Re: CVS commit: src
On Sun, May 10, 2020 at 04:18:54PM +0200, Yorick Hardy wrote: > I think it may be better in the Makefile, since the test for amd64 already > happens there and because the libi386 directory could conceivably > also contain i386/non-amd64 tests. > > I successfully completed a build with MKCOMPAT=no, using the patch below. > Is it okay to commit? Looks good to me, thanks! Martin
Re: CVS commit: src/sys/uvm
On Sat, 9 May 2020 at 14:50, Taylor R Campbell wrote: > Module Name:src > Committed By: riastradh > Date: Sat May 9 21:50:39 UTC 2020 > > Modified Files: > src/sys/uvm: uvm_swap.c > > Log Message: > Implement swap encryption. > > Enabled by sysctl -w vm.swap_encrypt=1. Key is generated lazily when > we first need to swap a page. Key is chosen independently for each > swap device. The ith swap page is encrypted with AES256-CBC using > AES256_k(le32enc(i) || 0^96) as the initialization vector. Can be > changed at any time; no need for compatibility with on-disk formats. > Costs one bit of memory per page in each swapdev, plus a few hundred > bytes per swapdev to store the expanded AES key. > > Shoulda done this decades ago! Plan to enable this by default; > performance impact is unlikely to matter because it only happens when > you're already swapping anyway. Much easier to set up than cgd, so > we can rip out all the documentation about carefully setting up > random-keyed cgd at the right time. > > Thanks, this is great - looking forward to it being default! Best, Alistair
Re: CVS commit: src/sys/uvm
> Date: Sun, 10 May 2020 23:53:00 +0100 > From: Alexander Nasonov > > Taylor R Campbell wrote: > > Log Message: > > Implement swap encryption. > > > > Enabled by sysctl -w vm.swap_encrypt=1. > > If secmodel_securelevel(9) is still a thing, locking down this sysctl > at high securelevel may improve our security. Prior to this change, > swap devices were readable (even if enrypted with cgd). With this > sysctl set to 1, all new swap devices will be encrypted, the only > thing to worry about is if it's set back to 0 on a compromised host. This sounds entirely reasonable. Would you like to draft an implementation of that? Presumably it would require writing a sysctl callback function for vm.swap_encrypt, and would somehow involve kauth, but I'm not sure offhand what needs to happen beyond that. Perhaps vm.user_va0_disable can be a source of inspiration.
Re: CVS commit: src/sys/uvm
Taylor R Campbell wrote: > Log Message: > Implement swap encryption. > > Enabled by sysctl -w vm.swap_encrypt=1. If secmodel_securelevel(9) is still a thing, locking down this sysctl at high securelevel may improve our security. Prior to this change, swap devices were readable (even if enrypted with cgd). With this sysctl set to 1, all new swap devices will be encrypted, the only thing to worry about is if it's set back to 0 on a compromised host. Not sure if this makes sense because all files on a compromised host can be read and processes' memory can be probably dumped. Alex
Re: CVS commit: src/sys
In article <20200508220155.446eef...@cvs.netbsd.org>, Andrew Doran wrote: >-=-=-=-=-=- > >Module Name: src >Committed By: ad >Date: Fri May 8 22:01:55 UTC 2020 > >Modified Files: > src/sys/arch/x86/include: cpu_counter.h > src/sys/arch/x86/x86: cpu.c tsc.c > src/sys/dev/ic: hpet.c hpetvar.h > >Log Message: >Fix the TSC timecounter (on the systems I have access to): > >- Make the early i8254-based calculation of frequency a bit more accurate. > >- Keep track of how far the HPET & TSC advance between HPET attach and > secondary CPU boot, and use to compute an accurate value before attaching > the timecounter. Initial idea from joerg@. > >- When determining skew and drift between CPUs, make each measurement 1000 > times and pick the lowest observed value. Increase the error threshold to > 1000 clock cycles. > >- Use the frequency computed on the boot CPU for secondary CPUs too. > >- Remove cpu_counter_serializing(). The TSC is still faster than it is supposed to be so ntpd does not sync (it diverges). It is better than before but not good enough to keep time. christos
