| Age | Commit message (Collapse) | Author |
|---|
|
ok guenther, jmc, tom, millert, deraadt
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
It would be better if this was filled in at trap time.
ok guenther
|
|
Extend the logic already present for panic() to any DDB-related
operation such that if ddb(4) is entered because of a fault or
other trap it is still possible to call 'boot reboot'.
While here stop printing splassert() messages as well, to not fill
the buffer.
ok visa@, deraadt@
|
|
needs (looking at you sgi, but others required this before). This is for
the circumstances we need pagesize known at compile time, not getpagesize()
runtime. Use it for malloc storage sizes, for shm, and to set pthread stack
default sizes. The stack sizes were a mess, and pushing them towards
page-aligned is healthy move (which will also be needed by the coming
stack register checker)
ok guenther kettenis, discussion with stefan
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
ok krw@ mpi@
|
|
Fixes 'make install' when /bsd is not present for some reason.
ok rob florian, "fine with me" deraadt
|
|
definitive list of block devices supported on an architecture.
ok kettenis@ deraadt@
|
|
|
|
Archs not yet converted can to the jump by defining __USE_MI_MUTEX.
ok visa@
|
|
ok kettenis@, visa@
|
|
OK mpi@
|
|
Remove `mtx_lock' from i386, add volatile before `mtx_owner' where it
was missing.
Inputs from kettenis@, ok visa@
|
|
ok millert@ krw@
|
|
ok kettenis@
|
|
the memory devices (/dev/null, /dev/zero, etc) need to permit them.
problem noted, tweak, and testing by jeremy@
ok deraadt@
|
|
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
|
|
extend ddb(4) "ps /o" output to print which CPU is currently holding the
KERNEL_LOCK().
Tested by dhill@, ok visa@
|
|
end of rc we call reorder_kernel which creates a /obsd hard link to
the same kernel.
In the past obsd was only created when doing a manual make install in
the kernel sources.
There is no need for two backup hard links during boot, rearange the
kernel Makefiles to restore previous behaviour and thus stopping
reorder_kernel from scribbling over /obsd.
Makes muscle memory of some kernel developers work again: /obsd can
serve as a known good kernel; and there was much rejoycing...
Discussed at length with benno, rpe, phessler and tb at
p2k17.
Seems like a good idea to deraadt.
OK benno, phessler, rpe, tb
|
|
as discussed with and ok mpi@
|
|
ttyB* minor numbers change; be sure to rerun MAKEDEV if you do not
upgrade with bsd.rd
Adapted from NetBSD by miod@
|
|
enable it when available (i.e. all DEC 3000 models but models 300).
Tested on DEC 3000/600 (sgmap) and DEC 3000/300LX (no sgmap).
from miod@
|
|
operation uses the CPU capabilities, rather than a not-yet-initialized
variable which will eventually be set to the CPU capabilities.
from miod@
|
|
|
|
Restores the balance of serenity and peace of mind of the last
real alpha user, to some extent.
From miod@
|
|
the kernel makefiles was removed which lead to C files not being re-
compiled when a dependency changed. This can lead to panics in odd
places and generally a broken system.
ok deraadt@
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
No functionnal change.
ok visa@
|
|
|
|
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
|
|
|
|
|
ok deraadt@, jasper@
|
|
clang optimizes better for size with -Oz so use that as a default to avoid
overflowing the ramdisk floppies. gcc now accepts -Oz as an alias for -Os.
ok kettenis@
|
|
whenever make is issued. Only do this when there are actual source changes
below /sys. This restores the behavior prior to the KARL implementation.
Problem noticed and patiently explained by mpi
implementation with a lot of help from espie
ok mpi, espie, deraadt
|
|
a partial solution to cross compiling the kernel with KARL.
OK deraadt@ a while ago
|
|
this lets GENERIC work as well as GENERIC.MP. it should also fix
bsd.rd. tested by me on an es45.
from a grumpy alpha user
|
|
|
|
"go for it" deraadt@
|
|
without src and comp work. That is what we've designed for, but since
we always have src and comp on our systems it is so easy to slide...
problem first noted by rpe.
|
|
architectures we must also link against a gapdummy.o to repair the ABI
of the resulting .o file. Woe is me.
Also repair install: target to update the linkkit & hash when a kernel
is installed.
ok rpe tb mlarkin and tested by others also
|
|
since it has source dependencies, and relinking doesn't have any. Also
the bsd: target is created by config(8)...
worked on with rpe.
|
|
okay millert@ deraadt@
|
|
fiction participating only in the linkphase.
tricks from rpe and espie
|
|
Otherwise owner of /bsd could be the build user with permissions
inherited from the compile directory.
OK deraadt@ tb@
|
|
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.
Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code. It has be smashed,
because alpha (insecurely in my view) runs in the KSEG0 space.
As a result, the internal layout of every newly build bsd kernel is
different from past kernels. Internal relative offsets are not known
to an outside attacker. The only known offsets are in the startup code,
which is gone.
Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.
|
|
directories. Copy it in the same way on other architectures, for the same
effect. Something upcoming will want that file there anyways.
|
|
Prying eyes cannot look at the kernels in the compile directory.
ok tb rpe, kernel developers seem unimpacted
|
|
ok visa@, kettenis@
|
