openbsd changes of note
mcl2k2 pools and the em conversion. The details are in the commits, but the short story is that due to hardware limitations, a number of tradeoffs need to be made between performance and memory usage. The em chip can (mostly) only be programmed to write to 2k buffers. However, ethernet payloads are not nicely aligned. They’re two bytes off. Leading to a costly choice. Provide a 2k buffer, and then copy all the data after the fact, which is slow. Or allocate a larger than 2k buffer, and provide em with a pointer that’s 2 bytes offset. Previously, the next size up from 2k was 4k, which is quite wasteful. The new 2k2 buffer size still wastes a bit of memory, but much less.
vmm for i386. Improve security. vmm is still running with a phenomenal set of privileges, but perhaps some cross-VM attacks may be limited. On the other side of the world, hyperv support is getting better.
Fix an installer bug relating to user separation and local sets. And one for the prefetch area. The installer continues to get better and safer in mostly invisible ways. Usually it’s only the bugs that get noticed.
Remove setlocale. setlocale was sprinkled all throughout the code base many years ago, even though it did nothing, in anticipation of a day when it would do something. We’ve since decided that day will never come, and so many setlocale calls can go.
There’s a new build system. It kind of works like before, but a lot of the details have changed to support less root. Actually, it’d be accurate to say the whole build privilege system has been flipped. Start as root, which drops down to the build user to do the heavy lifting, instead of starting as a user that can elevate to root at any time. This no longer requires the build user to be pseudo-root; in fact, the goal is that the build user can’t elevate.
Use x2APIC. Some systems, notably VMs, require this and don’t provide the older interfaces.
syspatch is coming. Lots of commits actually. Despite the name, it’s more like a system update, since it replaces entire binaries. Then again, replacing a few binaries in a system is like patching small parts of the whole. A syspatch update will be smaller than an entire release.
The slab is back. Per CPU caches existed in pool long ago, but were deleted while making the code simpler. The pool code has been worked over quite thoroughly since then, and now it’s time to bring back this optimization. Bonwick’s paper is a systems classic. For reference, ancient commit introducing caches previously.
OCSP client support in libtls. And therefore nc as well.
The libcrypto manuals are getting a makeover. The other pages were converted as well.
The thread process deunification continues. Threads started out as clumps of processes. Slowly but surely, things are being pried apart into distinct concepts.
Preparatory steps to making network stack lock safe. The old spl model is recursive, which won’t work in the future. More discipline is now required to know who is responsible for acquiring and releasing exclusion. It seems like only yesterday I rewrote sblock to be an rwlock, and now sblock is back to using tsleep again.