jsg [Fri, 13 Jan 2023 01:42:45 +0000 (01:42 +0000)]
drm/amd/display: Report to ACPI video if no panels were found
From Mario Limonciello
adaf41b56803fe7a9a4ac625c7e41615ef23591f in linux-6.1.y/6.1.5
c573e240609ff781a0246c0c8c8351abd0475287 in mainline linux
jsg [Fri, 13 Jan 2023 01:40:51 +0000 (01:40 +0000)]
drm/amdkfd: Fix double release compute pasid
From Philip Yang
a02c07b619899179384fde06f951530438a3512d in linux-6.1.y/6.1.5
1a799c4c190ea9f0e81028e3eb3037ed0ab17ff5 in mainline linux
jsg [Fri, 13 Jan 2023 01:38:35 +0000 (01:38 +0000)]
drm/amdkfd: Fix kfd_process_device_init_vm error handling
From Philip Yang
9d74d1f52e16d8e07f7fbe52e96d6391418a2fe9 in linux-6.1.y/6.1.5
29d48b87db64b6697ddad007548e51d032081c59 in mainline linux
jsg [Fri, 13 Jan 2023 01:37:01 +0000 (01:37 +0000)]
drm/amdgpu: Fix size validation for non-exclusive domains (v4)
From Luben Tuikov
8ba7c55e112f4ffd2a95b99be1cb1c891ef08ba1 in linux-6.1.y/6.1.5
7554886daa31eacc8e7fac9e15bbce67d10b8f1f in mainline linux
jsg [Fri, 13 Jan 2023 01:34:34 +0000 (01:34 +0000)]
drm/i915/gvt: fix double free bug in split_2MB_gtt_entry
From Zheng Wang
1022519da69d99d455c58ca181a6c499c562c70e in linux-6.1.y/6.1.5
4a61648af68f5ba4884f0e3b494ee1cabc4b6620 in mainline linux
jsg [Fri, 13 Jan 2023 01:32:39 +0000 (01:32 +0000)]
drm/i915: unpin on error in intel_vgpu_shadow_mm_pin()
From Dan Carpenter
20a07570c1667a48fe50fdfa59f4ece57775b69a in linux-6.1.y/6.1.5
3792fc508c095abd84b10ceae12bd773e61fdc36 in mainline linux
jsg [Fri, 13 Jan 2023 01:27:41 +0000 (01:27 +0000)]
add acpi_video_report_nolcd() for 6.1.5 drm
nicm [Thu, 12 Jan 2023 20:39:37 +0000 (20:39 +0000)]
Disable double width and height escape sequences under SMALL_KERNEL.
ok miod
miod [Thu, 12 Jan 2023 20:13:28 +0000 (20:13 +0000)]
free(NULL) has been allowed in the kernel since 5.4; remove checks.
miod [Thu, 12 Jan 2023 19:37:53 +0000 (19:37 +0000)]
Update luna88k boot procedure; help & tweaks jmc@
nicm [Thu, 12 Jan 2023 18:49:11 +0000 (18:49 +0000)]
Have tmux recognise pasted texts wrapped in bracket paste sequences,
rather than only forwarding them to the program inside. From Andrew
Onyshchuk in GitHub issue 3431.
claudio [Thu, 12 Jan 2023 17:35:51 +0000 (17:35 +0000)]
Split rde_filterstate_prep() into three functions.
- rde_filterstate_init(): initialize a filterstate to default values
- rde_filterstate_copy(): copy from a filterstate into a new state object
- rde_filterstate_prep(): set filtersate based on prefix passed as argument.
This makes the code a bit easier to read.
OK tb@
kn [Thu, 12 Jan 2023 15:03:23 +0000 (15:03 +0000)]
On '!', drop into a proper ksh(1) instead of a limited sh(1) lacking
arithmetic expression `(( ... ))' and more.
