From owner-svn-src-releng@freebsd.org Thu Jun 21 05:18:09 2018 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ED2A510055E7; Thu, 21 Jun 2018 05:18:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 9B72089BA4; Thu, 21 Jun 2018 05:18:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 7CE4855F1; Thu, 21 Jun 2018 05:18:08 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5L5I81x059896; Thu, 21 Jun 2018 05:18:08 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5L5I87s059895; Thu, 21 Jun 2018 05:18:08 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201806210518.w5L5I87s059895@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 21 Jun 2018 05:18:08 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r335466 - releng/11.1/sys/x86/xen X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: releng/11.1/sys/x86/xen X-SVN-Commit-Revision: 335466 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 05:18:09 -0000 Author: gordon Date: Thu Jun 21 05:18:08 2018 New Revision: 335466 URL: https://svnweb.freebsd.org/changeset/base/335466 Log: Fix TLB shootdown for Xen based guests. [EN-18:07.pmap] Approved by: so Security: FreeBSD-EN-18:07.pmap Modified: releng/11.1/sys/x86/xen/xen_apic.c Modified: releng/11.1/sys/x86/xen/xen_apic.c ============================================================================== --- releng/11.1/sys/x86/xen/xen_apic.c Thu Jun 21 05:17:13 2018 (r335465) +++ releng/11.1/sys/x86/xen/xen_apic.c Thu Jun 21 05:18:08 2018 (r335466) @@ -41,6 +41,7 @@ __FBSDID("$FreeBSD$"); #include #include #include +#include #include #include @@ -439,6 +440,46 @@ xen_invltlb_pcid(void *arg) invltlb_pcid_handler(); return (FILTER_HANDLED); } + +static int +xen_invltlb_invpcid_pti(void *arg) +{ + + invltlb_invpcid_pti_handler(); + return (FILTER_HANDLED); +} + +static int +xen_invlpg_invpcid_handler(void *arg) +{ + + invlpg_invpcid_handler(); + return (FILTER_HANDLED); +} + +static int +xen_invlpg_pcid_handler(void *arg) +{ + + invlpg_pcid_handler(); + return (FILTER_HANDLED); +} + +static int +xen_invlrng_invpcid_handler(void *arg) +{ + + invlrng_invpcid_handler(); + return (FILTER_HANDLED); +} + +static int +xen_invlrng_pcid_handler(void *arg) +{ + + invlrng_pcid_handler(); + return (FILTER_HANDLED); +} #endif static int @@ -529,8 +570,18 @@ xen_setup_cpus(void) #ifdef __amd64__ if (pmap_pcid_enabled) { - xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter = invpcid_works ? - xen_invltlb_invpcid : xen_invltlb_pcid; + if (pti) + xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter = + invpcid_works ? xen_invltlb_invpcid_pti : + xen_invltlb_pcid; + else + xen_ipis[IPI_TO_IDX(IPI_INVLTLB)].filter = + invpcid_works ? xen_invltlb_invpcid : + xen_invltlb_pcid; + xen_ipis[IPI_TO_IDX(IPI_INVLPG)].filter = invpcid_works ? + xen_invlpg_invpcid_handler : xen_invlpg_pcid_handler; + xen_ipis[IPI_TO_IDX(IPI_INVLRNG)].filter = invpcid_works ? + xen_invlrng_invpcid_handler : xen_invlrng_pcid_handler; } #endif CPU_FOREACH(i) From owner-svn-src-releng@freebsd.org Thu Jun 21 05:17:15 2018 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7B183100538C; Thu, 21 Jun 2018 05:17:15 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id CFC9D89A1D; Thu, 21 Jun 2018 05:17:14 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AB2C055F0; Thu, 21 Jun 2018 05:17:14 +0000 (UTC) (envelope-from gordon@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5L5HErv059814; Thu, 21 Jun 2018 05:17:14 GMT (envelope-from