| Age | Commit message (Collapse) | Author |
|---|
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
Extend the logic already present for panic() to any DDB-related
operation such that if ddb(4) is entered because of a fault or
other trap it is still possible to call 'boot reboot'.
While here stop printing splassert() messages as well, to not fill
the buffer.
ok visa@, deraadt@
|
|
needs (looking at you sgi, but others required this before). This is for
the circumstances we need pagesize known at compile time, not getpagesize()
runtime. Use it for malloc storage sizes, for shm, and to set pthread stack
default sizes. The stack sizes were a mess, and pushing them towards
page-aligned is healthy move (which will also be needed by the coming
stack register checker)
ok guenther kettenis, discussion with stefan
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
ok dlg@
|
|
ok millert@ krw@
|
|
the memory devices (/dev/null, /dev/zero, etc) need to permit them.
problem noted, tweak, and testing by jeremy@
ok deraadt@
|
|
as discussed with and ok mpi@
|
|
pthread_exit from libpthread to libc, along with low-level bits to
support them. Major bump to both libc and libpthread.
Requested by libressl team. Ports testing by naddy@
ok kettenis@
|
|
|
|
|
|
correct prologue if compiled with -DPROF.
ok deraadt@
|
|
|
|
ok deraadt@, kettenis@, jasper@
|
|
Pointed out by deraadt@
|
|
Using a name with the 'db_' prefix makes it invisible from the dynamic
profiler.
ok deraadt@, kettenis@, visa@
|
|
|
|
in struct mdproc. With that, all archs have those and the __HAVE_MD_TCB
macro can be unifdef'ed as always defined.
ok kettenis@ visa@ jsing@
|
|
- FORK_THREAD handling is a totally separate function, thread_fork(),
that is only used by sys___tfork() and which loses the flags, func,
arg, and newprocp parameters and gains tcb parameter to guarantee
the new thread's TCB is set before the creating thread returns
- fork1() loses its stack and tidptr parameters
Common bits factor out:
- struct proc allocation and initialization moves to thread_new()
- maxthread handling moves to fork_check_maxthread()
- setting the new thread running moves to fork_thread_start()
The MD cpu_fork() function swaps its unused stacksize parameter for
a tcb parameter.
luna88k testing by aoyama@, alpha testing by dlg@
ok mpi@
|
|
leaving out the size, so that
ELFNAME2(exec,makecmds)
becomes
exec_elf_makecmds
instead of
exec_elf{32,64}_makecmds
and then delete the ELFNAME2() and ELFNAMEEND() macros.
Move the prototypes for functions local to exec_elf.c to there from
exec_elf.h.
Simplify the SMALL_KERNEL conditionals around the ELF coredump code.
Change exec_conf.c to use the size-generic names and macros
Remove exec_elf{32,64}.c and just build exec_elf.c; delete the
_KERN_DO_ELF and _KERN_DO_ELF64 #defines.
ok jca@, encouragement from deraadt@ and tom@
|
|
struct proc to struct process.
ok deraadt@ kettenis@
|
|
powerpc: rename second argument of pmap_proc_iflush() to match other archs
ok kettenis@
|
|
ok deraadt@ jca@
|
|
Build testing assistance from deraadt@
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
on a guess how much memory a typical machine has. If the value is
too high, users may run out of kernel memory. Then we will have
to adjust this again.
OK claudio@ deraadt@
|
|
numbers serve as a warning not to touch them.
|
|
|
|
this is a step toward making ipls unconditionaly on pools.
ok deraadt@ kettenis@
|
|
ok millert
|
|
sigtramp page, so that it will generate a nice kernel fault if touched.
While here, move most of the sigtramps to the .rodata segment, because
they are not executed in the kernel.
Also some preparation for sliding the actual sigtramp forward (will need
some gdb changes)
ok mlarkin kettenis
|
|
ok guenther kettenis
|
|
it for the TCB pointer. Eliminate __cerror.
"looks good" kettenis@, testing and ok deraadt@
|
|
|
|
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
|
|
|
|
Covers all of landisk/sh, per naddy's suggestion.
ok on previous diff deraadt@ naddy@
|
|
The goal is to include it in the list of functions that must not be
instrumented. All ddb(8) functions should be in this list and have
their names start with 'db_'.
ok visa@, deraadt@
|
|
need to ignore the hardware clock when it reports a year > 2037. Irony
noted.
both ok millert, alpha ok deraadt
|
|
|
|
ok tedu@, deraadt@, miod@
|
|
and _SH_DISKLABEL_H_ with _MACHINE_DISKLABEL_H_. Add the guard to
loongson and octeon. The #defines are not used anywhere else in the
tree so no functional change.
|
|
LABELOFFSET and MAXPARTITIONS. Easier on the eye when scanning
through all these files. No functional change.
|
|
comments
ok millert@
|
|
|
|
* pool_allocator_single: single page allocator, always interrupt safe
* pool_allocator_multi: multi-page allocator, interrupt safe
* pool_allocator_multi_ni: multi-page allocator, not interrupt-safe
ok deraadt@, dlg@
|
|
|
|
ok deraadt@
|
|
|
