| Age | Commit message (Collapse) | Author |
|---|
|
ever ran on, and it's unlikely to ever be implemented, so remove it.
ok jsg@
|
|
feedback and ok jmc@ miod, ok millert@
|
|
"this makes sense" miod@
|
|
it are now unpadded
ok kettenis guenther
|
|
against classic BROP with a range-checking wrapper in front of copyin() and
copyinstr() which ensures the userland source doesn't overlap the main program
text, ld.so text, signal tramp text (it's mapping is hard to distinguish
so it comes along for the ride), or libc.so text. ld.so tells the kernel
libc.so text range with msyscall(2). The range checking for 2-4 elements is
done without locking (because all 4 ranges are immutable!) and is inexpensive.
write(sock, &open, 400) now fails with EFAULT. No programs have been
discovered which require reading their own text segments with a system call.
On a machine without mmu enforcement, a test program reports the following:
userland kernel
ld.so readable unreadable
mmap xz unreadable unreadable
mmap x readable readable
mmap nrx readable readable
mmap nwx readable readable
mmap xnwx readable readable
main readable unreadable
libc unmapped? readable unreadable
libc mapped readable unreadable
ok kettenis, additional help from miod
|
|
arguments to mmap) because it was using syscall(2) and that callpath
is invisible in ktrace. make it visible, it will now show "(via syscall)"
and such.
ok guenther
|
|
ok aoyama@
|
|
|
|
is ELF" world. Eliminate use of them in m88k code.
ok aoyama@
|
|
- Initialize tick_nsec during cpu_initclocks()
We have no control over the interrupt clock on luna88k, so this switch
is trivial.
Bringup help and testing from aoyama@ and miod@.
Link: https://marc.info/?l=openbsd-tech&m=166776371203450&w=2
ok aoyama@ mlarkin@
|
|
fork/vfork/__tfork haven't cared about the second return register.
So, stop setting retval[1] in kern_fork.c and stop setting the
second return register in the MD child_return() routines.
With the above, we have no multi-register return values on LP64,
so stop touching that register in the trapframe on those archs.
testing miod@ and aoyama@
ok miod@
|
|
sys_execve() to return EJUSTRETURN.
setregs() is the MD routine used by sys_execve() to set up the
thread's trapframe and PCB such that, on 'return' to userspace, it
has the register values defined by the ABI and otherwise zero. It
had to set the syscall retval[] values previously because the normal
syscall return path overwrites a couple registers with the retval[]
values. By instead returning EJUSTRETURN that and some complexity
with program-counter handling on m88k and sparc64 goes away.
Also, give setregs() add a 'struct ps_strings *arginfo' argument
so powerpc, powerpc64, and sh can directly get argc/argv/envp
values for registers instead of copyin()ing the one in userspace.
Improvements from miod@ and millert@
Testing assistance miod@, kettenis@, and aoyama@
ok miod@ kettenis@
|
|
Use that define to shunt uvm_swapout_threads(), which is a noop when
pmap_collect() does nothing.
ok mpi@
|
|
|
|
ok miod@ guenther@
|
|
ok miod@
|
|
These must be handled as write faults rather than read faults, since xmem
performs both a read and a write, and unlike on 88100, we don't have an easy
bit to check.
This solves libcrypto spinning on its locks on 88110.
|
|
ok jca@
|
|
Define a consistently named db_machine_command_table[] across all
archs that implement the MD "machine" command, and hook this into
the main command table instead of patching it at runtime.
ok mpi@ jca@
|
|
ok mpi@
|
|
do not bother operating on its first 8 bytes, which will always be zero.
ok visa@
|
|
SYS_syscall as the nosys() function into the MD syscall entry
routines and the SYSCALL_DEBUG support. Adjust alpha's syscall
check to match the other archs. Also, make sysent const to get it
into .rodata.
With that, 'struct emul' is unused: delete it and all its references
ok millert@
|
|
data from struct process anymore. This changes how siginfo and onstack
are accessed and make sendsig() more MP friendly.
With and OK semarie@ OK kettenis@
|
|
- Use of goto will skip zeroing of 88110-specific comparison bits (bitn
12-17) in some cases. (Move their zeroing closer to the point of
their computation.)
- Computing of the "in interval" bits should not be performed when the
S2 operand is negative.
Spotted by Tetsuya Isaki (nono project), suggested diff and description
from Miod Vallat. Tested on the real hardware by Isaki and me.
|
|
back in 2019.
ok mpi@
|
|
waiting on CPUs that didn't spin up. This will allow us to spin down
CPUs in the future to save power as well.
ok mpi@
|
|
Add a 512-byte buffer (ci_panicbuf) to each cpu_info struct on each
platform for use by panic(9). The first panic on a given CPU writes
its message to this buffer. Subsequent panics on a given CPU print
the panic message to the console but do not modify the buffer. This
aids debugging in two cases:
- If 2+ CPUs panic simultaneously there is no risk of garbled messages
in the panic buffer.