OK deraadt
jmc [Thu, 12 Jan 2023 14:08:39 +0000 (14:08 +0000)]
diff from sobrado to use a full argument name for -s: after some discussion
we used "signal", as per pkill/pgrep; also lift the descriptive text
from kill.1 to clarify that both signal name and number are accepted;
ok sobrado job
bluhm [Thu, 12 Jan 2023 13:09:47 +0000 (13:09 +0000)]
Binding the accept socket in TCP input relies on the fact that the
listen port is not bound to port 0. With a matching pf divert-to
rule this assumption is no longer true and could crash the kernel
with kassert. In both pf and stack drop TCP packets with destination
port 0 before they can do harm.
OK sashan@ claudio@
jsg [Thu, 12 Jan 2023 12:56:07 +0000 (12:56 +0000)]
remove outdated "expected to be compliant"
ok miod@ kn@ deraadt@
nicm [Thu, 12 Jan 2023 12:34:06 +0000 (12:34 +0000)]
Add CBT (cursor back tab) sequence, from Crystal Kolipe kolipe.c at
exoticsilicon dot com.
ok miod
nicm [Thu, 12 Jan 2023 12:28:08 +0000 (12:28 +0000)]
Add aixterm bright colour sequences (SGR 90-97 and 100-107). From
Crystal Kolipe kolipe.c at exoticsilicon dot com.
ok miod
nicm [Thu, 12 Jan 2023 12:23:40 +0000 (12:23 +0000)]
Add some missing cursor movement and scrolling escape sequences that are
supported by xterm. From Crystal Kolipe kolipe.c at exoticsilicon dot
com.
ok miod
mvs [Thu, 12 Jan 2023 10:59:36 +0000 (10:59 +0000)]
Use solock() instead solock_shared() within sys_getsockopt(). Otherwise
we acquiring kernel lock with mutex(9) held. This partially reverts
rev 1.205 of sys/kern/uipc_syscalls.c. Shared solock() is still fine for
getsockname(2) and getpeername(2).
Reported-by: syzbot+00a4824cb1b6a214c7d6@syzkaller.appspotmail.com
ok kn@ claudio@
claudio [Thu, 12 Jan 2023 08:47:07 +0000 (08:47 +0000)]
In build_aspath() be more careful in the len == 0 case. For len == 0
aspath->data should not be touched so just exit early.
While there also initalize source_as correctly in the rev case. This
does not matter here but is more correct.
Problem noticed by anton@
OK tb@
miod [Thu, 12 Jan 2023 07:25:29 +0000 (07:25 +0000)]
Use proper sparc64 illtrap instruction as text sections filler, rather than
the x86 one.
miod [Thu, 12 Jan 2023 07:18:25 +0000 (07:18 +0000)]
Fix trivial stack buf oflow
bluhm [Thu, 12 Jan 2023 00:27:26 +0000 (00:27 +0000)]
Compiling kernel with witness option failed since drm update. Do
not define struct rwlock variable within function, witness needs
global access.
OK jsg@
miod [Wed, 11 Jan 2023 19:57:17 +0000 (19:57 +0000)]
Implement X-only mappings on sun4u by not letting the dtlb miss handler
allow ttes with the "exec only" bit; joint work with deraadt@, unfortunately
no effect on sun4v due to the lack of software bits in ttes to fit an
"exec only" bit.
ok deraadt@ kettenis@
deraadt [Wed, 11 Jan 2023 17:16:33 +0000 (17:16 +0000)]
be very paranoid like other architectures and force no-jump-tables
came up in two seperate conversations with miod and kettenis
claudio [Wed, 11 Jan 2023 17:10:25 +0000 (17:10 +0000)]
Add the validation state to the filterstate struct.
Removes vstate argument from rde_filter().
Rename prefix_vstate() to prefix_roa_vstate().
