summaryrefslogtreecommitdiff
path: root/gnu
AgeCommit message (Collapse)Author
2023-05-23Add IBT support to the retpoline PLTs. Since we use retpoline PLTs byMark Kettenis
default on OpenBSD this will give us IBT support by default. Fixes indirect function calls for functions in shared libraries. This doesn't fix retpoline+znow PLTs yet; a fix for that will follow. ok miod@, guenther@
2020-08-03Import LLVM 10.0.0 release including clang, lld and lldb.Patrick Wildt
ok hackroom tested by plenty
2023-05-17Add support for disassembling CET (including endbr64), XSS, OSPKE,Philip Guenther
clflushopt, clwb, ptwrite, rdpid, serialize, WAITPKG, and vmfunc extensions, as well as part of TSX. tpause and umonitor addr size handling isn't 100% correct, but good enough to get the instruction boundary. Correct decoding of rex64 {fxsave,fxrstor,xsave,xrstor,xsaveopt} to instead use a '64' suffix, ala "fxsave64". "good enough" ok kettenis@ deraadt@ mlarkin@
2023-05-15Enable BTI PLT entries by default.Mark Kettenis
ok jsg@
2020-08-03Import LLVM 10.0.0 release including clang, lld and lldb.Patrick Wildt
ok hackroom tested by plenty
2023-05-15Turn on pointer-authentication on arm64 as well by default. This meansMark Kettenis
we effectively enable -mbranch-protection=standard on arm64 now. ok deraadt@
2023-04-28Enable kernel-address sanitizer for clang openbsd targetGreg Steuck
OK deraadt@
2023-04-26On openbsd amd64, the compiler has been found to generate some nasty jumpTheo de Raadt
table variations (calculate address into %rax, jmp %rax) which is not compatible with IBT endbr64. The specific generated code sequence was found inside clang, which made the debugging experience pretty miserable. So we will have to disable jump tables by default. ok kettenis
2023-04-26On openbsd amd64, emit IBT endbr64 instructions by default (meaning,Theo de Raadt
-fcf-protection=branch is the default). All binaries grow slightly, but we can slowly move towards greater IBT enforcement in userland. 4th or 5th variation of this diff, with mortimer ok kettenis
2023-04-23Don't create IBT .plt if there are no PLT entries. Cherry picked fromMark Kettenis
upstream. Fixes several issues including problems with ld.bfd when it sees such a .plt in an object file that is getting linked into a binary. ok deraadt@
2020-08-03Import LLVM 10.0.0 release including clang, lld and lldb.Patrick Wildt
ok hackroom tested by plenty
2023-04-19Implement support for PT_OPENBSD_NOBTCFI in lld(1). This can be set usingMark Kettenis
the -z nobtcfi option. ok deraadt@
2023-04-17Make -mbranch-protection=bti the default on OpenBSD.Mark Kettenis
ok deraadt@
2023-03-26allow out-of-class defaulting of comparison operatorsRobert Nagy
ok deraadt@, mortimer@ this is backport of the following upstream commit: commit 5fbe21a7748f91adbd1b16c95bbfe180642320a3 Author: Nathan Sidwell <nathan@acm.org> Date: Wed Jun 16 10:43:43 2021 -0700 [clang] p2085 out-of-class comparison operator defaulting This implements p2085, allowing out-of-class defaulting of comparison operators, primarily so they need not be inline, IIUC intent. this was mostly straigh forward, but required reimplementing Sema::CheckExplicitlyDefaultedComparison, as now there's a case where we have no a priori clue as to what class a defaulted comparison may be for. We have to inspect the parameter types to find out. Eg: class X { ... }; bool operator==(X, X) = default; Thus reimplemented the parameter type checking, and added 'is this a friend' functionality for the above case.
2020-08-03Import LLVM 10.0.0 release including clang, lld and lldb.Patrick Wildt
ok hackroom tested by plenty
2023-03-25Fix erroneous comment for the PT_OPENBSD_MUTABLE definition.Frederic Cambus
2023-02-24switch mips64 ld.lld to execute-only, in case someone uses itTheo de Raadt
(the mips64 default is still ld.bfd)
2023-02-24disable jump tables by default on sparc64, in prep for xonly by defaultTheo de Raadt
ok miod
2023-02-21Remove conflict markers from perl testsAndrew Fresh
This is upstream PR 28103 https://github.com/Perl/perl5/pull/20813 Requested by stsp@ for quality of life improvments for Game of Trees users.
