 5024.
