| Age | Commit message (Collapse) | Author |
|---|
|
more closer to GNU linkers. This should help with autoconf/libtool
compatibility in ports.
Requested by Brad
"no objection" kettenis@
|
|
instructions to have side effects so the optimizer does not reorder
them across fnstcw/fldcw sequences. Fixes a bug seen in sqlite3 on
i386.
ok kettenis@
|
|
ok hackroom@
|
|
|
|
|
|
|
|
order it chooses. Reasons for choosing one register before another usually incl
ude compiled instruction size (avoidance of REX prefixes, etc.) or usage convent
ions, but somehow haven't included security implications in the compiled bytecod
e. Some bytecode is more useful in polymorphic ROP sequences than others, so it
seems prudent to try to avoid that bytecode when possible.
This patch moves EBX/RBX towards the end of the allocation preference for 32 and
64 bit general purpose registers. Some instructions using RBX/EBX/BX/BL as a de
stination register end up with a ModR/M byte of C3 or CB, which is often useful
in ROP gadgets. Because these gadgets often occur in the middle of functions, th
ey exhibit somewhat higher diversity than some other C3/CB terminated gadgets. T
his change removes about 3% of total gadgets from the kernel, but about 6% of un
ique gadgets.
There are other possible changes in this direction. BX/BL are obvious next targe
ts for avoidance, and MM3/XMM3 may also be useful to try to avoid if possible.
ok deraadt@
|
|
ok hackroom@
|
|
ok kettenis@ deraadt@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok hackroom@
|
|
This is mostly needed by syspatch at the moment to be
to be able to re-link in the same order as the original
libraries were linked with by relying on the readelf(1)
and without this .(s|S) assembly files were not getting
a file directive.
A bug reports has been filed as well:
https://bugs.llvm.org/show_bug.cgi?id=34019
ok deraadt@
|
|
ok hackroom@
|
|
ok florian@
|
|
optimizing code around an lgamma(3) call a bit too much. Fixes the
lib/libm/lgamma regress test.
ok patrick@, millert@
|
|
etc but as they're directly in our main tree, so the ignore file causes
problems for people using cvs->git conversions. kettenis suggested removing
the file rather than just commenting-out the relevant repos, patrick agrees.
|
|
ok hackroom@
|
|
jump.
ok deraadt@
|
|
ok hackroom@
|
|
While these warnings have the potential to be useful, there are too manu
false positives right now.
ok deraadt@
|
|
ok deraadt@
|
|
they can perform strange transforms and optimizations. Some of those could
gain a slight advantage, but would avoid the variety of important runtime
checks our malloc(3) code does. In essence, the transforms performed are
considered "anti-mitigation".
ok kettenis robert, discussions with others
|
|
ok deraadt@
|
|
warning
ok kettenis@, deraadt@
|
|
ok hackroom@
|
|
prevents core dumps :)
okay tedu@
|
|
ok hackroom@
|
|
Also from Todd Mortimer
tested by espie
|
|
ok hackroom@
|
|
clang doesn't seem to have a command line option for the feature,
so just hard wire it off. We don't need advertisements in our binaries.
ok deraadt
|
|
as defined. This is done to prevent dangerous optimisations which could
remove security critical overflow checks.
Base gcc has -fno-strict-overflow by default, with clang this is
identical to -fwrapv.
Prompted by naddy@ discovering a hang with a clang compiled i386 kernel
that was resolved with -fwrapv.
ok kettenis@ pascal@
|
|
scripting.
(got it into upstream, it's just a backport)
okay kettenis@, patrick@
|
|
ok hackroom@
|
|
in fact, false is a much better default for UsesNonexecutableStackSection.
platforms that require it can reenable, instead, saving the rest of us an
unnecessary program header (causes trouble for some special binaries).
ok kettenis
|
|
ok hackroom@
|
|
runtime support code libcompiler_rt for this. This code uses functions that
live in libpthread, so code that uses TLS support will need to be linked
with -lpthread. This should allow more ports to build with base clang.
ok espie@
|
|
Requested by deraadt@
|
|
libtool generated configure scripts expect. Otherwise they might assume
shared libraries aren't supported.
From lld svn revisions 298568 and 298571.
Discussed with kettenis@
|
|
problems with configure scripts generated with libtool.m4 that would
otherwise have to be regenerated with a patched libtool.
Among other things this fixes the build of Mesa on arm64 with lld.
From lld svn revision 298532. ok kettenis@
|
|
versioned and end up as local symbols despite being explicitly listed as
global in the version script. This breaks out brk()/sbrk() implementation.
The diff is only a partial solution and unlikely to be accepted as-is
upstream. We'll keep it as a local diff until a better solution is found.
ok guenther@
|
|
|
|
ok patrick@
|
|
|
|
|
|
Requested by deraadt@, millert@ and some more.
|
