| created | 2018-11-29T13:40:47Z |
|---|---|
| begin | 2018-04-12T00:00:00Z |
| end | 2018-04-13T00:00:00Z |
| path | src/sys |
| commits | 6 |
| date | 2018-04-12T10:28:13Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/kern/kern_descrip.c | log | diff | annotate |
| message |
Call FREF(9) earlier instead of incrementing `f_count' directly in dupfdopen(). ok bluhm@, visa@ |
|||
| date | 2018-04-12T10:30:18Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/kern/kern_descrip.c | log | diff | annotate |
| message |
Use the current reference instead of incrementing `f_count' manually and calling FRELE(9) in finishdup(). Update comments accordingly. ok bluhm@, visa@ |
|||
| date | 2018-04-12T14:59:08Z | |||
|---|---|---|---|---|
| author | visa | |||
| files | src/sys/kern/subr_witness.c | log | diff | annotate |
| message |
Restore the original BSDI $Id$ strings. Those were mangled by CVS by my mistake. Pointed out by Christian Ludwig. Thank you! |
|||
| date | 2018-04-12T17:13:41Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/alpha/alpha/machdep.c | log | diff | annotate |
| src/sys/arch/alpha/alpha/trap.c | log | diff | annotate | |
| message |
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and syscall) confirm the stack register points at MAP_STACK memory, otherwise SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified to create a MAP_STACK sub-region which satisfies alignment requirements. Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the contents of the region -- there is no mprotect() equivalent operation, so there is no MAP_STACK-adding gadget. This opportunistic software-emulation of a stack protection bit makes stack-pivot operations during ROPchain fragile (kind of like removing a tool from the toolbox). original discussion with tedu, uvm work by stefan, testing by mortimer ok kettenis |
|||
| date | 2018-04-12T17:13:43Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/amd64/amd64/machdep.c | log | diff | annotate |
| src/sys/arch/amd64/amd64/trap.c | log | diff | annotate | |
| src/sys/arch/arm/arm/fault.c | log | diff | annotate | |
| src/sys/arch/arm/arm/sig_machdep.c | log | diff | annotate | |
| src/sys/arch/arm64/arm64/ast.c | log | diff | annotate | |
| src/sys/arch/arm64/arm64/sig_machdep.c | log | diff | annotate | |
| src/sys/arch/arm64/arm64/trap.c | log | diff | annotate | |
| src/sys/arch/hppa/hppa/machdep.c | log | diff | annotate | |
| src/sys/arch/hppa/hppa/trap.c | log | diff | annotate | |
| src/sys/arch/i386/i386/machdep.c | log | diff | annotate | |
| src/sys/arch/i386/i386/trap.c | log | diff | annotate | |
| src/sys/arch/m88k/m88k/sig_machdep.c | log | diff | annotate | |
| src/sys/arch/macppc/macppc/machdep.c | log | diff | annotate | |
| src/sys/arch/mips64/mips64/sendsig.c | log | diff | annotate | |
| src/sys/arch/mips64/mips64/trap.c | log | diff | annotate | |
| message |
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and syscall) confirm the stack register points at MAP_STACK memory, otherwise SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified to create a MAP_STACK sub-region which satisfies alignment requirements. Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the contents of the region -- there is no mprotect() equivalent operation, so there is no MAP_STACK-adding gadget. This opportunistic software-emulation of a stack protection bit makes stack-pivot operations during ROPchain fragile (kind of like removing a tool from the toolbox). original discussion with tedu, uvm work by stefan, testing by mortimer ok kettenis |
|||
| date | 2018-04-12T17:13:44Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/arch/powerpc/powerpc/trap.c | log | diff | annotate |
| src/sys/arch/sh/sh/sh_machdep.c | log | diff | annotate | |
| src/sys/arch/socppc/socppc/machdep.c | log | diff | annotate | |
| src/sys/arch/sparc64/sparc64/machdep.c | log | diff | annotate | |
| src/sys/arch/sparc64/sparc64/trap.c | log | diff | annotate | |
| src/sys/kern/exec_subr.c | log | diff | annotate | |
| src/sys/kern/init_main.c | log | diff | annotate | |
| src/sys/kern/kern_sig.c | log | diff | annotate | |
| src/sys/sys/exec.h | log | diff | annotate | |
| src/sys/sys/proc.h | log | diff | annotate | |
| src/sys/sys/syscall_mi.h | log | diff | annotate | |
| src/sys/uvm/uvm.h | log | diff | annotate | |
| src/sys/uvm/uvm_extern.h | log | diff | annotate | |
| src/sys/uvm/uvm_fault.c | log | diff | annotate | |
| src/sys/uvm/uvm_map.c | log | diff | annotate | |
| src/sys/uvm/uvm_map.h | log | diff | annotate | |
| src/sys/uvm/uvm_mmap.c | log | diff | annotate | |
| message |
Implement MAP_STACK option for mmap(). Synchronous faults (pagefault and syscall) confirm the stack register points at MAP_STACK memory, otherwise SIGSEGV is delivered. sigaltstack() and pthread_attr_setstack() are modified to create a MAP_STACK sub-region which satisfies alignment requirements. Observe that MAP_STACK can only be set/cleared by mmap(), which zeroes the contents of the region -- there is no mprotect() equivalent operation, so there is no MAP_STACK-adding gadget. This opportunistic software-emulation of a stack protection bit makes stack-pivot operations during ROPchain fragile (kind of like removing a tool from the toolbox). original discussion with tedu, uvm work by stefan, testing by mortimer ok kettenis |
|||