OK tb@
deraadt [Wed, 11 Jan 2023 17:00:20 +0000 (17:00 +0000)]
block --execute-only on mips64 & sparc64 during the upcoming transition.
a seatbelt, because libc build corruption is too painful.
deraadt [Wed, 11 Jan 2023 16:36:44 +0000 (16:36 +0000)]
based upon inspection of obj/*.S ...
temporarily force sparc64 libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
deraadt [Wed, 11 Jan 2023 16:33:36 +0000 (16:33 +0000)]
put LD_SCRIPT in the canonical location
miod [Wed, 11 Jan 2023 16:31:46 +0000 (16:31 +0000)]
Add ld.so linker scripts on the remaining platforms.
deraadt [Wed, 11 Jan 2023 16:25:13 +0000 (16:25 +0000)]
temporarily force hppa libcrypto to be built --no-execute-only because
perlasm is still putting tables (intended to be rodata) into text.
This will help dynamic executables, but static executables won't be
saved by this. But this is temporary because we hope the perlasm problem
is fixed soon.
ok miod
deraadt [Wed, 11 Jan 2023 16:21:32 +0000 (16:21 +0000)]
force-disable jump tables in ld.so building on sparc64, to ease the
exonly transition for people building through an upcoming commit series
deraadt [Wed, 11 Jan 2023 15:14:01 +0000 (15:14 +0000)]
the kernel on mips64 (octeon, loongson) is in good enough shape to run
--execute-only ld.so (meaning FLAGS (1) on the LOAD line for the text
segment, in the ld.script). the linker, when using built-in linker scripts,
is not ready yet for other libraries / binaries..
deraadt [Wed, 11 Jan 2023 14:38:09 +0000 (14:38 +0000)]
do not need --execute-only anymore, it is now the default
deraadt [Wed, 11 Jan 2023 14:33:33 +0000 (14:33 +0000)]
arm64 and riscv64 can now do --execute-only by default
ok kettenis
deraadt [Wed, 11 Jan 2023 14:30:47 +0000 (14:30 +0000)]
hppa can switch over to --execute-only by default.
ok kettenis
claudio [Wed, 11 Jan 2023 13:55:08 +0000 (13:55 +0000)]
Add a somewhat extensive unittest for ASPA validation functionality.
claudio [Wed, 11 Jan 2023 13:53:17 +0000 (13:53 +0000)]
Add ASPA validation functions to the RDE.
This implements ASPA validation based on the current draft. Implementing
this showed various weaknesses in the current ASPA draft which I hope to
fix in the near future.
Unlike the algorithm specified in the draft our version validates the
AS_PATH attribute in a single path doing one or two lookups depending on
the sessions BGP role.
The code is not yet hooked up into the RDE (see the NOTYET blocks).
Missing are reload logic, bgpctl integration and the loading of the
merged ASPA set from the rtr process.
OK tb@
nicm [Wed, 11 Jan 2023 12:47:04 +0000 (12:47 +0000)]
Remove rasops_isgray, this is no longer used. From Crystal Kolipe
kolipe.c at exoticsilicon dot com.
ok miod
kettenis [Wed, 11 Jan 2023 11:10:25 +0000 (11:10 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution. Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.
ok deraadt@, mpi@
kettenis [Wed, 11 Jan 2023 11:09:17 +0000 (11:09 +0000)]
Make sure we also remove read access in pmap_page_ro() when the new
permissions only allow execution. Make sure we completely invalidate
the PTE if the intersection between the old and new permissions is the
empty set.
ok drahn@, deraadt@, mpi@
sashan [Wed, 11 Jan 2023 08:11:07 +0000 (08:11 +0000)]
make REGRESS_CLEANUP consistent with REGRESS_CLEANUP found
in pf_state/Makefile.
discussed with anton@
OK anton@
djm [Wed, 11 Jan 2023 05:39:38 +0000 (05:39 +0000)]
clamp the minimum buffer lengths and number of inflight requests too
djm [Wed, 11 Jan 2023 05:36:50 +0000 (05:36 +0000)]
ignore bogus upload/download buffer lengths in the limits extension
jsing [Wed, 11 Jan 2023 04:39:42 +0000 (04:39 +0000)]
Clean up and simplify BIGNUM handling in DSA code.
