| Age | Commit message (Collapse) | Author |
|---|
|
ok mpi@ kettenis@
|
|
Strip superfluous parens from return statements while here.
Done programatically with two perl invocations
idea ok kettenis@ drahn@
ok visa@
|
|
part of the review. My fail for forgetting to diff my tree against what
was reviewed
problem noted by deraadt@
|
|
'relative' relocation. Take advantage of that to simplify ld.so's self-reloc
code:
* give the exceptional archs (hppa and mips64) copies of the current boot.c
as boot_md.c
* teach the Makefile to use boot_md.c when present
* reduce boot.c down to the minimum necessary to handle just relative reloc
* teach the Makefile to fail if the built ld.so has other types of relocs
ok visa@ kettenis@
|
|
sections; despite being a RELA arch, ld.so was making assumptions about
the initialization of the targeted location.
Add the relative relocation optimization, handling relocations
covered by the DT_RELACOUNT value in a tight loop.
ok mpi@ deraadt@
|
|
ok mlarkin@, mpi@, krw@, deraadt@
|
|
ok mpi@
|
|
The existing code did a full recursive walk for O(horrible). Instead,
keep a single list of nodes plus the index of the first node whose
children haven't been scanned; lookup until that index catches the
end, appending the unscanned children of the node at the index. This
also makes the grpsym list order match that calculated by FreeBSD and
glibc in dependency trees with inconsistent ordering of dependent libs.
To make this easier and more cache friendly, convert grpsym_list
to a vector: the size is bounded by the number of objects currently
loaded.
Other, related fixes:
* increment the grpsym generation number _after_ pushing the loading
object onto its grpsym list, to avoid double counting it
* increment the grpsym generation number when building the grpsym list
for an already loaded object that's being dlopen()ed, to avoid
incomplete grpsym lists
* use a more accurate test of whether an object already has a grpsym list
Prompted by a diff from Nathanael Rensen (nathanael (at) list.polymorpheus.com)
that pointed to _dl_cache_grpsym_list() as a performance bottleneck.
Much proding from robert@, sthen@, aja@, jca@
no problem reports after being in snaps
ok mpi@
|
|
_dl_free(), which would trigger a "recursive call" assertion...if we
had ever realloced in ld.so
ok deraadt@
|
|
X11R6).
Suggested by tb@
ok deraadt@ tb@ millert@
|
|
ok visa@ guenther@
|
|
ok guenther@
|
|
|
|
|
|
|
|
be used to effectively remove filesystem access.
That being said, in spamd(8) when I pledge(2)d it the main priv process got
"stdio inet" which means there's no fs access at all so calling
chroot(2)/chdir(2) here doesn't get us any additional protection. Just remove
them.
OK deraadt@ and no objections from schwarze@
|
|
hiding the actual grotty bits in inline functions
ok mpi@
|
|
- the symbol it found, returned via the second argument
- the base offset of the the object it was found in, via the return value
- optionally: the object it was found in, returned via the last argument
Instead, return a struct with the symbol and object pointers and let the
caller get the base offset from the object's obj_base member. On at least
aarch64, amd64, mips64, powerpc, and sparc64, a two word struct like this
is passed in registers.
ok mpi@, kettenis@
|
|
ok kettenis@
|
|
ok deraadt@, kettenis@
|
|
|
|
|
|
Add an internal version of pcap_open_live that ensures bpf(4) devices
are opened read-only before locking. Neither pflogd(8) or spamlogd(8)
require write access to bpf(4). Inspired by similar solution in
OpenBSD tcpdump(8).
pflogd(8) was safe since being unveiled last year, but spamlogd(8)
was having /dev/bpf opened O_RDWR.
Issue discovered by bluhm@'s unveil(2) accounting commit.
ok deraadt@, mestre@ (thanks for testing spamlogd!)
|
|
in default, cannot get anywhere near the filesystem since its only promises are
"stdio inet". Furthermore, in blacklist mode this same codepath is not
chroot'ed but once again it gets the same pledge(2).
Therefore we can remove the BUGS section from spamd(8)'s manpage.
OK millert@ deraadt@
|
|
In 2013, I implemented the single-entry LRU cache that gets the maximal
symbol reuse from combreloc. Since then, the ld.so generic relocation
symcache has been a waste of CPU and memory with 0% hit-rate, so kill it.
ok mpi@
|
|
the change in __getcwd(2)'s return value. Fix it by switching to the
__realpath(2) syscall, eliminating the ld.so copy of realpath().
problem caught by regress and noted by bluhm@
ok deraadt@
|
|
|
|
building with clang.
ok deraadt@, visa@
|
|
ok deraadt@, visa@
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
value < 0. errno is only updated in this case. Change all (most?)
callers of syscalls to follow this better, and let's see if this strictness
helps us in the future.
|
|
the unveil state of running processes.
ok deraadt@
|
|
make it to disk (discussion with tedu)
|
|
|
|
follows some pointer into the middle of it. Best to keep things working
while tracking down the wonkiness.
problem noted by naddy@
|
|
|
|
topological sort order, reducing it to O(n) from O(2^n) (ouch!)
diff from Nathanael Rensen (nathanael(at)list.polymorpheus.com)
Much testing and pleading by robert@ and ajacoutot@
ok drahn@ mpi@
|
|
- put functions and data which are only used before calling the executable's
start function into their own page-aligned segments for unmapping
(only done on amd64, arm64, armv7, powerpc, and sparc64 so far)
- pass .init_array and .preinit_array functions an addition argument which
is a callback to get a structure which includes a function that frees
the boot text and data
- sometimes delay doing RELRO processing: for a shared-object marked
DF_1_INITFIRST do it after the object's .init_array, for the executable
do it after the .preinit_array
- improve test-ld.so to link against libpthread and trigger its initialization
late
libc changes to use this will come later
ok kettenis@
|
|
its statically linked ls_main for some time now.
from Jan Klemkow
ok deraadt
|
|
functions because retguard uses hard-traps instead.
ok mortimer.
|
|
Pointed out by jsg, just fix it deraadt@
|
|
anywhere and can use Elf_Word instead.
ok guenther
|
|
previously 'implemented' by having the Elf_Word typedef in <sys/exec_elf.h>
vary, but that doesn't match the spec and breaks libelf so it's gone away.
Implement the variation here by defining our own type locally for this.
ok deraadt@
|
|
on mips64. They need relocation and consequently cannot be used
in that function.
OK kettenis@
|
|
|
|
Instead of getting all filesystems with df(1), filter /usr/share/ and check
with mount(1) whether it's NFS, make df error out directly if the
filesystem type matches nfs.
OK sthen tb
|
|
based on a diff from miod@
|
|
the stubs
noted by miod@
|
|
line unless it is writable.
lld places read-only sections below the gap so this is needed
to be able to retain W^X with lld. Note however the read-only
sections below the W^X line are now executable on pre-NX
machines and a possible source of gadgets. This is a change
from Gnu ld where RO sections were ordered above the W^X line
and not executable.
okay drahn@ kettenis@ deraadt@
|
|
|
