openbsd
7 years agoMove loongson/octeon/sgi unmap_startup() under arch/mips64.
visa [Thu, 8 Jun 2017 12:02:52 +0000 (12:02 +0000)]
Move loongson/octeon/sgi unmap_startup() under arch/mips64.

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
visa [Thu, 8 Jun 2017 11:47:24 +0000 (11:47 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code.  It has be smashed,
because sgi runs in the kseg0 or xkphys space.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

7 years agoInvoke openssl with -passin file rather than -key in ca_revoke().
jsg [Thu, 8 Jun 2017 11:45:44 +0000 (11:45 +0000)]
Invoke openssl with -passin file rather than -key in ca_revoke().
From Andrei-Marius Radu via sthen@

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
visa [Thu, 8 Jun 2017 11:44:00 +0000 (11:44 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code.  It has be smashed,
because loongson runs in the kseg0 space.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

7 years agoAdd size to client descriptions in list, suggested by Greg Hurrell.
nicm [Thu, 8 Jun 2017 07:48:04 +0000 (07:48 +0000)]
Add size to client descriptions in list, suggested by Greg Hurrell.

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
deraadt [Thu, 8 Jun 2017 05:35:23 +0000 (05:35 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

I haven't worked on the unmap/smashing of the startup code yet.

7 years agoremove the _rb_color prototype in RBT, it's unused/unimplimented
dlg [Thu, 8 Jun 2017 03:37:25 +0000 (03:37 +0000)]
remove the _rb_color prototype in RBT, it's unused/unimplimented

7 years agomake rb_n2e return a struct rb_entry *, not void *
dlg [Thu, 8 Jun 2017 03:30:52 +0000 (03:30 +0000)]
make rb_n2e return a struct rb_entry *, not void *

maybe this will help prevent misassignment in the future.

7 years agouse unsigned long instead of caddr_t to move between nodes and entries.
dlg [Thu, 8 Jun 2017 03:22:56 +0000 (03:22 +0000)]
use unsigned long instead of caddr_t to move between nodes and entries.

this removes the need for sys/param.h. this code can be built with
only sys/tree.h, which in turn only needs sys/_null.h.

7 years agoadd RBT_SET_LEFT, RBT_SET_RIGHT, and RBT_SET_PARENT
dlg [Thu, 8 Jun 2017 03:12:53 +0000 (03:12 +0000)]
add RBT_SET_LEFT, RBT_SET_RIGHT, and RBT_SET_PARENT

this are provided so an RBT and it's topology can be copied without
having to reinsert the copied nodes into a new tree.

there are two reasons RBT_LEFT/RIGHT/PARENT macros cant be used like
RB_LEFT/RIGHT/PARENT for this. firstly, RBT_LEFT and co are functions that
return a pointer value, they dont provide access to the pointer
itself for use as an lvalue that you can assign to. secondly, RBT
entries dont store pointers to other nodes, they point to the
RBT_ENTRY structures inside other nodes. this means that RBT_SET_LEFT
and co have to get an offset from the node to the RBT_ENTRY and
store that.

7 years agomake the gem tx path MPSAFE.
dlg [Thu, 8 Jun 2017 01:34:00 +0000 (01:34 +0000)]
make the gem tx path MPSAFE.

this mostly follows the pattern in ifq.h

ok jmatthew@

7 years agoconsistently use lowercase for the 802.1 suffixes.
dlg [Thu, 8 Jun 2017 01:17:01 +0000 (01:17 +0000)]
consistently use lowercase for the 802.1 suffixes.

7 years agoconsistently use lowercase suffixes for 802.1 things.
dlg [Thu, 8 Jun 2017 00:46:42 +0000 (00:46 +0000)]
consistently use lowercase suffixes for 802.1 things.

eg, 802.1x, 802.1q, and 802.1ad

7 years agoPortable mandoc just got a warning about unknown .Lb names
schwarze [Thu, 8 Jun 2017 00:21:23 +0000 (00:21 +0000)]
Portable mandoc just got a warning about unknown .Lb names
which we don't want in OpenBSD, but let's keep the message table
and the manual page in sync.