This adds missing BN_CTX_start()/BN_CTX_end() calls, removes NULL checks
before BN_CTX_end()/BN_CTX_free() (since they're NULL safe) and calls
BN_free() instead of BN_clear_free() (which does the same thing).
Also replace stack allocated BIGNUMs with calls to BN_CTX_get(), using the
BN_CTX that is already available.
ok tb@
jsing [Wed, 11 Jan 2023 04:35:26 +0000 (04:35 +0000)]
Simplify BIGNUM handling in dsa_builtin_keygen().
Rather than having complicated "attempt to reuse" dances, always allocate
priv_key/pub_key, then free and assign on success.
ok tb@
jsing [Wed, 11 Jan 2023 04:26:24 +0000 (04:26 +0000)]
Replace BN_lshift1()/BN_rshift1() with calls to BN_lshift()/BN_rshift().
Currently, BN_lshift1() and BN_rshift1() are separate implementations
that are intended to be faster since the shift is known (and only one bit
crosses a word boundary). However, with the rewrite of BN_lshift() and
BN_rshift(), they are either slower or only minimally faster (depending
on architecture).
Avoid duplication and turn BN_lshift1()/BN_rshift1() into functions that
call inlined versions of BN_lshift()/BN_rshift(), making BN_lshift() and
BN_rshift() call the same inlined implementation. This results in a single
implementation and BN_lshift1()/BN_rshift1() that out perform the previous
versions (in part due to compiler optimisation).
Now that none of the original code exists, replace the license and
copyright for this file.
ok tb@
visa [Wed, 11 Jan 2023 03:28:42 +0000 (03:28 +0000)]
Use 64-bit page table entries on octeon
This (over-)compensates for the frame bit reduction related to the
TLB read inhibit support. However, the memory overhead of page tables
is increased.
OK miod@
visa [Wed, 11 Jan 2023 03:20:52 +0000 (03:20 +0000)]
Enable TLB read inhibit on OCTEON Plus and newer SoCs.
OK deraadt@
visa [Wed, 11 Jan 2023 03:19:52 +0000 (03:19 +0000)]
Add TLB bypass for instruction emulation
copyinsn() fetches a userland instruction through the direct map.
This lets emulation work with execute-only virtual memory mappings.
OK deraadt@
visa [Wed, 11 Jan 2023 03:17:56 +0000 (03:17 +0000)]
Add MIPS64r2 TLB read inhibit support
OK deraadt@ miod@
cheloha [Wed, 11 Jan 2023 02:49:34 +0000 (02:49 +0000)]
i386/machdep.c: revert revisions 1.659 and 1.660
"put it back" kettenis@
djm [Wed, 11 Jan 2023 02:13:52 +0000 (02:13 +0000)]
remove whitespace at EOL from code extracted from SUPERCOP
mortimer [Wed, 11 Jan 2023 01:55:17 +0000 (01:55 +0000)]
Add retguard to amd64 syscalls.
Since we got rid of padded syscalls we have enough registers to do this.
ok deraadt@ ok kettenis@
djm [Wed, 11 Jan 2023 00:51:27 +0000 (00:51 +0000)]
rewrite this test to use a multiplexed ssh session so we can control
its lifecycle without risk of race conditions; fixes some of the
Github integration tests for openssh-portable
millert [Tue, 10 Jan 2023 23:22:15 +0000 (23:22 +0000)]
Switch scp from using pipes to a socketpair for communication with
it's ssh sub-processes. We no longer need to reserve two descriptors
to ensure that we don't end up using fd 0-2 unexpectedly, that is
handled by sanitise_stdfd() in main().
