Age | Commit message (Collapse) | Author |
|
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
Fixes 'make install' when /bsd is not present for some reason.
ok rob florian, "fine with me" deraadt
|
|
definitive list of block devices supported on an architecture.
ok kettenis@ deraadt@
|
|
|
|
the memory devices (/dev/null, /dev/zero, etc) need to permit them.
problem noted, tweak, and testing by jeremy@
ok deraadt@
|
|
for blocks re-fetchable from the filesystem. However at reboot time,
filesystems are unmounted, and since processes lack backing store they
are killed. Since the scheduler is still running, in some cases init is
killed... which drops us to ddb [noted by bluhm]. Solution is to convert
filesystems to read-only [proposed by kettenis]. The tale follows:
sys_reboot() should pass proc * to MD boot() to vfs_shutdown() which
completes current IO with vfs_busy VB_WRITE|VB_WAIT, then calls VFS_MOUNT()
with MNT_UPDATE | MNT_RDONLY, soon teaching us that *fs_mount() calls a
copyin() late... so store the sizes in vfsconflist[] and move the copyin()
to sys_mount()... and notice nfs_mount copyin() is size-variant, so kill
legacy struct nfs_args3. Next we learn ffs_mount()'s MNT_UPDATE code is
sharp and rusty especially wrt softdep, so fix some bugs adn add
~MNT_SOFTDEP to the downgrade. Some vnodes need a little more help,
so tie them to &dead_vnops.
ffs_mount calling DIOCCACHESYNC is causing a bit of grief still but
this issue is seperate and will be dealt with in time.
couple hundred reboots by bluhm and myself, advice from guenther and
others at the hut
|
|
the kernel makefiles was removed which lead to C files not being re-
compiled when a dependency changed. This can lead to panics in odd
places and generally a broken system.
ok deraadt@
|
|
functionnalities are available in GENERIC.
ok jasper@, deraadt@, guenther@, dlg@
|
|
|
|
ok deraadt@, jasper@
|
|
whenever make is issued. Only do this when there are actual source changes
below /sys. This restores the behavior prior to the KARL implementation.
Problem noticed and patiently explained by mpi
implementation with a lot of help from espie
ok mpi, espie, deraadt
|
|
tobiasu@ for pointing that out), but the manual pages are still
installed. I have no idea how to properly tedu an architecture, so
deleting the dead .Xr to boot_socppc(8) is all i'm doing in this respect.
|
|
"go for it" deraadt@
|
|
fiction participating only in the linkphase.
tricks from rpe and espie
|
|
Otherwise owner of /bsd could be the build user with permissions
inherited from the compile directory.
OK deraadt@ tb@
|
|
Prying eyes cannot look at the kernels in the compile directory.
ok tb rpe, kernel developers seem unimpacted
|
|
this is so drivers can advertise that they can handle 64 dma addresses
to the platform. it may choose to handle dmamaps differently based
on this flag.
tweaks and ok tom@
ok kettenis@
|
|
Using a name with the 'db_' prefix makes it invisible from the dynamic
profiler.
ok deraadt@, kettenis@, visa@
|
|
if the kernel's name ends in .PROF.
problem reported by jmc via mpi
ok mpi
|
|
unsigned variables as argument in most places anyway. Decrease the
chance of signedness/range mismatch issues.
ok stefan
|
|
ok tb@, jca@
|
|
this means packets are consistently counted in one place, unlike the
many and various ways that drivers thought they should do it.
ok mpi@ deraadt@
|
|
the environment, 'make cleandir' does not descend into kernel build
directories. Thus, kernel object files survive 'make build' on slower
architectures.
WARNING:
If you set this variable, you run the risk of breaking 'make release':
Be sure to run 'make cleandir' from /sys/arch/$(machine)/compile before
doing 'make release'. This issue will be addressed shortly.
requested by kettenis;
ok deraadt
|
|
This will allow us to extract type informations from DWARF2 sections. It
also makes developer life easier as debug information are now included in
every object.