7 years agoIn cron(8), require that crontab and at files in the spool be owned
millert [Wed, 7 Jun 2017 23:36:43 +0000 (23:36 +0000)]
In cron(8), require that crontab and at files in the spool be owned
by group crontab.  The at(1) command now creates files owned by
group crontab, the crontab(1) command already does this.

Files in the crontab spool with parse errors are now ignored;
crontab(1) will not install a crontab file with parse errors.
The system crontab file (/etc/crontab) is not affected by this.

The required permissions on crontab files have been tightened.
Files in the cron spool must be mode 0600 (as created by crontab(1)).
The system crontab file may be readable/writable by the owner,
readable by group and readable by other.  The system crontab must
be readable by the owner.

7 years agostyle checks related to .Er; inspired by mdoclint(1)
schwarze [Wed, 7 Jun 2017 23:29:31 +0000 (23:29 +0000)]
style checks related to .Er; inspired by mdoclint(1)

7 years agovmctl: change default "vmctl console" (cu) baud rate to 115200. Not
mlarkin [Wed, 7 Jun 2017 23:15:49 +0000 (23:15 +0000)]
vmctl: change default "vmctl console" (cu) baud rate to 115200. Not
strictly needed but matches the previous baudrate diff committed earlier
to vmd.

ok deraadt, phessler

7 years agouse the same formatting for vlan as the rest of the page; ok dlg
jmc [Wed, 7 Jun 2017 21:47:07 +0000 (21:47 +0000)]
use the same formatting for vlan as the rest of the page; ok dlg

7 years agoRemove "new sentence, new line" detection, covered by mandoc.
schwarze [Wed, 7 Jun 2017 21:05:19 +0000 (21:05 +0000)]
Remove "new sentence, new line" detection, covered by mandoc.
OK jmc@ wiz@

7 years agoAlso catch "new sentence, new line" if there are three blanks
schwarze [Wed, 7 Jun 2017 20:58:36 +0000 (20:58 +0000)]
Also catch "new sentence, new line" if there are three blanks
between the sentences.  Thomas Klausner says he has seen some
of these, and i don't see any false positives.

7 years agoAdd an acct(5) flag for pledge violations. Then lastcomm(1) shows
bluhm [Wed, 7 Jun 2017 20:53:59 +0000 (20:53 +0000)]
Add an acct(5) flag for pledge violations.  Then lastcomm(1) shows
when something went wrong.  This allows to monitor whether the
system is under attack and that the attack has been prevented by
OpenBSD pledge(2).
OK deraadt@ millert@ jmc@

7 years agoMake "new sentence, new line" detection stricter:
schwarze [Wed, 7 Jun 2017 20:30:13 +0000 (20:30 +0000)]
Make "new sentence, new line" detection stricter:
Also catch cases where the new sentence starts with a one-letter word
and the input line is broken right after that word.
Suggested by Thomas Klausner <wiz @ NetBSD>.

It's merely a three-bit diff, changing one byte from 0x34 to 0x33,
so what can possibly go wrong...

7 years agoTo test IPv6 fragements with extension header, the pf pass rules
bluhm [Wed, 7 Jun 2017 20:09:07 +0000 (20:09 +0000)]
To test IPv6 fragements with extension header, the pf pass rules
need an allow-opts.  Otherwise pf blocks packets with option header.

7 years agoPrepare the terminal driver for filling multiple columns in parallel,
schwarze [Wed, 7 Jun 2017 20:01:07 +0000 (20:01 +0000)]
Prepare the terminal driver for filling multiple columns in parallel,
second step: make the per-column byte pointer persistent across
term_flushln() calls, such that a subsequent call can continue at
the point where the previous call left.  If more than one column
is in use, return from term_flushln() when the column is full,
rather than breaking the output line.

No functional change, because nothing sets up multiple columns yet.