2023-02-21Don't install DebugWrap.1 manpageAndrew Fresh
It's from a test file and should never have been installed. Noticed by xse in #openbsd on libera.chat
2023-02-15Apply pre-built unicore patch - perl-5.36.0Andrew Fresh
OK bluhm@ a good time naddy@
2023-02-15Apply local patches - perl-5.36.0Andrew Fresh
OK bluhm@ a good time naddy@
2023-02-15Fix merge issues, remove excess files - match perl-5.36.0 distAndrew Fresh
OK bluhm@ a good time naddy@
2023-02-15Import perl-5.36.0Andrew Fresh
OK bluhm@ a good time naddy@
2019-02-13Import perl-5.28.1Andrew Fresh
looking good sthen@, Great! bluhm@
2013-03-25import perl 5.16.3 from CPAN - worked on by Andrew Fresh and myselfStuart Henderson
2010-09-24Perl 5.12.2 from CPANTodd C. Miller
2008-09-29import perl 5.10.0 from CPANTodd C. Miller
2002-10-27stock perl 5.8.0 from CPANTodd C. Miller
2001-05-24stock perl 5.6.1Todd C. Miller
2000-04-06virgin perl 5.6.0Todd C. Miller
1999-04-29perl5.005_03Todd C. Miller
1999-04-29perl5.005_03Todd C. Miller
2023-02-05default __mips64__ to execute onlyTheo de Raadt
2023-02-05Switch the mips64 linker scripts over to the templates that order .rodataMark Kettenis
before .text. ok deraadt@
2023-02-04Make ld.bfd default to --execute-only on amd64.Mark Kettenis
ok deraadt@
2023-02-03default sparc64 ld.lld to --execute-onlyTheo de Raadt
Note this doesn't actually work yet for anything big -- some unknown stuff needs to be fixed. Also ld.lld isn't the default sparc64 ld yet. But at least having this available during normal builds, to test iterate upon, will speed up either of those desireable outcomes. ok claudio
2023-02-03make --execute-only the default on powerpcTheo de Raadt
ok gkoehler
2023-02-01Despite only testing the low-order bit of its operand, the blbc and blbsMiod Vallat
instructions always fetch a 32-bit word when operand is a memory address. This works unless the address is within the last 3 bytes of a page, with the next page being invalid, something which can happen with small malloc'ed structures (I'm looking at you, perl). Work around the problem by requiring a register operand in all cases; the register load will be a zero-extension load of the right width. This is my entry into the "fix a 30-year old bug" contest of 2023.
2023-02-01Backport gnu/gcc/gcc/c-typeck.c r1.3 to the gcc 3 code base:Miod Vallat
Adjust how gcc3 handles the "missing braces around initializer" warning. In c99 any value can be initalised using a { 0 } constructor independent of the type. Now if a struct's first member is another struct then gcc4 issues the above warning but it should not do that. Move the warning check from push_init_level() to pop_init_level() and check if either { 0 } or { } was used. If additional implicit braces were added surpress the warning. Inspired by gcc PR#64709 light testing by me, serious testing by aoyama@
2023-01-30sync --execute-only archs described in the manual with current codeStuart Henderson
ok deraadt
2023-01-2932-bit powerpc should also allow the --exec-only flag.Theo de Raadt
but it isn't the default yet
2023-01-28Permit the --exec-only option on i386 also. This does not make it the default.Theo de Raadt
I wonder if we should allow --exec-only option on all architectures (but not as default), because this pre-check list now covers all architectures, and we haven't seen a ld.lld problem. We only switch an architecture to --exec-only default when other aspects (mostly compiler or .S files), that is a seperate switch block. Even though i386 has no mmu means to enforce xonly, uvm will fail a memcpy read of region which hasn't been previously faulted (by executing code in the region). This definately blocks reads of "contigious entire libc text", because very few programs "execute code in all libc code pages", even with uvm_fault's behaviour of wide faulting a 32K region. The random relinking also means an attacker cannot know what subset of libc text can be read because pre-faulted chunks are unknown, but now they can't copy it all (if they could find the location and bounds). This neat behaviour applies to all architectures. It seems we should try to always hint text segment permission as PROT_EXEC-only to the kernel and be happy that blocks a read, even if that blocking isn't 100% reliable. note: unfortunately binutils --exec-only isn't bug-free yet on most architectures, taking the same approach there will take longer.
2023-01-28Make --execute-only the default on powerpc64. Sort case statements inMark Kettenis
alphabetical order while I'm there. ok deraadt@
2023-01-27Recommit the switch to use llvm-strip on architectures that use ld.lld.Mark Kettenis
ok naddy@, sthen@
2023-01-27Change the emitted .glink stub on powerpc64 to use an instruction sequenceMark Kettenis
to compose the offset to the PLT instead of having a constant pool in .text. Make --execute-only work on powerpc64. ok miod@
2020-08-03Import LLVM 10.0.0 release including clang, lld and lldb.Patrick Wildt
ok hackroom tested by plenty
2023-01-24permit -execute-only on ppc64 (not default)Theo de Raadt
2023-01-21enable --exec-only as default on AMD64. There will be a some ports falloutTheo de Raadt
for a little while more (a few more data tables inside text), but they are being handled quickly ok tb naddy
2023-01-19Revert previous commit (but leave the man page around); llvm-strip behavesMark Kettenis
differently on files that are hardlinked and this is tripping up ports. requested by naddy@