gordon@FreeBSD.org) Received: (from gordon@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5L5HDbu059808; Thu, 21 Jun 2018 05:17:13 GMT (envelope-from gordon@FreeBSD.org) Message-Id: <201806210517.w5L5HDbu059808@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gordon set sender to gordon@FreeBSD.org using -f From: Gordon Tetlow Date: Thu, 21 Jun 2018 05:17:13 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r335465 - in releng/11.1: . sys/amd64/amd64 sys/conf sys/i386/i386 sys/i386/isa X-SVN-Group: releng X-SVN-Commit-Author: gordon X-SVN-Commit-Paths: in releng/11.1: . sys/amd64/amd64 sys/conf sys/i386/i386 sys/i386/isa X-SVN-Commit-Revision: 335465 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 05:17:15 -0000 Author: gordon Date: Thu Jun 21 05:17:13 2018 New Revision: 335465 URL: https://svnweb.freebsd.org/changeset/base/335465 Log: Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu] Bump newvers.sh and UPDATING for today's patches. Approved by: so Security: CVE-2018-3665 Security: FreeBSD-SA-18:07.lazyfpu Sponsored by: The FreeBSD Foundation Modified: releng/11.1/UPDATING releng/11.1/sys/amd64/amd64/cpu_switch.S releng/11.1/sys/amd64/amd64/fpu.c releng/11.1/sys/conf/newvers.sh releng/11.1/sys/i386/i386/swtch.s releng/11.1/sys/i386/isa/npx.c Modified: releng/11.1/UPDATING ============================================================================== --- releng/11.1/UPDATING Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/UPDATING Thu Jun 21 05:17:13 2018 (r335465) @@ -16,6 +16,13 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20180621 p11 FreeBSD-SA-18:07.lazyfpu + FreeBSD-EN-18:07.pmap + + Fix Lazy FPU information disclosure. [SA-18:07.lazyfpu] + + Fix TLB shootdown for Xen based guests. [EN-18:07.pmap] + 20180508 p10 FreeBSD-SA-18:06.debugreg FreeBSD-EN-18:05.mem FreeBSD-EN-18:06.tzdata Modified: releng/11.1/sys/amd64/amd64/cpu_switch.S ============================================================================== --- releng/11.1/sys/amd64/amd64/cpu_switch.S Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/sys/amd64/amd64/cpu_switch.S Thu Jun 21 05:17:13 2018 (r335465) @@ -105,10 +105,10 @@ done_store_dr: /* have we used fp, and need a save? */ cmpq %rdi,PCPU(FPCURTHREAD) - jne 3f + jne 2f movq PCB_SAVEFPU(%r8),%r8 clts - cmpl $0,use_xsave + cmpl $0,use_xsave(%rip) jne 1f fxsave (%r8) jmp 2f @@ -120,12 +120,7 @@ ctx_switch_xsave: /* This is patched to xsaveopt if supported, see fpuinit_bsp1() */ xsave (%r8) movq %rcx,%rdx -2: smsw %ax - orb $CR0_TS,%al - lmsw %ax - xorl %eax,%eax - movq %rax,PCPU(FPCURTHREAD) -3: +2: /* Save is done. Now fire up new thread. Leave old vmspace. */ movq %rsi,%r12 movq %rdi,%r13 @@ -212,6 +207,8 @@ done_load_dr: movq PCB_RBX(%r8),%rbx movq PCB_RIP(%r8),%rax movq %rax,(%rsp) + movq PCPU(CURTHREAD),%rdi + call fpu_activate_sw ret /* Modified: releng/11.1/sys/amd64/amd64/fpu.c ============================================================================== --- releng/11.1/sys/amd64/amd64/fpu.c Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/sys/amd64/amd64/fpu.c Thu Jun 21 05:17:13 2018 (r335465) @@ -139,6 +139,11 @@ static void fpu_clean_state(void); SYSCTL_INT(_hw, HW_FLOATINGPT, floatingpoint, CTLFLAG_RD, SYSCTL_NULL_INT_PTR, 1, "Floating point instructions executed in hardware"); +int lazy_fpu_switch = 0; +SYSCTL_INT(_hw, OID_AUTO, lazy_fpu_switch, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, + &lazy_fpu_switch, 0, + "Lazily load