7 years agoWhen running at jobs, open the at spool and use the directory fd
millert [Wed, 7 Jun 2017 17:59:36 +0000 (17:59 +0000)]
When running at jobs, open the at spool and use the directory fd
with openat(), fstatat() and unlinkat().  This is similar to how
we run cron jobs and eliminates the need for run_job() to find the
basename of the at file.  OK deraadt@

7 years agoPrepare the terminal driver for filling multiple columns in parallel,
schwarze [Wed, 7 Jun 2017 17:38:08 +0000 (17:38 +0000)]
Prepare the terminal driver for filling multiple columns in parallel,
first step: split column data out of the terminal state struct into
a new column state struct and use an array of such column state
structs.  No functional change.

7 years agoFix clang warning about tautological compare: an unsigned long can't
naddy [Wed, 7 Jun 2017 16:47:29 +0000 (16:47 +0000)]
Fix clang warning about tautological compare: an unsigned long can't
be negative.  ok deraadt@

7 years agomake sure there are no duplicate object files linked when building syspatches
robert [Wed, 7 Jun 2017 16:01:07 +0000 (16:01 +0000)]
make sure there are no duplicate object files linked when building syspatches

7 years agoAcquire submit queue mutex only once per xbf_complete_cmd invocation
mikeb [Wed, 7 Jun 2017 15:49:21 +0000 (15:49 +0000)]
Acquire submit queue mutex only once per xbf_complete_cmd invocation
and remove some leftover assertions.

7 years agoReturn 1 if name matches not 0, also fix some spaces.
nicm [Wed, 7 Jun 2017 15:27:46 +0000 (15:27 +0000)]
Return 1 if name matches not 0, also fix some spaces.

7 years agovmd: Implement simulated baudrate support in the ns8250 module. The
mlarkin [Wed, 7 Jun 2017 14:53:28 +0000 (14:53 +0000)]
vmd: Implement simulated baudrate support in the ns8250 module. The
previous version was allowing an output rate that is "too fast", and linux
guests would give up after 512 characters TXed ("too much work for irq4").

This diff calculates the approximate rate we can sustain at the current
programmed baud rate and limits the output to that rate by inserting a
HZ delay after a specified number of characters have been transmitted.
This fixes the linux guest console issue.

Note that the console now outputs at more or less the selected baud rate,
instead of nearly instantaneously as before - if you selected 9600 in
your guest VMs before, you might want to change that to 115200 now for a
better console experience.

krw@ "seems like a good idea to me"

7 years agovmd: properly advertise 640k base memory, not 636k. That was a holdover
mlarkin [Wed, 7 Jun 2017 14:41:53 +0000 (14:41 +0000)]
vmd: properly advertise 640k base memory, not 636k. That was a holdover
from before we had seabios support (to fake a hole where the EBDA would
be), and seabios always assumes 640k low memory is available. Fixes a
problem where FreeDOS guests whose seabios placed the virtio ring too
close to 640k would crash vmd. tested on a variety of guest OS, with
and without seabios. no regressions seen.

7 years agoAdd simple searching (C-s and n) to the various choose modes: by name
nicm [Wed, 7 Jun 2017 14:37:30 +0000 (14:37 +0000)]
Add simple searching (C-s and n) to the various choose modes: by name
for client and tree, and by name and content for buffer.

7 years agoAssert that the KERNEL_LOCK() is held when messing with routing,
mpi [Wed, 7 Jun 2017 13:41:02 +0000 (13:41 +0000)]
Assert that the KERNEL_LOCK() is held when messing with routing,
pfkey and unix sockets.

ok claudio@

7 years agoAssert that the calling CPU is holding the KERNEL_LOCK() in malloc(9)
mpi [Wed, 7 Jun 2017 13:30:36 +0000 (13:30 +0000)]
Assert that the calling CPU is holding the KERNEL_LOCK() in malloc(9)
and free(9).

The exception is at early boot when only one CPU is running since we
grab the KERNL_LOCK() relatively late in main().

ok kettenis@

7 years agoGrab the KERNEL_LOCK() around rtm*() functions. Routing sockets globals
mpi [Wed, 7 Jun 2017 13:28:02 +0000 (13:28 +0000)]
Grab the KERNEL_LOCK() around rtm*() functions.  Routing sockets globals
aren't protected by the NET_LOCK().