- If a CPU panics and then the operator causes a second panic while
using ddb(4), the operator can still recall the first failure on
a particular CPU.
Misc. changes to support this bigger change:
- Set panicstr atomically to identify the first CPU to reach panic().
- Tweak db_show_panic_cmd() to print all panic messages across all
CPUs. Prefix the first panic with an asterisk ('*').
- Prefer db_printf() to printf() during a panic if we have it.
Apparently it disturbs less global state.
- On amd64, tweak fault() to write the local panic buffer. This needs
more work.
Prompted by bluhm@ and deraadt@. Mostly written by deraadt@.
Discussed with bluhm@, deraadt@ and kettenis@.
Borne from a discussion on tech@ about making panic(9) more MP-safe:
https://marc.info/?l=openbsd-tech&m=162086462316143&w=2
ok kettenis@, visa@, bluhm@, deraadt@
|
|
|
|
This fixes compile errors (actually warnings) on m88k in sys/net/pf.c
revision 1.1116 changes.
Diff from Miod Vallat, tested on GENERIC and GENERIC.MP by me.
|
|
|
|
Simplify MD code and reduce the amount of recursion into the signal code
which helps when dealing with locks.
ok cheloha@, deraadt@
|
|
uvm_fault (and some similar "fault emulation" code which scream danger
danger)
tested by aoyama
|
|
need to do it
ok kettenis
|
|
ok kettenis
|
|
The header is being pulled via uvm_extern.h -> uvm_map.h
|
|
trap to reach the userland check. as suggested, this might fix it.
|
|
The "snowflake" uniqueness of every MD trap impl often gets in the way
of precisely & correctly interfacing to MI layers. The differences
also complicates review, and causes new MI requirements to be
incorrectly written. Thus an architecture will fall behind, not just
because they are slow or rare, but because the code behaviour becomes
increasingly incorrect. It is sad.
|
|
management.
Comments from miod.
|
|
This should be sufficient for identifying pivoted ROP. Doing so for other
traps is at best opportunistic for finding a straight-running ROP chain,
but the added (and rare) sleeping point has proven to be dangerous.
Discussed at length with kettenis and mortimer.
ok mortimer kettenis mpi
|
|
|
|
ok kettenis@, visa@
|
|
|
|
This diff exposes parts of clock_gettime(2) and gettimeofday(2) to
userland via libc eliberating processes from the need for a context
switch everytime they want to count the passage of time.
If a timecounter clock can be exposed to userland than it needs to set
its tc_user member to a non-zero value. Tested with one or multiple
counters per architecture.
The timing data is shared through a pointer found in the new ELF
auxiliary vector AUX_openbsd_timekeep containing timehands information
that is frequently updated by the kernel.
Timing differences between the last kernel update and the current time
are adjusted in userland by the tc_get_timecount() function inside the
MD usertc.c file.
This permits a much more responsive environment, quite visible in
browsers, office programs and gaming (apparently one is are able to fly
in Minecraft now).
Tested by robert@, sthen@, naddy@, kmos@, phessler@, and many others!
OK from at least kettenis@, cheloha@, naddy@, sthen@
|
|
functionality is provided by <sys/stdarg.h> using compiler builtins.
Tested in a ports bulk build on amd64 by naddy@
OK naddy@ mpi@
|
|
ok dlg@
|
|
rnd.c uses nanotime to get access to some bits that change quickly
between events that it can mix into the entropy pool. it doesn't
use nanotime to get a monotonically increasing set or ordered and
accurate timestamps, it just wants something with bits that change.
there's been discussions for years about letting rnd use a clock
that's super fast to read, but not necessarily accurate, but it
wasn't until recently that i figured out it wasn't interested in
time at all, so things like keeping a fast clock coherent between
cpu cores or correct according to ntp is unecessary. this means we
can just let rnd read the cycle counters on cpus and things will
be fine. cpus with cycle counters that vary in their speed and
arent kept consistent between cores may even be desirable in this
context.
so this is the first step in converting rnd.c to reading cycle
counter. it copies the nanotime backend to each arch, and they can
replace it with something MD as a second step later on.
djm@ suggested rnd_messybytes, but we landed on cpu_rnd_messybits.
thanks to visa for his eyes.
ok deraadt@ visa@
deraadt@ says he will help handle any MD fallout that occurs.
|
|
Nothing uses the header anymore.
OK deraadt@ mpi@
|
|
This will make mutex spinning time visible in top(1), and also might
improve stability.
The major change in this is that the old assembly code acquires
mutexes with an atomic exchange operation, but releases them with a
regular store, but the new code always uses atomic exchange
operations.
The mutex.h changes to the macros conform to <sys/mutex.h> to be able
to reset the system while in ddb.
Suggested from Miod Vallat, tested by me. The stability in heavy load
is greatly improved in my case.
|
|
resetting it in child_return() and update the comment in tcb.h to reflect
reality
ok miod@ aoyama@
|
|
|