Resulting kernels will be stripped using strip(1) instead of ld(1).
Kernel build time increases by approximately 10%. However it is still
possible to disable this by defining DEBUG="".
ok kettenis@, bluhm@, natano@, jasper@, reyk@, deraadt@
|
|
- Remove the 'lint' target. lint has been removed with OpenBSD 5.2.
- Remove the 'tags' target. It does nothing of value.
- Replace 'clean::' with 'clean:', as requested by espie and millert,
and remove files from the 'clean' target, that are never generated.
- Don't create a file called 'depend' in 'make depend', but just do
nothing instead.
ok mpi tb
|
|
|
|
defer their creation to later, so that they are owned by BUILDUSER.
This eliminates the last root-owned files in obj/ from 'make build'.
In addition, place a MACHINE == hppa test in hppa/stand/Makefile.inc
to avoid creating bogus symlinks on all other archs.
joint work with & ok natano, "let's try it" deraadt
|
|
1) Replace '.elif !exists(${OBJDIR}/Makefile)' with just '.else'. espie
pointed out, that if the file existed, make wouldn't be reading this
file, so the check is superflous. Less clutter.
2) Unconditionally define the 'clean' and 'cleandir' targets, also when
obj doesn't exist. This changes the behaviour of 'make clean' to be
successful (doing nothing) without obj@ or obj/.
ok tb millert deraadt
|
|
reference to eddep in the kernel Makefile I could find is in 4.3BSD,
released some 30 years ago.
ok tb millert
|
|
|
|
ok natano
|
|
if srctree is not rooted at /usr/src]. As a result, stock GENERIC & RAMDISK
kernels are commited to the tree, to ensure the src tree can be "readonly"
during builds, with all writes occuring inside the obj space. config -b
options are handled by ../Makefile.inc. The canonical new way to configure
one of these kernels is:
% cd /sys/arch/amd64/compile/GENERIC.MP
% doas make obj
% make config
% make
% doas cp obj/bsd /bsd
The build infrastructure will use this new mechanism in a de-escalation
way using BUILDUSER.
Much help from natano and tb.
|
|
Same thought from kettenis@, ok krw@ phessler@ millert@
|
|
Add sysctl kern.allowkmem (default 0) which controls the ability to open
/dev/mem or /dev/kmem at securelevel > 0. Over 15 years we converted 99%
of utilities in the tree to operate on sysctl-nodes (either by themselves
or via code hiding in the guts of -lkvm).
pstat -d and -v & procmap are affected and continued use of them will
require kern.allowkmem=1 in /etc/sysctl.conf. acpidump (and it's
buddy sendbug) are affected, but we'll work out a solution soon.
There will be some impact in ports.
ok kettenis guenther
|
|
ok patrick@ (for armv7), deraadt@
|
|
|
|
as discussed with jsing@ it's easier this way to ensure people have
bootblocks capable of loading the section
|
|
ok deraadt@ guenther@
|
|
ok deraadt@ yasuoka@ reyk@
|
|
|
|
ok millert@ kettenis@
|
|
|
|
|
|
sigtramp page, so that it will generate a nice kernel fault if touched.
While here, move most of the sigtramps to the .rodata segment, because
they are not executed in the kernel.
Also some preparation for sliding the actual sigtramp forward (will need
some gdb changes)
ok mlarkin kettenis
|
|
|
|
ok guenther kettenis
|
|
notice by miod
|
|
inside the sigcontext. sigreturn(2) checks syscall entry was from the
exact PC addr in the (per-process ASLR) sigtramp, verifies the cookie,
and clears it to prevent sigcontext reuse.
not yet tested on landisk, sparc, *88k, socppc.
ok kettenis
|
|
actually use this in em(4) and xhci(4), but I'm not committing those yet
because we almost certainly need to save and restore the MSI-X registers
during suspend/resume. However, this allows mpi@ to play with multiple-vector
support in networking hardware.
Requested by mpi@
ok mlarkin@, mikeb@
|