| Age | Commit message (Collapse) | Author |
|---|
|
so the file cannot be re-executed upon the next boot. This provides a
stronger one-shot-upgrade model than the upgrade script's rm /bsd.upgrade.
Now various forms of upgrade failure will reboot into /bsd, which is probably
more recoverable. Performing fchmod -x depends on (1) use of MI boot.c
(not alpha/macppc/sparc64/sgi/octeon) and (2) "can write blocks" functionality
in the IO layer. Most architectures have this support now.
Two diagnostics "fchmod a-x %s: failed" and "/bsd.upgrade is not u+x" will
remain in the tree while refinements happen for some of the laggard
architectures.
based upon a discussion florian
tested in snapshots for more than a week without any complaints
|
|
then ran into the messaging being poor. Then I fixed the messages. But
there are two sub-cases of sp-not-MAP_STACK -- one at syscall time, and
another at regular userland trap (on some architectures), and I bungled
that messaging. Correct that now, while I look for yet another better way...
discovered by millert, who ran an pre-MAP_STACK binary.
|
|
Use install -F to instead of cp, for fsync(2). Coupled with the new
sync(8) in the reorder_kernel script, the window for a incomplete /bsd
file on-disk due to a crash has now shrunk substantially.
Discussion with kettenis, millert and tedu
|
|
ok visa@
|
|
Lookup the address that a syscall instruction is executed from, and kill
the process if that page is writeable. This brings an aspect of W^X
behaviour to W|X mappings (in JITs not yet adapted to W^X). The goal is
to remove simple attack methods and force use of ret2libc or other more
complicated means.
ok kettenis stefan visa
|
|
ok deraadt@
|
|
Reduce code clutter by removing the file name and line number output
from witness(4). Typically it is easy enough to locate offending locks
using the stack traces that are shown in lock order conflict reports.
Tricky cases can be tracked using sysctl kern.witness.locktrace=1 .
This patch additionally removes the witness(4) wrapper for mutexes.
Now each mutex implementation has to invoke the WITNESS_*() macros
in order to utilize the checker.
Discussed with and OK dlg@, OK mpi@
|
|
memcpy() correct behaviour. This also brings the bcopy() macro into line.
|
|
tightly-built ramdisk kernels, set the option in per-arch Makefile.inc
based upon SMALL_KERNEL
|
|
|
|
details from the ELF header instead of faking it.
Proposal from mlarkin, tested on most architectures already
|
|
|
|
ok deraadt
|
|
|
|
|
|
including cpu.h machine/intr.h etc without first including param.h when
MULTIPROCESSOR is defined.
ok visa@
|
|
|
|
|
|
platforms.
From miod@
|
|
|
|
4MB which is far too low especially when the platform is able to run MP.
New limits are, amd64 = 256M; arm64, mips64, sparc64 = 64M; alpha, arm,
hppa, i386, powerpc = 32M; m88k, sh = 8M
Still rather conservative numbers but much better than before. At least
some hangs of arm64 build boxes was caused by this.
OK kettenis@, visa@
|
|
Based on a submisison from Jan Klemkow.
|
|
|
|
instead of passing sendsig() the code+type+val, pass a siginfo_t*
to copy from. Eliminate the indirection through struct emul for
sendsig(); we no longer have a SunOS4-compat version of sendsig()
ok deraadt@
|
|
ok visa@
|
|
ok kettenis@
|
|
- dynamic allocation of interrupts for dino(4) and gsc(4)
- only mention irq locators for devices which use interrupts.
- for gsc(4), this actually postpones interrupt allocation until gsc(4)
attaches, so asp(4)/lasi(4)/wax(4) won't route the interrupt yet, but
the gsc(4) child will take care of this.
- remove the irq locator for the drivers which do not need a fixed
assignment. siop and moongoose could benefit from this but don't work
at the moment so this is left as an exercize to future kernel hackers.
A side effect from this is that we do not need multiple sti(4)
attachment lines, so PCI sti(4) devices will now attach as sti0 rather
than sti2.
With this diff, multiple dino(4) devices attached to the same parent
will use different interrupt sources, and more than two dino(4) devices
can attach.
Tested on 715/75 (old-gen using asp), 715/100/XC (new-gen using lasi),
B132L+, B180L, C240, B2000, C3650.
From miod@
|
|
ok visa@, mpi@
|
|
OK guenther@
|
|
this gets rid of the source annotation which doesn't really add
anything other than adding complexitiy. randomess is generally
good enough that the few extra bits that the source type would
add are not worth it.
ok mikeb@ deraadt@
|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
Extend the logic already present for panic() to any DDB-related
operation such that if ddb(4) is entered because of a fault or
other trap it is still possible to call 'boot reboot'.
While here stop printing splassert() messages as well, to not fill
the buffer.
ok visa@, deraadt@
|
|
needs (looking at you sgi, but others required this before). This is for
the circumstances we need pagesize known at compile time, not getpagesize()
runtime. Use it for malloc storage sizes, for shm, and to set pthread stack
default sizes. The stack sizes were a mess, and pushing them towards
page-aligned is healthy move (which will also be needed by the coming
stack register checker)
ok guenther kettenis, discussion with stefan
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
ok krw@ mpi@
|
|
Fixes 'make install' when /bsd is not present for some reason.
ok rob florian, "fine with me" deraadt
|
|
definitive list of block devices supported on an architecture.
ok kettenis@ deraadt@
|
|
ok kettenis@, visa@
|
|
Remove `mtx_lock' from i386, add volatile before `mtx_owner' where it
was missing.
Inputs from kettenis@, ok visa@
|
|
ok deraadt@ krw@
|
|
ok millert@ krw@
|
|
the memory devices (/dev/null, /dev/zero, etc) need to permit them.
problem noted, tweak, and testing by jeremy@
ok deraadt@
|
|
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
|
|
extend ddb(4) "ps /o" output to print which CPU is currently holding the
KERNEL_LOCK().
Tested by dhill@, ok visa@
|
|
end of rc we call reorder_kernel which creates a /obsd hard link to
the same kernel.
In the past obsd was only created when doing a manual make install in
the kernel sources.
There is no need for two backup hard links during boot, rearange the
kernel Makefiles to restore previous behaviour and thus stopping
reorder_kernel from scribbling over /obsd.
Makes muscle memory of some kernel developers work again: /obsd can
serve as a known good kernel; and there was much rejoycing...
Discussed at length with benno, rpe, phessler and tb at
p2k17.
Seems like a good idea to deraadt.
OK benno, phessler, rpe, tb
|
|
as discussed with and ok mpi@
|
|
the kernel makefiles was removed which lead to C files not being re-
compiled when a dependency changed. This can lead to panics in odd
places and generally a broken system.
ok deraadt@
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
|
|
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