Based on an original diff from djm@. OK deraadt@ djm@
gkoehler [Tue, 10 Jan 2023 21:27:12 +0000 (21:27 +0000)]
Use atomic ops on the set of used segment registers
Each pmap sets a bit in usedsr to claim 16 unique VSIDs for its
segment registers. Use atomic_cas_uint to set this bit (checking that
the other cpu didn't steal it) and atomic_clearbits_int to clear it.
Stop using splvm.
ok miod@
deraadt [Tue, 10 Jan 2023 21:22:39 +0000 (21:22 +0000)]
hppa ld.so works with executable-only text (non-readable)
jmc [Tue, 10 Jan 2023 21:10:37 +0000 (21:10 +0000)]
oops, fix a bad edit in previous;
ratchov [Tue, 10 Jan 2023 20:48:34 +0000 (20:48 +0000)]
Fix device name in the MIDI control section
For MMC to work, the MIDI sequencer must send MMC to subdevices
registered with -tslave.
From Dirk-Wilhelm Peters <peters at schwertfisch.de>, thanks.
deraadt [Tue, 10 Jan 2023 18:05:59 +0000 (18:05 +0000)]
like hppa, sparc64 will need gcc's jump tables option disabled to
allow execute-only binaries
ok miod
miod [Tue, 10 Jan 2023 17:38:10 +0000 (17:38 +0000)]
In pmap_bootstrap, when importing the PROM translations into the kernel pmap,
be sure to clear all software bits from the TTEs, for these bits will have
different meanings in OpenBSD.
Tested on a large set of sun4u and sun4v systems of different eras to not
cause any regression, should be safe enough.
miod [Tue, 10 Jan 2023 17:10:57 +0000 (17:10 +0000)]
Switch the luna88k boot loader to the MI boot code, to ease future maintainence
of it. Crank version to 0.8.
ok aoyama@
miod [Tue, 10 Jan 2023 17:04:01 +0000 (17:04 +0000)]
Enable the fine-grained fault type computation code added in 1.117 on all
mips64 processors, not only Octeon; needed to cope with xonly mappings.
tobhe [Tue, 10 Jan 2023 16:33:18 +0000 (16:33 +0000)]
Switch to console before suspending in DUMBFB mode. Fixes frame buffer corruption
and a few other bugs/races after wakeup on Apple Silicon laptops and Lenovo x13s.
ok kettenis@ deraadt@
job [Tue, 10 Jan 2023 14:19:12 +0000 (14:19 +0000)]
Add short options for --foreground and --preserve-status
Align with upcoming POSIX spec: https://www.austingroupbugs.net/view.php?id=1586
OK jmc@
job [Tue, 10 Jan 2023 13:26:34 +0000 (13:26 +0000)]
Improve timestamp printing in filemode
OK claudio@
tb [Tue, 10 Jan 2023 12:47:19 +0000 (12:47 +0000)]
rhe -> the from Crystal Kolipe
anton [Tue, 10 Jan 2023 12:19:18 +0000 (12:19 +0000)]
purge unhooked wx_syscall files
anton [Tue, 10 Jan 2023 12:17:00 +0000 (12:17 +0000)]
Retire wx_syscall regress tests, they have been failing since the
introduction of mimmutable(2) and also needs to cope with xonly on some
architectures by now. There's already the syscallwx target in
regress/usr.bin/lastcomm which does the same thing but also ensures that
the expected code path is reached by looking at accounting records.
deraadt [Tue, 10 Jan 2023 12:07:34 +0000 (12:07 +0000)]
disable jump tables by default on hppa because they are incompatible
with --execute-only in the linker
ok kettenis
deraadt [Tue, 10 Jan 2023 12:06:18 +0000 (12:06 +0000)]
create infrastructure so that jump tables on/off can be tweaked by an
architecture by changing JUMP_TABLES_DEFAULT
ok kettenis
kettenis [Tue, 10 Jan 2023 11:18:47 +0000 (11:18 +0000)]
The uvm_swap_data_lock mutex can now be taken without holding the kernel
lock. So it needs IPL_MPFLOOR to prevent lock ordering issues.
ok jca@
jsing [Tue, 10 Jan 2023 04:13:22 +0000 (04:13 +0000)]
Rewrite BN_lshift()
This improves readability and eliminates special handling for various
cases, making the code cleaner and closer to constant time. Basic
benchmarking shows a performance gain on modern 64 bit architectures.
ok tb@
dv [Tue, 10 Jan 2023 01:09:14 +0000 (01:09 +0000)]
Hide WAITPKG cpu feature from vmm(4) guests.
