| created | 2019-12-03T13:26:49Z |
|---|---|
| begin | 2019-11-29T00:00:00Z |
| end | 2019-11-30T00:00:00Z |
| path | src/sys |
| commits | 26 |
| date | 2019-11-29T01:04:08Z | |||
|---|---|---|---|---|
| author | beck | |||
| files | src/sys/kern/vfs_bio.c | log | diff | annotate |
| src/sys/kern/vfs_biomem.c | log | diff | annotate | |
| src/sys/sys/buf.h | log | diff | annotate | |
| message |
Re commit what was committed in version 1.43 with a fix added to ensure we handle the uvm_objects of bread_cluster buffers correctly. Original commit message: Fix the buffer cache code to not use a giant uvm obj of all pages when a small one on each buf is all that is needed. reduces the cost of large frees by about 25%. Again, lots of assistence from kettenis and mlarkin still ok kettenis@ |
|||
| date | 2019-11-29T06:19:07Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/dev/pci/drm/include/drm/gpu_scheduler.h | log | diff | annotate |
| src/sys/dev/pci/drm/scheduler/gpu_scheduler.c | log | diff | annotate | |
| message |
drm_sched_entity_flush() doesn't care about specific threads, so just track the process (and not the original thread of the process). ok jsg@ kettenis@ |
|||
| date | 2019-11-29T06:34:45Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/kern/exec_elf.c | log | diff | annotate |
| src/sys/kern/exec_subr.c | log | diff | annotate | |
| src/sys/kern/init_main.c | log | diff | annotate | |
| src/sys/kern/kern_exec.c | log | diff | annotate | |
| src/sys/uvm/uvm.h | log | diff | annotate | |
| src/sys/uvm/uvm_extern.h | log | diff | annotate | |
| src/sys/uvm/uvm_map.c | log | diff | annotate | |
| message |
Repurpose the "syscalls must be on a writeable page" mechanism to enforce a new policy: system calls must be in pre-registered regions. We have discussed more strict checks than this, but none satisfy the cost/benefit based upon our understanding of attack methods, anyways let's see what the next iteration looks like. This is intended to harden (translation: attackers must put extra effort into attacking) against a mixture of W^X failures and JIT bugs which allow syscall misinterpretation, especially in environments with polymorphic-instruction/variable-sized instructions. It fits in a bit with libc/libcrypto/ld.so random relink on boot and no-restart-at-crash behaviour, particularily for remote problems. Less effective once on-host since someone the libraries can be read. For static-executables the kernel registers the main program's PIE-mapped exec section valid, as well as the randomly-placed sigtramp page. For dynamic executables ELF ld.so's exec segment is also labelled valid; ld.so then has enough information to register libc's exec section as valid via call-once msyscall(2) For dynamic binaries, we continue to to permit the main program exec segment because "go" (and potentially a few other applications) have embedded system calls in the main program. Hopefully at least go gets fixed soon. We declare the concept of embedded syscalls a bad idea for numerous reasons, as we notice the ecosystem has many of static-syscall-in-base-binary which are dynamically linked against libraries which in turn use libc, which contains another set of syscall stubs. We've been concerned about adding even one additional syscall entry point... but go's approach tends to double the entry-point attack surface. This was started at a nano-hackathon in Bob Beck's basement 2 weeks ago during a long discussion with mortimer trying to hide from the SSL scream-conversations, and finished in more comfortable circumstances next to a wood-stove at Elk Lakes cabin with UVM scream-conversations. ok guenther kettenis mortimer, lots of feedback from others conversations about go with jsing tb sthen |
|||
| date | 2019-11-29T06:34:46Z | |||
|---|---|---|---|---|
| author | deraadt | |||
| files | src/sys/sys/exec.h | log | diff | annotate |
| src/sys/sys/exec_elf.h | log | diff | annotate | |
| src/sys/sys/syscall_mi.h | log | diff | annotate | |
| src/sys/uvm/uvm_map.h | log | diff | annotate | |
| src/sys/uvm/uvm_mmap.c | log | diff | annotate | |
| message |
