| Age | Commit message (Collapse) | Author |
|---|
|
is referenced from code being linked.
ok deraadt@, naddy@, guenther@
|
|
|
|
access it. ok deraadt@ kettenis@
|
|
From upstream r335090. ok guenther@
|
|
GNU linkers by convention supports both `--foo bar` and `--foo=bar` styles
for all long options that take arguments.
From upstream r326506. ok patrick@ kettenis@
|
|
there is a vendor branch and a commit on top of it, revision 1.1
was taken instead of the vendor branch. To fix this, compare the
vendor date with the current node, and not with the command line
date.
OK deraadt@
|
|
the section to be at least as large as the entry size of the section.
This causes a later check that validates the alignment to fail if the
entry size isn't a power of two. This happens when building some of the
java support code in ports gcc. Fix this by sticking to the original
alignment if the entry size isn't a power of two.
ok guenther@, naddy@
|
|
Upstream references:
https://reviews.llvm.org/D31557
https://reviews.llvm.org/D48515
OK kettenis@
|
|
|
|
ok hackroom@
|
|
|
|
works, but actually running stuff probably won't.
ok kettenis@
|
|
makes no sense. Yes it breaks function address equality and therefore
the expectations of the standard C language. However declaring symbols
with protected visibility isn't standard C in the first place.
Fixes linking non-PIC/PIE code with lld on amd64.
ok millert@
|
|
|
|
given as input before the resolved source location. This change was introduced
to bintutils after the switch from GPLv2 but the author Tristan Gingold granted
me permission relicense the diff under GPLv2; thanks!
Taken as is from binutils commit be6f64938f985dfb0eaa2107b99f193bb865ce04
This option is used by the syzkaller kernel fuzzer to produce a human readable
representation of the coverage collected by kcov.
ok deraadt@ jca@ visa@
|
|
does not have a default search path. ok kettenis@ jsg@
|
|
|
|
tested by naddy@
|
|
INV{EPT,VPID,PCID}
ok mlarkin@
|
|
and not the file it points to. OK deraadt@ tb@
|
|
ok deraadt@
|
|
|
|
ok hackroom@
|
|
Prompted by deraadt
|
|
will be installed as /usr/bin/ld.bfd on supported systems. This allows
users to fall back on the old linker by using the -fuse-ld=bfd option on
systems where lld is the default linker.
Switch armv7 to use lld as the default linker. On arm64 we already use lld
as the default linker. Other platforms will keep using the GNU linker for
now.
ok patrick@, deraadt@, phessler@
|
|
flatly.
this will help sparc64 compile code without needing to patch away recent
pragma diagnostic use.
problem found by landry@
okay kettenis@, guenther@
|
|
ok benno@ jca@
|
|
strings, add a couple of braces, ansify a few functions, add and remove
a few extra parens.
ok jcs
|
|
|
|
|
|
ok mlarkin@ deraadt@ mpi@ kettenis@
|
|
as the default linker on armv7.
ok espie@
|
|
the PPL on top, store it where trapframe puts the trap number. This
makes interrupt handlers get called with the correct stack alignment.
Also, document the use of if_err to differentiate resumed/recursed
interrupts from 'real' ones.
tested in snaps
ok deraadt@
|
|
fallthrough. Avoids unnecessary jmp instructions in the middle
of functions and makes disassembly nicer to read.
ok guenther@ mlarkin@ deraadt@
|
|
Addresses CVE-2018-12015
From Silamael <silamael () coronamundi ! de>
Original bug reports:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900834
https://rt.cpan.org/Public/Bug/Display.html?id=125523
Original commit with the fix:
https://github.com/jib/archive-tar-new/commit/ae65651eab053fc6dc4590dbb863a268215c1fc5
OK bluhm@, they should already be committed! deraadt@
|
|
'.openbsd.randomdata.retguard', to make them easier to work with in the
kernel hibernate code.
ok mortimer@ deraadt@
|
|
section when linking, as we do when using ld from binutils.
ok mortimer@ deraadt@
|
|
profiler(gprof) work properly.
ok mpi
|
|
Spotted by Nan Xiao.
|
|
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Remaining work includes adding this mechanism to assembly routines, which must
be done by hand. Many thanks to all those who helped test and provide feedback,
especially deaadt, tb, espie and naddy.
ok deraadt@
|
|
|
|
ok hackroom@
|
|
|
|
linker script makes ld.lld(1) crash. This has been fixed in a different
(proper?) way upstream but backporting their fix is a bit too invasive.
ok patrick@
|
|
From Sebastien Marie
|
|
the "soft" floating-point ABI but this does allow the compiler to generate
FPU instructions.
ok deraadt@
|
|
|
|
layout. Simplify how we identify which frames have trapframes while here.
ok kettenis@
|
|
friendly instructions with safe alternatives. This initial commit fixes
3 instruction forms that will lower to include a c3 (return) byte.
Additional problematic instructions can be fixed incrementally using
this framework.
ok deraadt@
|
|
don't barf on binaries created by ld.lld(1). From FreeBSD.
ok millert@, deraadt@, guenther@
|