FPU context after context switch"); + int use_xsave; /* non-static for cpu_switch.S */ uint64_t xsave_mask; /* the same */ static uma_zone_t fpu_save_area_zone; @@ -204,6 +209,7 @@ fpuinit_bsp1(void) u_int cp[4]; uint64_t xsave_mask_user; + TUNABLE_INT_FETCH("hw.lazy_fpu_switch", &lazy_fpu_switch); if ((cpu_feature2 & CPUID2_XSAVE) != 0) { use_xsave = 1; TUNABLE_INT_FETCH("hw.use_xsave", &use_xsave); @@ -611,6 +617,45 @@ fputrap_sse(void) return (fpetable[(mxcsr & (~mxcsr >> 7)) & 0x3f]); } +static void +restore_fpu_curthread(struct thread *td) +{ + struct pcb *pcb; + + /* + * Record new context early in case frstor causes a trap. + */ + PCPU_SET(fpcurthread, td); + + stop_emulating(); + fpu_clean_state(); + pcb = td->td_pcb; + + if ((pcb->pcb_flags & PCB_FPUINITDONE) == 0) { + /* + * This is the first time this thread has used the FPU or + * the PCB doesn't contain a clean FPU state. Explicitly + * load an initial state. + * + * We prefer to restore the state from the actual save + * area in PCB instead of directly loading from + * fpu_initialstate, to ignite the XSAVEOPT + * tracking engine. + */ + bcopy(fpu_initialstate, pcb->pcb_save, + cpu_max_ext_state_size); + fpurestore(pcb->pcb_save); + if (pcb->pcb_initial_fpucw != __INITIAL_FPUCW__) + fldcw(pcb->pcb_initial_fpucw); + if (PCB_USER_FPU(pcb)) + set_pcb_flags(pcb, PCB_FPUINITDONE | + PCB_USERFPUINITDONE); + else + set_pcb_flags(pcb, PCB_FPUINITDONE); + } else + fpurestore(pcb->pcb_save); +} + /* * Device Not Available (DNA, #NM) exception handler. * @@ -621,7 +666,9 @@ fputrap_sse(void) void fpudna(void) { + struct thread *td; + td = curthread; /* * This handler is entered with interrupts enabled, so context * switches may occur before critical_enter() is executed. If @@ -635,49 +682,38 @@ fpudna(void) KASSERT((curpcb->pcb_flags & PCB_FPUNOSAVE) == 0, ("fpudna while in fpu_kern_enter(FPU_KERN_NOCTX)")); - if (PCPU_GET(fpcurthread) == curthread) { - printf("fpudna: fpcurthread == curthread\n"); + if (__predict_false(PCPU_GET(fpcurthread) == td)) { + /* + * Some virtual machines seems to set %cr0.TS at + * arbitrary moments. Silently clear the TS bit + * regardless of the eager/lazy FPU context switch + * mode. + */ stop_emulating(); - critical_exit(); - return; + } else { + if (__predict_false(PCPU_GET(fpcurthread) != NULL)) { + panic( + "fpudna: fpcurthread = %p (%d), curthread = %p (%d)\n", + PCPU_GET(fpcurthread), + PCPU_GET(fpcurthread)->td_tid, td, td->td_tid); + } + restore_fpu_curthread(td); } - if (PCPU_GET(fpcurthread) != NULL) { - panic("fpudna: fpcurthread = %p (%d), curthread = %p (%d)\n", - PCPU_GET(fpcurthread), PCPU_GET(fpcurthread)->td_tid, - curthread, curthread->td_tid); - } - stop_emulating(); - /* - * Record new context early in case frstor causes a trap. - */ - PCPU_SET(fpcurthread, curthread); + critical_exit(); +} - fpu_clean_state(); +void fpu_activate_sw(struct thread *td); /* Called from the context switch */ +void +fpu_activate_sw(struct thread *td) +{ - if ((curpcb->pcb_flags & PCB_FPUINITDONE) == 0) { - /* - * This is the first time this thread has used the FPU or - * the PCB doesn't contain a clean FPU state. Explicitly - * load an initial state. - * - * We prefer to restore the state from the actual save - * area in PCB instead of directly loading from - * fpu_initialstate, to ignite the XSAVEOPT - * tracking engine. - */ - bcopy(fpu_initialstate, curpcb->pcb_save, - cpu_max_ext_state_size); - fpurestore(curpcb->pcb_save); - if (curpcb->pcb_initial_fpucw != __INITIAL_FPUCW__) - fldcw(curpcb->pcb_initial_fpucw); - if (PCB_USER_FPU(curpcb)) - set_pcb_flags(curpcb, - PCB_FPUINITDONE | PCB_USERFPUINITDONE); - else - set_pcb_flags(curpcb, PCB_FPUINITDONE); - } else - fpurestore(curpcb->pcb_save); - critical_exit(); + if (lazy_fpu_switch || (td->td_pflags & TDP_KTHREAD) != 0 || + !PCB_USER_FPU(td->td_pcb)) { + PCPU_SET(fpcurthread, NULL); + start_emulating(); + } else if (PCPU_GET(fpcurthread) != td) { + restore_fpu_curthread(td); + } } void Modified: releng/11.1/sys/conf/newvers.sh ============================================================================== --- releng/11.1/sys/conf/newvers.sh Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/sys/conf/newvers.sh Thu Jun 21 05:17:13 2018 (r335465) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.1" -BRANCH="RELEASE-p10" +BRANCH="RELEASE-p11" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi Modified: releng/11.1/sys/i386/i386/swtch.s ============================================================================== --- releng/11.1/sys/i386/i386/swtch.s Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/sys/i386/i386/swtch.s Thu Jun 21 05:17:13 2018 (r335465) @@ -293,6 +293,12 @@ sw1: cpu_switch_load_gs: mov PCB_GS(%edx),%gs + pushl %edx + pushl PCPU(CURTHREAD) + call npxswitch + popl %edx + popl %edx + /* Test if debug registers should be restored. */ testl $PCB_DBREGS,PCB_FLAGS(%edx) jz 1f Modified: releng/11.1/sys/i386/isa/npx.c ============================================================================== --- releng/11.1/sys/i386/isa/npx.c Thu Jun 21 02:15:50 2018 (r335464) +++ releng/11.1/sys/i386/isa/npx.c Thu Jun 21 05:17:13 2018 (r335465) @@ -191,6 +191,11 @@ int hw_float; SYSCTL_INT(_hw, HW_FLOATINGPT, floatingpoint, CTLFLAG_RD, &hw_float, 0, "Floating point instructions executed in hardware"); +int lazy_fpu_switch = 0; +SYSCTL_INT(_hw, OID_AUTO, lazy_fpu_switch, CTLFLAG_RWTUN | CTLFLAG_NOFETCH, + &lazy_fpu_switch, 0, + "Lazily load FPU context after context switch"); + int use_xsave; uint64_t xsave_mask; static uma_zone_t fpu_save_area_zone; @@ -327,6 +332,7 @@ npxinit_bsp1(void) u_int cp[4]; uint64_t xsave_mask_user; + TUNABLE_INT_FETCH("hw.lazy_fpu_switch", &lazy_fpu_switch); if (cpu_fxsr && (cpu_feature2 & CPUID2_XSAVE) != 0) { use_xsave = 1; TUNABLE_INT_FETCH("hw.use_xsave", &use_xsave); @@ -785,47 +791,20 @@ npxtrap_sse(void) return (fpetable[(mxcsr & (~mxcsr >> 7)) & 0x3f]); } -/* - * Implement device not available (DNA) exception - * - * It would be better to switch FP context here (if curthread != fpcurthread) - * and not necessarily for every context switch, but it is too hard to - * access foreign pcb's. - */ - -static int err_count = 0; - -int -npxdna(void) +static void +restore_npx_curthread(struct thread *td, struct pcb *pcb) { - if (!hw_float) - return (0); - critical_enter(); - if (PCPU_GET(fpcurthread) == curthread) { - printf("npxdna: fpcurthread == curthread %d times\n", - ++err_count); - stop_emulating(); - critical_exit(); - return (1); - } - if (PCPU_GET(fpcurthread) != NULL) { - printf("npxdna: fpcurthread = %p (%d), curthread = %p (%d)\n", - PCPU_GET(fpcurthread), - PCPU_GET(fpcurthread)->td_proc->p_pid, - curthread, curthread->td_proc->p_pid); - panic("npxdna"); - } - stop_emulating(); /* * Record new context early in case frstor causes a trap. */ - PCPU_SET(fpcurthread, curthread); + PCPU_SET(fpcurthread, td); + stop_emulating(); if (cpu_fxsr) fpu_clean_state(); - if ((curpcb->pcb_flags & PCB_NPXINITDONE) == 0) { + if ((pcb->pcb_flags & PCB_NPXINITDONE) == 0) { /* * This is the first time this thread has used the FPU or * the PCB doesn't contain a clean FPU state. Explicitly @@ -836,18 +815,54 @@ npxdna(void) * npx_initialstate, to ignite the XSAVEOPT * tracking engine. */ - bcopy(npx_initialstate, curpcb->pcb_save, cpu_max_ext_state_size); - fpurstor(curpcb->pcb_save); - if (curpcb->pcb_initial_npxcw != __INITIAL_NPXCW__) - fldcw(curpcb->pcb_initial_npxcw); - curpcb->pcb_flags |= PCB_NPXINITDONE; - if (PCB_USER_FPU(curpcb)) - curpcb->pcb_flags |= PCB_NPXUSERINITDONE; + bcopy(npx_initialstate, pcb->pcb_save, cpu_max_ext_state_size); + fpurstor(pcb->pcb_save); + if (pcb->pcb_initial_npxcw != __INITIAL_NPXCW__) + fldcw(pcb->pcb_initial_npxcw); + pcb->pcb_flags |= PCB_NPXINITDONE; + if (PCB_USER_FPU(pcb)) + pcb->pcb_flags |= PCB_NPXUSERINITDONE; } else { - fpurstor(curpcb->pcb_save); + fpurstor(pcb->pcb_save); } - critical_exit(); +} +/* + * Implement device not available (DNA) exception + * + * It would be better to switch FP context here (if curthread != fpcurthread) + * and not necessarily for every context switch, but it is too hard to + * access foreign pcb's. + */ +int +npxdna(void) +{ + struct thread *td; + + if (!hw_float) + return (0); + td = curthread; + critical_enter(); + if (__predict_false(PCPU_GET(fpcurthread) == td)) { + /* + * Some virtual machines seems to set %cr0.TS at + * arbitrary moments. Silently clear the TS bit + * regardless of the eager/lazy FPU context switch + * mode. + */ + stop_emulating(); + } else { + if (__predict_false(PCPU_GET(fpcurthread) != NULL)) { + printf( + "npxdna: fpcurthread = %p (%d), curthread = %p (%d)\n", + PCPU_GET(fpcurthread), + PCPU_GET(fpcurthread)->td_proc->p_pid, + td, td->td_proc->p_pid); + panic("npxdna"); + } + restore_npx_curthread(td, td->td_pcb); + } + critical_exit(); return (1); } @@ -869,8 +884,20 @@ npxsave(addr) xsaveopt((char *)addr, xsave_mask); else fpusave(addr); - start_emulating(); - PCPU_SET(fpcurthread, NULL); +} + +void npxswitch(struct thread *td, struct pcb *pcb); +void +npxswitch(struct thread *td, struct pcb *pcb) +{ + + if (lazy_fpu_switch || (td->td_pflags & TDP_KTHREAD) != 0 || + !PCB_USER_FPU(pcb)) { + start_emulating(); + PCPU_SET(fpcurthread, NULL); + } else if (PCPU_GET(fpcurthread) != td) { + restore_npx_curthread(td, pcb); + } } /* From owner-svn-src-releng@freebsd.org Thu Jun 21 18:13:06 2018 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 645BC102599F; Thu, 21 Jun 2018 18:13:06 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 18BD588EAD; Thu, 21 Jun 2018 18:13:06 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id EE14E15607; Thu, 21 Jun 2018 18:13:05 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5LID5Sv064081; Thu, 21 Jun 2018 18:13:05 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5LID5B7064078; Thu, 21 Jun 2018 18:13:05 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201806211813.w5LID5B7064078@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Thu, 21 Jun 2018 18:13:05 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r335499 - in releng/11.2/release/doc: en_US.ISO8859-1/errata en_US.ISO8859-1/installation en_US.ISO8859-1/relnotes share/xml X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in releng/11.2/release/doc: en_US.ISO8859-1/errata en_US.ISO8859-1/installation en_US.ISO8859-1/relnotes share/xml X-SVN-Commit-Revision: 