md5(1): Warn on read errors
md5(1) previously did not report read errors. As a result, attempting
to hash a directory produced no output and only returned exit code 66.
Make md5(1) print a warning when a file cannot be read.
Before:
$ md5 /
(no output; only exit code 66)
After:
$ md5 /
md5: can't read /: Is a directory
md5(1): Warn on read errors
md5(1) previously did not report read errors. As a result, attempting
to hash a directory produced no output and only returned exit code 66.
Make md5(1) print a warning when a file cannot be read.
Before:
$ md5 /
(no output; only exit code 66)
After:
$ md5 /
md5: can't read /: Is a directory
nvmm(4): Refine VMX guest CR0 (VMCS_GUEST_CR0) handling
Introduce CR0_FORCE_ZERO and CR0_FORCE_ONE to align with the SVM backend
and clarify the normalization of guest CR0 (VMCS_GUEST_CR0). Do not
reuse CR0_STATIC_MASK in place of CR0_FORCE_ZERO to avoid ambiguity.
No functional change.
nvmm(4): Rename CR0_STATIC_MASK and CR0_MANDATORY for clarity
The CR0_STATIC_MASK was copied from the VMX backend but does not
accurately reflect its semantics in the SVM context, where the masked
bits are forced to zero. Rename it to CR0_FORCE_ZERO and remove
the CR0_ET bit from it.
In addition, rename CR0_MANDATORY to CR0_FORCE_ONE to make the naming
consistent and reflect that these bits are always set.
kernel: Remove __boolean_t and define boolean_t directly.
A CPU dependent type for boolean_t isn't needed.
Change the remaining usage of __boolean_t to bool because
these headers are also used by userland.
Add leap-seconds.list to /usr/share/zoneinfo.
It was introduced in tzdata2024a and some software (such as
Hare language) expects this to be present. This version is
from tzdata2025c. I'll do a full upgrade of tzdata2025c in a
later commit.
Pointed-out-by: mneumann
nvmm(4): Extract out nvmm_x86_internal.h from nvmm_x86.h
Similar to nvmm_internal.h, extract the kernel-only bits from nvmm_x86.h
and put into a separate 'nvmm_x86_internal.h'.
nvmm(4): Enable selective CR0 write intercept in the SVM backend
Similar to the VMX backend [1], enable selective CR0 write intercept in
the SVM backend to force CR0_ET/CR0_NE to 1, and CR0_CD/CR0_NW to 0.
This addresses the severe performance issue observed in UEFI guests [2].
When booting a DragonFly installation ISO on my AMD 3700X, it previously
took 50-60 seconds from VM power-on before the kernel started loading,
and around 17 *minutes* to reach the login prompt. Even when the guest
OS was otherwise idle, the qemu process consumed 40-50% CPU.
Note that the selective CR0 write intercept is enabled only when the CPU
supports the DecodeAssists feature, as the intercept handling relies on
the decoded information provided in EXITINFO1. A diagnostic message is
printed in svm_ident() when DecodeAssists is unavailable.
Meanwhile, rename 'VMCB_CTRL_INTERCEPT_CR0_SPEC' to
'VMCB_CTRL_INTERCEPT_CR0_SEL' to better align with
'VMCB_EXITCODE_CR0_SEL_WRITE'.
[9 lines not shown]
nvmm(4): Tweak os_atomic_load_uint() to use relaxed semantic
The original NetBSD code uses atomic_load_relaxed(), so this macro
should be "atomic_load_int()", i.e., without the "acquire" semantic.
Also, the relaxed semantic suffices for the current use cases.
Add leap-seconds.list to /usr/share/zoneinfo.
It was introduced in tzdata2024a and some software (such as
Hare language) expects this to be present. This version is
from tzdata2025c. I'll do a full upgrade of tzdata2025c in a
later commit.
Pointed-out-by: mneumann
testcases/libnvmm: Add two memory tests using RIP-relative addressing
While these two tests do not exercise the RIP-relative address
calculation path in store_to_gva(), they can help validate the x86
instruction decoder.
Credit: Claude Sonnet 4.5 (https://claude.ai/)
libnvmm(3): Fix RIP-relative addressing in store_to_gva()
RIP-relative addressing uses the start address of the *next* instruction
as the base, rather than the *current* one. Adjust RIP by the
instruction length when computing the effective address.
NOTE: This bug does not affect memory assists:
- The MMIO exits handled by assist_mem_single() do not call
store_to_gva(). In addition, assist_mem_single() does not compute
RIP-relative addresses, as the effective GPA is already provided in
'exit->u.mem.gpa'.
- Other MMIO exits handled by assist_mem_double_movs() do call
store_to_gva(), but only for RSI/RDI-based operands.
Credit: Claude Sonnet 4.5 (https://claude.ai/)
fdisk(8): Fix uint32_t overflow in print_part()
dp_size is uint32_t and would overflow when is multipled by secsize
(512), and that resulted in printing a wrong partition size in MB.
While there, tweak 'Meg' to 'MB' to be clearer.
testcases/libnvmm: Add two memory tests using RIP-relative addressing
While these two tests do not exercise the RIP-relative address
calculation path in store_to_gva(), they can help validate the x86
instruction decoder.
Credit: Claude Sonnet 4.5 (https://claude.ai/)
libnvmm(3): Fix RIP-relative addressing in store_to_gva()
RIP-relative addressing uses the start address of the *next* instruction
as the base, rather than the *current* one. Adjust RIP by the
instruction length when computing the effective address.
NOTE: This bug does not affect memory assists:
- The MMIO exits handled by assist_mem_single() do not call
store_to_gva(). In addition, assist_mem_single() does not compute
RIP-relative addresses, as the effective GPA is already provided in
'exit->u.mem.gpa'.
- Other MMIO exits handled by assist_mem_double_movs() do call
store_to_gva(), but only for RSI/RDI-based operands.
Credit: Claude Sonnet 4.5 (https://claude.ai/)
kernel - Fix overflow in alist and blist code
* This code tracks swap space and large blocks of contiguous DMA memory.
* Fix overflows in array size calculations that did not take into
account terminator entries.
(a) Remove terminals from alists entirely.
(b) Account for space used by the terminator in blists.
Found-by: tuxillo / AI
kernel - Fix serious root vulnerabilities in the caps code
* The caps code was inadvertently allowing many root-only operations
to be run from user mode, particularly mount/umount ops by assuming
a root creds check that was not taking place in some of the API
calls, but was taking place in others.
* All API calls now check root creds by default unless passed the
appropriate flag.
Found-by: ivadasz (Imre Vadasz)