Re: CVS commit: src
Dear Martin, On 2020-05-08, Martin Husemann wrote: > On Thu, May 07, 2020 at 10:52:26PM +0200, Yorick Hardy wrote: > > Thanks! It took a while for this to sink in ... > > > > So I think the test should only be built if MKCOMPAT=yes ? > > (It does fail to build for me, because I usually have MKCOMPAT=no). > > Yes, either the Makefile needs a conditional, or the SUBDIR+= in the > makefile above. > > Martin I think it may be better in the Makefile, since the test for amd64 already happens there and because the libi386 directory could conceivably also contain i386/non-amd64 tests. I successfully completed a build with MKCOMPAT=no, using the patch below. Is it okay to commit? -- Kind regards, Yorick Hardy Index: distrib/sets/lists/debug/md.amd64 == --- distrib/sets/lists/debug/md.amd64 +++ distrib/sets/lists/debug/md.amd64 @@ -23,9 +23,9 @@ ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait3.debug tests-obsolete obsolete ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait4.debug tests-obsolete obsolete ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_wait6.debug tests-obsolete obsolete ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_waitid.debug tests-obsolete obsolete ./usr/libdata/debug/usr/tests/kernel/arch/x86/t_ptrace_waitpid.debug tests-obsolete obsolete -./usr/libdata/debug/usr/tests/lib/libi386/t_user_ldt.debug tests-lib-debug debug,atf +./usr/libdata/debug/usr/tests/lib/libi386/t_user_ldt.debug tests-lib-debug debug,atf,compat ./usr/libdata/debug/usr/tests/lib/libnvmm/h_io_assist.debugtests-lib-debug debug,atf ./usr/libdata/debug/usr/tests/lib/libnvmm/h_mem_assist.debug tests-lib-debug debug,atf ./usr/libdata/debug/usr/tests/modules/t_x86_pte.debug tests-sys-debug debug,atf Index: distrib/sets/lists/tests/md.amd64 == --- distrib/sets/lists/tests/md.amd64 +++ distrib/sets/lists/tests/md.amd64 @@ -5,13 +5,13 @@ ./usr/tests/kernel/arch/x86/t_ptrace_wait3 tests-obsolete obsolete ./usr/tests/kernel/arch/x86/t_ptrace_wait4 tests-obsolete obsolete ./usr/tests/kernel/arch/x86/t_ptrace_wait6 tests-obsolete obsolete ./usr/tests/kernel/arch/x86/t_ptrace_waitidtests-obsolete obsolete ./usr/tests/kernel/arch/x86/t_ptrace_waitpid tests-obsolete obsolete -./usr/tests/lib/libi386/t_user_ldt tests-lib-tests compattestfile,atf +./usr/tests/lib/libi386/t_user_ldt tests-lib-tests compattestfile,atf,compat ./usr/tests/lib/libnvmm/h_io_assisttests-lib-tests compattestfile,atf ./usr/tests/lib/libnvmm/t_io_assisttests-lib-tests compattestfile,atf ./usr/tests/lib/libnvmm/h_mem_assist tests-lib-tests compattestfile,atf ./usr/tests/lib/libnvmm/t_mem_assist tests-lib-tests compattestfile,atf ./usr/tests/modules/t_x86_pte tests-sys-tests atf,kmod ./usr/tests/modules/x86_pte_tester tests-sys-tests atf,kmod ./usr/tests/modules/x86_pte_tester/x86_pte_tester.kmod tests-sys-tests atf,kmod Index: tests/lib/libi386/Makefile == --- tests/lib/libi386/Makefile +++ tests/lib/libi386/Makefile @@ -2,14 +2,14 @@ .include TESTSDIR= ${TESTSBASE}/lib/libi386 -.if ${MACHINE} == "amd64" +.if ${MACHINE} == "amd64" && ${MKCOMPAT} == "yes" SHLIBINSTALLDIR= /usr/lib/i386 COPTS+=-m32 LDFLAGS+= -m32 LDADD+=-li386 TESTS_C+= t_user_ldt .endif .include