size if canaries are enabled. In that case we have the exact requested
size of the allocation. But we can at least check the given size
against the chunk size if C is not enabled. Plus add some braces
so my brain doesn't have to scan for dangling else problems when I
see this code.
This gives fast access to the address on systems that implement
the UserLocal register. TCB caching is still used when running
in the single-threaded mode in order not to penalize old systems.
The kernel counterpart of this change must be in place before
using this diff!
With guenther@
without -Q during the build and in weekly(8). According to tests
by many developers, makewhatis(8) takes a few minutes at most even
on slower hardware like octeon, loongson, ALIX, RPI3, Soekris,
cubox, softiron etc., and security(8) is often worse than makewhatis(8).
In case this causes excessive weekly(8) run times on even slower
(~50 MHz-class) CPUs, consider adding "MAKEWHATISARGS=-Q" to
/etc/weekly.local on machines that feel unhappy.
OK sthen@ kettenis@ millert@ deraadt@
version uses the two-way string matching algorithm and is faster
than the old implementation. With this change, ports that check
for strstr having linear complexity time strstr will no longer
replace the libc strstr with a private version.
OK deraadt@ espie@
In our privsep model, imsg is often used to transport sensitive
information between processes. But a process might free an imsg, and
reuse the memory for a different thing. iked uses some
explicit_bzero() to clean imsg-buffer but doing it in the library with
the freezero() is less error-prone and also benefits other daemons.
OK deraadt@ jsing@ claudio@
no longer has access to the content of a memmory object. It does
this by either clearing (if the object memory remains cached) or
by calling munmap(2). ok millert@, deraadt@, guenther@
install.sub which makes it easier to spot changes in the future.
- comments and formatting
- quotes on assignments are not needed (netstart)
- remove stray space in test (netstart)
- use $file variable with while-loop (netstart)
- although valid, instead of i use $i in arithmetic test (install.sub)
OK krw@, tb@
Looks good deraadt@
Instead of using the internal "vmboot", VMs will now be booted using
the external BIOS firmware in /etc/firmware/vmm-bios (which is subject
to a LGPLv3 license). Direct booting of OpenBSD kernels or
non-default BIOS images is still supported for now using the -b/boot
option that is replacing the -k/kernel option.
As requested by Theo, vmd(8) fails if neither the default BIOS is
found nor a kernel has been specified in the VM configuration. The
"vmm" BIOS has to be installed using fw_update(1), which will be done
automatically in most cases where the OpenBSD can fetch it after
install/upgrade.
OK mlarkin@
the standard realloc*() functions can leave behind. imsg buffers are
sometimes used in protocol stacks which require some secrecy, and layering
violations would be needed to resolve this issue otherwise.
Discussed with many.