Age | Commit message (Collapse) | Author |
|
self-relocate.
|
|
self-relocate.
ok kurt@
|
|
such that they self-relocate. okay kettenis@
|
|
self-relocate.
|
|
self-relocate.
Based on a diff from kurt@
ok deraadt@
|
|
self-relocate.
Based on a diff for amd64 from kurt@
|
|
self-relocate.
Based on a diff for amd64 from kurt@
|
|
and defines for compatibility with the equivalent gcc header.
cpuid.h was introduced in gcc 4.3 and a compatible header has
been included with recent versions of clang.
Earlier version ok miod@. Tested in a ports bulk build by landry@.
|
|
kill large portions of the ports tree. Most notably, it broke devel/gperf at
runtime.
ok martynas@, "make a decision" deraadt@
|
|
kprintf attribute shouldn't accept them.
ok martynas@
|
|
From dt71 at gmx.com via FreeBSD
Required to build with recent versions of clang.
|
|
This is the flag name that modern GCC and Clang have de facto
standardized on for the functionality that we locally named
-Wstack-larger-than-N.
ok brad, miod
|
|
Currently, GCC 4.2 silently ignores the "aligned" attribute for
objects allocated on the stack if the specified minimum alignment
exceeds the platform's natural stack alignment. This has bitten us in
the past, so we shouldn't allow this to continue.
Fixing the "ignores" problem seems hard, so this commit settles for
tackling the "silently" problem instead.
ok miod, and possibly guenther and deraadt
|
|
a little pointer-sized gap before the return value. This protects
from common off-by-one type of bugs and costs nothing: the attacker
won't be able to overwrite return pointer. Developed at m2k14,
thanks for the hackathon!
|
|
This will make the environment more hostile and help detect bugs
that depend on overrunning one variable into another, with almost
no performance cost.
Discussed with Theo at m2k14 hackathon. "oh god yes" tedu@, "oh nice" djm@
|
|
16byte boundary. However, GCC 16-byte aligns arrays of >=16 BITS,
not BYTES.
This diff improves bug detectability for code which has local arrays
of [16 .. 127] bits: in those cases SSP will now detect even 1-byte
overflows.
OK kettenis@. Tested in snaps for a week.
|
|
additional functions --- those that have local array definitions,
or have references to local frame addresses.
Note that upstream uses -fstack-protector-strong and misleads people:
-fstack-protector, -fstack-protector-all, -fstack-protector-strong
can you tell which one is safe?
Luckily, OpenBSD has its own compiler and is able to do the right
thing for security: this is enabled by default, and called
-fstack-protector.
OK deraadt@, miod@. Tested for 3 months.
|
|
|
|
ok deraadt@
|
|
which operates on element counts rather than buffer sizes. I'll start
annotating headers in a few weeks, after the hackathon. OK millert@.
|
|
additional functions to be protected --- those that have local array
definitions, or have references to local frame addresses.
Note 1: Han explicitly licensed this under GPLv2 for us.
Note 2: Do *not* use this anywhere in "src" Makefiles, as the other
GCC doesn't have this option yet (but I'm working on it).
|
|
size almost always has security implications. I think this quote
from Theo summarizes the situation best:
Which is why it is important to have at least one unforgiving
platform in the ecosystem which properly labels shit shit.
That's OpenBSD. If anyone can't handle that, they can go to platforms
which hide the reality.
|
|
stpcpy, strcat, strcpy. Also don't simplify some safe builtins
into unsafe ones, otherwise we'll hit the linker with the bogus
warning. OK miod@, millert@.
|
|
|
|
sprintf, vsprintf, stpcpy, strcat, strcpy. We're hitting the linker
again, therefore the warning will show up now.
|
|
Kernel, base and ports seem happy with this change, and there's no
reason for collect2 to be less useful on these machines. Offending
lines in gcc/config found by Miod, thanks.
Let's commit the right file this time. ok kettenis@ miod@ mpi@
|
|
|
|
Kernel, base and ports seem happy with this change, and there's no
reason for collect2 to be less useful on these machines. Offending
lines in gcc/config found by Miod, thanks! ok kettenis@ miod@ mpi@
|
|
matches the behaviour of gcc >= 4.3 and clang
ok miod@
|
|
|
|
From Joerg Wunsch in GCC PR 23479, under the GPLv2.
This is required to build the i965 backend with newer versions of mesa.
ok kettenis@ espie@ miod@
|
|
this also adds support in gcc 4.x kprintf format checks
ok kettenis@
|
|
The PR comes with a real fix, but it is covered by the GPL v3, and is
neither trivial nor straightforward, so use a hammer and disable the
unreliable code.
Verified to fix bogus code generation on macppc.
|
|
instruction, before testing whether it can be built with `or.u'; this
allows further optimization.
condition_value(): handle ORDERED and UNORDERED condition codes.
print_operand(): remove support for no longer used `w' qualifier.
|
|
inline assembly, tb/tbnd instructions.
Don't use `r' qualifier for "register_operand", it's redundant.
|
|
linking against -lgcov.
|
|
|
|
|
|
* arm.md (negscc): Match the correct operand for optimized LT0 test.
Remove optimization for GT.
|
|
Main features:
- md constraints rewritten in RTL
- md predicaties rewritten in RTL
- md va_arg switched to gimple
- abort() calls replaced with gcc_assert() or gcc_unreachable() for better
diagnostics
- support for non-ELF systems completely removed
Missing:
- conversion of the pipeline information from define_function_unit to
define_automata not done yet (thus pipeline information currently removed)
Known regressions against 3.3.6 so far:
- no stack protector support yet
- __builtin_setjmp doesn't restore the frame pointer correctly upon return
from __builtin_longjmp
- at least one case of optimization error when delay slots are not disabled.
- libgcc is only built -fPIC, instead of static/fpic/fPIC.
|
|
of TR 24732. Emit pedantic warning if the feature is being used.
Requested by jasper@; needed by certain ports. OK miod@.
|
|
and i386.
pointed out by miod@
|
|
i386.
ok pascal@, miod@
|
|
ok miod@
|
|
ok miod@
|
|
Reorganize soft frame pointer so that locals are below it and grow
downwards. Tested by miod@, jasper@. OK miod@.
|
|
Reorganize soft frame pointer so that locals are below it and grow
downwards. Thanks Nick for the access. OK miod@.
|
|
after switching to __guard_local. OK matthew@, miod@.
|
|
The array_size was uninitialized and used to work by accident.
Spotted with SSP on MIPS.
OK miod@. Tested by jasper@.
|
|
the following manner:
([reg:A & -8] << (64 - (((reg:FP+reg:B) & 0x7) << 3))) >> 56
This fails when we're doing loads with the offset from the frame
pointer %8. Since it's aligned, optimizer makes it a zero. The
correct expression is:
([reg:A & -8] << (56 - (((reg:FP+reg:B-1) & 0x7) << 3))) >> 56
This is actually a 13-year-old bug. Checked by Miod; a few files
in the kernel were affected. Spotted with SSP for Alpha.
OK miod@. Tested by naddy@.
|