While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.

Tested by Hrvoje Popovski.

ok jmatthew@, claudio@

7 years agoreword "listen on socket" somewhat; ok gilles
jmc [Wed, 7 Jun 2017 13:25:18 +0000 (13:25 +0000)]
reword "listen on socket" somewhat; ok gilles

7 years agoupdate the VLAN doco.
dlg [Wed, 7 Jun 2017 09:46:32 +0000 (09:46 +0000)]
update the VLAN doco.

the parameters are parent and vnetid, not vlandev and vlan. svlan(4) is
also a thing.

ok jmc@

7 years agoX is not restricted to just the + operator;
jmc [Wed, 7 Jun 2017 09:41:57 +0000 (09:41 +0000)]
X is not restricted to just the + operator;

diff from klemens nanni
confirmed by otto

7 years agohtpasswd: use crypt_newhash instead of the bcrypt API
awolk [Wed, 7 Jun 2017 09:11:52 +0000 (09:11 +0000)]
htpasswd: use crypt_newhash instead of the bcrypt API

man bcrypt states:
     These functions are deprecated in favor of crypt_checkpass(3) and
     crypt_newhash(3).

hence with this change we move htpasswd to the new API, while here
also change the rounds from a hardcoded 8 to automatic selection based
on system performance.

OK florian@

7 years agoThe \h escape sequence provides another method for moving backwards,
schwarze [Wed, 7 Jun 2017 02:13:52 +0000 (02:13 +0000)]
The \h escape sequence provides another method for moving backwards,
and after that, previously written output gets overwritten, but
overwriting with blanks does *not* erase previously written content.
Yes, manual pages exist that are crazy enough to rely on that...

7 years agounbreak after sshv1 purge
djm [Wed, 7 Jun 2017 01:48:15 +0000 (01:48 +0000)]
unbreak after sshv1 purge

7 years agoImplement the roff(7) .rn (rename macro or string) request.
schwarze [Wed, 7 Jun 2017 00:50:30 +0000 (00:50 +0000)]
Implement the roff(7) .rn (rename macro or string) request.
Renaming a user-defined macro is very simple: just copy
the definition to the new name and delete the old name.
Renaming high-level macros is a bit tricky: use a dedicated
key-value-table, with non-standard names as keys and standard
names as values.  When a macro is found that is not user-defined,
look it up in the "renamed" table and translate it back to the
standard name before passing it on to the high-level parsers.

7 years agoSet the weak variant of hysteresis as default.
bru [Tue, 6 Jun 2017 21:53:07 +0000 (21:53 +0000)]
Set the weak variant of hysteresis as default.

7 years agoRewrite the driver to handle 64kb transfers
mikeb [Tue, 6 Jun 2017 21:12:01 +0000 (21:12 +0000)]
Rewrite the driver to handle 64kb transfers

Although several codepaths in the kernel such as coredump
and buffercache read-ahead feature assume that underlying
hardware is capable of handling 64kb transfers without any
issues, xbf was setup to rely on a single descriptor per
transfer which limited the maximum size of an individual
transfer to 11 4k segments amounting to 44k bytes.

To avoid overbooking, a metadata object is allocated for
each transfer to keep track of associated descriptors
limiting the maximum amount of outstanding transfers to
half the ring size.

The issue was reported by Dan Cross <crossd at gmail.com>,
thanks!

7 years agoDon't patch(1) as the 'build' user; it has no right over the src tree.
ajacoutot [Tue, 6 Jun 2017 20:34:07 +0000 (20:34 +0000)]
Don't patch(1) as the 'build' user; it has no right over the src tree.
That bug was hidden because patch(1) returns '0' on that particular case.
To be fixed...

ok robert@

7 years agoCall xbf_intr for polled transfers that can't sleep
mikeb [Tue, 6 Jun 2017 20:33:28 +0000 (20:33 +0000)]
Call xbf_intr for polled transfers that can't sleep

7 years agoAdd support for tap gestures.
bru [Tue, 6 Jun 2017 19:47:22 +0000 (19:47 +0000)]
Add support for tap gestures.