Alder Lake and similar-era Intel platforms introduced new userland
wait instructions. Since vmm was passing this cpuid bit into guests,
some would attempt TPAUSE instructions and trigger invalid instruction
exceptions because VMX requires additional configuration to support
emulation.
This also adds WAITPKG to i386 and amd64 cpu feature identification.
Input from anton@, cheloha@, and guenther@. Tested by jmatthew@.
OK deraadt.
cheloha [Tue, 10 Jan 2023 01:01:18 +0000 (01:01 +0000)]
i386: identifycpu(): only calibrate_cyclecounter() on primary CPU
On i386 during identifycpu(), we call calibrate_cyclecounter() for every
CPU in the system. This is pointless: every new call clobbers the cpuspeed
measured during the prior call. It is also extremely slow: every call to
calibrate_cyclecounter() takes about 1 second.
Instead, let's only call calibrate_cyclecounter() once, on the primary CPU.
Multiprocessor i386 machines will now boot much faster.
ok deraadt@
cheloha [Tue, 10 Jan 2023 00:49:45 +0000 (00:49 +0000)]
i386: identifycpu(): don't print cpuspeed after calibrate_cyclecounter()
The cpuspeed set during calibrate_cyclecounter() is a bogomips measurement.
It isn't an authoritative (nominal) frequency, so we shouldn't print it out
when identifying each CPU. As an added bonus, this also removes some noise
when diffing i386 dmesgs.
ok deraadt@
kettenis [Mon, 9 Jan 2023 21:18:47 +0000 (21:18 +0000)]
Change the __canonicalize_funcptr_for_compare() implementation to stop
trying to read a branch instruction and decode it to extract the address
of the ld.so resolver function. Instead, directly execute that branch
instruction.
This is effectively a C runtime ABI change. In order to cross this if
you are building from source, make sure you install an updated ld.so
first.
ok deraadt@
kettenis [Mon, 9 Jan 2023 20:32:21 +0000 (20:32 +0000)]
Set the default for machdep.lidaction to 1 like on amd64.
ok tobhe@, deraadt@
kettenis [Mon, 9 Jan 2023 20:29:35 +0000 (20:29 +0000)]
Implement suspend on lid close.
ok tobhe@, deraadt@
kettenis [Mon, 9 Jan 2023 18:58:13 +0000 (18:58 +0000)]
Generate the "combreloc" scripts for the new linker script template as well.
ok deraadt@
sthen [Mon, 9 Jan 2023 17:41:03 +0000 (17:41 +0000)]
tweak text for USE_NOEXECONLY
sthen [Mon, 9 Jan 2023 17:17:55 +0000 (17:17 +0000)]
document USE_NOEXECONLY
jmc [Mon, 9 Jan 2023 17:13:46 +0000 (17:13 +0000)]
shorten SYNOPSIS from three versions to two (me) then one (ratchov),
plus all the cleanup that goes with;
ok ratchov
nicm [Mon, 9 Jan 2023 15:49:36 +0000 (15:49 +0000)]
DIAGNOSTIC is redundant with KASSERT, remove it. From Crystal Kolipe.
ok guenther
kettenis [Mon, 9 Jan 2023 15:22:53 +0000 (15:22 +0000)]
Allwinner hardware sucks! The ARM generic timer on the A64 has a bug
where the bottom 9 bits of the counter register can't be trusted if any of
the higher bits are rolling over. This is an unpublished errata so the
details aren't known. Adopt the same workaround that Linux has.
