| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the DAG truncates an ISD::ADDE node, DAGCombiner may optimize it
by making an adde with smaller operands. PowerPC has i1 registers,
and may truncate an i32 adde to i1, but an i1 adde is not legal for
PowerPC, and the legalize-ops phase can't fix it. This was causing
"fatal error: error in backend: Cannot select..."
cwen@ reported the error
ok mortimer@ kettenis@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
| |
them as COMDATs so that the linker can individually discard them, instead
of just ignoring duplicate symbols but keep the (duplicate) space.
On amd64, this reduces the size of the kernel OPENBSD_RANDOM segment by 82%
and the libc OPENBSD_RANDOM segment by 15%. A port that tb@ is working
on experienced a 97.3% reduction...which let it actually run.
ok mortimer@ deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
On arm64, arm, and ppc it is possible that a large stack frame will
cause the stack protector slot to be reallocated at the wrong end of
the frame.
Noticed by tj@. ok patrick@.
|
| |
|
|
|
|
|
|
|
| |
Prepared with help from jsg@ and mortimer@
Tested on amd64 by bcallah@, krw@, naddy@
Tested on arm64 by patrick@
Tested on macppc by kettenis@
Tested on octeon by visa@
Tested on sparc64 by claudio@
|
| | |
|
| |
|
|
|
|
|
|
| |
It turns out MachineFrameInfo.hasCalls() is unreliable, because it is
up to the backends to update this information whenever they add calls
to a function, and this does not always happen.
ok kettenis@
|
| |
|
|
|
|
|
| |
Makes things slightly faster and also improves security in these functions,
since the retguard cookie can't leak via the stack.
ok deraadt@
|
| | |
|
| |
|
|
|
| |
With fixes from mortimer@ (thanks!)
Tested by many, especially naddy@ (thanks!)
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
fallthrough. Avoids unnecessary jmp instructions in the middle
of functions and makes disassembly nicer to read.
ok guenther@ mlarkin@ deraadt@
|
| |
|
|
|
|
|
| |
'.openbsd.randomdata.retguard', to make them easier to work with in the
kernel hibernate code.
ok mortimer@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
random cookies to protect access to function return instructions, with the
effect that the integrity of the return address is protected, and function
return instructions are harder to use in ROP gadgets.
On function entry the return address is combined with a per-function random
cookie and stored in the stack frame. The integrity of this value is verified
before function return, and if this check fails, the program aborts. In this way
RETGUARD is an improved stack protector, since the cookies are per-function. The
verification routine is constructed such that the binary space immediately
before each ret instruction is padded with int03 instructions, which makes these
return instructions difficult to use in ROP gadgets. In the kernel, this has the
effect of removing approximately 50% of total ROP gadgets, and 15% of unique
ROP gadgets compared to the 6.3 release kernel. Function epilogues are
essentially gadget free, leaving only the polymorphic gadgets that result from
jumping into the instruction stream partway through other instructions. Work to
remove these gadgets will continue through other mechanisms.
Remaining work includes adding this mechanism to assembly routines, which must
be done by hand. Many thanks to all those who helped test and provide feedback,
especially deaadt, tb, espie and naddy.
ok deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
"where is the kaboom?" deraadt@
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
ok deraadt@
|
| | |
|
| | |
|
| |
|
|
| |
development effort on OpenBSD/arm64.
|
| |
|
|
|
|
|
| |
code generation. Use dyn_case_or_null instead of a static cast to
solve the crashes in the previous code.
ok stefan@ kettenis@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ok pascal@
Original commit message:
[SSP] Do not set __guard_local to hidden for OpenBSD SSP
guard_local is defined as long on OpenBSD. If the source file contains
a definition of guard_local, it mismatches with the int8 pointer type
used in LLVM. In that case, Module::getOrInsertGlobal() returns a
cast operation instead of a GlobalVariable. Trying to set the
visibility on the cast operation leads to random segfaults (seen when
compiling the OpenBSD kernel, which also runs with stack
protection).
In the kernel, the hidden attribute does not matter. For userspace code,
guard_local is defined as hidden in the startup code. If a program
re-defines guard_local, the definition from the startup code will
either win or the linker complains about multiple definitions
(depending on whether the re-defined __guard_local is placed in the
common segment or not).
It also matches what gcc on OpenBSD does.
|
|
|
ok hackroom@
|
patrick
gkoehler
guenther
mortimer
stefan
pascal