7 years agoProvide sufficient info in error messages to identify
krw [Tue, 6 Jun 2017 19:01:27 +0000 (19:01 +0000)]
Provide sufficient info in error messages to identify
softraid volume and backing disk when i/o errors occur.

Original issue reported by Paul de Weerd.

Suggestions from jsing@.

ok deraadt@ mikeb@

7 years agoContinue and pass keys through if they are repeated keys, so that the
nicm [Tue, 6 Jun 2017 15:49:35 +0000 (15:49 +0000)]
Continue and pass keys through if they are repeated keys, so that the
first key after a repeated key doesn't get lost.

7 years agoDo not pass a state into commands when fired on individual items in tree
nicm [Tue, 6 Jun 2017 15:07:35 +0000 (15:07 +0000)]
Do not pass a state into commands when fired on individual items in tree
mode, rely on the %% target substitution in the command for the chosen
pane and leave the default target as the current pane (where the mode
is). Otherwise, joinp and similar end up with -t and -s the
same. Reported by Jacob Niehus in GitHub issue 960.

7 years agoMinimal implementation of the roff(7) .ce request (center a number
schwarze [Tue, 6 Jun 2017 15:00:56 +0000 (15:00 +0000)]
Minimal implementation of the roff(7) .ce request (center a number
of input lines without filling).
Contrary to groff, high-level macros abort .ce mode for now.

7 years agoDelete input event when evbuffer_read() fails to avoid just spinning
nicm [Tue, 6 Jun 2017 14:53:28 +0000 (14:53 +0000)]
Delete input event when evbuffer_read() fails to avoid just spinning
around a dead file descriptor. Seems to fix a problem reported by Greg
Hurrell in GitHub issue 941.

7 years agoRemove code that is not needed right now.
visa [Tue, 6 Jun 2017 14:39:48 +0000 (14:39 +0000)]
Remove code that is not needed right now.

7 years agoImplement startup smashing in C. The code should be moved
visa [Tue, 6 Jun 2017 14:35:53 +0000 (14:35 +0000)]
Implement startup smashing in C. The code should be moved
under arch/mips64 once loongson and sgi have gap.o.

Discussed with deraadt@

7 years agostart slaacd as early as possible, right after pf and sysctl.conf are
florian [Tue, 6 Jun 2017 13:59:37 +0000 (13:59 +0000)]
start slaacd as early as possible, right after pf and sysctl.conf are
setup.
Input & OK deraadt@

7 years agoWe are going to start slaacd(8) much earlier, before /var is even
florian [Tue, 6 Jun 2017 13:57:23 +0000 (13:57 +0000)]
We are going to start slaacd(8) much earlier, before /var is even
mounted. Move control socket to /dev for now.
Input & OK deraadt@

7 years agoUpdate stubs to work with radix tree.
mpi [Tue, 6 Jun 2017 13:19:29 +0000 (13:19 +0000)]
Update stubs to work with radix tree.

7 years agoUpdate panic strings, pipex no longer use rn_inithead0().
mpi [Tue, 6 Jun 2017 13:07:22 +0000 (13:07 +0000)]
Update panic strings, pipex no longer use rn_inithead0().

7 years agoDo not rely on <net/rtable.h> beeing included by other headers.
mpi [Tue, 6 Jun 2017 11:51:13 +0000 (11:51 +0000)]
Do not rely on <net/rtable.h> beeing included by other headers.

Fix build without PF, PIPEX nor IPSEC.

7 years agoFix build without PF.
mpi [Tue, 6 Jun 2017 11:39:55 +0000 (11:39 +0000)]
Fix build without PF.