Repurpose the "syscalls must be on a writeable page" mechanism to enforce a new policy: system calls must be in pre-registered regions. We have discussed more strict checks than this, but none satisfy the cost/benefit based upon our understanding of attack methods, anyways let's see what the next iteration looks like. This is intended to harden (translation: attackers must put extra effort into attacking) against a mixture of W^X failures and JIT bugs which allow syscall misinterpretation, especially in environments with polymorphic-instruction/variable-sized instructions. It fits in a bit with libc/libcrypto/ld.so random relink on boot and no-restart-at-crash behaviour, particularily for remote problems. Less effective once on-host since someone the libraries can be read. For static-executables the kernel registers the main program's PIE-mapped exec section valid, as well as the randomly-placed sigtramp page. For dynamic executables ELF ld.so's exec segment is also labelled valid; ld.so then has enough information to register libc's exec section as valid via call-once msyscall(2) For dynamic binaries, we continue to to permit the main program exec segment because "go" (and potentially a few other applications) have embedded system calls in the main program. Hopefully at least go gets fixed soon. We declare the concept of embedded syscalls a bad idea for numerous reasons, as we notice the ecosystem has many of static-syscall-in-base-binary which are dynamically linked against libraries which in turn use libc, which contains another set of syscall stubs. We've been concerned about adding even one additional syscall entry point... but go's approach tends to double the entry-point attack surface. This was started at a nano-hackathon in Bob Beck's basement 2 weeks ago during a long discussion with mortimer trying to hide from the SSL scream-conversations, and finished in more comfortable circumstances next to a wood-stove at Elk Lakes cabin with UVM scream-conversations. ok guenther kettenis mortimer, lots of feedback from others conversations about go with jsing tb sthen |
|||
| date | 2019-11-29T12:41:33Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/kern/kern_rwlock.c | log | diff | annotate |
| message |
Use RW_PROC() consistently. Suggested by and ok sashan@ |
|||
| date | 2019-11-29T12:43:14Z | |||
|---|---|---|---|---|
| author | mpi | |||
| files | src/sys/kern/sys_process.c | log | diff | annotate |
| message |
Return EBUSY for successive PT_TRACE_ME calls. Match FreeBSD and NetBSD. ok bluhm@, deraadt@, kettenis@ |
|||
| date | 2019-11-29T12:50:48Z | |||
|---|---|---|---|---|
| author | cheloha | |||
| files | src/sys/kern/kern_timeout.c | log | diff | annotate |
| message |
timeout(9): make CIRCQ look more like other sys/queue.h data structures - CIRCQ_APPEND -> CIRCQ_CONCAT - Flip argument order of CIRCQ_INSERT to match e.g. TAILQ_INSERT_TAIL - CIRCQ_INSERT -> CIRCQ_INSERT_TAIL - Add CIRCQ_FOREACH, use it in ddb(4) when printing buckets - While here, use tabs for indentation like we do with other macros ok visa@ |
|||
| date | 2019-11-29T14:06:21Z | |||
|---|---|---|---|---|
| author | krw | |||
| files | src/sys/scsi/cd.h | log | diff | annotate |
| src/sys/scsi/ch.c | log | diff | annotate | |
| src/sys/scsi/scsi_changer.h | log | diff | annotate | |
| message |
Add defines for changer mode page codes. Move AUDIO_PAGE define to nestle amoung its friends. |
|||
| date | 2019-11-29T15:15:10Z | |||
|---|---|---|---|---|
| author | anton | |||
| files | src/sys/kern/sys_pipe.c | log | diff | annotate |
| src/sys/sys/pipe.h | log | diff | annotate | |
| message |
Start protecting the pipe_busy field of struct pipe using a global rwlock. This lock is shared among all pipes for simplicity. In the future, the lock will probably be replaced with one lock per pipe pair, just like FreeBSD and NetBSD does. While here, extract the common rundown wakeup logic into a dedicated function. Thanks to cheloha@ for testing and feedback. ok mpi@ visa@ |
|||
| date | 2019-11-29T15:17:28Z | |||
|---|---|---|---|---|
| author | krw | |||
| files | src/sys/scsi/sd.c | log | diff | annotate |
| message |
DISK_PGCODE() #define includes a check for NULL, so no need to do the same check before invoking it. |
|||
| date | 2019-11-29T15:17:28Z | |||
|---|---|---|---|---|
| author | anton | |||
| files | src/sys/kern/sys_pipe.c | log | diff | annotate |
| message | add missing parens around return expression and zap empty line | |||
| date | 2019-11-29T16:16:19Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/arch/amd64/include/biosvar.h | log | diff | annotate |
| src/sys/arch/amd64/stand/efiboot/conf.c | log | diff | annotate | |
| src/sys/arch/amd64/stand/efiboot/efiboot.c | log | diff | annotate | |
| message |
Pass the EFI memory map to the kernel. ok deraadt@ |
|||
| date | 2019-11-29T16:41:01Z | |||
|---|---|---|---|---|
| author | nayden | |||
| files | src/sys/netinet6/icmp6.c | log | diff | annotate |
| src/sys/netinet6/in6_pcb.c | log | diff | annotate | |
| src/sys/netinet6/ip6_divert.c | log | diff | annotate | |
| src/sys/netinet6/ip6_input.c | log | diff | annotate | |
| src/sys/netinet6/ip6_output.c | log | diff | annotate | |
| src/sys/netinet6/nd6.c | log | diff | annotate | |
| message |
add __func__ to panic() and printf() calls in sys/netinet6/* ok benno@ mortimer@ |
|||
| date | 2019-11-29T16:41:02Z | |||
|---|---|---|---|---|
| author | nayden | |||
| files | src/sys/netinet6/nd6_nbr.c | log | diff | annotate |
