| Age | Commit message (Collapse) | Author |
|---|
|
As per the manual and lib/libtls/tls.c revision 1.79 from 2018
"Automatically handle library initialisation for libtls." initialisation
is handled automatically by other tls_*(3) functions.
Remove explicit tls_init() calls from base to not give the impression of
it being needed.
Feedback tb
OK Tests mestre
|
|
fails to report the path that the failure occured on. Suggested by
deraadt@ after some tech discussion.
Work done and verified by Ashton Fagg <ashton@fagg.id.au>
ok deraadt@ semarie@ claudio@
|
|
and setting them up later on, nowadays it's possible to do both steps in just
one go through tls_config_set_{cert,key}_file(3) so use it and then init TLS.
No functional change.
OK kn@
|
|
prompted by deraadt@
|
|
ld.so doesn't use the FP registers.
ok deraadt@
|
|
ok deraadt@
|
|
if RTLD_NODELETE isn't POSIX, it is widely deployed: at least linux,
freebsd, dragonfly, netbsd, solaris, illumos, apple, and fuchsia have
it.
ok kettenis@ on previous version
with help from and ok guenther@
diff partially inspired from a diff from brad@
|
|
OK naddy@, millert@
|
|
Except for some specific cases (thanks guenther) ELF mandates nothing
but the file header be at a fixed location, hence ld.so(1) must not
assume any specific order for headers, segments, etc.
Looping over the program header table to parse segment headers,
_dl_boot() creates the executable object upon DYNAMIC and expects it to
be set upon GNU_RELRO, resulting in a NULL dereference iff that order is
reversed.
Store relocation bits in temporary variables and update the executable
object once all segment headers are parsed to lift this dependency.
Under __mips__ _dl_boot() later on uses the same temporary variable, so
move nothing but the declaration out of MI code so as to not alter the
MD code's logic/behaviour.
Found while porting patchelf(1) from NixOS.
OK guenther
|
|
OK martijn@
|
|
OK martijn@
|
|
OK martijn@
|
|
While here fix minor whitespace mistake.
"looks fine to me" chris@
|
|
correctly and do not overwrite it in csu.
allows most ld.so regressions to pass
confirmed by jsg@, ok kettenis
|
|
OK tobhe@
|
|
derived from arm64
go ahead deraadt@
|
|
should correspond to size of chunk meta data
|
|
a large executable's .text section crosses the 512MB exec line.
Executables that have MAXTSIZ > 64MB can map above the default
512MB exec line. When this happens, shared libs that attempt to map
into low memory will find their .data section can not be mapped. ld.so
will attempt to remap the share lib at higher addresses until it can be
mapped. For very large executables like chrome this process is very
time consuming. This change detects how much of the executable's
.text section exceeds 512MB and uses that as the initial hint for
shared libs to map into which avoids attempting to map into blocked
memory.
okay deraadt@
|
|
For constant strings we don't actually need to use auth_mkvalue(3).
Problem reported by Ross L Richardson.
|
|
From Jan Stary, thanks.
OK martijn
|
|
malloc dumping and gdb do not help at all when studying ld.so. In the end
it turns out ot be a simple merge error causing extra mmap calls.
ok miller@ tb@
|
|
This changes RETGUARD_SETUP(ffs) to RETGUARD_SETUP(ffs, %r11, %r12)
and RETGUARD_CHECK(ffs) to RETGUARD_CHECK(ffs, %r11, %r12)
to show that r11 and r12 are in use between setup and check, and to
pick registers other than r11 and r12 in some kernel functions.
ok mortimer@ deraadt@
|
|
Add retguard to some, but not all, asm functions in libc. Edit SYS.h
in libc to remove the PREFIX macros and add SYSENTRY (more like
aarch64 and powerpc64), so we can insert RETGUARD_SETUP after
SYSENTRY. Some .S files in this commit don't get retguard, but do
stop using the old prefix macros.
Tested by deraadt@, who put this diff in a macppc snap.
|
|
ok mortimer kettenis
|
|
|
|
Fixes instances where a mount point uses the nodev and nosuid options
but another file system mounted inside that hierarchy does not.
OK schwarze@
|
|
so stop looking for them in mount(8) output;
no functional change intended;
OK millert@
|
|
for SUID, SGID, and device files, implementing an idea that deraadt@
came up with based on a somewhat similar idea from millert@ after
a loosely related comment from Rupert Gallagher on misc@.
While here, minimally simplify the way mount options are parsed,
hoping to make the parsing more readable and also more robust.
OK millert@ deraadt@
|
|
from miod@
|
|
|
|
The code is based login_ldap port, but uses our own aldap implementation
instead of openldap. It also uses a stand alone configuration file
instead of login.conf, since setting this up might contain information
not destined for everyone to see.
OK bluhm@
"Go for it" deraadt@
|
|
Makes it build with -fno-common.
ok deraadt
|
|
Hints from kettenis@, ok kettenis@ deraadt@
|
|
|
|
ok drahn@
|
|
Committing on behalf of drahn@ who is a bit busy.
|
|
OK sobrado@ jmc@
|
|
DT_PPC_GOT is not used on powerpc64, delete.
|
|
ok kettenis@
|
|
Mostly ported, code runs far enough to start first symbol string lookup.
build with -gdwarf-4 to remove asm warnings.
Do not bother supporting 32 bit non-pic relocations in shared libraries.
(however leave the code there for now)
|
|
They won't work any more due to pledge restrictions so just print
an error and exit if the spool is world-writable. OK beck@
|
|
Initialize "pass" to the empty string instead of NULL, otherwise
crypt_checkpass() will dereference NULL.
From Yuichiro Naito via yasuoka@. OK deraadt@
|
|
While here, use consistent casing and don't use .Ev for
set-user-ID/set-group-ID.
from Miod
|
|
from Miod
|
|
ok kettenis@, deraadt@
|
|
problems as 64-bit models. To resolve the syscall speculation, as a first
step "nop; nop" was added after all occurances of the syscall ("swi 0")
instruction. Then the kernel was changed to jump over the 2 extra instructions.
In this final step, those pair of nops are converted into the speculation-blocking
sequence ("dsb nsh; isb").
Don't try to build through these multiple steps, use a snapshot instead.
Packages matching the new ABI will be out in a while...
ok kettenis
|
|
problems as 64-bit models. For the syscall instruction issue, add nop;nop
after swi 0, in preparation for jumping over a speculation barrier here later.
(a lonely swi 0 was hiding in __asm in this file)
|
|
problems as 64-bit models. For the syscall instruction issue, add nop;nop
after swi 0, in preparation for jumping over a speculation barrier here later.
ok kettenis
|
|
Fixes a "vfprintf %s NULL" warning in ftpd.
OK deraadt@ tb@
|
|
a syscall, replace the double nop with a dsb nsh; isb; sequence which
stops the CPU from speculating any further. This fix was suggested
by Anthony Steinhauser.
ok deraadt@
|