7 years agomention -fwrapv being on by default
jsg [Tue, 6 Jun 2017 09:42:09 +0000 (09:42 +0000)]
mention -fwrapv being on by default

7 years agoEnable -fwrapv by default with clang to treat signed integer overflows
jsg [Tue, 6 Jun 2017 09:40:24 +0000 (09:40 +0000)]
Enable -fwrapv by default with clang to treat signed integer overflows
as defined.  This is done to prevent dangerous optimisations which could
remove security critical overflow checks.

Base gcc has -fno-strict-overflow by default, with clang this is
identical to -fwrapv.

Prompted by naddy@ discovering a hang with a clang compiled i386 kernel
that was resolved with -fwrapv.

ok kettenis@ pascal@

7 years agoFix compression output stats broken in rev 1.201. Patch originally by
dtucker [Tue, 6 Jun 2017 09:12:17 +0000 (09:12 +0000)]
Fix compression output stats broken in rev 1.201.  Patch originally by
Russell Coker via Debian bug #797964 and Christoph Biedl.  ok djm@

7 years agoregen
tb [Tue, 6 Jun 2017 08:12:01 +0000 (08:12 +0000)]
regen

7 years agoMention that the special files are created in the current working
tb [Tue, 6 Jun 2017 08:11:23 +0000 (08:11 +0000)]
Mention that the special files are created in the current working
directory. Suggested by Scott Cheloha.

discussed with jmc

7 years agoTest insertion of unmatched meta sequence.
anton [Tue, 6 Jun 2017 08:05:01 +0000 (08:05 +0000)]
Test insertion of unmatched meta sequence.

7 years agomake vnetid and parent commands available in SMALL ifconfigs.
dlg [Tue, 6 Jun 2017 04:52:40 +0000 (04:52 +0000)]
make vnetid and parent commands available in SMALL ifconfigs.

the code behind the commands has been built on SMALL forever, this just
moves it available in the cmd table. the binary doesnt change size.

7 years agocorrect the depend list of a target introduced in rev 1.9
jsg [Tue, 6 Jun 2017 02:35:40 +0000 (02:35 +0000)]
correct the depend list of a target introduced in rev 1.9
from deraadt@

7 years agoRegen.
kevlo [Tue, 6 Jun 2017 01:02:18 +0000 (01:02 +0000)]
Regen.

7 years agoSort DLINK section and add USB device ID of D-Link DWA-131 rev E1.
kevlo [Tue, 6 Jun 2017 00:52:02 +0000 (00:52 +0000)]
Sort DLINK section and add USB device ID of D-Link DWA-131 rev E1.

ok stsp@

7 years agoShow usage of sysmerge and MAKEDEV instead of just mentioning them.
tb [Mon, 5 Jun 2017 22:27:58 +0000 (22:27 +0000)]
Show usage of sysmerge and MAKEDEV instead of just mentioning them.
From Scott Cheloha, thanks.

ok jmc and positive feedback from several

7 years ago- let's add PF_LOCK()
sashan [Mon, 5 Jun 2017 22:18:28 +0000 (22:18 +0000)]
- let's add PF_LOCK()
  to enable PF_LOCK(), you must add 'option WITH_PF_LOCK' to your kernel
  configuration. The code does not do much currently it's just the very
  small step towards MP.

O.K. henning@, mikeb@, mpi@

7 years agoinitial docs for COMPILER_WRAPPER and COMPILER_LINKS
sthen [Mon, 5 Jun 2017 21:54:07 +0000 (21:54 +0000)]
initial docs for COMPILER_WRAPPER and COMPILER_LINKS

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
deraadt [Mon, 5 Jun 2017 18:59:06 +0000 (18:59 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

The bootstrap code will need smashing because it is mapped by BLTB,
but this is a bit involved so not done yet.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code
(which will be gone when it is smashed).

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

7 years agoIncrease kernel size, by pushing rodata 1MB forward, from 5MB to 6MB.
deraadt [Mon, 5 Jun 2017 18:56:30 +0000 (18:56 +0000)]
Increase kernel size, by pushing rodata 1MB forward, from 5MB to 6MB.
This seems to satisfy the BTLB granularity.  Good enough for now.
ok kettenis

7 years agoTemporarily disable the second call to rc_check until I figure out what
ajacoutot [Mon, 5 Jun 2017 18:31:23 +0000 (18:31 +0000)]
Temporarily disable the second call to rc_check until I figure out what
is going on. Should fix another case of false negative reported by sthen
(redis).