This will disable the userland timecounter support on hardware affected
by the hardware. We will need a similar workaround in libc to restore
that functionality.
tested by semarie@
ok cheloha@
deraadt [Mon, 9 Jan 2023 15:05:49 +0000 (15:05 +0000)]
riscv64 ld.so is ready to be xonly
ok kettenis
kettenis [Mon, 9 Jan 2023 14:40:48 +0000 (14:40 +0000)]
Adjust the hppa linker scripts to order .rodata (and other sections
classified as read-only) before .text. This makes it possible to make
.text execute-only as it no longer contains the ELF program headers.
This is achieved by forking the ELF linker script template. Adding another
level of conditionals to the existing ELF linker script template would be
utter madness.
ok deraadt@
kettenis [Mon, 9 Jan 2023 14:36:38 +0000 (14:36 +0000)]
Implement --execute-only (and turn --no-execute-only from a no-op into an
options that does the opposite).
Note that this option is likely to be ineffective without changes to the
linker scripts. A change that adjusts the hppa linker scripts will follow
shortly. Other architectures will need some work.
ok deraadt@
deraadt [Mon, 9 Jan 2023 14:14:26 +0000 (14:14 +0000)]
Whoa, that clean target is insane. If someone does a make build,
pf gets disabled. Comment it out, that will need to be rethought.
nicm [Mon, 9 Jan 2023 14:12:41 +0000 (14:12 +0000)]
Fix behaviour with \007 (used the wrong tree for last change).
kettenis [Mon, 9 Jan 2023 13:52:42 +0000 (13:52 +0000)]
Rewrite the hppa assembly code to avoid reads from .text, by using the
standard PIC magic. This makes the code similar to what we already use
for rcrt0.o. This makes it ready for execute-only.
Build C code using -fno-jump-tables to make it ready for execute-only.
ok deraadt@, miod@
kettenis [Mon, 9 Jan 2023 13:45:55 +0000 (13:45 +0000)]
In preparation for upcoming execute-only support, change the magic branch
instruction used by __canonicalize_funcptr_for_compare() from "bl" into "b".
This allows __canonicalize_funcptr_for_compare() to execute the branch
instead of decoding the instruction to find the address of _dl_bind().
This is the first step in the transition to a new ABI. Once an updated
ld.so has been installed, we can change __canonicalize_funcptr_for_compare()
(which lives in libgcc) and rebuild everything with a new libgcc. Only
then we can actually make ld.so executable-only.
ok deraadt@, miod@
anton [Mon, 9 Jan 2023 11:50:01 +0000 (11:50 +0000)]
Fix the syscallwx target which is affected by both mimmutable(2) and
xonly by using a new gadget routine written in assembler with the sole
purpose of issuing a syscall. Since it needs to be copied to wx memory,
place it in the rodata section.
miod [Mon, 9 Jan 2023 11:18:44 +0000 (11:18 +0000)]
Use PROT_EXEC when servicing instruction faults.
ok aoyama@
sashan [Mon, 9 Jan 2023 10:21:40 +0000 (10:21 +0000)]
yet another set of regression tests for pf(4). Unlike tests
found in pf_forward the tests in pf_policy use local bound
traffic to provide simple testing of various pf features.
The initial commit brings few tests using icmp echo to
test anchor rules.
anton@ helped a lot to improve pf_policy/Makefile
OK anton@
nicm [Mon, 9 Jan 2023 07:57:14 +0000 (07:57 +0000)]
Accept \007 as terminator to OSC 10 or 11.
nicm [Mon, 9 Jan 2023 07:48:12 +0000 (07:48 +0000)]
Correct length of replies to primary and secondary DAs so as not to send
a stray trailing NUL byte. From Crystal Kolipe.
ok deraadt miod
anton [Mon, 9 Jan 2023 06:34:02 +0000 (06:34 +0000)]
Sanitize the inherited environment by removing LC_ALL, missed in previous.