OpenBSD

Fresh from the just concluded n2k18 hackathon comes this report from Ken Westerback (krw@), who writes: How to travel from Dresden to Usti nad Labem for free! No drama flying to Dresden, from which a train would take me to n2k18's home in Usti ... [More] nad Labem. Other than being puzzled that it costs less to fly YYZ -> FRA -> DRS than it costs to fly YYZ -> FRA. Read more… [Less]

In a short series of commits, Carlos Cardenas (ccardenas@) added support for qcow2 image support to vmd(8). [This builds on an earlier commit adding support for pluggable disk backends.] The code was written by Ori Bernstein, who posted his diffs (thread 1, thread 2) to the [email protected] mailing list in August. Read more…

Anton Lindqvist (anton@) gave a talk at BSD Users Stockholm Meetup #3 on the kernel coverage tracing kit he committed recently. Slides are now available via the OpenBSD Events and Papers page. The slides contain a list of bugs found and fixed as a result of this work. See also: kcov(4)

Ken Westerback (krw@ when wearing his dev hat) wrote in with some great news: The OpenBSD Foundation is excited to announce that it has received the first 2018 Iridium level donation. This year the first $100K+ donation came from Handshake ... [More] (https://www.handshake.org). We thank Handshake for its very generous support! This donation will no doubt fund many exciting projects in the coming years. Congratulations to all concerned. Of course, this donation does not preclude others from contributing ;-) [Less]

In a message to tech@, Theo de Raadt (deraadt@) gives an update on the state-of-play regarding processor vulnerabilities: Two recently disclosed hardware bugs affected Intel cpus: - TLBleed - T1TF (the name "Foreshadow" refers to 1 of 3 ... [More] aspects of this bug, more aspects are surely on the way) Solving these bugs requires new cpu microcode, a coding workaround, *AND* the disabling of SMT / Hyperthreading. Read more… [Less]

Theo de Raadt (deraadt@) has committed a diff to mitigate the "Intel L1TF screwup" for the amd64 platform we reported on earlier: From: Theo de Raadt (elided) Date: Tue, 21 Aug 2018 13:04:41 -0600 (MDT) To: [email protected] Subject: CVS: ... [More] cvs.openbsd.org: src CVSROOT: /cvs Module name: src Changes by: [email protected] 2018/08/21 13:04:41 Modified files: sys/arch/amd64/amd64: identcpu.c vmm.c vmm_support.S sys/arch/amd64/include: cpu.h specialreg.h vmmvar.h Log message: Perform mitigations for Intel L1TF screwup. There are three options: (1) Future cpus which don't have the bug, (2) cpu's with microcode containing a L1D flush operation, (3) stuffing the L1D cache with fresh data and expiring old content. This stuffing loop is complicated and interesting, no details on the mitigation have been released by Intel so Mike and I studied other systems for inspiration. Replacement algorithm for the L1D is described in the tlbleed paper. We use a 64K PA-linear region filled with trapsleds (in case there is L1D->L1I data movement). The TLBs covering the region are loaded first, because TLB loading apparently flows through the D cache. Before performing vmlaunch or vmresume, the cachelines covering the guest registers are also flushed. with mlarkin, additional testing by pd, handy comments from the kettenis and guenther peanuts Now we wait for further discoveries… [Less]

Theo de Raadt (deraadt@) posted to the tech@ mailing list with some background on how the latest discovered Intel CPU issues relate to OpenBSD. Date: Wed, 15 Aug 2018 00:31:16 -0600 From: Theo de Raadt [elided] To: [email protected] Subject: ... [More] CVE-2018-3615, CVE-2018-3620, CVE-2018-3646 These 3 issues all relate to a bug in Intel cpus The cpu will speculatively honour invalid PTE against data in the on-core L1 cache. Memory disclosure occurs into the wrong context. These 3 issues (CVE-2018-3615, CVE-2018-3620, CVE-2018-3646) together are the currently public artifacts of this one bug. Read more… [Less]

[Dr.] Brian Callahan (bcallah@) recently live-streamed (at twitch.tv/NewAstroCity) an interactive OpenBSD Porting Workshop. A recording of the workshop is now available.

In a series of commits, Todd Mortimer (mortimer@) has added RETGUARD for the arm64 platform. We previously reported the addition of RETGUARD for amd64. Read more…

Bob Beck (beck@ when wearing OpenBSD-only hat) has written a tutorial on using libtls: […] This tutorial is designed for people with some C experience on a POSIX, BSD like machine with the latest libtls installed. It focuses on changes that are ... [More] necessary to make an existing program written in C that uses the POSIX sockets api to use TLS over those same connections. […] [Less]