335499 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 18:13:06 -0000 Author: gjb Date: Thu Jun 21 18:13:04 2018 New Revision: 335499 URL: https://svnweb.freebsd.org/changeset/base/335499 Log: Final touches to 11.2-RELEASE release notes: - Remove an empty section that was left over from a previous commit to prune empty sections. - Add a note about a late discovered issue with zfsd(8) (Bugzilla 228750). Fix a sentence stop while here. - Document SA-18:07, which had been included in RC3. - Fix FreeBSD versions in the installation.html page. Approved by: re (implicit, relnotes) Sponsored by: The FreeBSD Foundation Modified: releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml releng/11.2/release/doc/share/xml/security.xml Modified: releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml ============================================================================== --- releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml Thu Jun 21 17:35:13 2018 (r335498) +++ releng/11.2/release/doc/en_US.ISO8859-1/errata/article.xml Thu Jun 21 18:13:04 2018 (r335499) @@ -57,7 +57,7 @@ Introduction This errata document contains late-breaking - news about &os; &release; Before installing this + news about &os; &release;. Before installing this version, it is important to consult this document to learn about any post-release discoveries or problems that may already have been found and fixed. @@ -155,6 +155,23 @@ boot invocation of vagrant up will allow the virtual machine to successfully boot, allowing access via vagrant ssh. + + + + [2018-06-21] An issue had been discovered late in the + release cycle where removing ZFS vdevs + from a pool under certain conditions would cause a system + crash when &man.zfsd.8; is enabled in + &man.rc.conf.5;. + + At present, it is believed to be limited to removal of + a mirror vdev from a pool consisting of + multiple mirror vdevs. + + See PR 228750 + for more information and updates as the issue is + investigated. Modified: releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml ============================================================================== --- releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml Thu Jun 21 17:35:13 2018 (r335498) +++ releng/11.2/release/doc/en_US.ISO8859-1/installation/article.xml Thu Jun 21 18:13:04 2018 (r335499) @@ -82,8 +82,8 @@ The &man.freebsd-update.8; utility supports binary upgrades of &arch.i386; and &arch.amd64; systems running earlier FreeBSD releases. Systems running - 10.3-RELEASE, - 11.0-RELEASE can upgrade as follows: + 10.4-RELEASE or + 11.1-RELEASE can upgrade as follows: &prompt.root; freebsd-update fetch &prompt.root; freebsd-update install Modified: releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml ============================================================================== --- releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml Thu Jun 21 17:35:13 2018 (r335498) +++ releng/11.2/release/doc/en_US.ISO8859-1/relnotes/article.xml Thu Jun 21 18:13:04 2018 (r335499) @@ -458,13 +458,6 @@ updated to default to UEFI-only boot. - - - <filename class="directory">/etc/rc.d</filename> - Scripts - -   - Modified: releng/11.2/release/doc/share/xml/security.xml ============================================================================== --- releng/11.2/release/doc/share/xml/security.xml Thu Jun 21 17:35:13 2018 (r335498) +++ releng/11.2/release/doc/share/xml/security.xml Thu Jun 21 18:13:04 2018 (r335499) @@ -113,6 +113,14 @@ Mishandling of x86 debug exceptions + + + FreeBSD-SA-18:07.lazyfpu + 21 June 2018 + Fix Lazy FPU information + disclosure + From owner-svn-src-releng@freebsd.org Thu Jun 21 22:59:51 2018 Return-Path: Delivered-To: svn-src-releng@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3FBC11003929; Thu, 21 Jun 2018 22:59:51 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id DCB4F72488; Thu, 21 Jun 2018 22:59:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AFCC2185B3; Thu, 21 Jun 2018 22:59:50 +0000 (UTC) (envelope-from gjb@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w5LMxoWR008512; Thu, 21 Jun 2018 22:59:50 GMT (envelope-from gjb@FreeBSD.org) Received: (from gjb@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w5LMxodm008510; Thu, 21 Jun 2018 22:59:50 GMT (envelope-from gjb@FreeBSD.org) Message-Id: <201806212259.w5LMxodm008510@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: gjb set sender to gjb@FreeBSD.org using -f From: Glen Barber Date: Thu, 21 Jun 2018 22:59:50 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-releng@freebsd.org Subject: svn commit: r335510 - in releng/11.2: . lib/csu/common sys/conf X-SVN-Group: releng X-SVN-Commit-Author: gjb X-SVN-Commit-Paths: in releng/11.2: . lib/csu/common sys/conf X-SVN-Commit-Revision: 335510 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-releng@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: SVN commit messages for the release engineering / security commits to the src tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2018 22:59:51 -0000 Author: gjb Date: Thu Jun 21 22:59:49 2018 New Revision: 335510 URL: https://svnweb.freebsd.org/changeset/base/335510 Log: - Switch releng/11.2 to -RELEASE. - Add the anticipated 11.2-RELEASE date to UPDATING. - Set a static __FreeBSD_version. Approved by: re (implicit) Sponsored by: The FreeBSD Foundation Modified: releng/11.2/UPDATING releng/11.2/lib/csu/common/crtbrand.c releng/11.2/sys/conf/newvers.sh Modified: releng/11.2/UPDATING ============================================================================== --- releng/11.2/UPDATING Thu Jun 21 21:50:00 2018 (r335509) +++ releng/11.2/UPDATING Thu Jun 21 22:59:49 2018 (r335510) @@ -16,6 +16,9 @@ from older versions of FreeBSD, try WITHOUT_CLANG and the tip of head, and then rebuild without this option. The bootstrap process from older version of current across the gcc/clang cutover is a bit fragile. +20180627: + 11.2-RELEASE. + 20180504: The tz database (tzdb) has been updated to 2018e. This version more correctly models time stamps in time zones with negative DST such as Modified: releng/11.2/lib/csu/common/crtbrand.c ============================================================================== --- releng/11.2/lib/csu/common/crtbrand.c Thu Jun 21 21:50:00 2018 (r335509) +++ releng/11.2/lib/csu/common/crtbrand.c Thu Jun 21 22:59:49 2018 (r335510) @@ -62,5 +62,5 @@ static const struct { .descsz = sizeof(int32_t), .type = ABI_NOTETYPE, .name = NOTE_FREEBSD_VENDOR, - .desc = __FreeBSD_version + .desc = 1102000 }; Modified: releng/11.2/sys/conf/newvers.sh ============================================================================== --- releng/11.2/sys/conf/newvers.sh Thu Jun 21 21:50:00 2018 (r335509) +++ releng/11.2/sys/conf/newvers.sh Thu Jun 21 22:59:49 2018 (r335510) @@ -44,7 +44,7 @@ TYPE="FreeBSD" REVISION="11.2" -BRANCH="RC3" +BRANCH="RELEASE" if [ -n "${BRANCH_OVERRIDE}" ]; then BRANCH=${BRANCH_OVERRIDE} fi