| src/sys/netinet6/raw_ip6.c | log | diff | annotate | |
| message |
add __func__ to panic() and printf() calls in sys/netinet6/* ok benno@ mortimer@ |
|||
| date | 2019-11-29T17:47:10Z | |||
|---|---|---|---|---|
| author | mortimer | |||
| files | src/sys/arch/amd64/amd64/mds.S | log | diff | annotate |
| message |
Add missing retq to mds handler for knights landing. ok guenther@ |
|||
| date | 2019-11-29T18:32:40Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/uvm/uvm_page.c | log | diff | annotate |
| src/sys/uvm/uvm_page.h | log | diff | annotate | |
| message |
Split out the code that removes a page from uvm objects and clears the flags into a separate uvm_pageclean() function and call it from uvm_pagefree(). ok mpi@, guenther@, beck@ |
|||
| date | 2019-11-29T20:12:19Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/kern/kern_fork.c | log | diff | annotate |
| src/sys/sys/proc.h | log | diff | annotate | |
| message |
Move kcov(4)'s p_kd into the "zero on create" section to simplify fork code ok anton@ |
|||
| date | 2019-11-29T20:53:13Z | |||
|---|---|---|---|---|
| author | kettenis | |||
| files | src/sys/lib/libsa/loadfile.h | log | diff | annotate |
| src/sys/lib/libsa/loadfile_elf.c | log | diff | annotate | |
| message |
Add an element to the marks array to store the virtual address of the entry point. ok mlarkin@, deraadt@ |
|||
| date | 2019-11-29T20:58:17Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/kern/kern_unveil.c | log | diff | annotate |
| src/sys/kern/vfs_syscalls.c | log | diff | annotate | |
| src/sys/sys/namei.h | log | diff | annotate | |
| message |
Eliminate the sketchy use of ps_mainproc here by making unveil_add_vnode() take a struct proc* instead of a struct process*, and vice versa making unveil_lookup() take a process* instead of a proc*. ok beck@ |
|||
| date | 2019-11-29T21:32:04Z | |||
|---|---|---|---|---|
| author | guenther | |||
| files | src/sys/kern/kern_fork.c | log | diff | annotate |
| src/sys/sys/proc.h | log | diff | annotate | |
| message |
Move p_sleeplocks and p_limit into the "zero on create" section of struct proc, so they don't need to be explicitly initialized in thread_new() suggested by anton@ ok kettenis@ |
|||
| date | 2019-11-29T21:58:31Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/fdt/rkclock.c | log | diff | annotate |
| message |
Add support for the RK3399's eMMC clock to rkclock(4). Tested by kurt@ ok kettenis@ |
|||
| date | 2019-11-29T21:59:55Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/fdt/files.fdt | log | diff | annotate |
| src/sys/dev/fdt/rkgrf.c | log | diff | annotate | |
| message |
Make rkgrf(4) behave like a simplebus(4) so we can attach drivers to its subnodes, which are some PHYs. Tested by kurt@ ok kettenis@ |
|||
| date | 2019-11-29T22:00:54Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/arch/arm64/conf/GENERIC | log | diff | annotate |
| src/sys/arch/arm64/conf/RAMDISK | log | diff | annotate | |
| src/sys/dev/fdt/files.fdt | log | diff | annotate | |
| src/sys/dev/fdt/rkemmcphy.c | log | diff | annotate | |
| message | Add rkemmcphy(4), a driver for the RK3399's eMMC PHY. | |||
| date | 2019-11-29T22:02:16Z | |||
|---|---|---|---|---|
| author | patrick | |||
| files | src/sys/dev/fdt/sdhc_fdt.c | log | diff | annotate |
| message |
Improve support for the RK3399's eMMC in sdhc(4). Fix the compatible check for the quirk that makes sure we don't try to change the voltage to anything else. Configure the eMMC Core's clock, register ourselves as clock driver for rkemmcphy(4) to use, and enable the PHY. Tested by kurt@ ok kettenis@ |
|||
| date | 2019-11-29T22:06:19Z | |||
|---|---|---|---|---|
| author | tobhe | |||
| files | src/sys/netinet/tcp_input.c | log | diff | annotate |
| src/sys/netinet/udp_usrreq.c | log | diff | annotate | |
| message |
Change the default security level for incoming IPsec flows from isakmpd and iked to REQUIRE. Filter policy violations earlier. ok sashan@ bluhm@ |
|||
| date | 2019-11-29T22:10:04Z | |||
|---|---|---|---|---|
| author | beck | |||
| files | src/sys/kern/vfs_biomem.c | log | diff | annotate |
| src/sys/uvm/uvm_object.c | log | diff | annotate | |
| src/sys/uvm/uvm_object.h | log | diff | annotate | |
| message |
Add uvm_objfree function to free all pages in a uvm_obj in one go. Use this in the buffer cache to free all the pages from a buffer, resulting in a considerable speedup when throwing away pages from the buffer cache. Lots of work done with mlarkin and kettenis ok kettinis@ deraadt@ |
|||
| date | 2019-11-29T22:34:09Z | |||
|---|---|---|---|---|
| author | mortimer | |||
| files | src/sys/arch/amd64/include/fpu.h | log | diff | annotate |
| message |
Fix size of reserved bytes section in xsave header. ok guenther@ kettenis@ |
|||