7 years agoSplit early startup code out of locore.S into locore0.S. Adjust link
deraadt [Mon, 5 Jun 2017 17:49:05 +0000 (17:49 +0000)]
Split early startup code out of locore.S into locore0.S.  Adjust link
run so that this locore0.o is always at the start of the executable.
But randomize the link order of all other .o files in the kernel, so
that their exec/rodata/data/bss segments land all over the place.

Late during kernel boot, smash the startup code with traps so that
it does not point to the other randomly placed code.  It has be smashed,
because alpha (insecurely in my view) runs in the KSEG0 space.

As a result, the internal layout of every newly build bsd kernel is
different from past kernels.  Internal relative offsets are not known
to an outside attacker.  The only known offsets are in the startup code,
which is gone.

Ramdisk kernels cannot be compiled like this, because they are gzip'd.
When the internal pointer references change, the compression dictionary
bloats and results in poorer compression.

7 years agoinclude machine/param.h before machine.asm.h because uhm alpha.
deraadt [Mon, 5 Jun 2017 17:47:33 +0000 (17:47 +0000)]
include machine/param.h before machine.asm.h because uhm alpha.

7 years agoTest insertion of non-ASCII characters, in particular making sure
schwarze [Mon, 5 Jun 2017 17:34:09 +0000 (17:34 +0000)]
Test insertion of non-ASCII characters, in particular making sure
that valid input does not cause writing invalid intermediate states
to the terminal, and that invalid input is not delayed waiting for
more input, but written through right away.

Currently failing, but expected to be fixed shortly.

7 years agotrack permissions of original file
deraadt [Mon, 5 Jun 2017 15:58:33 +0000 (15:58 +0000)]
track permissions of original file

7 years agouse same idiom as other Makefiles
deraadt [Mon, 5 Jun 2017 15:58:14 +0000 (15:58 +0000)]
use same idiom as other Makefiles

7 years agoFix logic in _rc_wait to properly cope with setproctitle(3) daemons. It was a
ajacoutot [Mon, 5 Jun 2017 15:24:57 +0000 (15:24 +0000)]
Fix logic in _rc_wait to properly cope with setproctitle(3) daemons. It was a
regression from my recent rc.subr changes.

reported by deraadt@ and naddy@ : pflogd was marked as failed during boot while
it was properly running

7 years agoRandomize the link order of .o files in the kernel on octeon.
visa [Mon, 5 Jun 2017 15:23:11 +0000 (15:23 +0000)]
Randomize the link order of .o files in the kernel on octeon.
Unlike on some other architectures, it is not possible to unmap
the early boot code. Instead, the code is smashed during boot.

Input from deraadt@

7 years agoexplicitly pass -w since clang -M doesn't imply it.
espie [Mon, 5 Jun 2017 14:33:42 +0000 (14:33 +0000)]
explicitly pass -w since clang -M doesn't imply it.

okay millert@

7 years agoAdd new edit regress files.
anton [Mon, 5 Jun 2017 14:10:11 +0000 (14:10 +0000)]
Add new edit regress files.

Absent from my previous commit.

7 years agoRewrite ksh edit mode regression tests.
anton [Mon, 5 Jun 2017 13:54:39 +0000 (13:54 +0000)]
Rewrite ksh edit mode regression tests.

Instead of calling x_vi() directly, run ksh in a pseudo tty.
This makes the process of adding tests for emacs mode simpler since the code can
be shared.

With feedback and help from millert@ and schwarze@

7 years agoAvoid use of _C_LABEL, since it is not portable to all our architectures.
deraadt [Mon, 5 Jun 2017 13:52:32 +0000 (13:52 +0000)]
Avoid use of _C_LABEL, since it is not portable to all our architectures.
And anyways, everything is ELF now.

