| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
syscall) confirm the stack register points at MAP_STACK memory, otherwise
SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified
to create a MAP_STACK sub-region which satisfies alignment requirements.
Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the
contents of the region -- there is no mprotect() equivalent operation, so
there is no MAP_STACK-adding gadget.
This opportunistic software-emulation of a stack protection bit makes
stack-pivot operations during ROPchain fragile (kind of like removing a
tool from the toolbox).
original discussion with tedu, uvm work by stefan, testing by mortimer
ok kettenis
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
|
|
| |
grabbing the rnglock repeatedly.
ok deraadt@ djm@
|
| |
|
|
| |
ok deraadt@, millert@, stefan@
|
| | |
|
| |
|
|
|
|
|
| |
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
| |
|
|
| |
MACHINE_STACK_GROWS_UP.
|
| |
|
|
|
|
| |
fixed stack area of the exec'd image, and risking hitting process limits,
should we want to increase stackgap_random, the randomness is applied to the
stack region in the process' vmspace.
|
| |
|
|
|
|
|
| |
legitimately use random section variables without execve failures...
Because this section is not demand faulted, yield() every page during
the fill otherwise the costs are charged poorly.
ok tedu matthew
|
| |
|
|
|
|
| |
doesn't have all the values and therefore can't be used everywhere.
ok deraadt@ kettenis@
|
| |
|
|
|
|
| |
objective: vnode.h doesn't include uvm_extern.h anymore.
followup changes: include uvm_extern.h or lock.h where necessary.
ok and help from deraadt
|
| |
|
|
|
|
| |
eliminating the must-be-kept-in-sync UVM_INH_* macros
ok deraadt@ tedu@
|
| | |
|
| |
|
|
| |
to include that than rdnvar.h. ok deraadt dlg
|
| |
|
|
| |
vmcmd_map_zero() just returns the result of uvm_map(), so make it a tail call
|
| |
|
|
|
|
|
| |
PROT_NONE, PROT_READ, PROT_WRITE, and PROT_EXEC from mman.h.
PROT_MASK is introduced as the one true way of extracting those bits.
Remove UVM_ADV_* wrapper, using the standard names.
ok doug guenther kettenis
|
| | |
|
| |
|
|
| |
ok doug tedu
|
| | |
|
| |
|
|
| |
after discussions with beck deraadt kettenis.
|
| |
|
|
|
| |
don't need to be married.
ok guenther miod beck jsing kettenis
|
| |
|
|
| |
ok guenther
|
| |
|
|
|
|
|
|
| |
it to be writable but otherwise uses the correct final permissions.
Ergo, it only needs to call uvm_map_protect() if the requested
permissions didn't include UVM_PROT_WRITE.
ok beck@
|
| |
|
|
|
|
| |
<uvm/uvm.h> if possible and remove double inclusions.
ok beck@, mlarkin@, deraadt@
|
| | |
|
| |
|
|
|
|
|
|
| |
segments to the kernel, ld (2.15), and ld.so. Tested on alpha, amd64,
i386, macppc, and sparc64 (thanks naddy, mpi, and okan!).
Idea discussed for some time; committing now for further testing.
ok deraadt
|
| | |
|
| |
|
|
| |
kern_descrip.c change ok deraadt
|
| |
|
|
|
|
| |
locked; with this diff VFSDEBUG kernels can boot again
ok pedro, thib (who came up with the same diff)
|
| |
|
|
| |
ok deraadt@ markus@
|
| |
|
|
|
|
|
| |
final protection has an X. Doesn't really change anything except reducing
I$ flushing.
niklas@ ok
|
| | |
|
| |
|
|
|
|
|
|
| |
Also uvm_map returns KERN_* codes that are directly mapped to
errnos, so we can return them instead of doing some attempt to
translation.
drahn@ "I see no problem" pval@ "makes sense"
|
| |
|
|
|
| |
It triggers on ppc and while the check itself is correct, it's better to
fix the bug before breaking peoples systems.
|
| | |
|
| | |
|
| |
|
|
| |
doesn't do anything since no pmap implements exec protection yet.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
machines or some configurations or in some phase of the moon (we actually
don't know when or why) files disappeared. Since we've not been able to
track down the problem in two weeks intense debugging and we need -current
to be stable, back out everything to a state it had before UBC.
We apologise for the inconvenience.
|
| |
|
|
|
| |
This time we're getting rid of KERN_* and VM_PAGER_* error codes and
use errnos instead.
|
| |
|
|
|
|
|
| |
code is written mostly by Chuck Silvers <chuq@chuq.com>/<chs@netbsd.org>.
Tested for the past few weeks by many developers, should be in a pretty stable
state, but will require optimizations and additional cleanups.
|
| |
|
|
| |
for the virtual address.
|
| |
|
|
| |
(Look ma, I might have broken the tree)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
to 8.
At the same time it seemed like a good idea to avoid to always malloc a
new vmcmd array, so put the default sized array into struct exec_vmcmd_set.
We might want to make a linked list of vmcmd arrays or exec_vmcmd_sets instead
of reallocating them some time in the future, but right now this seems like a
waste of time.
|
| |
|
|
| |
Other commands were checked and look safe.
|
| | |
|
| | |
|
| | |
|
deraadt
mortimer
kettenis
jsg
miod
guenther
tedu
matthew
mpi
jmc
sturm
hshoexer
art
mickey
millert