transfer), don't clobber the remote directory permissions unless
either we created the directory during the transfer or the -p flag
was set. bz3925 ok dtucker@
future, this will count how many times pages are not sent to swap
because the pagedaemon detects the swap system won't be able to deliver
results (and toss the cluster of pages back)
ok beck
When SEV guest userland issues a vmmcall instruction, a #VC exception
with code SVM_VMEXIT_VMMCALL will be raised in the guest kernel.
For now we do not allow vmmcalls from guest userland, thus terminate
the userland process with SIGILL.
This is similar to the non-SEV case.
ok mlarkin@
SEV guest userland processes are allowed to issue the vmgexit
instruction. However, guest userland has no access to the GHCB.
VMEXITs with exit reason SVM_VMEXIT_VMGEXIT initiated by the guest
kernel will always provide a valid GHCB request.
Moreover, as the guest kernel makes sure, that the GHCB contains
no request when guest userland is running, a rouge guest userland
process can only force repeated VMEXITs with an empty GHCB.
Therefore, in vmm(4)'s vmgexit handler inject #UD when the exit
reason is not updated with data from the GHCB and stays on
SVM_VMEXIT_VMGEXIT.
ok mlarkin@
The GHCB valid bitmap indicates wether the GHCB contains a request
or not. When no bits are set, ignore the GHCB and do not sync with
vCPU state.
To clear/invalidate the GHCB just zero out the valid bitmap instead
of the full GHCB.
ok mlarkin@
For communication with the parent the missing presence of a filter_set
is cause for a panic. This should just never happen. For messages from
bgpctl that are forwarded by the session engine things are more complex.
Make sure the filter_set was sent and only execute the command that
wraps this filter_set is present. If it is not there it may have been
filtered out because it is invalid and then the command depending on
this data should not be executed.
OK tb@
On AMD/SVM the hypervisor will inject #UD when userland tries to
execute the vmmcall instruction. Same holds for vmgexit which is
encode as "rep vmmcall".
On Intel/VMX vmmcall and vmgexit are invalid instructions, so the
CPU will raise #UD.
ok mlarkin@
On Intel/VMX the hypervisor will inject #UD when userland tries to
execute the vmcall instruction.
On AMD/SVM vmcall is an invalid instruction, so the CPU will raise
ok mlarkin@
This new inline function should not pollute userland name space.
ports/devel/nspr did not compile due to inline in ansi mode.
reported and fix confirmed sthen@
Similar to filter_sets convert the filter_rule tail queue into an array
of smaller filter_match elements. On top of this deduplicate these rules
via hash table and refcounts. As a result the data is now more cache
friendly and the CPU spends less time waiting for data.
The initial loading time of my test IXP RS setup drops from 25min down
to around 18min. So this change produces a significant speedup on large
BGP setups.
OK tb@