7 years agoThe arm* architectures edit the ld.script, creating a copy in the compile
deraadt [Mon, 5 Jun 2017 12:43:57 +0000 (12:43 +0000)]
The arm* architectures edit the ld.script, creating a copy in the compile
directories.  Copy it in the same way on other architectures, for the same
effect.  Something upcoming will want that file there anyways.

7 years agoexclude more objects from the readelf output when building syspatches (needed on...
robert [Mon, 5 Jun 2017 09:51:27 +0000 (09:51 +0000)]
exclude more objects from the readelf output when building syspatches (needed on i386)

7 years agoa kernel errata requires a full build as well in case some headers
robert [Mon, 5 Jun 2017 09:47:54 +0000 (09:47 +0000)]
a kernel errata requires a full build as well in case some headers
change so let's do a full build all the time

7 years agoset BUILDUSER to build by default, this can be overwritten from the environment
robert [Mon, 5 Jun 2017 09:46:25 +0000 (09:46 +0000)]
set BUILDUSER to build by default, this can be overwritten from the environment

7 years agodo not add ./ to the path of the files in the tarball
robert [Mon, 5 Jun 2017 09:44:56 +0000 (09:44 +0000)]
do not add ./ to the path of the files in the tarball

7 years agodo not remove used files from the fakeroot
robert [Mon, 5 Jun 2017 09:42:45 +0000 (09:42 +0000)]
do not remove used files from the fakeroot

7 years agoremove vlan(4) specific output handling
dlg [Mon, 5 Jun 2017 05:10:23 +0000 (05:10 +0000)]
remove vlan(4) specific output handling

vlan(4) now understands the generic vnetid and ifparent ioctls, so
this is redundant.

ok henning@

7 years agouse byte swapping loads and stores.
dlg [Mon, 5 Jun 2017 04:57:37 +0000 (04:57 +0000)]
use byte swapping loads and stores.

shrinks the code a bit on sparc64.

ok jmatthew@

7 years agoSet the group on cron's Unix domain socket _before_ making it
millert [Mon, 5 Jun 2017 01:42:45 +0000 (01:42 +0000)]
Set the group on cron's Unix domain socket _before_ making it
group-writable, not after.  Pointed out by Solar Designer.

7 years agoCatch up with changes made on amd64 (kettenis@):
naddy [Sun, 4 Jun 2017 23:03:19 +0000 (23:03 +0000)]
Catch up with changes made on amd64 (kettenis@):

Generating mixed 16-bit/32-bit/64-bit code with clang's integrated
assembler is a bit tricky.  It supports the .code16, .code32 and
.code64 directives.  But it doesn't know about the data16/data32 and
addr16/addr32 instruction prefixes.  Instead it tries to determine
those from the instruction opcode.  It mostly succeeds, but there are
a couple of corner cases where clang will generate the "addr32" form
where gas generates the "addr16" form in .code16 segments.  That
should be no problem (and just waste a couple of bytes), but it makes
comparing the generated code a bit difficult.

Allow the trampoline code to be compiled with both.  For clang #define
away the addr32 prefix and avoid using the data32 prefix by using a
mnemonic that explicitly encodes the size of the operand.  Add a few
addr32 prefixes in .code16 blocks to reduce the differences between
code generated by clang and gas.

ok deraadt@

7 years agoImplement the roff(7) .mc (right margin character) request.
schwarze [Sun, 4 Jun 2017 22:43:50 +0000 (22:43 +0000)]
Implement the roff(7) .mc (right margin character) request.
The Tcl/Tk manual pages use this extensively.
Delete the TERM_MAXMARGIN hack, it breaks .mc inside .nf;
instead, implement a proper TERMP_BRNEVER flag.

7 years agofix a bungled logical/bitwise expression pointed out by clang; ok deraadt@
naddy [Sun, 4 Jun 2017 20:28:05 +0000 (20:28 +0000)]
fix a bungled logical/bitwise expression pointed out by clang; ok deraadt@