Age | Commit message (Collapse) | Author |
|
The hash function is supposed to return a value less than or equal
to 0x0fffffff. Due to a bug in the sample code supplied with the
ELF SYSV ABI documentation, the hash function can overflow on 64-bit
systems. Apply the same fix used by GNU libc, MUSL libc and FreeBSD.
Prompted by https://maskray.me/blog/2023-04-12-elf-hash-function
OK tb@ miod@
|
|
Now symlinking an executable away from the rest of its installation
tree no longer prevents it from finding the libraries. This matches
the behavior of other OS linkers. Prompted by a behavior change in
lang/ghc test suite.
Swapped the order of dirname/realpath in _dl_origin_path.
Added some regress tests that pass and then bin3 that fails without
this change and reflects the behavior needd for lang/ghc.
Suggestion by semarie@, OK deraadt@
|
|
to be a normal C function that starts with "bti c" when BTI contro flow
integretry enforcement is in place. Add "bti c" to _dl_bind_start().
Remove unused _rtld_tlsdesc() function to avoid having to add "bti c" to it.
ok deraadt@
|
|
ok miod@ millert@
|
|
Reported by Peter J. Philipp. OK deraadt@
|
|
right, deraadt@
|
|
where it is with pinsyscall(). In non-static binaries, kernel execve(2)
will now insist upon being called from that small region. Arriving from
a different region smells like ROP methodology, and the process is killed.
|
|
|
|
This is the default value of the linker, but I really like placing the
comment "architecturally required data islands".
|
|
|
|
hardware enforcement for this, but uvm can some of it's own tricks
on occasion.
|
|
ok gkoehler
|
|
OK deraadt
|
|
OK deraadt
|
|
|
|
is no longer a NOP on those systems, let's do it.
|
|
|
|
the x86 one.
|
|
came up in two seperate conversations with miod and kettenis
|
|
|
|
|
|
exonly transition for people building through an upcoming commit series
|
|
--execute-only ld.so (meaning FLAGS (1) on the LOAD line for the text
segment, in the ld.script). the linker, when using built-in linker scripts,
is not ready yet for other libraries / binaries..
|
|
Since we got rid of padded syscalls we have enough registers to do this.
ok deraadt@ ok kettenis@
|
|
|
|
ok kettenis
|
|
standard PIC magic. This makes the code similar to what we already use
for rcrt0.o. This makes it ready for execute-only.
Build C code using -fno-jump-tables to make it ready for execute-only.
ok deraadt@, miod@
|
|
instruction used by __canonicalize_funcptr_for_compare() from "bl" into "b".
This allows __canonicalize_funcptr_for_compare() to execute the branch
instead of decoding the instruction to find the address of _dl_bind().
This is the first step in the transition to a new ABI. Once an updated
ld.so has been installed, we can change __canonicalize_funcptr_for_compare()
(which lives in libgcc) and rebuild everything with a new libgcc. Only
then we can actually make ld.so executable-only.
ok deraadt@, miod@
|
|
|
|
This contains snmpd's mib.c (and friends) adjusted for libagentx.
This standalone binary is to be used by snmpd to achieve privilege
separation.
If people need net-snmpd, but want some of the base snmpd metrics they can
start this binary as a normal daemon and connect to net-snmpd's agentx
socket.
Tested, Feedback, and OK sthen@
Release build test, and OK tb@
|
|
The linker now produces correct values for DT_MIPS_RLD_MAP_REL tags.
The DT_MIPS_RLD_MAP_REL offset is relative to the entry of the original
dynamic tags array. Therefore look up the tag from exe_obj->load_dyn
instead of exe_obj->Dyn.info to get the correct base address.
OK kettenis@ deraadt@
|
|
ok deraadt@
|
|
fixed to identify the region correctly.
|
|
into a mimmutable related concern, you want to undo this revision to get
this debug back. I do not consider this suitable for hiding behind a
cpp macro.
|
|
segment for .plt/.got which needs to be placed correctly.
ok deraadt@
|
|
The linker produces incorrect values for DT_MIPS_RLD_MAP_REL tags.
Disable the handling of the tag in the dynamic loader. The linker
will be fixed in a later commit when snapshots have the updated ld.so.
Discussed with and OK kettenis@ deraadt@
|
|
of startup shared library mappings can be made immutable, and also does
this for dlope() RTLD_NODELETE and subsidiary libraries. Complexity in this
diff is due to the GNU_RELRO and OPENBSD_MUTABLE sections.
Tested in snaps for about 3 weeks, with some bootstrap related pain felt in ports
ok kettenis, much help from others.
|
|
Since the introduction of automatic immutable from the kernel, the munmap()
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
OK deraadt@
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the alpha version
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the i386 version
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for sparc64, tested by pascal also
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
this is the version for powerpc, tested by pascal
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for powerpc64 and a modified version of the diff deraadt@ mailed
out to make sure the LOADs are in increasing address order.
|
|
can consider this same as the "booting" case, and instruct lower layers to
do immutability. With this change in place, the not-yet-commited
library-immutable diff leaves 1 page of libc (malloc related) and 6
non-RTLD_NODELETE libraries mutable in chrome.
Everything else is immutable, except for the program's transient memory
allocations & file mappings. This is an unexpected result.
|
|
so the mapping layer will know it can use mimmutable()
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for 32-bit arm, tested by phessler
|
|
nodelete, so that _dl_relro() will immutable it's relro.
|
|
of ld.so boot.text region is now (silently) failing because the region is
contained within the text LOAD, which is immutable. So create a new btext
LOAD with flags PF_X|PF_R|PF_OPENBSD_MUTABLE, and place all boot.text objects
in there. This LOAD must also be page-aligned so it doesn't skip unmapping
some of the object region, previously it was hilariously unaligned.
ok kettenis and guenther seemed to like it also
This one is for riscv64, tested by jca
|
|
the gap, mmap a fresh MAP_FIXED MAP_ANON PROT_NONE and make it immutable
for good measure
ok guenther kettenis
|
|
|