Age | Commit message (Collapse) | Author |
|
|
|
|
|
call a setjmp-type function (protyped with __attribute__((returns_twice)).
LLVM anticipates the longjmp type function will perform a direct branch
back (rather of a push;ret combo, almost certainly due to CET
shadow-stack coherency difficulties). Since we have CET/IBT enforced,
LLVM makes that direct branch legal by placing an endbr64 immediately
after the callq. Where I was placing the ret-clean sequence... this blows
up badly, in unhibernate / resume situations.
In the Functions marked exposesReturnsTwice(), skip doing ret-clean.
(placing the ret-clear after that endbr64 is much more difficult)
observed by mglocker, diagnosed by mlarkin, kettenis, guenther.
|
|
This causes the caller to cleans the return address off the stack after
a callq completes. The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs. The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
|
|
This causes the caller to cleans the return address off the stack after
a callq completes. The option is best used in low-level libraries (such as
libc), because libc contains low-level system call stubs. The option
reduces hints (found on the stale parts of the stack) about libc.so's mapping
location, and together with random-relinking, relro got/pic, and xonly
makes some exploit methods more difficult.
ok mortimer, mlarkin, much discussion with kettenis, in snaps for 2 weeks.
|
|
failure when using make -j; this used to be hidden because of the objective-C
generated files, which are no longer built. No change for regular make.
|
|
When calling POSIX::setlocale() with unknown locale category, Perl
could crash due to NULL dereference.
found by sthen@ in smokeping build; OK afresh1@
|
|
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
|
|
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
|
|
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
|
|
ok gkoehler@
Commit and we'll fix fallout bluhm@
Right away, please deraadt@
|
|
OK sthen@
|
|
Timing is good deraadt@, OK sthen@
|
|
looking good sthen@, Great! bluhm@
|
|
|
|
|
|
|
|
Ever since the prehistoric zlib was removed last fall, the configure script
would complain because of a missing file:
sed: 0: /usr/src/gnu/usr.bin/cvs/zlib/Makefile.in: No such file or directory
noticed by deraadt
ok bluhm
|
|
.openbsd.syscalls section with the PT_OPENBSD_SYSCALLS phdr, even though is
does not have the ALLOC flag; otherwise the phdr gets rewritten with a size
of zero, which prevents the binary from working.
ok kettenis@
|
|
|
|
(libobjc) had been removed from the build years ago, there is no need to
keep the compiler.
ok beck@ joshua@
|
|
clang -S was missing a line like ".cfi_offset cr2, -16" in functions
that spill cr2 (or cr3, cr4) to the stack. This was breaking a few
C++ exceptions. This fix adds the missing CFI.
This will fix the C++ exception that was crashing egdb from
ports/devel/gdb when you did "q to quit" in the pager.
ok kettenis@ tobhe@
|
|
things are going, it will take another decade before it does. But OpenBSD
has it enabled *by default* already.
Drop the #ifdef __linux__. This should hurt other OSes when they finally
catch up with us.
ok robert@, tb@
|
|
retpolines makes IBT less useful and we have enabled additional mitigations
in our kernel now that should make them (mostly) unnecessary.
ok guenther@
|
|
previous commit.
ok guenther@
|
|
provide a mitigation against branch speculation attacks, they also make
IBT control flow integrity less effective. Our kernel now uses IBPB to
as a mitigation against branch speculation attacks, so we can disable
retpoline PLTs again.
ok deraadt@
|
|
|
|
Upstream commit:
https://github.com/llvm/llvm-project/commit/9d37ea95df1b84cca9b5e954d8964c976a5e303e
Already needed at least by ports/math/hdf5, prerequisite if we want to
enable linker relaxation (clang upstream defaults).
ok kettenis@
|
|
ok hackroom
tested by plenty
|
|
ok kettenis@
|
|
This brings us fp_mode.c used in softfloat code, and muldi3.S used when
the target ISA doesn't have the Multiply extension.
ok kettenis@
|
|
|
|
ctype_base.h is correctly installed by make includes so the transition should
be automatic. If you hit a failure with this header, make sure ctype.h and
ctype_base.h are in sync.
ok miod@ tb@
|
|
repoline PLT entries that were changed to include the necessary endbr64
instructions. But with -Wl,-znoretpolineplt we would still emit non-BIT
PLT entries under certain circumstances. Fix this.
ok deraadt@, guenther@
|
|
first six entries are in the same order as syscall arguments, such
that syscall() can just use the trapframe as the argument vector
for mi_syscall() and not need to reorder into another buffer on the
stack. This doesn't affect coredump layout or ptrace(2), but does
affect kernel crash dumps.
Possibility noted during miod@'s cleanup of the MD syscall()
implementations
ok mlarkin@ kurt@
|
|
tested by and input from tb@; ok kettenis@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
ok kettenis@
|
|
endbr{64,32}
"sure" dv@ deraadt@
|
|
Repairs ld.bfd operations on i386: since the switch to llvm-16 clang
emits such relocations (eg one is present in /usr/lib/crtbegin.o).
This unbreaks the build of ports/lang/fpc.
Help and tests from tb@, ok tb@ kettenis@
|