| Age | Commit message (Collapse) | Author |
|---|
|
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code. It has be smashed,
because alpha (insecurely in my view) runs in the KSEG0 space.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker. The only known offsets are in the startup code,
which is gone.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
|
|
ok visa@, kettenis@
|
|
|
|
Using a name with the 'db_' prefix makes it invisible from the dynamic
profiler.
ok deraadt@, kettenis@, visa@
|
|
It doesn't compile und hasn't been working during the last decade.
ok kettenis@, deraadt@
|
|
ok deraadt@
|
|
|
|
unsigned variables as argument in most places anyway. Decrease the
chance of signedness/range mismatch issues.
ok stefan
|
|
- FORK_THREAD handling is a totally separate function, thread_fork(),
that is only used by sys___tfork() and which loses the flags, func,
arg, and newprocp parameters and gains tcb parameter to guarantee
the new thread's TCB is set before the creating thread returns
- fork1() loses its stack and tidptr parameters
Common bits factor out:
- struct proc allocation and initialization moves to thread_new()
- maxthread handling moves to fork_check_maxthread()
- setting the new thread running moves to fork_thread_start()
The MD cpu_fork() function swaps its unused stacksize parameter for
a tcb parameter.
luna88k testing by aoyama@, alpha testing by dlg@
ok mpi@
|
|
struct proc to struct process.
ok deraadt@ kettenis@
|
|
OK mpi@
|
|
|
|
fixes percpu allocations, like visa@ just did on mips64.
|
|
ok kettenis@
|
|
Same thought from kettenis@, ok krw@ phessler@ millert@
|
|
Build testing assistance from deraadt@
|
|
child_return() like on other archs, so cpu_fork() doesn't need to
touch them.
ok kettenis@ deraadt@
|
|
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
ok guenther@ millert@
|
|
|
|
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
ok deraadt@ guenther@
|
|
ok deraadt@ yasuoka@ reyk@
|
|
|
|
|
|
gets us a bit closer to an MI splraise api.
|
|
|
|
this is a step toward making ipls unconditionaly on pools.
ok deraadt@ kettenis@
|
|
sigtramp page, so that it will generate a nice kernel fault if touched.
While here, move most of the sigtramps to the .rodata segment, because
they are not executed in the kernel.
Also some preparation for sliding the actual sigtramp forward (will need
some gdb changes)
ok mlarkin kettenis
|
|
ok guenther kettenis
|
|
Inline asm from NetBSD
testing deraadt@
|
|
commit.
|
|
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
|
|
ok dlg@
|
|
|
|
From Miod Vallat
I trust miod deraadt@
|
|
all the local ones to ``nticks''.
ok stefan@, deraadt@
|
|
While there truncate the tables to the minimum required size; chrtoblk()
and blktochr() are designed to handle a table shorter than cdevsw.
"Looks good to me" deraadt@
|
|
need to ignore the hardware clock when it reports a year > 2037. Irony
noted.
both ok millert, alpha ok deraadt
|
|
using struct mutex in pmap.h do. Fixes net-snmp on alpha.
ok deraadt@
|
|
chance of working.
ok deraadt@
|
|
as well. OK dlg@ mpi@
|
|
ok tedu@, deraadt@, miod@
|
|
pv lists with a mutex. This should make pmap_enter(9), pmap_remove(9) and
pmap_page_protect(9) safe to use without holding the kernel lock. This
largely reverts rev. 1.75, but now of course the pmap locks are defined
to actually call mtx_enter(9) and mtx_leave(9).
ok visa@
|
|
ok deraadt@
|
|
Problem noticed and initial diff by kettenis@
ok kettenis@ visa@ dlg@
|
|
|
|
* pool_allocator_single: single page allocator, always interrupt safe
* pool_allocator_multi: multi-page allocator, interrupt safe
* pool_allocator_multi_ni: multi-page allocator, not interrupt-safe
ok deraadt@, dlg@
|
